KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > ui > cli > CaInitCommand


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13  
14 package org.ejbca.ui.cli;
15
16 import java.util.ArrayList JavaDoc;
17 import java.util.Collection JavaDoc;
18 import java.util.Date JavaDoc;
19
20 import javax.naming.Context JavaDoc;
21
22 import org.apache.commons.lang.StringUtils;
23 import org.ejbca.core.ejb.authorization.IAuthorizationSessionHome;
24 import org.ejbca.core.ejb.authorization.IAuthorizationSessionRemote;
25 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote;
26 import org.ejbca.core.model.SecConst;
27 import org.ejbca.core.model.ca.caadmin.CAInfo;
28 import org.ejbca.core.model.ca.caadmin.X509CAInfo;
29 import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo;
30 import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceInfo;
31 import org.ejbca.core.model.ca.caadmin.extendedcaservices.XKMSCAServiceInfo;
32 import org.ejbca.core.model.ca.catoken.CATokenConstants;
33 import org.ejbca.core.model.ca.catoken.SoftCATokenInfo;
34 import org.ejbca.util.CertTools;
35 import org.ejbca.util.StringTools;
36
37
38 /**
39  * Inits the CA by creating the first CRL and publiching the CRL and CA certificate.
40  *
41  * @version $Id: CaInitCommand.java,v 1.13 2007/01/12 09:42:54 anatom Exp $
42  */
43 public class CaInitCommand extends BaseCaAdminCommand {
44
45     /**
46      * Creates a new instance of CaInitCommand
47      *
48      * @param args command line arguments
49      */
50     public CaInitCommand(String JavaDoc[] args) {
51         super(args);
52     }
53
54     /**
55      * Runs the command
56      *
57      * @throws IllegalAdminCommandException Error in command args
58      * @throws ErrorAdminCommandException Error running command
59      */
60     public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException {
61         // Create new CA.
62 if (args.length < 7) {
63            String JavaDoc msg = "Used to create a Root CA using RSA keys.";
64            msg += "\nUsage: CA init <caname> <dn> <keyspec> <keytype> <validity-days> <policyID> [<signalgorithm>]";
65            msg += "\nkeytype is RSA or ECDSA.";
66            msg += "\nkeyspec for RSA keys is size of RSA keys (1024, 2048, 4096).";
67            msg += "\nkeyspec for ECDSA keys is name of curve or 'implicitlyCA', see docs.";
68            msg += "\npolicyId can be 'null' if no Certificate Policy extension should be present, or\nobjectID as '2.5.29.32.0'.";
69            msg += "\ndefault sign algorithm is SHA1WithRSA or SHA1WithECDSA.";
70            throw new IllegalAdminCommandException(msg);
71         }
72             
73         try {
74             String JavaDoc caname = args[1];
75             String JavaDoc dn = CertTools.stringToBCDNString(args[2]);
76             dn = StringTools.strip(dn);
77             String JavaDoc keyspec = args[3];
78             String JavaDoc keytype = args[4];
79             int validity = Integer.parseInt(args[5]);
80             String JavaDoc policyId = args[6];
81             if (policyId.equals("null"))
82               policyId = null;
83             String JavaDoc signAlg = CATokenConstants.SIGALG_SHA1_WITH_RSA;
84             if (StringUtils.equals(keytype, CATokenConstants.KEYALGORITHM_ECDSA)) {
85                 signAlg = CATokenConstants.SIGALG_SHA1_WITH_ECDSA;
86             }
87             if (args.length > 7) {
88                 signAlg = args[7];
89             }
90               
91             getOutputStream().println("Initializing CA");
92             
93             getOutputStream().println("Generating rootCA keystore:");
94             getOutputStream().println("CA name: "+caname);
95             getOutputStream().println("DN: "+dn);
96             getOutputStream().println("Keyspec: "+keyspec);
97             getOutputStream().println("Keytype: "+keytype);
98             getOutputStream().println("Validity (days): "+validity);
99             getOutputStream().println("Policy ID: "+policyId);
100             getOutputStream().println("Signature alg: "+signAlg);
101                             
102             initAuthorizationModule(dn.hashCode());
103
104             SoftCATokenInfo catokeninfo = new SoftCATokenInfo();
105             catokeninfo.setSignKeySpec(keyspec);
106             catokeninfo.setSignKeyAlgorithm(keytype);
107             catokeninfo.setSignatureAlgorithm(signAlg);
108             catokeninfo.setEncKeySpec("2048");
109             catokeninfo.setEncKeyAlgorithm(CATokenConstants.KEYALGORITHM_RSA);
110             catokeninfo.setEncryptionAlgorithm(CATokenConstants.SIGALG_SHA1_WITH_RSA);
111             // Create and active OSCP CA Service.
