From e7334b0f2aaddc9bbdc7d53c23c1731aec0a6e3f Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Thu, 7 Jun 2012 01:14:40 -0500 Subject: Added cert revocation CLI. The cert revocation CLI provides a tool to revoke and unrevoke certificates. Ticket #161 --- base/common/src/CMakeLists.txt | 7 + .../src/com/netscape/cms/client/cert/CertCLI.java | 143 ++++++++++++++++++ .../com/netscape/cms/client/cert/CertFindCLI.java | 66 +++++++++ .../com/netscape/cms/client/cert/CertHoldCLI.java | 118 +++++++++++++++ .../cms/client/cert/CertReleaseHoldCLI.java | 109 ++++++++++++++ .../netscape/cms/client/cert/CertRestClient.java | 74 ++++++++++ .../netscape/cms/client/cert/CertRevokeCLI.java | 164 +++++++++++++++++++++ .../com/netscape/cms/client/cert/CertShowCLI.java | 92 ++++++++++++ .../src/com/netscape/cms/client/cli/MainCLI.java | 4 +- .../com/netscape/cms/client/group/GroupCLI.java | 1 + .../src/com/netscape/cms/client/user/UserCLI.java | 1 + .../cms/servlet/csadmin/CMSRestClient.java | 32 +++- base/setup/pki | 4 + 13 files changed, 812 insertions(+), 3 deletions(-) create mode 100644 base/common/src/com/netscape/cms/client/cert/CertCLI.java create mode 100644 base/common/src/com/netscape/cms/client/cert/CertFindCLI.java create mode 100644 base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java create mode 100644 base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java create mode 100644 base/common/src/com/netscape/cms/client/cert/CertRestClient.java create mode 100644 base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java create mode 100644 base/common/src/com/netscape/cms/client/cert/CertShowCLI.java (limited to 'base') diff --git a/base/common/src/CMakeLists.txt b/base/common/src/CMakeLists.txt index a3d0adcdd..eab5db24c 100644 --- a/base/common/src/CMakeLists.txt +++ b/base/common/src/CMakeLists.txt @@ -462,6 +462,13 @@ set(pki-certsrv_java_SRCS set(pki-cms_java_SRCS com/netscape/cms/client/cli/CLI.java com/netscape/cms/client/cli/MainCLI.java + com/netscape/cms/client/cert/CertCLI.java + com/netscape/cms/client/cert/CertFindCLI.java + com/netscape/cms/client/cert/CertHoldCLI.java + com/netscape/cms/client/cert/CertReleaseHoldCLI.java + com/netscape/cms/client/cert/CertRestClient.java + com/netscape/cms/client/cert/CertRevokeCLI.java + com/netscape/cms/client/cert/CertShowCLI.java com/netscape/cms/client/group/GroupAddCLI.java com/netscape/cms/client/group/GroupAddMemberCLI.java com/netscape/cms/client/group/GroupFindMemberCLI.java diff --git a/base/common/src/com/netscape/cms/client/cert/CertCLI.java b/base/common/src/com/netscape/cms/client/cert/CertCLI.java new file mode 100644 index 000000000..b0789ef6a --- /dev/null +++ b/base/common/src/com/netscape/cms/client/cert/CertCLI.java @@ -0,0 +1,143 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.client.cert; + +import java.util.Arrays; + +import org.apache.commons.lang.StringUtils; +import org.jboss.resteasy.plugins.providers.atom.Link; + +import com.netscape.cms.client.cli.CLI; +import com.netscape.cms.client.cli.MainCLI; +import com.netscape.cms.servlet.cert.model.CertDataInfo; +import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.request.model.CertRequestInfo; + +/** + * @author Endi S. Dewata + */ +public class CertCLI extends CLI { + + public MainCLI parent; + public CertRestClient client; + + public CertCLI(MainCLI parent) { + super("cert", "Certificate management commands"); + this.parent = parent; + + addModule(new CertFindCLI(this)); + addModule(new CertShowCLI(this)); + + addModule(new CertRevokeCLI(this)); + addModule(new CertHoldCLI(this)); + addModule(new CertReleaseHoldCLI(this)); + } + + public void printHelp() { + + System.out.println("Commands:"); + + int leftPadding = 1; + int rightPadding = 25; + + for (CLI module : modules.values()) { + String label = name + "-" + module.getName(); + + int padding = rightPadding - leftPadding - label.length(); + if (padding < 1) + padding = 1; + + System.out.print(StringUtils.repeat(" ", leftPadding)); + System.out.print(label); + System.out.print(StringUtils.repeat(" ", padding)); + System.out.println(module.getDescription()); + } + } + + public void execute(String[] args) throws Exception { + + client = new CertRestClient(parent.url + "/pki", parent.certNickname); + client.setVerbose(verbose); + + String command = args[0]; + String[] commandArgs = Arrays.copyOfRange(args, 