diff options
Diffstat (limited to 'base/common/src/com/netscape/certsrv/client/PKIClient.java')
-rw-r--r-- | base/common/src/com/netscape/certsrv/client/PKIClient.java | 120 |
1 files changed, 115 insertions, 5 deletions
diff --git a/base/common/src/com/netscape/certsrv/client/PKIClient.java b/base/common/src/com/netscape/certsrv/client/PKIClient.java index 482ed9fde..00b71694b 100644 --- a/base/common/src/com/netscape/certsrv/client/PKIClient.java +++ b/base/common/src/com/netscape/certsrv/client/PKIClient.java @@ -1,20 +1,46 @@ package com.netscape.certsrv.client; +import java.io.IOException; +import java.net.URI; import java.net.URISyntaxException; +import java.net.URL; +import java.security.cert.CertificateEncodingException; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; import org.jboss.resteasy.client.ClientResponse; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.CryptoManager.NicknameConflictException; +import org.mozilla.jss.CryptoManager.NotInitializedException; +import org.mozilla.jss.CryptoManager.UserCertConflictException; +import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.crypto.InternalCertificate; +import org.mozilla.jss.crypto.NoSuchItemOnTokenException; +import org.mozilla.jss.crypto.ObjectNotFoundException; +import org.mozilla.jss.crypto.TokenCertificate; +import org.mozilla.jss.crypto.TokenException; +import org.mozilla.jss.crypto.X509Certificate; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; + +import com.netscape.cmsutil.util.Utils; public class PKIClient { - PKIConnection connection; + public ClientConfig config; + public PKIConnection connection; - public PKIClient(PKIConnection connection) { - this.connection = connection; - } + public boolean verbose; public PKIClient(ClientConfig config) { - this(new PKIConnection(config)); + this.config = config; + + connection = new PKIConnection(this); } public <T> T createProxy(Class<T> clazz) throws URISyntaxException { @@ -24,4 +50,88 @@ public class PKIClient { public <T> T getEntity(ClientResponse<T> response) { return connection.getEntity(response); } + + public ClientConfig getConfig() { + return config; + } + + public PKIConnection getConnection() { + return connection; + } + + public boolean isVerbose() { + return verbose; + } + + public void setVerbose(boolean verbose) { + this.verbose = verbose; + } + + public X509Certificate[] getCerts() throws NotInitializedException { + CryptoManager manager = CryptoManager.getInstance(); + return manager.getPermCerts(); + } + + public X509Certificate[] getCACerts() throws NotInitializedException { + CryptoManager manager = CryptoManager.getInstance(); + return manager.getCACerts(); + } + + public byte[] downloadCACertChain(URI caServerURI) + throws ParserConfigurationException, SAXException, IOException { + + URL url = new URL(caServerURI+"/ee/ca/getCertChain"); + + DocumentBuilderFactory documentFactory = DocumentBuilderFactory.newInstance(); + DocumentBuilder documentBuilder = documentFactory.newDocumentBuilder(); + + Document document = documentBuilder.parse(url.openStream()); + NodeList list = document.getElementsByTagName("ChainBase64"); + Element element = (Element)list.item(0); + + String encodedChain = element.getTextContent(); + return Utils.base64decode(encodedChain); + } + + public X509Certificate importCertPackage(byte[] bytes, String nickname) + throws NotInitializedException, CertificateEncodingException, + NicknameConflictException, UserCertConflictException, + NoSuchItemOnTokenException, TokenException { + + CryptoManager manager = CryptoManager.getInstance(); + return manager.importCertPackage(bytes, nickname); + } + + public X509Certificate importCACertPackage(byte[] bytes) + throws NotInitializedException, CertificateEncodingException, TokenException { + + CryptoManager manager = CryptoManager.getInstance(); + InternalCertificate cert = (InternalCertificate)manager.importCACertPackage(bytes); + + cert.setSSLTrust( + InternalCertificate.VALID_CA | + InternalCertificate.TRUSTED_CA | + InternalCertificate.TRUSTED_CLIENT_CA); + + return cert; + } + + public void removeCert(String nickname) + throws TokenException, ObjectNotFoundException, + NoSuchItemOnTokenException, NotInitializedException { + + CryptoManager manager = CryptoManager.getInstance(); + X509Certificate cert = manager.findCertByNickname(nickname); + + CryptoToken cryptoToken; + if (cert instanceof TokenCertificate) { + TokenCertificate tokenCert = (TokenCertificate) cert; + cryptoToken = tokenCert.getOwningToken(); + + } else { + cryptoToken = manager.getInternalKeyStorageToken(); + } + + cryptoToken.getCryptoStore().deleteCert(cert); + } } |