112 ArrayList JavaDoc extendedcaservices = new ArrayList JavaDoc();
113             String JavaDoc keySpec = keyspec;
114             if (keytype.equals(CATokenConstants.KEYALGORITHM_RSA)) {
115                 // Never use larger keys than 2048 bit RSA for OCSP signing
116 int len = Integer.parseInt(keySpec);
117                 if (len > 2048) {
118                     keySpec = "2048";
119                 }
120             }
121             extendedcaservices.add(
122               new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE,
123                                     "CN=OCSPSignerCertificate, " + dn,
124                                     "",
125                                     keySpec,
126                                     keytype));
127             extendedcaservices.add(
128                     new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE,
129                                           "CN=XKMSCertificate, " + dn,
130                                           "",
131                                           keySpec,
132                                           keytype));
133               
134             
135             X509CAInfo cainfo = new X509CAInfo(dn,
136                                              caname, SecConst.CA_ACTIVE, new Date JavaDoc(),
137                                              "", SecConst.CERTPROFILE_FIXED_ROOTCA,
138                                              validity,
139                                              null, // Expiretime
140 CAInfo.CATYPE_X509,
141                                              CAInfo.SELFSIGNED,
142                                              (Collection JavaDoc) null,
143                                              catokeninfo,
144                                              "Initial CA",
145                                              -1, null,
146                                              policyId, // PolicyId
147 24, // CRLPeriod
148 0, // CRLIssueInterval
149 10, // CRLOverlapTime
150 new ArrayList JavaDoc(),
151                                              true, // Authority Key Identifier
152 false, // Authority Key Identifier Critical
153 true, // CRL Number
154 false, // CRL Number Critical
155 "", // Default CRL Dist Point
156 "", // Default CRL Issuer
157 "", // Default OCSP Service Locator
158 true, // Finish User
159 extendedcaservices,
160                                              false, // use default utf8 settings
161 new ArrayList JavaDoc(), // Approvals Settings
162 1, // Number of Req approvals
163 false); // Use UTF8 subject DN by default
164
165             getOutputStream().println("Creating CA...");
166             ICAAdminSessionRemote remote = getCAAdminSessionRemote();
167             remote.createCA(administrator, cainfo);
168             
169             CAInfo newInfo = remote.getCAInfo(administrator, caname);
170             int caid = newInfo.getCAId();
171             getOutputStream().println("CAId for created CA: " + caid);
172               
173
174             getOutputStream().println("-Created and published initial CRL.");
175             getOutputStream().println("CA initialized");
176         } catch (Exception JavaDoc e) {
177             debug("An error occured: ", e);
178             throw new ErrorAdminCommandException(e);
179         }
180     } // execute
181
182     private void initAuthorizationModule(int caid) throws Exception JavaDoc{
183       getOutputStream().println("Initalizing Temporary Authorization Module.");
184       Context JavaDoc context = getInitialContext();
185       IAuthorizationSessionHome authorizationsessionhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(context.lookup("AuthorizationSession"), IAuthorizationSessionHome.class);
186       IAuthorizationSessionRemote authorizationsession = authorizationsessionhome.create();
187       authorizationsession.initialize(administrator, caid);
188     } // initAuthorizationModule
189 }
Popular Tags