summaryrefslogtreecommitdiffstats
path: root/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java')
-rw-r--r--pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java147
1 files changed, 74 insertions, 73 deletions
diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java
index 85bdf5b1b..647e5a972 100644
--- a/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java
+++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmstools;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileOutputStream;
@@ -61,27 +60,26 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
import org.mozilla.jss.pkix.primitive.Name;
import org.mozilla.jss.util.Password;
-
-
/**
* Tool for signing a CMC revocation request with an agent's certificate.
*
* <P>
+ *
* @version $Revision$, $Date$
*/
public class CMCRevoke {
- public static final int ARGC = 7;
+ public static final int ARGC = 7;
private static final String CERTDB = "cert8.db";
private static final String KEYDB = "key3.db";
public static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
public static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
static String dValue = null, nValue = null, iValue = null, sValue = null, mValue = null, hValue = null, cValue = null;
- public static final String CMS_BASE_CA_SIGNINGCERT_NOT_FOUND="CA signing certificate not found";
+ public static final String CMS_BASE_CA_SIGNINGCERT_NOT_FOUND = "CA signing certificate not found";
public static final String PR_INTERNAL_TOKEN_NAME = "internal";
public static final String PR_REQUEST_CMC = "CMC";
- static String cleanArgs(String s) {
+ static String cleanArgs(String s) {
if (s.startsWith("\"") && s.endsWith("\""))
return s.substring(1, s.length() - 2);
else if (s.startsWith("\'") && s.endsWith("\'"))
@@ -89,94 +87,94 @@ public class CMCRevoke {
else
return s;
}
-
+
/**
- * Creates a new instance of CMCRevoke.
+ * Creates a new instance of CMCRevoke.
*/
- public static void main(String[]s) {
-
+ public static void main(String[] s) {
+
FileOutputStream outputBlob = null;
-
+
// default path is "."
String mPath = ".";
// default prefix is ""
String mPrefix = "";
-
+
boolean bWrongParam = false;
// (1) Check that two arguments were submitted to the program
if (s.length != (ARGC) && s.length != (ARGC - 1)) {
-
+
bWrongParam = true;
System.out.println("Wrong number of parameters:" + s.length);
System.out.println("Usage: CMCRevoke " +
- "-d<dir to cert8.db, key3.db> " +
- "-n<nickname> " +
- "-i<issuerName> " +
- "-s<serialName> " +
- "-m<reason to revoke> " +
- "-h<password to db> " +
- "-c<comment> ");
+ "-d<dir to cert8.db, key3.db> " +
+ "-n<nickname> " +
+ "-i<issuerName> " +
+ "-s<serialName> " +
+ "-m<reason to revoke> " +
+ "-h<password to db> " +
+ "-c<comment> ");
for (int i = 0; i < s.length; i++) {
System.out.println(i + ":" + s[i]);
}
- }else {
+ } else {
int length;
int i;
-
+
length = s.length;
for (i = 0; i < length; i++) {
if (s[i].startsWith("-d")) {
dValue = cleanArgs(s[i].substring(2));
- } else if (s[i].startsWith("-n")) {
+ } else if (s[i].startsWith("-n")) {
nValue = cleanArgs(s[i].substring(2));
- } else if (s[i].startsWith("-i")) {
+ } else if (s[i].startsWith("-i")) {
iValue = cleanArgs(s[i].substring(2));
- } else if (s[i].startsWith("-s")) {
+ } else if (s[i].startsWith("-s")) {
sValue = cleanArgs(s[i].substring(2));
- } else if (s[i].startsWith("-m")) {
+ } else if (s[i].startsWith("-m")) {
mValue = cleanArgs(s[i].substring(2));
- } else if (s[i].startsWith("-h")) {
+ } else if (s[i].startsWith("-h")) {
hValue = cleanArgs(s[i].substring(2));
- } else if (s[i].startsWith("-c")) {
+ } else if (s[i].startsWith("-c")) {
cValue = cleanArgs(s[i].substring(2));
}
-
+
}
// optional parameter
if (cValue == null)
cValue = new String();
- if (dValue == null || nValue == null || iValue == null || sValue == null || mValue == null || hValue == null)
