001: /*************************************************************************
002: * *
003: * EJBCA: The OpenSource Certificate Authority *
004: * *
005: * This software is free software; you can redistribute it and/or *
006: * modify it under the terms of the GNU Lesser General Public *
007: * License as published by the Free Software Foundation; either *
008: * version 2.1 of the License, or any later version. *
009: * *
010: * See terms of license at gnu.org. *
011: * *
012: *************************************************************************/package org.ejbca.ui.cli;
013:
014: import java.io.ByteArrayOutputStream;
015: import java.io.FileOutputStream;
016: import java.io.IOException;
017: import java.security.InvalidKeyException;
018: import java.security.KeyPair;
019: import java.security.NoSuchAlgorithmException;
020: import java.security.NoSuchProviderException;
021: import java.security.SignatureException;
022: import java.util.ArrayList;
023: import java.util.Collection;
024:
025: import javax.naming.Context;
026:
027: import org.bouncycastle.asn1.DEROutputStream;
028: import org.bouncycastle.jce.PKCS10CertificationRequest;
029: import org.ejbca.core.ejb.ca.crl.ICreateCRLSessionHome;
030: import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome;
031: import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
032: import org.ejbca.core.model.ca.caadmin.CAInfo;
033: import org.ejbca.core.model.log.Admin;
034: import org.ejbca.util.Base64;
035: import org.ejbca.util.CertTools;
036:
037: /**
038: * Base for CA commands, contains comom functions for CA operations
039: *
040: * @version $Id: BaseCaAdminCommand.java,v 1.5 2007/12/21 09:02:33 anatom Exp $
041: */
042: public abstract class BaseCaAdminCommand extends BaseAdminCommand {
043: /** Private key alias in PKCS12 keystores */
044: protected String privKeyAlias = "privateKey";
045: protected char[] privateKeyPass = null;
046:
047: /**
048: * Creates a new instance of BaseCaAdminCommand
049: *
050: * @param args command line arguments
051: */
052: public BaseCaAdminCommand(String[] args) {
053: super (args, Admin.TYPE_CACOMMANDLINE_USER, "cli");
054: // Install BouncyCastle provider
055: CertTools.installBCProvider();
056: }
057:
058: /** Retrieves the complete certificate chain from the CA
059: *
060: * @param human readable name of CA
061: * @return array of certificates, from ISignSession.getCertificateChain()
062: */
063: protected Collection getCertChain(String caname) throws Exception {
064: debug(">getCertChain()");
065: Collection returnval = new ArrayList();
066: try {
067: CAInfo cainfo = this .getCAAdminSessionRemote().getCAInfo(
068: administrator, caname);
069: if (cainfo != null) {
070: returnval = cainfo.getCertificateChain();
071: }
072: } catch (Exception e) {
073: error("Error while getting certfificate chain from CA.", e);
074: }
075: debug("<getCertChain()");
076: return returnval;
077: } // getCertChain
078:
079: protected void makeCertRequest(String dn, KeyPair rsaKeys,
080: String reqfile) throws NoSuchAlgorithmException,
081: IOException, NoSuchProviderException, InvalidKeyException,
082: SignatureException {
083: debug(">makeCertRequest: dn='" + dn + "', reqfile='" + reqfile
084: + "'.");
085:
086: PKCS10CertificationRequest req = new PKCS10CertificationRequest(
087: "SHA1WithRSA", CertTools.stringToBcX509Name(dn),
088: rsaKeys.getPublic(), null, rsaKeys.getPrivate());
089:
090: /* We don't use these uneccesary attributes
091: DERConstructedSequence kName = new DERConstructedSequence();
092: DERConstructedSet kSeq = new DERConstructedSet();
093: kName.addObject(PKCSObjectIdentifiers.pkcs_9_at_emailAddress);
094: kSeq.addObject(new DERIA5String("foo@bar.se"));
