diff options
Diffstat (limited to 'pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java')
-rw-r--r-- | pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java | 207 |
1 files changed, 102 insertions, 105 deletions
diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java index 368ef8278..b591b6e57 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.BufferedInputStream; import java.io.BufferedReader; import java.io.ByteArrayInputStream; @@ -67,32 +66,30 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; import org.mozilla.jss.pkix.primitive.Name; import org.mozilla.jss.util.Password; - - /** * Tool for signing PKCS #10 , return CMC enrollment request * * <P> + * * @version $Revision$, $Date$ - */ public class CMCEnroll { public static final String PR_REQUEST_CMC = "CMC"; public static final String PR_REQUEST_PKCS10 = "PKCS10"; - public static final int ARGC = 4; + public static final int ARGC = 4; private static final String CERTDB = "cert8.db"; private static final String KEYDB = "key3.db"; public static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; public static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - - void cleanArgs(String[] s) { - + + void cleanArgs(String[] s) { + } public static X509Certificate getCertificate(String tokenname, - String nickname) throws Exception { + String nickname) throws Exception { CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = null; @@ -116,30 +113,30 @@ public class CMCEnroll { } public static java.security.PrivateKey getPrivateKey(String tokenname, String nickname) - throws Exception { + throws Exception { X509Certificate cert = getCertificate(tokenname, nickname); return CryptoManager.getInstance().findPrivKeyByCert(cert); } + /** + * getCMCBlob create and return the enrollent request. + * <P> + * + * @param signerCert the certificate of the authorized signer of the CMC revocation request. + * @param manager the crypto manger. + * @param nValue the nickname of the certificate inside the token. + * @param rValue request PKCS#10 file name. + * @return the CMC revocation request encoded in base64 + */ + static String getCMCBlob(X509Certificate signerCert, CryptoManager manager, String nValue, String rValue) { - /** - * getCMCBlob create and return the enrollent request. - * <P> - * @param signerCert the certificate of the authorized signer of the CMC revocation request. - * @param manager the crypto manger. - * @param nValue the nickname of the certificate inside the token. - * @param rValue request PKCS#10 file name. - * @return the CMC revocation request encoded in base64 - */ - static String getCMCBlob(X509Certificate signerCert,CryptoManager manager, String nValue, String rValue) { - String asciiBASE64Blob = rValue; // input pkcs10 blob String tokenname = "internal"; try { - + java.security.PrivateKey privKey = null; PKCS10 pkcs = null; SignerIdentifier si = null; @@ -147,7 +144,7 @@ public class CMCEnroll { try { byte[] decodedBytes = com.netscape.osutil.OSUtil.AtoB(asciiBASE64Blob); - + pkcs = new PKCS10(decodedBytes); } catch (IOException e) { throw new IOException("Internal Error - " + e.toString()); @@ -156,7 +153,7 @@ public class CMCEnroll { } catch (NoSuchAlgorithmException e) { throw new IOException("Internal Error - " + e.toString()); } - + String hasSki = "true"; BigInteger serialno = signerCert.getSerialNumber(); @@ -164,35 +161,35 @@ public class CMCEnroll { X509CertImpl impl = new X509CertImpl(certB); X500Name issuerName = (X500Name) impl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); - + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + Name issuer = (Name) Name.getTemplate().decode(istream); IssuerAndSerialNumber ias = new IssuerAndSerialNumber(issuer, new INTEGER(serialno.toString())); - si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); privKey = getPrivateKey(tokenname, nValue); - + // create CMC req // transfer pkcs10 to jss class int bpid = 1; ByteArrayInputStream crInputStream = new ByteArrayInputStream(pkcs.toByteArray()); CertificationRequest cr = (CertificationRequest) CertificationRequest.getTemplate().decode(crInputStream); - + TaggedCertificationRequest