+ if (dValue == null || nValue == null || iValue == null || sValue == null || mValue == null || hValue == null)
bWrongParam = true;
- else if (dValue.length() == 0 || nValue.length() == 0 || iValue.length() == 0 ||
- sValue.length() == 0 || mValue.length() == 0 || hValue.length() == 0)
+ else if (dValue.length() == 0 || nValue.length() == 0 || iValue.length() == 0 ||
+ sValue.length() == 0 || mValue.length() == 0 || hValue.length() == 0)
bWrongParam = true;
-
+
if (bWrongParam == true) {
System.out.println("Usage: CMCRevoke " +
- "-d<dir to cert8.db, key3.db> " +
- "-n<nickname> " +
- "-i<issuerName> " +
- "-s<serialName> " +
- "-m<reason to revoke> " +
- "-h<password to db> " +
- "-c<comment> ");
+ "-d<dir to cert8.db, key3.db> " +
+ "-n<nickname> " +
+ "-i<issuerName> " +
+ "-s<serialName> " +
+ "-m<reason to revoke> " +
+ "-h<password to db> " +
+ "-c<comment> ");
for (i = 0; i < s.length; i++) {
System.out.println(i + ":" + s[i]);
}
System.exit(0);
}
-
+
try {
// initialize CryptoManager
mPath = dValue;
System.out.println("cert/key prefix = " + mPrefix);
System.out.println("path = " + mPath);
CryptoManager.InitializationValues vals =
- new CryptoManager.InitializationValues(mPath, mPrefix, mPrefix, "secmod.db");
+ new CryptoManager.InitializationValues(mPath, mPrefix, mPrefix, "secmod.db");
CryptoManager.initialize(vals);
-
+
CryptoManager cm = CryptoManager.getInstance();
CryptoToken token = cm.getInternalKeyStorageToken();
Password pass = new Password(hValue.toCharArray());
@@ -185,16 +183,16 @@ public class CMCRevoke {
CryptoStore store = token.getCryptoStore();
X509Certificate[] list = store.getCertificates();
X509Certificate signerCert = null;
-
+
signerCert = cm.findCertByNickname(nValue);
String outBlob = createRevokeReq(signerCert, cm, nValue);
printCMCRevokeRequest(outBlob);
- }catch (Exception e) {
+ } catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
-
+
return;
}
}
@@ -202,10 +200,11 @@ public class CMCRevoke {
/**
* printout CMC revoke request in Base64 encoding to a file CMCRevoke.out
* <P>
+ *
* @param asciiBASE64Blob the ascii string of the request
*/
static void printCMCRevokeRequest(String asciiBASE64Blob) {
-
+
// (6) Finally, print the actual CMCSigning blob to the
// specified output file
FileOutputStream outputBlob = null;
@@ -216,7 +215,7 @@ public class CMCRevoke {
System.out.println("CMCSigning: unable to open file CMCRevoke.out for writing:\n" + e);
return;
}
-
+
System.out.println(HEADER);
System.out.println(asciiBASE64Blob + TRAILER);
try {
@@ -224,29 +223,30 @@ public class CMCRevoke {
outputBlob.write(asciiBASE64Blob.getBytes());
} catch (IOException e) {
System.out.println("CMCSigning: I/O error " +
- "encountered during write():\n" +
- e);
+ "encountered during write():\n" +
+ e);
}
-
+
try {
outputBlob.close();
} catch (IOException e) {
System.out.println("CMCSigning: Unexpected error " +
- "encountered while attempting to close() " +
- "\n" + e);
+ "encountered while attempting to close() " +
+ "\n" + e);
}
}
/**
* getCertificate find the certicate inside the token by its nickname.
* <P>
+ *
* @param manager the CrytoManager
* @param tokenname the name of the token. it's set to "internal".
* @param nickname the nickname of the certificate inside the token.
* @return the X509Certificate.
*/
public static X509Certificate getCertificate(CryptoManager manager, String tokenname,
- String nickname) throws NoSuchTokenException,
+ String nickname) throws NoSuchTokenException,
Exception, TokenException {
CryptoToken token = null;
@@ -272,19 +272,20 @@ public class CMCRevoke {
/**
* createRevokeReq create and return the revocation request.
* <P>
+ *
* @param signerCert the certificate of the authorized signer of the CMC revocation request.
* @param manager the crypto manger.
* @param nValue the nickname of the certificate inside the token.
