diff options
Diffstat (limited to 'pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java')
-rw-r--r-- | pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java | 147 |
1 files changed, 74 insertions, 73 deletions
diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java index 85bdf5b1b..647e5a972 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; @@ -61,27 +60,26 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; import org.mozilla.jss.pkix.primitive.Name; import org.mozilla.jss.util.Password; - - /** * Tool for signing a CMC revocation request with an agent's certificate. * * <P> + * * @version $Revision$, $Date$ */ public class CMCRevoke { - public static final int ARGC = 7; + public static final int ARGC = 7; private static final String CERTDB = "cert8.db"; private static final String KEYDB = "key3.db"; public static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; public static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; static String dValue = null, nValue = null, iValue = null, sValue = null, mValue = null, hValue = null, cValue = null; - public static final String CMS_BASE_CA_SIGNINGCERT_NOT_FOUND="CA signing certificate not found"; + public static final String CMS_BASE_CA_SIGNINGCERT_NOT_FOUND = "CA signing certificate not found"; public static final String PR_INTERNAL_TOKEN_NAME = "internal"; public static final String PR_REQUEST_CMC = "CMC"; - static String cleanArgs(String s) { + static String cleanArgs(String s) { if (s.startsWith("\"") && s.endsWith("\"")) return s.substring(1, s.length() - 2); else if (s.startsWith("\'") && s.endsWith("\'")) @@ -89,94 +87,94 @@ public class CMCRevoke { else return s; } - + /** - * Creates a new instance of CMCRevoke. + * Creates a new instance of CMCRevoke. */ - public static void main(String[]s) { - + public static void main(String[] s) { + FileOutputStream outputBlob = null; - + // default path is "." String mPath = "."; // default prefix is "" String mPrefix = ""; - + boolean bWrongParam = false; // (1) Check that two arguments were submitted to the program if (s.length != (ARGC) && s.length != (ARGC - 1)) { - + bWrongParam = true; System.out.println("Wrong number of parameters:" + s.length); System.out.println("Usage: CMCRevoke " + - "-d<dir to cert8.db, key3.db> " + - "-n<nickname> " + - "-i<issuerName> " + - "-s<serialName> " + - "-m<reason to revoke> " + - "-h<password to db> " + - "-c<comment> "); + "-d<dir to cert8.db, key3.db> " + + "-n<nickname> " + + "-i<issuerName> " + + "-s<serialName> " + + "-m<reason to revoke> " + + "-h<password to db> " + + "-c<comment> "); for (int i = 0; i < s.length; i++) { System.out.println(i + ":" + s[i]); } - }else { + } else { int length; int i; - + length = s.length; for (i = 0; i < length; i++) { if (s[i].startsWith("-d")) { dValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-n")) { + } else if (s[i].startsWith("-n")) { nValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-i")) { + } else if (s[i].startsWith("-i")) { iValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-s")) { + } else if (s[i].startsWith("-s")) { sValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-m")) { + } else if (s[i].startsWith("-m")) { mValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-h")) { + } else if (s[i].startsWith("-h")) { hValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-c")) { + } else if (s[i].startsWith("-c")) { cValue = cleanArgs(s[i].substring(2)); } - + } // optional parameter if (cValue == null) cValue = new String(); - if (dValue == null || nValue == null || iValue == null || sValue == null || mValue == null || hValue == null) + if (dValue == null || nValue == null || iValue == null || sValue == null || mValue == null || hValue == null) bWrongParam = true; - else if (dValue.length() == 0 || nValue.length() == 0 || iValue.length() == 0 || - sValue.length() == 0 || mValue.length() == 0 || hValue.length() == 0) + else if (dValue.length() == 0 || nValue.length() == 0 || iValue.length() == 0 || + sValue.length() == 0 || mValue.length() == 0 || hValue.length() == 0) bWrongParam = true; - + if (bWrongParam == true) { System.out.println("Usage: CMCRevoke " + - "-d<dir to cert8.db, key3.db> " + - "-n<nickname> " + - "-i<issuerName> " + - "-s<serialName> " + - "-m<reason to revoke> " + - "-h<password to db> " + - "-c<comment> "); + "-d<dir to cert8.db, key3.db> " + + "-n<nickname> " + + "-i<issuerName> " + + "-s<serialName> " + + "-m<reason to revoke> " + + "-h<password to db> " + + "-c<comment> "); for (i = 0; i < s.length; i++) { System.out.println(i + ":" + s[i]); } System.exit(0); } - + try { // initialize CryptoManager mPath = dValue; System.out.println("cert/key prefix = " + mPrefix); System.out.println("path = " + mPath); CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(mPath, mPrefix, mPrefix, "secmod.db"); + new CryptoManager.InitializationValues(mPath, mPrefix, mPrefix, "secmod.db"); CryptoManager.initialize(vals); - + CryptoManager cm = CryptoManager.getInstance(); CryptoToken token = cm.getInternalKeyStorageToken(); Password pass = new Password(hValue.toCharArray()); @@ -185,16 +183,16 @@ public class CMCRevoke { CryptoStore store = token.getCryptoStore(); X509Certificate[] list = store.getCertificates(); X509Certificate signerCert = null; - + signerCert = cm.findCertByNickname(nValue); String outBlob = createRevokeReq(signerCert, cm, nValue); printCMCRevokeRequest(outBlob); - }catch (Exception e) { + } catch (Exception e) { e.printStackTrace(); System.exit(1); } - + return; } } @@ -202,10 +200,11 @@ public class CMCRevoke { /** * printout CMC revoke request in Base64 encoding to a file CMCRevoke.out * <P> + * * @param asciiBASE64Blob the ascii string of the request */ static void printCMCRevokeRequest(String asciiBASE64Blob) { - + // (6) Finally, print the actual CMCSigning blob to the // specified output file FileOutputStream outputBlob = null; @@ -216,7 +215,7 @@ public class CMCRevoke { System.out.println("CMCSigning: unable to open file CMCRevoke.out for writing:\n" + e); return; } - + System.out.println(HEADER); System.out.println(asciiBASE64Blob + TRAILER); try { @@ -224,29 +223,30 @@ public class CMCRevoke { outputBlob.write(asciiBASE64Blob.getBytes()); } catch (IOException e) { System.out.println("CMCSigning: I/O error " + - "encountered during write():\n" + - e); + "encountered during write():\n" + + e); } - + try { outputBlob.close(); } catch (IOException e) { System.out.println("CMCSigning: Unexpected error " + - "encountered while attempting to close() " + - "\n" + e); + "encountered while attempting to close() " + + "\n" + e); } } /** * getCertificate find the certicate inside the token by its nickname. * <P> + * * @param manager the CrytoManager * @param tokenname the name of the token. it's set to "internal". * @param nickname the nickname of the certificate inside the token. * @return the X509Certificate. */ public static X509Certificate getCertificate(CryptoManager manager, String tokenname, - String nickname) throws NoSuchTokenException, + String nickname) throws NoSuchTokenException, Exception, TokenException { CryptoToken token = null; @@ -272,19 +272,20 @@ public class CMCRevoke { /** * createRevokeReq create and return the revocation request. * <P> + * * @param signerCert the certificate of the authorized signer of the CMC revocation request. * @param manager the crypto manger. * @param nValue the nickname of the certificate inside the token. * @return the CMC revocation request encoded in base64 */ - static String createRevokeReq(X509Certificate signerCert, CryptoManager manager, String nValue) { + static String createRevokeReq(X509Certificate signerCert, CryptoManager manager, String nValue) { java.security.PrivateKey privKey = null; SignerIdentifier si = null; ContentInfo fullEnrollmentReq = null; String tokenname = "internal"; String asciiBASE64Blob = new String(); - + try { String hasSki = "true"; @@ -294,23 +295,23 @@ public class CMCRevoke { X509CertImpl impl = new X509CertImpl(certB); X500Name issuerName = (X500Name) impl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); - + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + Name issuer = (Name) Name.getTemplate().decode(istream); IssuerAndSerialNumber ias = new IssuerAndSerialNumber(issuer, new INTEGER(serialno.toString())); - si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); X509Certificate cert = getCertificate(manager, tokenname, nValue); - + privKey = manager.findPrivKeyByCert(cert); - if( privKey == null ) { - System.out.println( "CMCRevoke::createRevokeReq() - " + - "privKey is null!" ); + if (privKey == null) { + System.out.println("CMCRevoke::createRevokeReq() - " + + "privKey is null!"); return ""; } - int bpid = 1; + int bpid = 1; // Add some control sequence // Verisign has transactionID,senderNonce SEQUENCE controlSeq = new SEQUENCE(); @@ -339,7 +340,7 @@ public class CMCRevoke { org.mozilla.jss.pkix.cmmf.RevRequest lRevokeRequest = new org.mozilla.jss.pkix.cmmf.RevRequest(new ANY((new X500Name(iValue)).getEncoded()), new INTEGER(sValue), //org.mozilla.jss.pkix.cmmf.RevRequest.unspecified, - new ENUMERATED((new Integer(mValue)). longValue()), + new ENUMERATED((new Integer(mValue)).longValue()), //new GeneralizedTime(new Date(lValue)), new OCTET_STRING(hValue.getBytes()), new UTF8String(cValue.toCharArray())); @@ -348,7 +349,7 @@ public class CMCRevoke { //org.mozilla.jss.pkix.cmmf.RevRequest revRequest = (org.mozilla.jss.pkix.cmmf.RevRequest) // template.decode(new java.io.ByteArrayInputStream( // encoded)); - + ByteArrayOutputStream os = new ByteArrayOutputStream(); //lRevokeRequest.encode(os); // khai TaggedAttribute revokeRequestTag = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_revokeRequest, @@ -356,7 +357,7 @@ public class CMCRevoke { controlSeq.addElement(revokeRequestTag); PKIData pkidata = new PKIData(controlSeq, new SEQUENCE(), new SEQUENCE(), new SEQUENCE()); - + EncapsulatedContentInfo ci = new EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, pkidata); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; @@ -371,7 +372,7 @@ public class CMCRevoke { try { SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; - + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); pkidata.encode((OutputStream) ostream); @@ -383,7 +384,7 @@ public class CMCRevoke { SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { @@ -391,7 +392,7 @@ public class CMCRevoke { digestAlgs.addElement(ai); } - + org.mozilla.jss.crypto.X509Certificate[] agentChain = manager.buildCertificateChain(signerCert); SET certs = new SET(); @@ -403,16 +404,16 @@ public class CMCRevoke { SignedData req = new SignedData(digestAlgs, ci, certs, null, signInfos); fullEnrollmentReq = new ContentInfo(req); - + ByteArrayOutputStream bs = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(bs); - + if (fullEnrollmentReq != null) { // format is PR_REQUEST_CMC fullEnrollmentReq.encode(os); ps.print(com.netscape.osutil.OSUtil.BtoA(os.toByteArray())); ////fullEnrollmentReq.print(ps); // no header/trailer - } + } asciiBASE64Blob = bs.toString(); } catch (Exception e) { |