diff options
Diffstat (limited to 'base/java-tools/src/com/netscape')
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java | 146 |
1 files changed, 136 insertions, 10 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java index cec1cff4f..991ab462b 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java @@ -5,9 +5,10 @@ import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; import java.util.Scanner; - -import javax.xml.bind.JAXBException; +import java.util.Vector; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; @@ -16,9 +17,13 @@ import org.apache.commons.cli.ParseException; import com.netscape.certsrv.ca.AuthorityID; import com.netscape.certsrv.cert.CertEnrollmentRequest; import com.netscape.certsrv.cert.CertRequestInfos; +import com.netscape.certsrv.profile.ProfileAttribute; +import com.netscape.certsrv.profile.ProfileInput; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.ldap.util.DN; +import netscape.ldap.util.RDN; import netscape.security.x509.X500Name; public class CertRequestSubmitCLI extends CLI { @@ -30,11 +35,11 @@ public class CertRequestSubmitCLI extends CLI { this.certCLI = certCLI; Option option = new Option(null, "issuer-id", true, "Authority ID (host authority if omitted)"); - option.setArgName("id"); + option.setArgName("ID"); options.addOption(option); option = new Option(null, "issuer-dn", true, "Authority DN (host authority if omitted)"); - option.setArgName("dn"); + option.setArgName("DN"); options.addOption(option); option = new Option(null, "username", true, "Username for request authentication"); @@ -43,6 +48,22 @@ public class CertRequestSubmitCLI extends CLI { option = new Option(null, "password", false, "Prompt password for request authentication"); options.addOption(option); + + option = new Option(null, "profile", true, "Certificate profile"); + option.setArgName("profile"); + options.addOption(option); + + option = new Option(null, "request-type", true, "Request type (default: pkcs10)"); + option.setArgName("type"); + options.addOption(option); + + option = new Option(null, "csr-file", true, "File containing the CSR"); + option.setArgName("path"); + options.addOption(option); + + option = new Option(null, "subject", true, "Subject DN"); + option.setArgName("DN"); + options.addOption(option); } public void printHelp() { @@ -70,8 +91,17 @@ public class CertRequestSubmitCLI extends CLI { String[] cmdArgs = cmd.getArgs(); - if (cmdArgs.length < 1) { - System.err.println("Error: No filename specified."); + String requestFilename = cmdArgs.length > 0 ? cmdArgs[0] : null; + String profileID = cmd.getOptionValue("profile"); + + if (requestFilename == null && profileID == null) { + System.err.println("Error: Missing request file or profile ID."); + printHelp(); + System.exit(-1); + } + + if (requestFilename != null && profileID != null) { + System.err.println("Error: Request file and profile ID are mutually exclusive."); printHelp(); System.exit(-1); } @@ -106,7 +136,104 @@ public class CertRequestSubmitCLI extends CLI { System.exit(-1); } - CertEnrollmentRequest request = getEnrollmentRequest(cmdArgs[0]); + String requestType = cmd.getOptionValue("request-type"); + + CertEnrollmentRequest request; + if (requestFilename == null) { // if no request file specified, generate new request from profile + + if (verbose) { + System.out.println("Retrieving " + profileID + " profile."); + } + + request = certCLI.certClient.getEnrollmentTemplate(profileID); + + // set default request type for new request + if (requestType == null) requestType = "pkcs10"; + + } else { // otherwise, load request from file + + if (verbose) { + System.out.println("Loading request from " + requestFilename + "."); + } + + String xml = loadFile(requestFilename); + request = CertEnrollmentRequest.fromXML(xml); + } + + if (requestType != null) { + + if (verbose) { + System.out.println("Request type: " + requestType); + } + + for (ProfileInput input : request.getInputs()) { + ProfileAttribute typeAttr = input.getAttribute("cert_request_type"); + if (typeAttr != null) { + typeAttr.setValue(requestType); + } + } + } + + String csrFilename = cmd.getOptionValue("csr-file"); + if (csrFilename != null) { + + String csr = loadFile(csrFilename); + + if (verbose) { + System.out.println("CSR:"); + System.out.println(csr); + } + + for (ProfileInput input : request.getInputs()) { + ProfileAttribute csrAttr = input.getAttribute("cert_request"); + if (csrAttr != null) { + csrAttr.setValue(csr); + } + } + } + + String subjectDN = cmd.getOptionValue("subject"); + if (subjectDN != null) { + DN dn = new DN(subjectDN); + Vector<?> rdns = dn.getRDNs(); + + Map<String, String> subjectAttributes = new HashMap<String, String>(); + for (int i=0; i< rdns.size(); i++) { + RDN rdn = (RDN)rdns.elementAt(i); + String type = rdn.getTypes()[0].toLowerCase(); + String value = rdn.getValues()[0]; + subjectAttributes.put(type, value); + } + + ProfileInput sn = request.getInput("Subject Name"); + if (sn != null) { + if (verbose) System.out.println("Subject Name:"); + + for (ProfileAttribute attribute : sn.getAttributes()) { + String name = attribute.getName(); + String value = null; + + if (name.equals("subject")) { + // get the whole subject DN + value = subjectDN; + + } else if (name.startsWith("sn_")) { + // get value from subject DN + value = subjectAttributes.get(name.substring(3)); + + } else { + // unknown attribute, ignore + if (verbose) System.out.println(" - " + name); + continue; + } + + if (value == null) continue; + + if (verbose) System.out.println(" - " + name + ": " + value); + attribute.setValue(value); + } + } + } String certRequestUsername = cmd.getOptionValue("username"); if (certRequestUsername != null) { @@ -124,10 +251,9 @@ public class CertRequestSubmitCLI extends CLI { CertCLI.printCertRequestInfos(cri); } - private CertEnrollmentRequest getEnrollmentRequest(String fileName) throws JAXBException, FileNotFoundException { + private String loadFile(String fileName) throws FileNotFoundException { try (Scanner scanner = new Scanner(new File(fileName))) { - String xml = scanner.useDelimiter("\\A").next(); - return CertEnrollmentRequest.fromXML(xml); + return scanner.useDelimiter("\\A").next(); } } } |