* @return the CMC revocation request encoded in base64
*/
- static String createRevokeReq(X509Certificate signerCert, CryptoManager manager, String nValue) {
+ static String createRevokeReq(X509Certificate signerCert, CryptoManager manager, String nValue) {
java.security.PrivateKey privKey = null;
SignerIdentifier si = null;
ContentInfo fullEnrollmentReq = null;
String tokenname = "internal";
String asciiBASE64Blob = new String();
-
+
try {
String hasSki = "true";
@@ -294,23 +295,23 @@ public class CMCRevoke {
X509CertImpl impl = new X509CertImpl(certB);
X500Name issuerName = (X500Name) impl.getIssuerDN();
byte[] issuerByte = issuerName.getEncoded();
- ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte);
-
+ ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte);
+
Name issuer = (Name) Name.getTemplate().decode(istream);
IssuerAndSerialNumber ias = new IssuerAndSerialNumber(issuer, new INTEGER(serialno.toString()));
- si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+ si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
X509Certificate cert = getCertificate(manager, tokenname, nValue);
-
+
privKey = manager.findPrivKeyByCert(cert);
- if( privKey == null ) {
- System.out.println( "CMCRevoke::createRevokeReq() - " +
- "privKey is null!" );
+ if (privKey == null) {
+ System.out.println("CMCRevoke::createRevokeReq() - " +
+ "privKey is null!");
return "";
}
- int bpid = 1;
+ int bpid = 1;
// Add some control sequence
// Verisign has transactionID,senderNonce
SEQUENCE controlSeq = new SEQUENCE();
@@ -339,7 +340,7 @@ public class CMCRevoke {
org.mozilla.jss.pkix.cmmf.RevRequest lRevokeRequest = new org.mozilla.jss.pkix.cmmf.RevRequest(new ANY((new X500Name(iValue)).getEncoded()),
new INTEGER(sValue),
//org.mozilla.jss.pkix.cmmf.RevRequest.unspecified,
- new ENUMERATED((new Integer(mValue)). longValue()),
+ new ENUMERATED((new Integer(mValue)).longValue()),
//new GeneralizedTime(new Date(lValue)),
new OCTET_STRING(hValue.getBytes()),
new UTF8String(cValue.toCharArray()));
@@ -348,7 +349,7 @@ public class CMCRevoke {
//org.mozilla.jss.pkix.cmmf.RevRequest revRequest = (org.mozilla.jss.pkix.cmmf.RevRequest)
// template.decode(new java.io.ByteArrayInputStream(
// encoded));
-
+
ByteArrayOutputStream os = new ByteArrayOutputStream();
//lRevokeRequest.encode(os); // khai
TaggedAttribute revokeRequestTag = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_revokeRequest,
@@ -356,7 +357,7 @@ public class CMCRevoke {
controlSeq.addElement(revokeRequestTag);
PKIData pkidata = new PKIData(controlSeq, new SEQUENCE(), new SEQUENCE(), new SEQUENCE());
-
+
EncapsulatedContentInfo ci = new EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, pkidata);
// SHA1 is the default digest Alg for now.
DigestAlgorithm digestAlg = null;
@@ -371,7 +372,7 @@ public class CMCRevoke {
try {
SHADigest = MessageDigest.getInstance("SHA1");
digestAlg = DigestAlgorithm.SHA1;
-
+
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
pkidata.encode((OutputStream) ostream);
@@ -383,7 +384,7 @@ public class CMCRevoke {
SET signInfos = new SET();
signInfos.addElement(signInfo);
-
+
SET digestAlgs = new SET();
if (digestAlg != null) {
@@ -391,7 +392,7 @@ public class CMCRevoke {
digestAlgs.addElement(ai);
}
-
+
org.mozilla.jss.crypto.X509Certificate[] agentChain = manager.buildCertificateChain(signerCert);
SET certs = new SET();
@@ -403,16 +404,16 @@ public class CMCRevoke {
SignedData req = new SignedData(digestAlgs, ci, certs, null, signInfos);
fullEnrollmentReq = new ContentInfo(req);
-
+
ByteArrayOutputStream bs = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(bs);
-
+
if (fullEnrollmentReq != null) {
// format is PR_REQUEST_CMC
fullEnrollmentReq.encode(os);
ps.print(com.netscape.osutil.OSUtil.BtoA(os.toByteArray()));
////fullEnrollmentReq.print(ps); // no header/trailer
- }
+ }
asciiBASE64Blob = bs.toString();
} catch (Exception e) {
generated by cgit (git 2.34.1) at 2024-06-30 06:52:19 +0000