tcr = new - TaggedCertificationRequest(new - INTEGER(bpid++), cr); + TaggedCertificationRequest(new + INTEGER(bpid++), cr); TaggedRequest trq = new - TaggedRequest(TaggedRequest.PKCS10, tcr, - null); - + TaggedRequest(TaggedRequest.PKCS10, tcr, + null); + SEQUENCE reqSequence = new SEQUENCE(); reqSequence.addElement(trq); - + // Add some control sequence // Verisign has transactionID,senderNonce SEQUENCE controlSeq = new SEQUENCE(); - + Date date = new Date(); String salt = "lala123" + date.toString(); byte[] dig; @@ -206,14 +203,14 @@ public class CMCEnroll { } String sn = com.netscape.osutil.OSUtil.BtoA(dig); - + TaggedAttribute senderNonce = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING(sn.getBytes())); controlSeq.addElement(senderNonce); - + // Verisign recommend transactionId be MD5 hash of publicKey byte[] transId; @@ -224,19 +221,19 @@ public class CMCEnroll { } catch (Exception ex) { transId = salt.getBytes(); } - + TaggedAttribute transactionId = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, new INTEGER(1, transId)); controlSeq.addElement(transactionId); - + PKIData pkidata = new PKIData(controlSeq, reqSequence, new SEQUENCE(), new SEQUENCE()); - + EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, - pkidata); + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, + pkidata); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; @@ -250,7 +247,7 @@ public class CMCEnroll { try { SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; - + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); pkidata.encode((OutputStream) ostream); @@ -258,12 +255,12 @@ public class CMCEnroll { } catch (NoSuchAlgorithmException e) { } SignerInfo signInfo = new - SignerInfo(si, null, null, OBJECT_IDENTIFIER.id_cct_PKIData, digest, signAlg, - (org.mozilla.jss.crypto.PrivateKey) privKey); + SignerInfo(si, null, null, OBJECT_IDENTIFIER.id_cct_PKIData, digest, signAlg, + (org.mozilla.jss.crypto.PrivateKey) privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { @@ -271,7 +268,7 @@ public class CMCEnroll { digestAlgs.addElement(ai); } - + org.mozilla.jss.crypto.X509Certificate[] agentChain = manager.buildCertificateChain(signerCert); SET certs = new SET(); @@ -287,13 +284,13 @@ public class CMCEnroll { ByteArrayOutputStream bs = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(bs); - + // format is PR_REQUEST_CMC - ByteArrayOutputStream os = new ByteArrayOutputStream(); + ByteArrayOutputStream os = new ByteArrayOutputStream(); - fullEnrollmentReq.encode(os); - ps.print(com.netscape.osutil.OSUtil.BtoA(os.toByteArray())); - //fullEnrollmentReq.print(ps); // no header/trailer + fullEnrollmentReq.encode(os); + ps.print(com.netscape.osutil.OSUtil.BtoA(os.toByteArray())); + //fullEnrollmentReq.print(ps); // no header/trailer asciiBASE64Blob = bs.toString(); } catch (Exception e) { e.printStackTrace(); @@ -303,74 +300,74 @@ public class CMCEnroll { } /** Creates a new instance of CMCEnroll */ - public static void main(String[]s) { - + public static void main(String[] s) { + String dValue = null, nValue = null, rValue = null, pValue = null; FileOutputStream outputBlob = null; - + // default path is "." String mPath = "."; // default prefix is "" String mPrefix = ""; - + boolean bWrongParam = false; // (1) Check that two arguments were submitted to the program if (s.length != (ARGC * 2)) { System.out.println("Wrong number of parameters:" + s.length); System.out.println("Usage: CMCEnroll " + - "-d <dir to cert8.db, key3.db> " + - "-n <nickname> " + - "-r <request PKCS#10 file name> " + - "-p <password>" - ); + "-d <dir to cert8.db, key3.db> " + + "-n <nickname> " + + "-r <request PKCS#10 file name> " + + "-p <password>" + ); bWrongParam = true; - }else { + } else { int length; int i; - + length = s.length; for (i = 0; i < length; i++) { if (s[i].equals("-d")) { dValue = s[i + 1]; - } else if (s[i].equals("-n")) { + } else if (s[i].equals("-n")) { nValue = s[i + 1]; - } else if (s[i].equals("-r")) { + } else if (s[i].equals("-r")) { rValue = s[i + 1]; - } else if (s[i].equals("-p")) { + } else