📄 importcert.java
字号:
/* * Copyright (c) 2001 Sun Microsystems, Inc. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Sun Microsystems, Inc. for Project JXTA." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact Project JXTA at http://www.jxta.org. * * 5. Products derived from this software may not be called "JXTA", * nor may "JXTA" appear in their name, without prior written * permission of Sun. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL SUN MICROSYSTEMS OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of Project JXTA. For more * information on Project JXTA, please see * <http://www.jxta.org/>. * * This license is based on the BSD license adopted by the Apache Foundation. * * $Id: importcert.java,v 1.8 2005/09/15 16:26:39 bondolo Exp $ */package net.jxta.impl.shell.bin.pse;import java.io.ByteArrayInputStream;import java.net.URI;import java.security.cert.X509Certificate;import java.util.Arrays;import java.util.Enumeration;import java.util.Iterator;import java.io.IOException;import java.net.URISyntaxException;import java.security.KeyStoreException;import java.security.cert.CertificateEncodingException;import net.jxta.document.Attributable;import net.jxta.document.Element;import net.jxta.document.StructuredDocument;import net.jxta.id.ID;import net.jxta.id.IDFactory;import net.jxta.membership.MembershipService;import net.jxta.peergroup.PeerGroup;import net.jxta.protocol.ModuleImplAdvertisement;import net.jxta.protocol.PeerAdvertisement;import net.jxta.impl.membership.pse.PSEMembershipService;import net.jxta.impl.protocol.Certificate;import net.jxta.impl.shell.GetOpt;import net.jxta.impl.shell.ShellApp;import net.jxta.impl.shell.ShellEnv;import net.jxta.impl.shell.ShellObject;/** * Imports a trusted certificate chain. **/public class importcert extends ShellApp { /** * {@inheritDoc} **/ public int startApp(String[] argv ) { ShellEnv env = getEnv(); PeerGroup current = (PeerGroup) env.get("stdgroup").getObject(); String createID; ID createid; boolean trimChain = false; MembershipService membership = getGroup().getMembershipService(); if( !(membership instanceof PSEMembershipService) ) { ModuleImplAdvertisement mia = (ModuleImplAdvertisement) membership.getImplAdvertisement(); consoleMessage( "Group membership service is not PSE. (" + mia.getDescription() + ")" ); return ShellApp.appMiscError; } PSEMembershipService pse = (PSEMembershipService) membership; if( null == pse.getDefaultCredential() ) { consoleMessage( "Key store has not been opened." ); return ShellApp.appMiscError; } GetOpt options = new GetOpt( argv, 0, "t" ); while( true ) { int option; try { option = options.getNextOption(); } catch( IllegalArgumentException badopt ) { consoleMessage( "Illegal argument :" + badopt ); return syntaxError(); } if( -1 == option ) { break; } switch( option ) { case 't' : trimChain = true; break; default : consoleMessage( "Unrecognized option" ); return syntaxError(); } } createID = options.getNextParameter(); if ( null == createID ) { consoleMessage( "Missing <id> or <peerAdv> parameter" ); return syntaxError(); } Certificate cert_msg; ShellObject envObj = env.get( createID ); if( null != envObj ) { // we will assume its a peer adv if( PeerAdvertisement.class.isAssignableFrom( envObj.getObjectClass() ) ) { PeerAdvertisement pa = (PeerAdvertisement) envObj.getObject(); createid = pa.getPeerID(); StructuredDocument rootParams = pa.getServiceParam( PeerGroup.peerGroupClassID ); if( null == rootParams ) { consoleMessage( "'" + createID + "' does not contain group parameters" ); return ShellApp.appMiscError; } Enumeration eachRoot = rootParams.getChildren( "RootCert" ); if( !eachRoot.hasMoreElements() ) { consoleMessage( "'" + createID + "' does not contain group parameters" ); return ShellApp.appMiscError; } Element root = (Element) eachRoot.nextElement(); if( root instanceof Attributable) { // XXX 20040719 bondolo Backwards compatibility hack. Adds