KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > ui > cli > CARepublishCommand


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13  
14 package org.ejbca.ui.cli;
15
16 import java.security.cert.X509Certificate JavaDoc;
17 import java.util.Collection JavaDoc;
18 import java.util.Iterator JavaDoc;
19
20 import org.apache.commons.lang.StringUtils;
21 import org.ejbca.core.model.ca.caadmin.CAInfo;
22 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile;
23 import org.ejbca.core.model.ca.store.CertificateInfo;
24 import org.ejbca.core.model.ra.UserDataVO;
25 import org.ejbca.util.CertTools;
26
27
28
29
30
31 /**
32  * Re-publishes the certificates of all users beloinging to a particular CA.
33  *
34  * @version $Id: CARepublishCommand.java,v 1.4 2006/08/06 13:27:18 anatom Exp $
35  */
36 public class CARepublishCommand extends BaseCaAdminCommand {
37     /**
38      * Creates a new instance of RaListUsersCommand
39      *
40      * @param args command line arguments
41      */
42     public CARepublishCommand(String JavaDoc[] args) {
43         super(args);
44     }
45
46     /**
47      * Runs the command
48      *
49      * @throws IllegalAdminCommandException Error in command args
50      * @throws ErrorAdminCommandException Error running command
51      */
52     public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException {
53         try {
54             if (args.length < 2) {
55                 getOutputStream().println("Usage: CA republish <CA name> [-all]");
56                 return;
57             }
58
59             String JavaDoc caname = args[1];
60             boolean addAll = false;
61             if (args.length == 3) {
62                 String JavaDoc all = args[2];
63                 if (StringUtils.equalsIgnoreCase(all, "-a")) {
64                     addAll = true;
65                 }
66             }
67                         
68             // Get the CAs info and id
69 CAInfo cainfo = getCAAdminSessionRemote().getCAInfo(administrator, caname);
70             // Publish the CAns certificate and CRL
71 Collection JavaDoc cachain = cainfo.getCertificateChain();
72             Iterator JavaDoc caiter = cachain.iterator();
73             if (caiter.hasNext()) {
74                 X509Certificate JavaDoc cacert = (X509Certificate JavaDoc)caiter.next();
75                 int crlNumber = getCertificateStoreSession().getLastCRLNumber(administrator, cainfo.getSubjectDN());
76                 byte[] crlbytes = getCertificateStoreSession().getLastCRL(administrator, cainfo.getSubjectDN());
77                 Collection JavaDoc capublishers = cainfo.getCRLPublishers();
78                 // Store cert and CRL in ca publishers.
79 if(capublishers != null) {
80                     String JavaDoc fingerprint = CertTools.getFingerprintAsString(cacert);
81                     String JavaDoc username = getCertificateStoreSession().findUsernameByCertSerno(administrator, cacert.getSerialNumber(), cacert.getIssuerDN().getName());
82                     CertificateInfo certinfo = getCertificateStoreSession().getCertificateInfo(administrator, fingerprint);
83                     getPublisherSession().storeCertificate(administrator, capublishers, cacert, username, null, fingerprint, certinfo.getStatus(), certinfo.getType(), certinfo.getRevocationDate().getTime(), certinfo.getRevocationReason(), null);
84                     getOutputStream().println("Certificate published for "+caname);
85                     if ( (crlbytes != null) && (crlbytes.length > 0) && (crlNumber > 0) ) {
86                         getPublisherSession().storeCRL(administrator, capublishers, crlbytes, fingerprint, crlNumber);
87                         getOutputStream().println("CRL published for "+caname);
88                     } else {
89                         getOutputStream().println("CRL not published, no CRL createed for CA?");
90                     }
91                 } else {
92                     getOutputStream().println("No publishers configured for the CA, no CA certificate or CRL published.");
93                 }
94             } else {
95                 getOutputStream().println("CA does not have a certificate, no certificate or CRL published!");
96             }
97             
98             // Get all users for this CA
99 Collection JavaDoc coll = getAdminSession().findAllUsersByCaId(administrator, cainfo.getCAId());
100             Iterator JavaDoc iter = coll.iterator();