if (s[i].equals("-p")) { pValue = s[i + 1]; } if (s[i].equals("")) bWrongParam = true; - + } - - if (dValue == null || nValue == null || rValue == null || pValue == null ) + + if (dValue == null || nValue == null || rValue == null || pValue == null) bWrongParam = true; - else if (dValue.length() == 0 || nValue.length() == 0 || rValue.length() == 0 || - pValue.length() == 0 ) + else if (dValue.length() == 0 || nValue.length() == 0 || rValue.length() == 0 || + pValue.length() == 0) bWrongParam = true; if (bWrongParam == true) { System.out.println("Usage: CMCEnroll " + - "-d <dir to cert8.db, key3.db> " + - "-n <nickname> " + - "-r <request PKCS#10 file name> " + - "-p <password>" - ); + "-d <dir to cert8.db, key3.db> " + + "-n <nickname> " + + "-r <request PKCS#10 file name> " + + "-p <password>" + ); System.exit(0); - } - + } + try { // initialize CryptoManager mPath = dValue; System.out.println("cert/key prefix = " + mPrefix); System.out.println("path = " + mPath); CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(mPath, mPrefix, - mPrefix, "secmod.db"); + new CryptoManager.InitializationValues(mPath, mPrefix, + mPrefix, "secmod.db"); CryptoManager.initialize(vals); - + CryptoManager cm = CryptoManager.getInstance(); CryptoToken token = cm.getInternalKeyStorageToken(); Password pass = new Password(pValue.toCharArray()); @@ -379,19 +376,19 @@ public class CMCEnroll { CryptoStore store = token.getCryptoStore(); X509Certificate[] list = store.getCertificates(); X509Certificate signerCert = null; - + signerCert = cm.findCertByNickname(nValue); - - BufferedReader inputBlob = null; + + BufferedReader inputBlob = null; try { inputBlob = new BufferedReader(new InputStreamReader( new BufferedInputStream( - new FileInputStream( - rValue)))); + new FileInputStream( + rValue)))); } catch (FileNotFoundException e) { System.out.println("CMCEnroll: can''t find file " + - rValue + ":\n" + e); + rValue + ":\n" + e); return; } catch (Exception e) { e.printStackTrace(); @@ -407,40 +404,40 @@ public class CMCEnroll { try { while ((asciiBASE64BlobChunk = inputBlob.readLine()) != null) { if (!(asciiBASE64BlobChunk.startsWith(HEADER)) && - !(asciiBASE64BlobChunk.startsWith(TRAILER))) { + !(asciiBASE64BlobChunk.startsWith(TRAILER))) { asciiBASE64Blob += asciiBASE64BlobChunk.trim(); } } } catch (IOException e) { System.out.println("CMCEnroll: Unexpected BASE64 " + - "encoded error encountered in readLine():\n" + - e); + "encoded error encountered in readLine():\n" + + e); } // (4) Close the DataInputStream() object try { inputBlob.close(); } catch (IOException e) { System.out.println("CMCEnroll(): Unexpected BASE64 " + - "encoded error encountered in close():\n" + e); + "encoded error encountered in close():\n" + e); } - - asciiBASE64Blob = getCMCBlob(signerCert,cm, nValue, asciiBASE64Blob ); + + asciiBASE64Blob = getCMCBlob(signerCert, cm, nValue, asciiBASE64Blob); // (5) Decode the ASCII BASE 64 blob enclosed in the // String() object into a BINARY BASE 64 byte[] object byte binaryBASE64Blob[] = null; binaryBASE64Blob = com.netscape.osutil.OSUtil.AtoB(asciiBASE64Blob); - + // (6) Finally, print the actual CMCEnroll blob to the // specified output file try { outputBlob = new FileOutputStream(rValue + ".out"); } catch (IOException e) { System.out.println("CMCEnroll: unable to open file " + - rValue + ".out" + " for writing:\n" + e); + rValue + ".out" + " for writing:\n" + e); return; } - + System.out.println(HEADER); System.out.println(asciiBASE64Blob + TRAILER); try { @@ -448,23 +445,23 @@ public class CMCEnroll { outputBlob.write(asciiBASE64Blob.getBytes()); } catch (IOException e) { System.out.println("CMCEnroll: I/O error " + - "encountered during write():\n" + - e); + "encountered during write():\n" + + e); } - + try { outputBlob.close(); } catch (IOException e) { System.out.println("CMCEnroll: Unexpected error " + - "encountered while attempting to close() " + - "\n" + e); + "encountered while attempting to close() " + + "\n" + e); } - - }catch (Exception e) { + + } catch (Exception e) { e.printStackTrace(); System.exit(1); } - + return; } } |