diff options
Diffstat (limited to 'pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java')
-rw-r--r-- | pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java | 288 |
1 files changed, 145 insertions, 143 deletions
diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java index a870fbabc..368ef8278 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; + import java.io.BufferedInputStream; import java.io.BufferedReader; import java.io.ByteArrayInputStream; @@ -66,30 +67,32 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; import org.mozilla.jss.pkix.primitive.Name; import org.mozilla.jss.util.Password; + + /** * Tool for signing PKCS #10 , return CMC enrollment request * * <P> - * * @version $Revision$, $Date$ + */ public class CMCEnroll { public static final String PR_REQUEST_CMC = "CMC"; public static final String PR_REQUEST_PKCS10 = "PKCS10"; - public static final int ARGC = 4; + public static final int ARGC = 4; private static final String CERTDB = "cert8.db"; private static final String KEYDB = "key3.db"; public static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; public static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - - void cleanArgs(String[] s) { - + + void cleanArgs(String[] s) { + } public static X509Certificate getCertificate(String tokenname, - String nickname) throws Exception { + String nickname) throws Exception { CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = null; @@ -112,42 +115,39 @@ public class CMCEnroll { } } - public static java.security.PrivateKey getPrivateKey(String tokenname, - String nickname) throws Exception { + public static java.security.PrivateKey getPrivateKey(String tokenname, String nickname) + throws Exception { X509Certificate cert = getCertificate(tokenname, nickname); return CryptoManager.getInstance().findPrivKeyByCert(cert); } - /** - * getCMCBlob create and return the enrollent request. - * <P> - * - * @param signerCert the certificate of the authorized signer of the CMC - * revocation request. - * @param manager the crypto manger. - * @param nValue the nickname of the certificate inside the token. - * @param rValue request PKCS#10 file name. - * @return the CMC revocation request encoded in base64 - */ - static String getCMCBlob(X509Certificate signerCert, CryptoManager manager, - String nValue, String rValue) { + /** + * getCMCBlob create and return the enrollent request. + * <P> + * @param signerCert the certificate of the authorized signer of the CMC revocation request. + * @param manager the crypto manger. + * @param nValue the nickname of the certificate inside the token. + * @param rValue request PKCS#10 file name. + * @return the CMC revocation request encoded in base64 + */ + static String getCMCBlob(X509Certificate signerCert,CryptoManager manager, String nValue, String rValue) { + String asciiBASE64Blob = rValue; // input pkcs10 blob String tokenname = "internal"; try { - + java.security.PrivateKey privKey = null; PKCS10 pkcs = null; SignerIdentifier si = null; ContentInfo fullEnrollmentReq = null; try { - byte[] decodedBytes = com.netscape.osutil.OSUtil - .AtoB(asciiBASE64Blob); - + byte[] decodedBytes = com.netscape.osutil.OSUtil.AtoB(asciiBASE64Blob); + pkcs = new PKCS10(decodedBytes); } catch (IOException e) { throw new IOException("Internal Error - " + e.toString()); @@ -156,7 +156,7 @@ public class CMCEnroll { } catch (NoSuchAlgorithmException e) { throw new IOException("Internal Error - " + e.toString()); } - + String hasSki = "true"; BigInteger serialno = signerCert.getSerialNumber(); @@ -164,37 +164,35 @@ public class CMCEnroll { X509CertImpl impl = new X509CertImpl(certB); X500Name issuerName = (X500Name) impl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); - + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + Name issuer = (Name) Name.getTemplate().decode(istream); - IssuerAndSerialNumber ias = new IssuerAndSerialNumber(issuer, - new