From de177a4ef3cfcd987a478055bbf19da4275b19e6 Mon Sep 17 00:00:00 2001
From: jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>
Date: Thu, 31 Mar 2011 22:58:28 +0000
Subject: Fix Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure
 port throws file not found exception.

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1937 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
---
 .../src/com/netscape/cmstools/CRMFPopClient.java   | 56 ++++++++++------------
 1 file changed, 26 insertions(+), 30 deletions(-)

(limited to 'pki/base/java-tools')

diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java b/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java
index dc9bcb0cb..fafa40991 100644
--- a/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java
+++ b/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java
@@ -36,7 +36,7 @@ import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.crypto.CryptoToken;
 import org.mozilla.jss.crypto.KeyPairGenerator;
 import org.mozilla.jss.crypto.KeyPairAlgorithm;
-//import netscape.security.provider.RSAPublicKey;
+import netscape.security.provider.RSAPublicKey;
 import netscape.security.pkcs.PKCS10;
 //import java.security.Signature;
 import netscape.security.x509.X500Name;
@@ -58,7 +58,7 @@ import com.netscape.cmsutil.util.*;
  * Usage:
  * <pre>
  *     CRMFPopClient  TOKEN_PWD
- *                    Authenticator HOST PORT USER_NAME PASSWORD
+ *                    PROFILE_NAME HOST PORT USER_NAME REQUESTOR_NAME
  *                    POP_OPTION
  *                    SUBJECT_DN [OUTPUT_CERT_REQ]
  *
@@ -75,14 +75,14 @@ import com.netscape.cmsutil.util.*;
  * Examples:
  * <pre>
  *     CRMFPopClient  password123
- *                    nullAuthMgr host.netscape.com 1026 admin netscape
+ *                    caEncUserCert host.example.com 1026 MyUid MyUid
  *                    [POP_SUCCESS or POP_FAIL or POP_NONE]
  *                    CN=MyTest,C=US,UID=MyUid
  *
  *                    ---  or  ---
  *
  *     CRMFPopClient  password123
- *                    nullAuthMgr host.netscape.com 1026 admin netscape
+ *                    caEncUserCert host.example.com 1026 joe joe
  *                    [POP_SUCCESS or POP_FAIL or POP_NONE]
  *                    CN=MyTest,C=US,UID=MyUid OUTPUT_CERT_REQ 
  *
@@ -114,7 +114,7 @@ public class CRMFPopClient
            System.out.println("Usage:");
            System.out.println("");
            System.out.println("    CRMFPopClient TOKEN_PWD");
-           System.out.println("                  Authenticator HOST PORT USER_NAME PASSWORD");
+           System.out.println("                  PROFILE_NAME HOST PORT USER_NAME REQUESTOR_NAME");
            System.out.println("                  POP_OPTION");
            System.out.println("                  SUBJECT_DN  [OUTPUT_CERT_REQ]   \n");
            System.out.println("                  ---  or  ---\n");
@@ -125,12 +125,12 @@ public class CRMFPopClient
            System.out.println("Examples:");
            System.out.println("");
            System.out.println("    CRMFPopClient password123");
-           System.out.println("                  nullAuthMgr host.netscape.com 1026 admin netscape");
+           System.out.println("                  caEncUserCert host.example.com 1026 MyUid MyUid");
            System.out.println("                  [POP_SUCCESS or POP_FAIL or POP_NONE]");
            System.out.println("                  CN=MyTest,C=US,UID=MyUid\n");
            System.out.println("                  ---  or  ---\n");
            System.out.println("    CRMFPopClient password123"); 
-           System.out.println("                  nullAuthMgr host.netscape.com 1026 admin netscape");
+           System.out.println("                  caEncUserCert host.example.com 1026 MyUid myUid");
            System.out.println("                  [POP_SUCCESS or POP_FAIL or POP_NONE]");
            System.out.println("                  CN=MyTest,C=US,UID=MyUid OUTPUT_CERT_REQ\n"); 
            System.out.println("                  ---  or  ---\n");
@@ -181,13 +181,13 @@ public class CRMFPopClient
 
            int argsLen =  getRealArgsLength(args);
 
-          // System.out.println("args length " + argsLen);
+           // System.out.println("args length " + argsLen);
 
 
            System.out.println("\n\nProof Of Possession Utility....");
            System.out.println("");
 
-           if(argsLen == 0 || (argsLen != 8 && argsLen != 9 && argsLen != 4))
+           if(argsLen == 0 || (argsLen != 8 && argsLen != 9 && argsLen !=10 && argsLen != 4))
            {
                 usage();
                 return;
@@ -200,22 +200,21 @@ public class CRMFPopClient
 
            int PORT = 0;
            String USER_NAME = null;
-           String USER_PWORD = null;
-           String AUTHENTICATOR = null;
+           String REQUESTOR_NAME = null;
+           String PROFILE_NAME = null;
  
            String HOST = null; 
            String SUBJ_DN = null;
-
               
            if(argsLen >= 8)
            { 
-               AUTHENTICATOR = args[1];
+               PROFILE_NAME = args[1];
                HOST = args[2];
     