1, args.length); + + if (command == null) { + printHelp(); + System.exit(1); + } + + CLI module = getModule(command); + if (module != null) { + module.execute(commandArgs); + + } else { + System.err.println("Error: Invalid command \"" + command + "\""); + printHelp(); + System.exit(1); + } + } + + public static void printCertInfo(CertDataInfo info) { + System.out.println(" Serial Number: "+info.getID().toHexString()); + System.out.println(" Subject DN: "+info.getSubjectDN()); + System.out.println(" Status: "+info.getStatus()); + + Link link = info.getLink(); + if (verbose && link != null) { + System.out.println(" Link: " + link.getHref()); + } + } + + public static void printCertData( + CertificateData certData, + boolean showPrettyPrint, + boolean showEncoded) { + + System.out.println(" Serial Number: " + certData.getSerialNumber().toHexString()); + System.out.println(" Issuer: " + certData.getIssuerDN()); + System.out.println(" Subject: " + certData.getSubjectDN()); + System.out.println(" Status: " + certData.getStatus()); + System.out.println(" Not Before: " + certData.getNotBefore()); + System.out.println(" Not After: " + certData.getNotAfter()); + + Link link = certData.getLink(); + if (verbose && link != null) { + System.out.println(" Link: " + link.getHref()); + } + + String prettyPrint = certData.getPrettyPrint(); + if (showPrettyPrint && prettyPrint != null) { + System.out.println(); + System.out.println(prettyPrint); + } + + String encoded = certData.getEncoded(); + if (showEncoded && encoded != null) { + System.out.println(); + System.out.println(encoded); + } + } + + public static void printCertRequestInfo(CertRequestInfo info) { + System.out.println(" Request ID: " + info.getRequestId()); + System.out.println(" Status: " + info.getRequestStatus()); + System.out.println(" Type: " + info.getRequestType()); + } +} diff --git a/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java b/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java new file mode 100644 index 000000000..32457d6df --- /dev/null +++ b/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java @@ -0,0 +1,66 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.client.cert; + +import com.netscape.cms.client.cli.CLI; +import com.netscape.cms.client.cli.MainCLI; +import com.netscape.cms.servlet.cert.model.CertDataInfo; +import com.netscape.cms.servlet.cert.model.CertDataInfos; +import com.netscape.cms.servlet.cert.model.CertSearchData; + +/** + * @author Endi S. Dewata + */ +public class CertFindCLI extends CLI { + + public CertCLI parent; + + public CertFindCLI(CertCLI parent) { + super("find", "Find certificates"); + this.parent = parent; + } + + public void printHelp() { + formatter.printHelp(parent.name + "-" + name + " [OPTIONS...]", options); + } + + public void execute(String[] args) throws Exception { + + CertSearchData searchData = new CertSearchData(); + searchData.setSerialNumberRangeInUse(true); + + CertDataInfos certs = parent.client.findCerts(searchData); + + MainCLI.printMessage(certs.getCertInfos().size() + " certificate(s) matched"); + + boolean first = true; + + for (CertDataInfo cert : certs.getCertInfos()) { + if (first) { + first = false; + } else { + System.out.println(); + } + + CertCLI.printCertInfo(cert); + } + + MainCLI.printMessage("Number of entries returned " + certs.getCertInfos().size()); + } +} diff --git a/base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java b/base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java new file mode 100644 index 000000000..598c1e664 --- /dev/null +++ b/base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java @@ -0,0 +1,118 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.client.cert; + +import java.io.BufferedReader; +import java.io.InputStreamReader; + +import netscape.security.x509.RevocationReason; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.client.cli.CLI; +import com.netscape.cms.client.cli.MainCLI; +import com.netscape.cms.servlet.cert.model.CertRevokeRequest; +import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.request.model.CertRequestInfo; + +/** + * @author Endi S. Dewata + */ +public class CertHoldCLI extends CLI { + + public CertCLI parent; + + public CertHoldCLI(CertCLI parent) { + super("hold", "Place certificate on-hold"); + this.parent = parent; + } + + public void printHelp() { + formatter.printHelp(parent.name + "-" + name + " [OPTIONS...]", options); + } + + public void execute(String[] args) throws Exception { + + Option option = new Option(null, "comments", true, "Comments"); + option.setArgName("comments"); + options.addOption(option); + + options.addOption(null, "force", false, "Force"); + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + + } catch (Exception e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length != 1) { + printHelp(); + System.exit(1); + } + + CertId certID = new CertId(cmdArgs[0]); + + if (!cmd.hasOption("force")) { + + CertificateData certData = parent.client.getCert(certID); + + System.out.println("Placing certificate on-hold:"); + + CertCLI.printCertData(certData, false, false); + + System.out.print("Are you sure (Y/N)? "); + System.out.flush(); + + BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); + String line = reader.readLine(); + if (!line.equalsIgnoreCase("Y")) { + System.exit(1); + } + } + + CertRevokeRequest request = new CertRevokeRequest(); + request.setReason(RevocationReason.CERTIFICATE_HOLD); + request.setComments(cmd.getOptionValue("comments")); + + CertRequestInfo certRequestInfo = parent.client.revokeCert(certID, request); + + if (verbose) { + CertCLI.printCertRequestInfo(certRequestInfo); + } + + if (certRequestInfo.getRequestStatus() == RequestStatus.COMPLETE) { + MainCLI.printMessage("Placed certificate \"" + certID.toHexString() + "\" on-hold"); + CertificateData certData = parent.client.getCert(certID); + CertCLI.printCertData(certData, false, false); + + } else { + MainCLI.printMessage("Request \"" + certRequestInfo.getRequestId() + "\": " + certRequestInfo.getRequestStatus()); + } + } +} diff --git a/base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java b/base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java new file mode 100644 index 000000000..0d39aff88 --- /dev/null +++ b/base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java @@ -0,0 +1,109 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.client.cert; + +import java.io.BufferedReader; +import java.io.InputStreamReader; + +import org.apache.commons.cli.CommandLine; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.client.cli.CLI; +import com.netscape.cms.client.cli.MainCLI; +import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest; +import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.request.model.CertRequestInfo; + +/** + * @author Endi S. Dewata + */ +public class CertReleaseHoldCLI extends CLI { + + public CertCLI parent; + + public CertReleaseHoldCLI(CertCLI parent) { + super("release-hold", "Place certificate off-hold"); + this.parent = parent; + } + + public void printHelp() { + formatter.printHelp(parent.name + "-" + name + " [OPTIONS...]", options); + } + + public void execute(String[] args) throws Exception { + + options.addOption(null, "force", false, "Force"); + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + + } catch (Exception e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length != 1) { + printHelp(); + System.exit(1); + } + + CertId certID = new CertId(cmdArgs[0]); + + if (!cmd.hasOption("force")) { + + CertificateData certData = parent.client.getCert(certID); + + System.out.println("Placing certificate off-hold:"); + + CertCLI.printCertData(certData, false, false); + + System.out.print("Are you sure (Y/N)? "); + System.out.flush(); + + BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); + String line = reader.readLine(); + if (!line.equalsIgnoreCase("Y")) { + System.exit(1); + } + } + + CertUnrevokeRequest request = new CertUnrevokeRequest(); + + CertRequestInfo certRequestInfo = parent.client.unrevokeCert(certID, request); + + if (verbose) { + CertCLI.printCertRequestInfo(certRequestInfo); + } + + if (certRequestInfo.getRequestStatus() == RequestStatus.COMPLETE) { + MainCLI.printMessage("Placed certificate \"" + certID.toHexString() + "\" off-hold"); + CertificateData certData = parent.client.getCert(certID); + CertCLI.printCertData(certData, false, false); + + } else { + MainCLI.printMessage("Request \"" + certRequestInfo.getRequestId() + "\": " + certRequestInfo.getRequestStatus()); + } + } +} diff --git a/base/common/src/com/netscape/cms/client/cert/CertRestClient.java b/base/common/src/com/netscape/cms/client/cert/CertRestClient.java new file mode 100644 index 000000000..689cb8f57 --- /dev/null +++ b/base/common/src/com/netscape/cms/client/cert/CertRestClient.java @@ -0,0 +1,74 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2012 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.cms.client.cert; + +import java.net.URISyntaxException; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.cms.servlet.cert.CertResource; +import com.netscape.cms.servlet.cert.CertsResource; +import com.netscape.cms.servlet.cert.model.CertDataInfos; +import com.netscape.cms.servlet.cert.model.CertRevokeRequest; +import com.netscape.cms.servlet.cert.model.CertSearchData; +import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest; +import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.csadmin.CMSRestClient; +import com.netscape.cms.servlet.request.model.CertRequestInfo; + +/** + * @author Endi S. Dewata + */ +public class CertRestClient extends CMSRestClient { + + public CertResource certClient; + public CertsResource certsClient; + + public CertRestClient(String baseUri) throws URISyntaxException { + this(baseUri, null); + } + + public CertRestClient(String baseUri, String nickname) throws URISyntaxException { + super(baseUri); + + certClient = createProxy(CertResource.class); + certsClient = createProxy(CertsResource.class); + } + + public CertificateData getCert(CertId id) { + return certClient.getCert(id); + } + + public CertDataInfos findCerts(CertSearchData searchData) { + return certsClient.searchCerts( + searchData, + CertsResource.DEFAULT_MAXRESULTS, + CertsResource.DEFAULT_MAXTIME); + } + + public CertRequestInfo revokeCert(CertId id, CertRevokeRequest request) { + return certClient.revokeCert(id, request); + } + + public CertRequestInfo revokeCACert(CertId id, CertRevokeRequest request) { + return certClient.revokeCACert(id, request); + } + + public CertRequestInfo unrevokeCert(CertId id, CertUnrevokeRequest request) { + return certClient.unrevokeCert(id, request); + } +} diff --git a/base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java b/base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java new file mode 100644 index 000000000..ad3276c52 --- /dev/null +++ b/base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java @@ -0,0 +1,164 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.client.cert; + +import java.io.BufferedReader; +import java.io.InputStreamReader; + +import netscape.security.x509.RevocationReason; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.client.cli.CLI; +import com.netscape.cms.client.cli.MainCLI; +import com.netscape.cms.servlet.cert.model.CertRevokeRequest; +import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.request.model.CertRequestInfo; + +/** + * @author Endi S. Dewata + */ +public class CertRevokeCLI extends CLI { + + public CertCLI parent; + + public CertRevokeCLI(CertCLI parent) { + super("revoke", "Revoke certificate"); + this.parent = parent; + } + + public void printHelp() { + formatter.printHelp(parent.name + "-" + name + " [OPTIONS...]", options); + } + + public void execute(String[] args) throws Exception { + + StringBuilder sb = new StringBuilder(); + + for (RevocationReason reason : RevocationReason.INSTANCES) { + if (sb.length() > 0) { + sb.append(", "); + } + sb.append(reason); + if (reason == RevocationReason.UNSPECIFIED) { + sb.append(" (default)"); + } + } + + Option option = new Option(null, "reason", true, "Revocation reason: " + sb); + option.setArgName("reason"); + options.addOption(option); + + option = new Option(null, "comments", true, "Comments"); + option.setArgName("comments"); + options.addOption(option); + + options.addOption(null, "ca", false, "CA signing certificate"); + options.addOption(null, "force", false, "Force"); + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + + } catch (Exception e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length != 1) { + printHelp(); + System.exit(1); + } + + CertId certID = new CertId(cmdArgs[0]); + + String string = cmd.getOptionValue("reason", RevocationReason.UNSPECIFIED.toString()); + RevocationReason reason = RevocationReason.valueOf(string); + + if (reason == null) { + System.err.println("Error: Invalid revocation reason: "+string); + printHelp(); + System.exit(1); + return; + } + + if (!cmd.hasOption("force")) { + + CertificateData certData = parent.client.getCert(certID); + + if (reason == RevocationReason.CERTIFICATE_HOLD) { + System.out.println("Placing