type so cert chain is recognized. ((Attributable)root).addAttribute( "type", Certificate.getMessageType() ); } cert_msg = new Certificate( root ); } else { consoleMessage( "'" + createID + "' is not a PeerAdvertisement" ); return syntaxError(); } } else { String certEnvName = options.getNextParameter(); if ( null == certEnvName ) { consoleMessage( "Missing <cert> parameter" ); return syntaxError(); } try { URI idURI = new URI( createID ); createid = IDFactory.fromURI( idURI ); } catch (URISyntaxException badID ) { printStackTrace( "Bad ID", badID ); return ShellApp.appMiscError; } ShellObject certEnv = env.get( certEnvName ); if( null == certEnv ) { consoleMessage( "Issuer environment variable '" + certEnvName + "' not found." ); return ShellApp.appMiscError; } if( !StructuredDocument.class.isAssignableFrom( certEnv.getObjectClass() ) ) { consoleMessage( "'" + certEnvName + "' is not a certificate." ); return ShellApp.appMiscError; } cert_msg = new Certificate( (Element) certEnv.getObject()); } if ( null != options.getNextParameter() ) { consoleMessage( "Unsupported parameter" ); return syntaxError(); } try { Iterator sourceChain = Arrays.asList( cert_msg.getCertificates() ).iterator(); int imported = 0; X509Certificate aCert = (X509Certificate) sourceChain.next(); do { if( null != pse.getPSEConfig().getTrustedCertificateID( aCert ) ) { break; } pse.getPSEConfig().erase( createid ); pse.getPSEConfig().setTrustedCertificate( createid, aCert ); imported++; // create a codat id for the next certificate in the chain. aCert = null; if( sourceChain.hasNext() ) { aCert = (X509Certificate) sourceChain.next(); if( trimChain ) { if( null != pse.getPSEConfig().getTrustedCertificateID( aCert ) ) { // it's already in the pse, time to bail! break; } } byte [] der = aCert.getEncoded(); createid = IDFactory.newCodatID( current.getPeerGroupID(), new ByteArrayInputStream(der) ); } } while( null != aCert ); consoleMessage( "Imported " + imported + " certificates. " ); } catch( CertificateEncodingException failure ) { printStackTrace( "Bad certifiacte.", failure ); return ShellApp.appMiscError; } catch( KeyStoreException failure ) { printStackTrace( "KeyStore failure while importing certificate.", failure ); return ShellApp.appMiscError; } catch( IOException failure ) { printStackTrace( "IO failure while importing certificate.", failure ); return ShellApp.appMiscError; } return ShellApp.appNoError; } private int syntaxError() { consoleMessage( "Usage: pse.importcert [-t] [<id> <cert> | <peerAdv>]" ); return ShellApp.appParamError; } /** * {@inheritDoc} **/ public String getDescription() { return "Imports a trusted certificate chain."; } /** * {@inheritDoc} **/ public void help() { println("NAME"); println(" pse.importcert - " + getDescription() ); println(" "); println("SYNOPSIS"); println(" "); println(" pse.importcert [-t] [<id> <cert> | <peerAdv>]"); println(" "); println(" <id> ID under which the certificate chain will be " ); println(" stored in the PSE key store." ); println(" <cert> The certificate chain to be imported. " ); println(" <peerAdv> The PeerAdvertisement who's certificate will be" ); println(" trusted." ); println(" "); println("OPTIONS"); println(" [-t] Trim the certificate chain at the first certificate" ); println(" already present in the PSE." ); println(" "); println("DESCRIPTION"); println(" "); println("Import a trusted certificate or certificate chain into the PSE."); println(" "); println("EXAMPLE"); println(" "); println(" JXTA> pse.importcert urn:jxta:uuid-59616261646162614A78746150325033CACD56AE273E448CB25E8DA42C2BD46903 cert"); println(" "); println("This example imports a certificate from 'cert'. The certificate " ); println("chain in 'cert' will be stored under the id provided." ); println(" "); println("SEE ALSO"); println(" pse.certs pse.keys pse.erase pse.createkey pse.newcsr pse.signcsr"); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -