diff options
Diffstat (limited to 'pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java')
-rw-r--r-- | pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java | 858 |
1 files changed, 425 insertions, 433 deletions
diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java b/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java index 384f7ca49..c2d221731 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java @@ -69,51 +69,49 @@ import org.mozilla.jss.util.Password; import com.netscape.cmsutil.util.HMACDigest; + /** - * A command-line utility used to generate a Certificate Request Message Format - * (CRMF) request with proof of possesion (POP). - * + * A command-line utility used to generate a Certificate Request Message + * Format (CRMF) request with proof of possesion (POP). + * * Usage: - * * <pre> * CRMFPopClient TOKEN_PWD * PROFILE_NAME HOST PORT USER_NAME REQUESTOR_NAME * POP_OPTION * SUBJECT_DN [OUTPUT_CERT_REQ] - * + * * --- or --- - * + * * CRMFPopClient TOKEN_PWD * POP_OPTION * OUTPUT_CERT_REQ SUBJECT_DN - * - * + * + * * where POP_OPTION can be [POP_SUCCESS or POP_FAIL or POP_NONE] * </pre> * <p> * Examples: - * * <pre> * CRMFPopClient password123 * caEncUserCert host.example.com 1026 MyUid MyUid * [POP_SUCCESS or POP_FAIL or POP_NONE] * CN=MyTest,C=US,UID=MyUid - * + * * --- or --- - * + * * CRMFPopClient password123 * caEncUserCert host.example.com 1026 joe joe * [POP_SUCCESS or POP_FAIL or POP_NONE] * CN=MyTest,C=US,UID=MyUid OUTPUT_CERT_REQ - * + * * --- or --- - * + * * CRMFPopClient password123 * [POP_SUCCESS or POP_FAIL or POP_NONE] * OUTPUT_CERT_REQ CN=MyTest,C=US,UID=MyUid * </pre> * <p> - * * <pre> * IMPORTANT: The file "transport.txt" needs to be created to contain the * transport certificate in its base64 encoded format. This @@ -121,549 +119,543 @@ import com.netscape.cmsutil.util.HMACDigest; * in base64 encoded format with the header and footer removed. * </pre> * <p> - * * @version $Revision$, $Date$ */ -public class CRMFPopClient { - - private static void usage() { - System.out.println(""); - System.out - .println("Description: A command-line utility used to generate a"); - System.out - .println(" Certificate Request Message Format (CRMF)"); - System.out - .println(" request with proof of possesion (POP).\n\n"); - System.out.println("Usage:"); - System.out.println(""); - System.out.println(" CRMFPopClient TOKEN_PWD"); - System.out - .println(" PROFILE_NAME HOST PORT USER_NAME REQUESTOR_NAME"); - System.out.println(" POP_OPTION"); - System.out - .println(" SUBJECT_DN [OUTPUT_CERT_REQ] \n"); - System.out.println(" --- or ---\n"); - System.out.println(" CRMFPopClient TOKEN_PWD"); - System.out.println(" POP_OPTION"); - System.out.println(" OUTPUT_CERT_REQ SUBJECT_DN\n\n"); - System.out - .println(" where POP_OPTION can be [POP_SUCCESS or POP_FAIL or POP_NONE]\n\n"); - System.out.println("Examples:"); - System.out.println(""); - System.out.println(" CRMFPopClient password123"); - System.out - .println(" caEncUserCert host.example.com 1026 MyUid MyUid"); - System.out - .println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); - System.out.println(" CN=MyTest,C=US,UID=MyUid\n"); - System.out.println(" --- or ---\n"); - System.out.println(" CRMFPopClient password123"); - System.out - .println(" caEncUserCert host.example.com 1026 MyUid myUid"); - System.out - .println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); - System.out - .println(" CN=MyTest,C=US,UID=MyUid OUTPUT_CERT_REQ\n"); - System.out.println(" --- or ---\n"); - System.out.println(" CRMFPopClient password123"); - System.out - .println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); - System.out - .println(" OUTPUT_CERT_REQ CN=MyTest,C=US,UID=MyUid"); - System.out.println("\n"); - System.out - .println("IMPORTANT: The file \"transport.txt\" needs to be created to contain the"); - System.out - .println(" transport certificate in its base64 encoded format. This"); - System.out - .println(" file should consist of one line containing a single certificate"); - System.out - .println(" in base64 encoded format with the header and footer removed.\n"); - } - - private static int getRealArgsLength(String args[]) { - - int len = args.length; - - String curArg = ""; - int finalLen = len; - - for (int i = 0; i < len; i++) { - - curArg = args[i]; - // System.out.println("arg[" + i + "] " + curArg); - - if (curArg == null || curArg.equalsIgnoreCase("")) { - finalLen--; - } - +public class CRMFPopClient +{ + + private static void usage() + { + System.out.println(""); + System.out.println("Description: A command-line utility used to generate a"); + System.out.println(" Certificate Request Message Format (CRMF)"); + System.out.println(" request with proof of possesion (POP).\n\n"); + System.out.println("Usage:"); + System.out.println(""); + System.out.println(" CRMFPopClient TOKEN_PWD"); + System.out.println(" PROFILE_NAME HOST PORT USER_NAME REQUESTOR_NAME"); + System.out.println(" POP_OPTION"); + System.out.println(" SUBJECT_DN [OUTPUT_CERT_REQ] \n"); + System.out.println(" --- or ---\n"); + System.out.println(" CRMFPopClient TOKEN_PWD"); + System.out.println(" POP_OPTION"); + System.out.println(" OUTPUT_CERT_REQ SUBJECT_DN\n\n"); + System.out.println(" where POP_OPTION can be [POP_SUCCESS or POP_FAIL or POP_NONE]\n\n"); + System.out.println("Examples:"); + System.out.println(""); + System.out.println(" CRMFPopClient password123"); + System.out.println(" caEncUserCert host.example.com 1026 MyUid MyUid"); + System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); + System.out.println(" CN=MyTest,C=US,UID=MyUid\n"); + System.out.println(" --- or ---\n"); + System.out.println(" CRMFPopClient password123"); + System.out.println(" caEncUserCert host.example.com 1026 MyUid myUid"); + System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); + System.out.println(" CN=MyTest,C=US,UID=MyUid OUTPUT_CERT_REQ\n"); + System.out.println(" --- or ---\n"); + System.out.println(" CRMFPopClient password123"); + System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); + System.out.println(" OUTPUT_CERT_REQ CN=MyTest,C=US,UID=MyUid"); + System.out.println("\n"); + System.out.println("IMPORTANT: The file \"transport.txt\" needs to be created to contain the"); + System.out.println(" transport certificate in its base64 encoded format. This"); + System.out.println(" file should consist of one line containing a single certificate"); + System.out.println(" in base64 encoded format with the header and footer removed.\n"); } + private static int getRealArgsLength(String args[]) + { + + int len = args.length; + + String curArg = ""; + int finalLen = len; - // System.out.println("getRealArgsLength: returning " + finalLen); + for(int i = 0; i < len; i++) + { - if (finalLen < 0) - finalLen = 0; + curArg = args[i]; + // System.out.println("arg[" + i + "] " + curArg); - return finalLen; - } + if(curArg == null || curArg.equalsIgnoreCase("")) { + finalLen --; + } - public static void main(String args[]) { - String USER_PREFIX = "user"; + } - int argsLen = getRealArgsLength(args); + //System.out.println("getRealArgsLength: returning " + finalLen); - // System.out.println("args length " + argsLen); + if(finalLen < 0) + finalLen = 0; + + + return finalLen; - System.out.println("\n\nProof Of Possession Utility...."); - System.out.println(""); - if (argsLen == 0 - || (argsLen != 8 && argsLen != 9 && argsLen != 10 && argsLen != 4)) { - usage(); - return; } + public static void main(String args[]) + { + String USER_PREFIX = "user"; - String DB_DIR = "./"; - String TOKEN_PWD = args[0]; - int KEY_LEN = 1024; - int PORT = 0; - String USER_NAME = null; - String REQUESTOR_NAME = null; - String PROFILE_NAME = null; + int argsLen = getRealArgsLength(args); - String HOST = null; - String SUBJ_DN = null; + // System.out.println("args length " + argsLen); - if (argsLen >= 8) { - PROFILE_NAME = args[1]; - HOST = args[2]; - PORT = Integer.parseInt(args[3]); + System.out.println("\n\nProof Of Possession Utility...."); + System.out.println(""); - USER_NAME = args[4]; - REQUESTOR_NAME = args[5]; + if(argsLen == 0 || (argsLen != 8 && argsLen != 9 && argsLen !=10 && argsLen != 4)) + { + usage(); + return; + } - SUBJ_DN = args[7]; + String DB_DIR = "./"; + String TOKEN_PWD = args[0]; + int KEY_LEN = 1024; - } - String POP_OPTION = null; - String OUTPUT_CERT_REQ = null; + int PORT = 0; + String USER_NAME = null; + String REQUESTOR_NAME = null; + String PROFILE_NAME = null; + + String HOST = null; + String SUBJ_DN = null; + + if(argsLen >= 8) + { + PROFILE_NAME = args[1]; + HOST = args[2]; + + PORT = Integer.parseInt(args[3]); - if (argsLen == 4) - POP_OPTION = args[1]; - else - POP_OPTION = args[6]; + USER_NAME = args[4]; + REQUESTOR_NAME = args[5]; - int doServerHit = 1; + SUBJ_DN = args[7]; - if (argsLen >= 9) { - OUTPUT_CERT_REQ = args[8]; - } + } - if (argsLen == 4) { - doServerHit = 0; - OUTPUT_CERT_REQ = args[2]; - SUBJ_DN = args[3]; - } + String POP_OPTION = null; + String OUTPUT_CERT_REQ = null; - int dont_do_pop = 0; + if(argsLen == 4) + POP_OPTION = args[1]; + else + POP_OPTION = args[6]; - if (POP_OPTION.equals("POP_NONE")) { - dont_do_pop = 1; - } - URL url = null; - URLConnection conn = null; - InputStream is = null; - BufferedReader reader = null; - boolean success = false; - int num = 1; - long total_time = 0; - KeyPair pair = null; - - boolean foundTransport = false; - String transportCert = null; - try { - BufferedReader br = new BufferedReader(new FileReader( - "./transport.txt")); - transportCert = br.readLine(); - foundTransport = true; - } catch (Exception e) { - System.out - .println("ERROR: cannot find ./transport.txt, so no key archival"); - - return; - } + int doServerHit = 1; - try { - CryptoManager.initialize(DB_DIR); - } catch (Exception e) { - // it is ok if it is already initialized - System.out.println("INITIALIZATION ERROR: " + e.toString()); - // return; - } + if(argsLen >= 9) { + OUTPUT_CERT_REQ = args[8]; + } + + if(argsLen == 4) + { + doServerHit = 0; + OUTPUT_CERT_REQ = args[2]; + SUBJ_DN = args[3]; + } + + + int dont_do_pop = 0; + + if(POP_OPTION.equals("POP_NONE")) + { + dont_do_pop = 1; + } - try { - CryptoManager manager = CryptoManager.getInstance(); - String token_pwd = TOKEN_PWD; - CryptoToken token = manager.getInternalKeyStorageToken(); - Password password = new Password(token_pwd.toCharArray()); + URL url = null; + URLConnection conn = null; + InputStream is = null; + BufferedReader reader = null; + boolean success = false; + int num = 1; + long total_time = 0; + KeyPair pair = null; + + + boolean foundTransport = false; + String transportCert = null; try { - token.login(password); + BufferedReader br = new BufferedReader(new FileReader("./transport.txt")); + transportCert = br.readLine(); + foundTransport = true; } catch (Exception e) { - // System.out.println("login Exception: " + e.toString()); - if (!token.isLoggedIn()) { - token.initPassword(password, password); - } + System.out.println("ERROR: cannot find ./transport.txt, so no key archival"); + + return; + } + + + + try { + CryptoManager.initialize( DB_DIR ); + } catch (Exception e) { + // it is ok if it is already initialized + System.out.println("INITIALIZATION ERROR: " + e.toString()); + // return; } - System.out.println("."); // "done with cryptomanager"); - KeyPairGenerator kg = token - .getKeyPairGenerator(KeyPairAlgorithm.RSA); - kg.initialize(KEY_LEN); + try { + CryptoManager manager = CryptoManager.getInstance(); + String token_pwd = TOKEN_PWD; + CryptoToken token = manager.getInternalKeyStorageToken(); + Password password = new Password(token_pwd.toCharArray()); + try { + token.login(password); + } catch (Exception e) { + //System.out.println("login Exception: " + e.toString()); + if (!token.isLoggedIn()) { + token.initPassword(password, password); + } + } + + System.out.println("."); //"done with cryptomanager"); + + KeyPairGenerator kg = token.getKeyPairGenerator( + KeyPairAlgorithm.RSA); + kg.initialize(KEY_LEN); - String profileName = PROFILE_NAME; - pair = kg.genKeyPair(); + String profileName = PROFILE_NAME; + pair = kg.genKeyPair(); - System.out.println("."); // key pair generated"); + System.out.println("."); //key pair generated"); - // wrap private key - byte transport[] = com.netscape.osutil.OSUtil.AtoB(transportCert); + // wrap private key + byte transport[] = com.netscape.osutil.OSUtil.AtoB(transportCert); - X509Certificate tcert = manager.importCACertPackage(transport); + X509Certificate tcert = manager.importCACertPackage(transport); - byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; - KeyGenerator kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3); - SymmetricKey sk = kg1.generate(); + KeyGenerator kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3); + SymmetricKey sk = kg1.generate(); - System.out.println("."); // before KeyWrapper"); + System.out.println("."); //before KeyWrapper"); - // wrap private key using session - KeyWrapper wrapper1 = token - .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + // wrap private key using session + KeyWrapper wrapper1 = + token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - System.out.println("."); // key wrapper created"); + System.out.println("."); //key wrapper created"); - wrapper1.initWrap(sk, new IVParameterSpec(iv)); + wrapper1.initWrap(sk, new IVParameterSpec(iv)); - System.out.println("."); // key wrapper inited"); - byte key_data[] = wrapper1 - .wrap((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()); + System.out.println("."); //key wrapper inited"); + byte key_data[] = wrapper1.wrap((org.mozilla.jss.crypto.PrivateKey)pair.getPrivate()); - System.out.println("."); // key wrapper wrapped"); + System.out.println("."); //key wrapper wrapped"); - // wrap session using transport - KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + // wrap session using transport + KeyWrapper rsaWrap = token.getKeyWrapper( + KeyWrapAlgorithm.RSA); - System.out.println("."); // got rsaWrapper"); + System.out.println("."); //got rsaWrapper"); - rsaWrap.initWrap(tcert.getPublicKey(), null); + rsaWrap.initWrap(tcert.getPublicKey(), null); - System.out.println("."); // rsaWrap inited"); + System.out.println("."); //rsaWrap inited"); - byte session_data[] = rsaWrap.wrap(sk); + byte session_data[] = rsaWrap.wrap(sk); - System.out.println("."); // rsaWrapped"); + System.out.println("."); //rsaWrapped"); + try { + // create CRMF + CertTemplate certTemplate = new CertTemplate(); + certTemplate.setVersion(new INTEGER(2)); + + Name n1 = getJssName(SUBJ_DN); + + + Name n = new Name(); + + n.addCommonName("Me"); + n.addCountryName("US"); + n.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString("MyUid"))); + + if(n1 != null) + certTemplate.setSubject(n1); + else + certTemplate.setSubject(n); + + certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); + // set extension + AlgorithmIdentifier algS = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), new OCTET_STRING(iv)); + EncryptedValue encValue = new EncryptedValue(null, algS, new BIT_STRING(session_data, 0),null, null,new BIT_STRING(key_data, 0)); + EncryptedKey key = new EncryptedKey(encValue); + PKIArchiveOptions opt = new PKIArchiveOptions(key); + SEQUENCE seq = new SEQUENCE(); + if (foundTransport) { + seq.addElement(new AVA(new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.5.1.4"),opt)); + } + + + // Add idPOPLinkWitness control + String secretValue = "testing"; + byte[] key1 = null; + byte[] finalDigest = null; try { - // create CRMF - CertTemplate certTemplate = new CertTemplate(); - certTemplate.setVersion(new INTEGER(2)); - - Name n1 = getJssName(SUBJ_DN); - - Name n = new Name(); - - n.addCommonName("Me"); - n.addCountryName("US"); - n.addElement(new AVA(new OBJECT_IDENTIFIER( - "0.9.2342.19200300.100.1.1"), new PrintableString( - "MyUid"))); - - if (n1 != null) - certTemplate.setSubject(n1); - else - certTemplate.setSubject(n); - - certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair - .getPublic())); - // set extension - AlgorithmIdentifier algS = new AlgorithmIdentifier( - new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), - new OCTET_STRING(iv)); - EncryptedValue encValue = new EncryptedValue(null, algS, - new BIT_STRING(session_data, 0), null, null, - new BIT_STRING(key_data, 0)); - EncryptedKey key = new EncryptedKey(encValue); - PKIArchiveOptions opt = new PKIArchiveOptions(key); - SEQUENCE seq = new SEQUENCE(); - if (foundTransport) { - seq.addElement(new AVA(new OBJECT_IDENTIFIER( - "1.3.6.1.5.5.7.5.1.4"), opt)); - } + MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); + key1 = SHA1Digest.digest(secretValue.getBytes()); + } catch (NoSuchAlgorithmException ex) { + } - // Add idPOPLinkWitness control - String secretValue = "testing"; - byte[] key1 = null; - byte[] finalDigest = null; - try { - MessageDigest SHA1Digest = MessageDigest - .getInstance("SHA1"); - key1 = SHA1Digest.digest(secretValue.getBytes()); - } catch (NoSuchAlgorithmException ex) { - } +/* Example of adding the POP link witness control to CRMF */ +byte[] b = +{0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c, + 0x7a, 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c, + 0x51, 0x34, 0x35, 0x23, 0x3c, 0x42, 0x43, 0x45, + 0x61, 0x4f, 0x6e, 0x43, 0x1e, 0x2a, 0x2b, 0x31, + 0x32, 0x34, 0x35, 0x36, 0x55, 0x51, 0x48, 0x14, + 0x16, 0x29, 0x41, 0x42, 0x43, 0x7b, 0x63, 0x44, + 0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14, + 0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69}; - /* Example of adding the POP link witness control to CRMF */ - byte[] b = { 0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c, - 0x7a, 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c, 0x51, - 0x34, 0x35, 0x23, 0x3c, 0x42, 0x43, 0x45, 0x61, 0x4f, - 0x6e, 0x43, 0x1e, 0x2a, 0x2b, 0x31, 0x32, 0x34, 0x35, - 0x36, 0x55, 0x51, 0x48, 0x14, 0x16, 0x29, 0x41, 0x42, - 0x43, 0x7b, 0x63, 0x44, 0x6a, 0x12, 0x6b, 0x3c, 0x4c, - 0x3f, 0x00, 0x14, 0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, - 0x5e, 0x69 }; + try { + MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); + HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key1); + hmacDigest.update(b); + finalDigest = hmacDigest.digest(); + } catch (NoSuchAlgorithmException ex) { + } + - try { - MessageDigest SHA1Digest = MessageDigest - .getInstance("SHA1"); - HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key1); - hmacDigest.update(b); - finalDigest = hmacDigest.digest(); - } catch (NoSuchAlgorithmException ex) { - } + OCTET_STRING ostr = new OCTET_STRING(finalDigest); + seq.addElement(new AVA(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness, ostr)); + CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, seq); - OCTET_STRING ostr = new OCTET_STRING(finalDigest); - seq.addElement(new AVA( - OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness, ostr)); - CertRequest certReq = new CertRequest(new INTEGER(1), - certTemplate, seq); + System.out.println("."); //CertRequest created"); - System.out.println("."); // CertRequest created"); - ByteArrayOutputStream bo = new ByteArrayOutputStream(); - certReq.encode(bo); - byte[] toBeVerified = bo.toByteArray(); + ByteArrayOutputStream bo = new ByteArrayOutputStream(); + certReq.encode(bo); + byte[] toBeVerified = bo.toByteArray(); + + byte popdata[] = ASN1Util.encode(certReq); + byte signature[]; - byte popdata[] = ASN1Util.encode(certReq); - byte signature[]; + System.out.println("."); //CertRequest encoded"); - System.out.println("."); // CertRequest encoded"); + Signature signer = token.getSignatureContext( + SignatureAlgorithm.RSASignatureWithMD5Digest); - Signature signer = token - .getSignatureContext(SignatureAlgorithm.RSASignatureWithMD5Digest); + System.out.println("."); //signer created"); - System.out.println("."); // signer created"); + signer.initSign((org.mozilla.jss.crypto.PrivateKey)pair.getPrivate()); - signer.initSign((org.mozilla.jss.crypto.PrivateKey) pair - .getPrivate()); + System.out.println("."); //signer inited"); - System.out.println("."); // signer inited"); + System.out.println("."); //FAIL_OR_SUCC " + FAIL_OR_SUCC); - System.out.println("."); // FAIL_OR_SUCC " + FAIL_OR_SUCC); + if(POP_OPTION.equals("POP_SUCCESS")) + { + System.out.println("Generating Legal POP Data....."); + signer.update(toBeVerified); + } + else if(POP_OPTION.equals("POP_FAIL")) + { + System.out.println("Generating Illegal POP Data....."); + signer.update(iv); + } + else if(dont_do_pop == 1) + { + System.out.println("Generating NO POP Data....."); + } - if (POP_OPTION.equals("POP_SUCCESS")) { - System.out.println("Generating Legal POP Data....."); - signer.update(toBeVerified); - } else if (POP_OPTION.equals("POP_FAIL")) { - System.out.println("Generating Illegal POP Data....."); - signer.update(iv); - } else if (dont_do_pop == 1) { - System.out.println("Generating NO POP Data....."); - } + System.out.println("."); //signer updated"); - System.out.println("."); // signer updated"); + CertReqMsg crmfMsg = null; - CertReqMsg crmfMsg = null; + if(dont_do_pop == 0) + { + signature = signer.sign(); - if (dont_do_pop == 0) { - signature = signer.sign(); + System.out.println("Signature completed..."); + System.out.println(""); - System.out.println("Signature completed..."); - System.out.println(""); + + AlgorithmIdentifier algID = + new AlgorithmIdentifier(SignatureAlgorithm.RSASignatureWithMD5Digest.toOID(), null ); + POPOSigningKey popoKey = new POPOSigningKey(null,algID, new BIT_STRING(signature,0)); - AlgorithmIdentifier algID = new AlgorithmIdentifier( - SignatureAlgorithm.RSASignatureWithMD5Digest - .toOID(), - null); - POPOSigningKey popoKey = new POPOSigningKey(null, algID, - new BIT_STRING(signature, 