certificate on-hold:"); + } else if (reason == RevocationReason.REMOVE_FROM_CRL) { + System.out.println("Placing certificate off-hold:"); + } else { + System.out.println("Revoking certificate:"); + } + + CertCLI.printCertData(certData, false, false); + + System.out.print("Are you sure (Y/N)? "); + System.out.flush(); + + BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); + String line = reader.readLine(); + if (!line.equalsIgnoreCase("Y")) { + System.exit(1); + } + } + + CertRevokeRequest request = new CertRevokeRequest(); + request.setReason(reason); + request.setComments(cmd.getOptionValue("comments")); + + CertRequestInfo certRequestInfo; + + if (cmd.hasOption("ca")) { + certRequestInfo = parent.client.revokeCACert(certID, request); + } else { + certRequestInfo = parent.client.revokeCert(certID, request); + } + + if (verbose) { + CertCLI.printCertRequestInfo(certRequestInfo); + } + + if (certRequestInfo.getRequestStatus() == RequestStatus.COMPLETE) { + if (reason == RevocationReason.CERTIFICATE_HOLD) { + MainCLI.printMessage("Placed certificate \"" + certID.toHexString() + "\" on-hold"); + } else if (reason == RevocationReason.REMOVE_FROM_CRL) { + MainCLI.printMessage("Placed certificate \"" + certID.toHexString() + "\" off-hold"); + } else { + MainCLI.printMessage("Revoked certificate \"" + certID.toHexString() + "\""); + } + + CertificateData certData = parent.client.getCert(certID); + CertCLI.printCertData(certData, false, false); + + } else { + MainCLI.printMessage("Request \"" + certRequestInfo.getRequestId() + "\": " + certRequestInfo.getRequestStatus()); + } + } +} diff --git a/base/common/src/com/netscape/cms/client/cert/CertShowCLI.java b/base/common/src/com/netscape/cms/client/cert/CertShowCLI.java new file mode 100644 index 000000000..b050459c4 --- /dev/null +++ b/base/common/src/com/netscape/cms/client/cert/CertShowCLI.java @@ -0,0 +1,92 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.client.cert; + +import java.io.FileWriter; +import java.io.PrintWriter; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.cms.client.cli.CLI; +import com.netscape.cms.servlet.cert.model.CertificateData; + +/** + * @author Endi S. Dewata + */ +public class CertShowCLI extends CLI { + + public CertCLI parent; + + public CertShowCLI(CertCLI parent) { + super("show", "Show certificate"); + this.parent = parent; + } + + public void printHelp() { + formatter.printHelp(parent.name + "-" + name + " [OPTIONS...]", options); + } + + public void execute(String[] args) throws Exception { + + Option option = new Option(null, "output", true, "Output file"); + option.setArgName("file"); + options.addOption(option); + + options.addOption(null, "pretty", false, "Pretty print"); + options.addOption(null, "encoded", false, "Base-64 encoded"); + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + + } catch (Exception e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(1); + } + + boolean showPrettyPrint = cmd.hasOption("pretty"); + boolean showEncoded = cmd.hasOption("encoded"); + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length != 1) { + printHelp(); + System.exit(1); + } + + CertId certID = new CertId(cmdArgs[0]); + String file = cmd.getOptionValue("output"); + + CertificateData certData = parent.client.getCert(certID); + + String encoded = certData.getEncoded(); + if (encoded != null && file != null) { + // store cert to file + PrintWriter out = new PrintWriter(new FileWriter(file)); + out.print(encoded); + out.close(); + } + + CertCLI.printCertData(certData, showPrettyPrint, showEncoded); + } +} diff --git a/base/common/src/com/netscape/cms/client/cli/MainCLI.java b/base/common/src/com/netscape/cms/client/cli/MainCLI.java index 4932fb183..55cac0b64 100644 --- a/base/common/src/com/netscape/cms/client/cli/MainCLI.java +++ b/base/common/src/com/netscape/cms/client/cli/MainCLI.java @@ -26,6 +26,7 @@ import org.mozilla.jss.crypto.AlreadyInitializedException; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.util.Password; +import com.netscape.cms.client.cert.CertCLI; import com.netscape.cms.client.group.GroupCLI; import com.netscape.cms.client.user.UserCLI; @@ -48,8 +49,9 @@ public class MainCLI extends CLI { public MainCLI() throws Exception { super("pki", "PKI command-line interface"); - addModule(new UserCLI(this)); + addModule(new CertCLI(this)); addModule(new GroupCLI(this)); + addModule(new