Ocsp


1   /*************************************************************************
2    *                                                                       *
3    *  EJBCA: The OpenSource Certificate Authority                          *
4    *                                                                       *
5    *  This software is free software; you can redistribute it and/or       *
6    *  modify it under the terms of the GNU Lesser General Public           *
7    *  License as published by the Free Software Foundation; either         *
8    *  version 2.1 of the License, or any later version.                    *
9    *                                                                       *
10   *  See terms of license at gnu.org.                                     *
11   *                                                                       *
12   *************************************************************************/
13   
14  package org.ejbca.ui.cli;
15  
16  import java.security.cert.X509Certificate  ;
17  
18  import org.ejbca.core.protocol.ocsp.OCSPUnidClient;
19  import org.ejbca.core.protocol.ocsp.OCSPUnidResponse;
20  import org.ejbca.util.CertTools;
21  import org.ejbca.util.FileTools;
22  
23  /**
24   * Implements the OCSP simple query command line query interface
25   *
26   * @version $Id: Ocsp.java,v 1.3 2006/02/09 17:58:54 anatom Exp $
27   */
28  public class Ocsp {
29      /**
30       * @param args command line arguments
31       */
32      public static void main(String  [] args) {
33          try {
34  
35              if ( (args.length != 5) && (args.length != 3) ) {
36                  System.out.println("Usage 1: OCSP KeyStoreFilename Password, OCSPUrl CertificateFileName CA-certificateFileName");
37                  System.out.println("Usage 2: OCSP OCSPUrl CertificateFileName CA-certificateFileName");
38                  System.out.println("Keystore should be a PKCS12.");
39                  System.out.println("OCSPUrl is like: http://127.0.0.1:8080/ejbca/publicweb/status/ocsp or https://127.0.0.1:8443/ejbca/publicweb/status/ocsp");
40                  System.out.println("OCSP response status is: GOOD="+OCSPUnidResponse.OCSP_GOOD+", REVOKED="+OCSPUnidResponse.OCSP_REVOKED+", UNKNOWN="+OCSPUnidResponse.OCSP_UNKNOWN);
41                  System.out.println("OcspUrl can be set to 'null', in that case the program looks for an AIA extension containing the OCSP URI.");
42                  return;
43              }
44              String   ksfilename = null;
45              String   kspwd = null;
46              String   ocspurl = null;
47              String   certfilename = null;
48              String   cacertfilename = null;
49              if (args.length == 5) {
50                  ksfilename = args[0];
51                  kspwd = args[1];
52                  ocspurl = args[2];
53                  certfilename = args[3];
54                  cacertfilename = args[4];               
55              }
56              if (args.length == 3) {
57                  ocspurl = args[0];
58                  certfilename = args[1];
59                  cacertfilename = args[2];               
60              }
61              if (ocspurl.equals("null")) {
62                  ocspurl = null;
63              }
64              CertTools.installBCProvider();
65              byte[] bytes = FileTools.getBytesFromPEM(FileTools.readFiletoBuffer(certfilename),
66                      "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
67              X509Certificate   cert = CertTools.getCertfromByteArray(bytes);
68              bytes = FileTools.getBytesFromPEM(FileTools.readFiletoBuffer(cacertfilename),
69                      "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
70              X509Certificate   cacert = CertTools.getCertfromByteArray(bytes);
71              
72              OCSPUnidClient client = new OCSPUnidClient(ksfilename, kspwd, ocspurl);
73              OCSPUnidResponse response = client.lookup(cert, cacert, true);
74              if (response.getErrorCode() != OCSPUnidResponse.ERROR_NO_ERROR) {
75                  System.out.println("Error querying OCSP server.");
76                  System.out.println("Error code is: "+response.getErrorCode());
77              }
78              if (response.getHttpReturnCode() != 200) {
79                  System.out.println("Http return code is: "+response.getHttpReturnCode());
80              }
81              System.out.println("OCSP return value is: "+response.getStatus());
82              if (response.getFnr() != null) {
83                  System.out.println("Returned Fnr is: "+response.getFnr());              
84              }
85          } catch (Exception   e) {
86              System.out.println(e.getMessage());
87              e.printStackTrace();
88              System.exit(-1);
89          }
90      }
91  }
92
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags