camakereqcommand.java

一套JAVA的CA证书签发系统.

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package se.anatom.ejbca.admin;

import java.io.*;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Collection;

import se.anatom.ejbca.util.CertTools;
import se.anatom.ejbca.util.KeyTools;


/**
 * Generates keys and creates a keystore (PKCS12) to be used by the CA.
 *
 * @version $Id: CaMakeReqCommand.java,v 1.10 2004/04/16 07:38:57 anatom Exp $
 */
public class CaMakeReqCommand extends BaseCaAdminCommand {
    /**
     * Creates a new instance of CaMakeReqCommand
     *
     * @param args command line arguments
     */
    public CaMakeReqCommand(String[] args) {
        super(args);
    }

    /**
     * Runs the command
     *
     * @throws IllegalAdminCommandException Error in command args
     * @throws ErrorAdminCommandException Error running command
     */
    public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException {

        if (args.length < 7) {
            String msg = "Usage: CA makereq <DN> <keysize> <rootca-certificate> <request-file> <keystore-file> <storepassword>";
            msg += "\nGenerates a certification request for a subCA for sending to a RootCA.";
            msg += "\nrootca-certificates is a file with one or more PEM-certificates, ordered so the RootCA is last.";
            throw new IllegalAdminCommandException(msg);
        }

        String dn = args[1];
        int keysize = Integer.parseInt(args[2]);
        String rootfile = args[3];
        String reqfile = args[4];
        String ksfile = args[5];
        String storepwd = args[6];


        
        System.out.println("Generating cert request (and keystore):");
        System.out.println("DN: " + dn);
        System.out.println("Keysize: " + keysize);
        System.out.println("RootCA cert file: " + rootfile);
        System.out.println("Storing CertificationRequest in: " + reqfile);
        System.out.println("Storing KeyStore in: " + ksfile);
        System.out.println("Protected with storepassword: " + storepwd);

        try {
            // Read in RootCA certificate
            Collection rootcerts = CertTools.getCertsFromPEM(new FileInputStream(rootfile));

            // Generate keys
            System.out.println("Generating keys, please wait...");

            KeyPair rsaKeys = KeyTools.genKeys(keysize);

            // Create selfsigned cert...
            X509Certificate selfcert = CertTools.genSelfCert(dn, 365, null, rsaKeys.getPrivate(), rsaKeys.getPublic(), true);

            // Create certificate request
            makeCertRequest(dn, rsaKeys, reqfile);

            // Create keyStore
            KeyStore ks = KeyTools.createP12(privKeyAlias, rsaKeys.getPrivate(), selfcert, rootcerts);

            FileOutputStream os = new FileOutputStream(ksfile);
            ks.store(os, storepwd.toCharArray());
            System.out.println("Keystore '"+ksfile+"' generated successfully.");
         
        } catch (Exception e) {
            throw new ErrorAdminCommandException(e);
        }
    } // execute


    // execute
}