                PORT = Integer.parseInt(args[3]);
 
                USER_NAME = args[4];
-               USER_PWORD = args[5];
+               REQUESTOR_NAME = args[5];
 
                SUBJ_DN = args[7];
 
@@ -232,11 +231,9 @@ public class CRMFPopClient
 
            int doServerHit = 1;
 
-           if(argsLen == 9)  
+           if(argsLen >= 9) { 
                 OUTPUT_CERT_REQ = args[8];
-                     
-
-
+           } 
 
             if(argsLen == 4)
             {
@@ -282,7 +279,7 @@ public class CRMFPopClient
 	    } catch (Exception e) { 
 		// it is ok if it is already initialized 
 		System.out.println("INITIALIZATION ERROR: " + e.toString());
-//		return;
+                //		return;
             }
 
 
@@ -306,7 +303,7 @@ public class CRMFPopClient
 		KeyPairAlgorithm.RSA); 
 		kg.initialize(KEY_LEN);
 
-		String authenticator = AUTHENTICATOR;
+		String profileName = PROFILE_NAME;
 		pair = kg.genKeyPair(); 
 
                 System.out.println("."); //key pair generated");
@@ -372,7 +369,7 @@ public class CRMFPopClient
 		    certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic()));
 		    // set extension
 		    AlgorithmIdentifier algS = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), new OCTET_STRING(iv));
-		    EncryptedValue encValue = new EncryptedValue(null, algS, new BIT_STRING(session_data, 7),null, null,new BIT_STRING(key_data, 7));
+		    EncryptedValue encValue = new EncryptedValue(null, algS, new BIT_STRING(session_data, 0),null, null,new BIT_STRING(key_data, 0));
 		    EncryptedKey key = new EncryptedKey(encValue);
 		    PKIArchiveOptions opt = new PKIArchiveOptions(key);
 		    SEQUENCE seq = new SEQUENCE();
@@ -505,8 +502,7 @@ byte[] b =
 
          		// post PKCS10 
 
-			url = new URL("http://" + HOST + ":" + PORT + "/enrollment?importCert=off&uid="+USER_NAME+"&pwd="+ USER_PWORD+"&authenticator=" + authenticator + "&csrRequestorName=" + USER_PREFIX + 0 + "&CN=testuser&UID=" + USER_PREFIX + 0 + "&SMIME=true&SSLClient=true&ObjectSigning=false&csrRequestorEmail=mail&csrRequestorPhone=1234&csrRequestorComments=hello&CRMFRequest=" + Req + "&submit=Submit&subject=CN%3Dtestuser%2CUID%3D$user%2COU%3DPKI%2CO%3DU.S.Government%2CC%3DUS&certType=client&templateType=DisplayBySerial");
-
+                        url = new URL("http://" + HOST + ":" + PORT + "/ca/ee/ca/profileSubmit?cert_request_type=crmf&cert_request=" + Req + "&renewal=false&uid=" + USER_NAME + "&xmlOutput=false&&profileId=" + profileName + "&sn_uid=" + USER_NAME +"&SubId=profile&requestor_name="+ REQUESTOR_NAME);
 			//System.out.println("Posting " + url);
 
                         System.out.println(""); 
@@ -562,7 +558,7 @@ byte[] b =
 
             int nameLen = x5Name.getNamesLength();
 
-//            System.out.println("x5Name len: " + nameLen);
+            //            System.out.println("x5Name len: " + nameLen);
 
             netscape.security.x509.RDN cur = null;
 
@@ -584,14 +580,14 @@ byte[] b =
                 {
 
                      ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"),  new PrintableString(split[1]))); 
- //                    System.out.println("UID found : " + split[1]);
+                     //                    System.out.println("UID found : " + split[1]);
 
                 }
 
                 if(split[0].equals("C"))
                 {
                      ret.addCountryName(split[1]);
-  //                   System.out.println("C found : " + split[1]);
+                     //                   System.out.println("C found : " + split[1]);
                      continue;
 
                 }
@@ -599,28 +595,28 @@ byte[] b =
                 if(split[0].equals("CN"))
                 {
                      ret.addCommonName(split[1]);
-   //                  System.out.println("CN found : " + split[1]);
+                     //                  System.out.println("CN found : " + split[1]);
                      continue;
                 }
 
                 if(split[0].equals("L"))
                 {
                      ret.addLocalityName(split[1]);
-    //                 System.out.println("L found : " + split[1]);
+                     //                 System.out.println("L found : " + split[1]);
                      continue;
                 }
 
                 if(split[0].equals("O"))
                 {
                      ret.addOrganizationName(split[1]);
-     //                System.out.println("O found : " + split[1]);
+                     //                System.out.println("O found : " + split[1]);
                      continue;
                 }
 
                 if(split[0].equals("ST"))
                 {
                      ret.addStateOrProvinceName(split[1]);
-      //               System.out.println("ST found : " + split[1]);
+                     //               System.out.println("ST found : " + split[1]);
                      continue;
                 }
 
-- 
cgit