INTEGER(serialno.toString())); + IssuerAndSerialNumber ias = new IssuerAndSerialNumber(issuer, new INTEGER(serialno.toString())); - si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, - ias, null); + si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); privKey = getPrivateKey(tokenname, nValue); - + // create CMC req // transfer pkcs10 to jss class int bpid = 1; - ByteArrayInputStream crInputStream = new ByteArrayInputStream( - pkcs.toByteArray()); - CertificationRequest cr = (CertificationRequest) CertificationRequest - .getTemplate().decode(crInputStream); - - TaggedCertificationRequest tcr = new TaggedCertificationRequest( - new INTEGER(bpid++), cr); - TaggedRequest trq = new TaggedRequest(TaggedRequest.PKCS10, tcr, + ByteArrayInputStream crInputStream = new ByteArrayInputStream(pkcs.toByteArray()); + CertificationRequest cr = (CertificationRequest) CertificationRequest.getTemplate().decode(crInputStream); + + TaggedCertificationRequest tcr = new + TaggedCertificationRequest(new + INTEGER(bpid++), cr); + TaggedRequest trq = new + TaggedRequest(TaggedRequest.PKCS10, tcr, null); - + SEQUENCE reqSequence = new SEQUENCE(); reqSequence.addElement(trq); - + // Add some control sequence // Verisign has transactionID,senderNonce SEQUENCE controlSeq = new SEQUENCE(); - + Date date = new Date(); String salt = "lala123" + date.toString(); byte[] dig; @@ -208,44 +206,43 @@ public class CMCEnroll { } String sn = com.netscape.osutil.OSUtil.BtoA(dig); - - TaggedAttribute senderNonce = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, + + TaggedAttribute senderNonce = new TaggedAttribute(new + INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING(sn.getBytes())); controlSeq.addElement(senderNonce); - + // Verisign recommend transactionId be MD5 hash of publicKey byte[] transId; try { MessageDigest MD5Digest = MessageDigest.getInstance("MD5"); - transId = MD5Digest.digest(pkcs.getSubjectPublicKeyInfo() - .getKey()); + transId = MD5Digest.digest(pkcs.getSubjectPublicKeyInfo().getKey()); } catch (Exception ex) { transId = salt.getBytes(); } - - TaggedAttribute transactionId = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, + + TaggedAttribute transactionId = new TaggedAttribute(new + INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_transactionId, new INTEGER(1, transId)); controlSeq.addElement(transactionId); - - PKIData pkidata = new PKIData(controlSeq, reqSequence, - new SEQUENCE(), new SEQUENCE()); - - EncapsulatedContentInfo ci = new EncapsulatedContentInfo( - OBJECT_IDENTIFIER.id_cct_PKIData, pkidata); + + PKIData pkidata = new PKIData(controlSeq, reqSequence, new SEQUENCE(), new SEQUENCE()); + + EncapsulatedContentInfo ci = new + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, + pkidata); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = ((org.mozilla.jss.crypto.PrivateKey) privKey) - .getType(); + org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = ((org.mozilla.jss.crypto.PrivateKey) privKey).getType(); - if (signingKeyType - .equals(org.mozilla.jss.crypto.PrivateKey.Type.DSA)) + if (signingKeyType.equals(org.mozilla.jss.crypto.PrivateKey.Type.DSA)) signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; MessageDigest SHADigest = null; byte[] digest = null; @@ -253,31 +250,29 @@ public class CMCEnroll { try { SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; - + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); pkidata.encode((OutputStream) ostream); digest = SHADigest.digest(ostream.toByteArray()); } catch (NoSuchAlgorithmException e) { } - SignerInfo signInfo = new SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIData, digest, signAlg, + SignerInfo signInfo = new + SignerInfo(si, null, null, OBJECT_IDENTIFIER.id_cct_PKIData, digest, signAlg, (org.mozilla.jss.crypto.PrivateKey) privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { - AlgorithmIdentifier ai = new AlgorithmIdentifier( - digestAlg.toOID(), null); + AlgorithmIdentifier ai = new AlgorithmIdentifier(digestAlg.toOID(), null); digestAlgs.addElement(ai); } - - org.mozilla.jss.crypto.X509Certificate[] agentChain = manager - .buildCertificateChain(signerCert); + + org.mozilla.jss.crypto.X509Certificate[] agentChain = manager.buildCertificateChain(signerCert); SET certs = new SET(); for (int i = 0; i < agentChain.length; i++) { @@ -285,20 +280,20 @@ public class CMCEnroll { certs.addElement(cert); } - SignedData req = new SignedData(digestAlgs, ci, certs, null, - signInfos); + SignedData req = new SignedData(digestAlgs, ci, certs, null, signInfos); - fullEnrollmentReq = new ContentInfo(req); + fullEnrollmentReq = new + ContentInfo(req); ByteArrayOutputStream bs = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(bs); - + // format is PR_REQUEST_CMC - ByteArrayOutputStream os = new ByteArrayOutputStream(); + ByteArrayOutputStream os = new ByteArrayOutputStream(); - fullEnrollmentReq.encode(os); - ps.print(com.netscape.osutil.OSUtil.BtoA(os.toByteArray())); - // fullEnrollmentReq.print(ps); // no header/trailer + fullEnrollmentReq.encode(os); + ps.print(com.netscape.osutil.OSUtil.BtoA(os.toByteArray())); + //fullEnrollmentReq.print(ps); // no header/trailer asciiBASE64Blob = bs.toString(); } catch (Exception e) { e.printStackTrace(); @@ -308,68 +303,74 @@ public class CMCEnroll { } /** Creates a new instance of CMCEnroll */ - public static void main(String[] s) { - + public static void main(String[]s) { + String dValue = null, nValue = null, rValue = null, pValue = null; FileOutputStream outputBlob = null; - + // default path is "." String mPath = "."; // default prefix is "" String mPrefix = ""; - + boolean bWrongParam = false; // (1) Check that two arguments were submitted to the program if (s.length != (ARGC * 2)) { System.out.println("Wrong number of parameters:" + s.length); - System.out.println("Usage: CMCEnroll " - + "-d <dir to cert8.db, key3.db> " + "-n <nickname> " - + "-r <request PKCS#10 file name> " + "-p <password>"); + System.out.println("Usage: CMCEnroll " + + "-d <dir to cert8.db, key3.db> " + + "-n <nickname> " + + "-r <request PKCS#10 file name> " + + "-p <password>" + ); bWrongParam = true; - } else { + }else { int length; int i; - + length = s.length; for (i = 0; i < length; i++) { if (s[i].equals("-d")) { dValue = s[i + 1]; - } else if (s[i].equals("-n")) { + } else if (s[i].equals("-n")) { nValue = s[i + 1]; - } else if (s[i].equals("-r")) { + } else if (s[i].equals("-r")) { rValue = s[i + 1]; - } else if (s[i].equals("-p")) { + } else if (s[i].equals("-p")) { pValue = s[i + 1]; } if (s[i].equals("")) bWrongParam = true; - + } - - if (dValue == null || nValue == null || rValue == null - || pValue == null) + + if (dValue == null || nValue == null || rValue == null || pValue == null ) bWrongParam = true; - else if (dValue.length() == 0 || nValue.length() == 0 - || rValue.length() == 0 || pValue.length() == 0) + else if (dValue.length() == 0 || nValue.length() == 0 || rValue.length() == 0 || + pValue.length() == 0 ) bWrongParam = true; if (bWrongParam == true) { - System.out.println("Usage: CMCEnroll " - + "-d <dir to cert8.db, key3.db> " + "-n <nickname> " - + "-r <request PKCS#10 file name> " + "-p <password>"); + System.out.println("Usage: CMCEnroll " + + "-d <dir to cert8.db, key3.db> " + + "-n <nickname> " + + "-r <request PKCS#10 file name> " + + "-p <password>" + ); System.exit(0); - } - + } + try { // initialize CryptoManager mPath = dValue; System.out.println("cert/key prefix = " + mPrefix); System.out.println("path = " + mPath); - CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues( - mPath, mPrefix, mPrefix, "secmod.db"); + CryptoManager.InitializationValues vals = + new CryptoManager.InitializationValues(mPath, mPrefix, + mPrefix, "secmod.db"); CryptoManager.initialize(vals); - + CryptoManager cm = CryptoManager.getInstance(); CryptoToken token = cm.getInternalKeyStorageToken(); Password pass = new Password(pValue.toCharArray()); @@ -378,91 +379,92 @@ public class CMCEnroll { CryptoStore store = token.getCryptoStore(); X509Certificate[] list = store.getCertificates(); X509Certificate signerCert = null; - + signerCert = cm.findCertByNickname(nValue); - - BufferedReader inputBlob = null; + + BufferedReader inputBlob = null; try { - inputBlob = new BufferedReader( - new InputStreamReader(new BufferedInputStream( - new FileInputStream(rValue)))); + inputBlob = new BufferedReader(new InputStreamReader( + new BufferedInputStream( + new FileInputStream( + rValue)))); } catch (FileNotFoundException e) { - System.out.println("CMCEnroll: can''t find file " + rValue - + ":\n" + e); + System.out.println("CMCEnroll: can''t find file " + + rValue + ":\n" + e); return; } catch (Exception e) { e.printStackTrace(); System.exit(1); } // (3) Read the entire contents of the specified BASE 64 encoded - // blob into a String() object throwing away any - // headers beginning with HEADER and any trailers beginning - // with TRAILER + // blob into a String() object throwing away any + // headers beginning with HEADER and any trailers beginning + // with TRAILER String asciiBASE64BlobChunk = new String(); String asciiBASE64Blob = new String(); try { while ((asciiBASE64BlobChunk = inputBlob.readLine()) != null) { - if (!(asciiBASE64BlobChunk.startsWith(HEADER)) - && !(asciiBASE64BlobChunk.startsWith(TRAILER))) { + if (!(asciiBASE64BlobChunk.startsWith(HEADER)) && + !(asciiBASE64BlobChunk.startsWith(TRAILER))) { asciiBASE64Blob += asciiBASE64BlobChunk.trim(); } } } catch (IOException e) { - System.out.println("CMCEnroll: Unexpected BASE64 " - + "encoded error encountered in readLine():\n" + e); + System.out.println("CMCEnroll: Unexpected BASE64 " + + "encoded error encountered in readLine():\n" + + e); } // (4) Close the DataInputStream() object try { inputBlob.close(); } catch (IOException e) { - System.out.println("CMCEnroll(): Unexpected BASE64 " - + "encoded error encountered in close():\n" + e); + System.out.println("CMCEnroll(): Unexpected BASE64 " + + "encoded error encountered in close():\n" + e); } - - asciiBASE64Blob = getCMCBlob(signerCert, cm, nValue, - asciiBASE64Blob); + + asciiBASE64Blob = getCMCBlob(signerCert,cm, nValue, asciiBASE64Blob ); // (5) Decode the ASCII BASE 64 blob enclosed in the - // String() object into a BINARY BASE 64 byte[] object + // String() object into a BINARY BASE 64 byte[] object byte binaryBASE64Blob[] = null; - binaryBASE64Blob = com.netscape.osutil.OSUtil - .AtoB(asciiBASE64Blob); - + binaryBASE64Blob = com.netscape.osutil.OSUtil.AtoB(asciiBASE64Blob); + // (6) Finally, print the actual CMCEnroll blob to the - // specified output file + // specified output file try { outputBlob = new FileOutputStream(rValue + ".out"); } catch (IOException e) { - System.out.println("CMCEnroll: unable to open file " - + rValue + ".out" + " for writing:\n" + e); + System.out.println("CMCEnroll: unable to open file " + + rValue + ".out" + " for writing:\n" + e); return; } - + System.out.println(HEADER); System.out.println(asciiBASE64Blob + TRAILER); try { asciiBASE64Blob = HEADER + "\n" + asciiBASE64Blob + TRAILER; outputBlob.write(asciiBASE64Blob.getBytes()); } catch (IOException e) { - System.out.println("CMCEnroll: I/O error " - + "encountered during write():\n" + e); + System.out.println("CMCEnroll: I/O error " + + "encountered during write():\n" + + e); } - + try { outputBlob.close(); } catch (IOException e) { - System.out.println("CMCEnroll: Unexpected error " - + "encountered while attempting to close() " + "\n" - + e); + System.out.println("CMCEnroll: Unexpected error " + + "encountered while attempting to close() " + + "\n" + e); } - - } catch (Exception e) { + + }catch (Exception e) { e.printStackTrace(); System.exit(1); } - + return; } } |