101             while (iter.hasNext()) {
102                 UserDataVO data = (UserDataVO) iter.next();
103                 getOutputStream().println("User: " + data.getUsername() + ", \"" + data.getDN() +
104                     "\", \"" + data.getSubjectAltName() + "\", " + data.getEmail() + ", " +
105                     data.getStatus() + ", " + data.getType() + ", " + data.getTokenType() + ", " + data.getHardTokenIssuerId()+", "+data.getCertificateProfileId());
106
107                 if (data.getCertificateProfileId() > 0) { // only if we find a certificate profile
108 CertificateProfile certProfile = getCertificateStoreSession().getCertificateProfile(administrator, data.getCertificateProfileId());
109                     if (certProfile == null) {
110                         error("Can not get certificate profile with id: "+data.getCertificateProfileId());
111                         continue;
112                     }
113                     Collection JavaDoc certCol = getCertificateStoreSession().findCertificatesByUsername(administrator, data.getUsername());
114                     Iterator JavaDoc certIter = certCol.iterator();
115                     X509Certificate JavaDoc cert = null;
116                     if (certIter.hasNext()) {
117                         cert = (X509Certificate JavaDoc)certIter.next();
118                     }
119                     X509Certificate JavaDoc tmpCert = null;
120                     while (certIter.hasNext())
121                     {
122                         // Make sure we get the latest certificate of them all (if there are more than one for this user).
123 tmpCert = (X509Certificate JavaDoc)certIter.next();
124                         if (tmpCert.getNotBefore().compareTo(cert.getNotBefore()) > 0) {
125                             cert = tmpCert;
126                         }
127                     }
128                     if (cert != null) {
129                         if(certProfile.getPublisherList() != null) {
130                             getOutputStream().println("Re-publishing user "+data.getUsername());
131                             if (addAll) {
132                                 getOutputStream().println("Re-publishing all certificates ("+certCol.size()+").");
133                                 Iterator JavaDoc i = certCol.iterator();
134                                 while (i.hasNext()) {
135                                     X509Certificate JavaDoc c = (X509Certificate JavaDoc)i.next();
136                                     publishCert(data, certProfile, c);
137                                 }
138                             }
139                             // Publish the latest again, last to make sure that is the one stuck in LDAP for example
140 publishCert(data, certProfile, cert);
141                         } else {
142                             getOutputStream().println("Not publishing user "+data.getUsername()+", no publisher in certificate profile.");
143                         }
144                     } else {
145                         getOutputStream().println("No certificate to publish for user "+data.getUsername());
146                     }
147                 } else {
148                     getOutputStream().println("No certificate profile id exists for user "+data.getUsername());
149                 }
150             }
151         } catch (Exception JavaDoc e) {
152             throw new ErrorAdminCommandException(e);
153         }
154     } // execute
155
156     private void publishCert(UserDataVO data, CertificateProfile certProfile, X509Certificate JavaDoc cert) {
157         try {
158             String JavaDoc fingerprint = CertTools.getFingerprintAsString(cert);
159             CertificateInfo certinfo = getCertificateStoreSession().getCertificateInfo(administrator, fingerprint);
160             getPublisherSession().storeCertificate(administrator, certProfile.getPublisherList(), cert, data.getUsername(), data.getPassword(), fingerprint, certinfo.getStatus(), certinfo.getType(), certinfo.getRevocationDate().getTime(), certinfo.getRevocationReason(), null);
161         } catch (Exception JavaDoc e) {
162             // catch failure to publish one user and continue with the rest
163 error("Failed to publish certificate for user "+data.getUsername()+", continuing with next user.");
164         }
165     }
166 }
167
Popular Tags