095: kName.addObject(kSeq);
096: req.setAttributes(kName);
097: */
098: ByteArrayOutputStream bOut = new ByteArrayOutputStream();
099: DEROutputStream dOut = new DEROutputStream(bOut);
100: dOut.writeObject(req);
101: dOut.close();
102:
103: PKCS10CertificationRequest req2 = new PKCS10CertificationRequest(
104: bOut.toByteArray());
105: boolean verify = req2.verify();
106: getOutputStream().println("Verify returned " + verify);
107:
108: if (verify == false) {
109: getOutputStream().println("Aborting!");
110: return;
111: }
112:
113: FileOutputStream os1 = new FileOutputStream(reqfile);
114: os1.write("-----BEGIN CERTIFICATE REQUEST-----\n".getBytes());
115: os1.write(Base64.encode(bOut.toByteArray()));
116: os1.write("\n-----END CERTIFICATE REQUEST-----\n".getBytes());
117: os1.close();
118: getOutputStream().println(
119: "CertificationRequest '" + reqfile
120: + "' generated successfully.");
121: debug("<makeCertRequest: dn='" + dn + "', reqfile='" + reqfile
122: + "'.");
123: } // makeCertRequest
124:
125: protected void createCRL(String issuerdn, boolean deltaCRL) {
126: debug(">createCRL()");
127:
128: try {
129: Context context = getInitialContext();
130: ICreateCRLSessionHome home = (ICreateCRLSessionHome) javax.rmi.PortableRemoteObject
131: .narrow(context.lookup("CreateCRLSession"),
132: ICreateCRLSessionHome.class);
133: if (issuerdn != null) {
134: if (!deltaCRL) {
135: home.create().run(administrator, issuerdn);
136: ICertificateStoreSessionHome storehome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject
137: .narrow(context
138: .lookup("CertificateStoreSession"),
139: ICertificateStoreSessionHome.class);
140: ICertificateStoreSessionRemote storeremote = storehome
141: .create();
142: int number = storeremote.getLastCRLNumber(
143: administrator, issuerdn, false);
144: getOutputStream()
145: .println(
146: "CRL with number " + number
147: + " generated.");
148: } else {
149: home.create().runDeltaCRL(administrator, issuerdn);
150: ICertificateStoreSessionHome storehome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject
151: .narrow(context
152: .lookup("CertificateStoreSession"),
153: ICertificateStoreSessionHome.class);
154: ICertificateStoreSessionRemote storeremote = storehome
155: .create();
156: int number = storeremote.getLastCRLNumber(
157: administrator, issuerdn, true);
158: getOutputStream().println(
159: "Delta CRL with number " + number
160: + " generated.");
161: }
162: } else {
163: int createdcrls = home.create().createCRLs(
164: administrator);
165: getOutputStream()
166: .println(
167: " " + createdcrls
168: + " CRLs have been created.");
169: int createddeltacrls = home.create().createDeltaCRLs(
170: administrator);
171: getOutputStream().println(
172: " " + createddeltacrls
173: + " delta CRLs have been created.");
174: }
175: } catch (Exception e) {
176: error("Error while getting certficate chain from CA.", e);
177: }
178:
179: debug(">createCRL()");
180: } // createCRL
181:
182: protected String getIssuerDN(String caname) throws Exception {
183: CAInfo cainfo = getCAAdminSessionRemote().getCAInfo(
184: administrator, caname);
185: return cainfo.getSubjectDN();
186: }
187:
188: protected CAInfo getCAInfo(String caname) throws Exception {
189: CAInfo result;
190: try {
191: result = getCAAdminSessionRemote().getCAInfo(administrator,
192: caname);
193: } catch (Exception e) {
194: debug("Error retriving CA " + caname + " info.", e);
195: throw new Exception("Error retriving CA " + caname
196: + " info.");
197: }
198: if (result == null) {
199: debug("CA " + caname + " not found.");
200: throw new Exception("CA " + caname + " not found.");
201: }
202: return result;
203: }
204:
205: }
|