0)); + ProofOfPossession pop = ProofOfPossession.createSignature(popoKey); - ProofOfPossession pop = ProofOfPossession - .createSignature(popoKey); + crmfMsg = new CertReqMsg(certReq, pop, null); - crmfMsg = new CertReqMsg(certReq, pop, null); + } + else + { + crmfMsg = new CertReqMsg(certReq, null, null); - } else { - crmfMsg = new CertReqMsg(certReq, null, null); + } - } + //crmfMsg.verify(); - // crmfMsg.verify(); + SEQUENCE s1 = new SEQUENCE(); + s1.addElement(crmfMsg); + byte encoded[] = ASN1Util.encode(s1); - SEQUENCE s1 = new SEQUENCE(); - s1.addElement(crmfMsg); - byte encoded[] = ASN1Util.encode(s1); + String Req1 = com.netscape.osutil.OSUtil.BtoA(encoded); - String Req1 = com.netscape.osutil.OSUtil.BtoA(encoded); + if(OUTPUT_CERT_REQ != null) + { + System.out.println("Generated Cert Request: ...... "); + System.out.println(""); - if (OUTPUT_CERT_REQ != null) { - System.out.println("Generated Cert Request: ...... "); - System.out.println(""); + System.out.println(Req1); + System.out.println(""); + System.out.println("End Request:"); - System.out.println(Req1); - System.out.println(""); - System.out.println("End Request:"); + if(doServerHit == 0) + return; + } + + String Req = URLEncoder.encode(Req1); - if (doServerHit == 0) - return; - } + // post PKCS10 + + url = new URL("http://" + HOST + ":" + PORT + "/ca/ee/ca/profileSubmit?cert_request_type=crmf&cert_request=" + Req + "&renewal=false&uid=" + USER_NAME + "&xmlOutput=false&&profileId=" + profileName + "&sn_uid=" + USER_NAME +"&SubId=profile&requestor_name="+ REQUESTOR_NAME); + //System.out.println("Posting " + url); - String Req = URLEncoder.encode(Req1); - - // post PKCS10 - - url = new URL( - "http://" - + HOST - + ":" - + PORT - + "/ca/ee/ca/profileSubmit?cert_request_type=crmf&cert_request=" - + Req + "&renewal=false&uid=" + USER_NAME - + "&xmlOutput=false&&profileId=" + profileName - + "&sn_uid=" + USER_NAME - + "&SubId=profile&requestor_name=" - + REQUESTOR_NAME); - // System.out.println("Posting " + url); - - System.out.println(""); - System.out.println("Server Response....."); - System.out.println("--------------------"); - System.out.println(""); - - long start_time = (new Date()).getTime(); - conn = url.openConnection(); - is = conn.getInputStream(); - reader = new BufferedReader(new InputStreamReader(is)); - String line = null; - while ((line = reader.readLine()) != null) { - System.out.println(line); - if (line.equals("CMS Enroll Request Success")) { - success = true; - System.out.println("Enrollment Successful: ......"); + System.out.println(""); + System.out.println("Server Response....."); + System.out.println("--------------------"); System.out.println(""); - } - } /* while */ - long end_time = (new Date()).getTime(); - total_time += (end_time - start_time); - } catch (Exception e) { - System.out.println("WARNING: " + e.toString()); - e.printStackTrace(); - } - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - e.printStackTrace(); - } - } - static Name getJssName(String dn) { + long start_time = (new Date()).getTime(); + conn = url.openConnection(); + is = conn.getInputStream(); + reader = new BufferedReader(new InputStreamReader(is)); + String line = null; + while ((line = reader.readLine()) != null) { + System.out.println(line); + if (line.equals("CMS Enroll Request Success")) { + success = true; + System.out.println("Enrollment Successful: ......"); + System.out.println(""); + } + } /* while */ + long end_time = (new Date()).getTime(); + total_time += (end_time - start_time); + } catch (Exception e) { + System.out.println("WARNING: " + e.toString()); + e.printStackTrace(); + } + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } - X500Name x5Name = null; + static Name getJssName(String dn) + { - try { - x5Name = new X500Name(dn); + X500Name x5Name = null; - } catch (IOException e) { + try { + x5Name= new X500Name(dn); - System.out.println("Illegal Subject Name: " + dn + " Error: " - + e.toString()); - System.out.println("Filling in default Subject Name......"); - return null; - } + } catch(IOException e) { - Name ret = new Name(); + System.out.println("Illegal Subject Name: " + dn + " Error: " + e.toString()); + System.out.println("Filling in default Subject Name......"); + return null; + } - netscape.security.x509.RDN[] names = null; + Name ret = new Name(); - names = x5Name.getNames(); + netscape.security.x509.RDN[] names = null; - int nameLen = x5Name.getNamesLength(); + names = x5Name.getNames(); - // System.out.println("x5Name len: " + nameLen); + int nameLen = x5Name.getNamesLength(); - netscape.security.x509.RDN cur = null; + // System.out.println("x5Name len: " + nameLen); - for (int i = 0; i < nameLen; i++) { - cur = names[i]; + netscape.security.x509.RDN cur = null; - String rdnStr = cur.toString(); + for(int i = 0; i < nameLen ; i++) + { + cur = names[i]; - String[] split = rdnStr.split("="); + String rdnStr = cur.toString(); - if (split.length != 2) - continue; - try { + String[] split = rdnStr.split("="); + + if(split.length != 2) + continue; + + try { - if (split[0].equals("UID")) { + if(split[0].equals("UID")) + { - ret.addElement(new AVA(new OBJECT_IDENTIFIER( - "0.9.2342.19200300.100.1.1"), new PrintableString( - split[1]))); - // System.out.println("UID found : " + split[1]); + ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString(split[1]))); + // System.out.println("UID found : " + split[1]); } - if (split[0].equals("C")) { - ret.addCountryName(split[1]); - // System.out.println("C found : " + split[1]); - continue; + if(split[0].equals("C")) + { + ret.addCountryName(split[1]); + // System.out.println("C found : " + split[1]); + continue; } - if (split[0].equals("CN")) { - ret.addCommonName(split[1]); - // System.out.println("CN found : " + split[1]); - continue; + if(split[0].equals("CN")) + { + ret.addCommonName(split[1]); + // System.out.println("CN found : " + split[1]); + continue; } - if (split[0].equals("L")) { - ret.addLocalityName(split[1]); - // System.out.println("L found : " + split[1]); - continue; + if(split[0].equals("L")) + { + ret.addLocalityName(split[1]); + // System.out.println("L found : " + split[1]); + continue; } - if (split[0].equals("O")) { - ret.addOrganizationName(split[1]); - // System.out.println("O found : " + split[1]); - continue; + if(split[0].equals("O")) + { + ret.addOrganizationName(split[1]); + // System.out.println("O found : " + split[1]); + continue; } - if (split[0].equals("ST")) { - ret.addStateOrProvinceName(split[1]); - // System.out.println("ST found : " + split[1]); - continue; + if(split[0].equals("ST")) + { + ret.addStateOrProvinceName(split[1]); + // System.out.println("ST found : " + split[1]); + continue; + } + + if(split[0].equals("OU")) + { + ret.addOrganizationalUnitName(split[1]); + // System.out.println("OU found : " + split[1]); + continue; } + } catch (Exception e) { + System.out.println("Error constructing RDN: " + rdnStr + " Error: " + e.toString()); - if (split[0].equals("OU")) { - ret.addOrganizationalUnitName(split[1]); - // System.out.println("OU found : " + split[1]); continue; } - } catch (Exception e) { - System.out.println("Error constructing RDN: " + rdnStr - + " Error: " + e.toString()); - continue; + } - } + return ret; - return ret; - } + } } |