UserCLI(this)); } public String getProtocol() { diff --git a/base/common/src/com/netscape/cms/client/group/GroupCLI.java b/base/common/src/com/netscape/cms/client/group/GroupCLI.java index 26e2c7123..7ea449426 100644 --- a/base/common/src/com/netscape/cms/client/group/GroupCLI.java +++ b/base/common/src/com/netscape/cms/client/group/GroupCLI.java @@ -75,6 +75,7 @@ public class GroupCLI extends CLI { public void execute(String[] args) throws Exception { client = new GroupRestClient(parent.url + "/pki", parent.certNickname); + client.setVerbose(verbose); String command = args[0]; String[] commandArgs = Arrays.copyOfRange(args, 1, args.length); diff --git a/base/common/src/com/netscape/cms/client/user/UserCLI.java b/base/common/src/com/netscape/cms/client/user/UserCLI.java index e9c9acd67..0e18d0692 100644 --- a/base/common/src/com/netscape/cms/client/user/UserCLI.java +++ b/base/common/src/com/netscape/cms/client/user/UserCLI.java @@ -76,6 +76,7 @@ public class UserCLI extends CLI { public void execute(String[] args) throws Exception { client = new UserRestClient(parent.url + "/pki", parent.certNickname); + client.setVerbose(verbose); String command = args[0]; String[] commandArgs = Arrays.copyOfRange(args, 1, args.length); diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java index 7f2c75007..ebc851be5 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java @@ -10,12 +10,17 @@ import java.net.UnknownHostException; import java.util.Enumeration; import org.apache.commons.httpclient.ConnectTimeoutException; -import org.apache.http.client.HttpClient; +import org.apache.http.HttpException; +import org.apache.http.HttpRequest; +import org.apache.http.HttpRequestInterceptor; +import org.apache.http.HttpResponse; +import org.apache.http.HttpResponseInterceptor; import org.apache.http.conn.scheme.LayeredSchemeSocketFactory; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.scheme.SchemeSocketFactory; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.params.HttpParams; +import org.apache.http.protocol.HttpContext; import org.jboss.resteasy.client.ClientExecutor; import org.jboss.resteasy.client.ClientResponse; import org.jboss.resteasy.client.ClientResponseFailure; @@ -29,6 +34,8 @@ import org.mozilla.jss.ssl.SSLSocket; public abstract class CMSRestClient { + protected boolean verbose; + protected String clientCertNickname; protected ResteasyProviderFactory providerFactory; protected ClientErrorHandler errorHandler; @@ -53,7 +60,20 @@ public abstract class CMSRestClient { String protocol = uri.getScheme(); int port = uri.getPort(); - HttpClient httpclient = new DefaultHttpClient(); + DefaultHttpClient httpclient = new DefaultHttpClient(); + + httpclient.addRequestInterceptor(new HttpRequestInterceptor() { + public void process(HttpRequest request, HttpContext context) throws HttpException, IOException { + if (verbose) System.out.println("HTTP Request: "+request.getRequestLine()); + } + }); + + httpclient.addResponseInterceptor(new HttpResponseInterceptor() { + public void process(HttpResponse response, HttpContext context) throws HttpException, IOException { + if (verbose) System.out.println("HTTP Response: "+response.getStatusLine()); + } + }); + if (protocol != null && protocol.equals("https")) { Scheme scheme = new Scheme("https", port, new JSSProtocolSocketFactory()); @@ -190,4 +210,12 @@ public abstract class CMSRestClient { return response.getEntity(); } + + public boolean isVerbose() { + return verbose; + } + + public void setVerbose(boolean verbose) { + this.verbose = verbose; + } } diff --git a/base/setup/pki b/base/setup/pki index f4ab1a4fc..a2d5a69d6 100755 --- a/base/setup/pki +++ b/base/setup/pki @@ -73,10 +73,14 @@ if( $ARCHITECTURE eq "i386" ) { $ENV{CLASSPATH} = "/usr/share/java/${PRODUCT}/pki-certsrv.jar:" . "/usr/share/java/${PRODUCT}/pki-cms.jar:" + . "/usr/share/java/${PRODUCT}/pki-nsutil.jar:" . "/usr/share/java/apache-commons-cli.jar:" . "/usr/share/java/apache-commons-lang.jar:" + . "/usr/share/java/apache-commons-logging.jar:" . "/usr/share/java/commons-httpclient.jar:" . "/usr/share/java/httpcomponents/httpclient.jar:" + . "/usr/share/java/httpcomponents/httpcore.jar:" + . "/usr/share/java/jaxb-api.jar:" . "/usr/share/java/resteasy/jaxrs-api.jar:" . "/usr/share/java/resteasy/resteasy-atom-provider.jar:" . "/usr/share/java/resteasy/resteasy-jaxb-provider.jar:" -- cgit