locatecommand.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

		while(iter.hasNext()){
			Object obj = iter.next();
			if(obj instanceof JAXBElement){
				JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) obj; 
				Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
				while(iter2.hasNext()){
					JAXBElement next2 = (JAXBElement) iter2.next();					
					String filename = "";
					if(next2.getName().getLocalPart().equals("X509Certificate")){
						byte[] encoded = (byte[]) next2.getValue();
						X509Certificate nextCert = CertTools.getCertfromByteArray(encoded);
						getPrintStream().println("  Found certificate with DN " + CertTools.getSubjectDN(nextCert) + " issued by " + CertTools.getIssuerDN(nextCert));

						if(pEMEncoding){
							filename = outputPath + CertTools.getPartFromDN(CertTools.getSubjectDN(nextCert), "CN") + ".pem";
							FileOutputStream fos = new FileOutputStream(filename);
							ArrayList certs = new ArrayList();
							certs.add(nextCert);
							byte[] pemData = CertTools.getPEMFromCerts(certs);
							fos.write(pemData);
							fos.close();					  
						}else{
							filename = outputPath + CertTools.getPartFromDN(CertTools.getSubjectDN(nextCert), "CN") + ".cer";
							FileOutputStream fos = new FileOutputStream(filename);
							fos.write(nextCert.getEncoded());
							fos.close();
						}  				  
					}
					if(next2.getName().getLocalPart().equals("X509CRL")){					
						byte[] encoded = (byte[]) next2.getValue();
						X509CRL nextCRL = CertTools.getCRLfromByteArray(encoded);

						getPrintStream().println("  Found CRLissued by " + CertTools.getIssuerDN(nextCRL));
						if(pEMEncoding){
							filename = outputPath  + CertTools.getPartFromDN(CertTools.getIssuerDN(nextCRL), "CN") + "-crl.pem";
							FileOutputStream fos = new FileOutputStream(filename);
							fos.write("-----BEGIN X509 CRL-----\n".getBytes());
							fos.write(Base64.encode(nextCRL.getEncoded(), true));
							fos.write("\n-----END X509 CRL-----\n".getBytes());						
							fos.close();					  
						}else{
							filename = outputPath  + CertTools.getPartFromDN(CertTools.getIssuerDN(nextCRL), "CN") + ".crl";
							FileOutputStream fos = new FileOutputStream(filename);
							fos.write(nextCRL.getEncoded());
							fos.close();
						}
					}
					getPrintStream().println("  Written to : " + filename + "\n");
				}

				// Display use key with
				displayUseKeyWith(next);

				// Display key usage
				displayKeyUsage(next);
			}
		}		
	}



	/**
     * Returns tru if 'validation' is set
     * @param arg
     */
    private boolean getValidate(String arg) {
		if(arg.equalsIgnoreCase(VALIDATION_VALIDATE)){
			return true;
		}
		
		if(arg.equalsIgnoreCase(VALIDATION_NOVALIDATION)){
			return false;
		}
		
		getPrintStream().println("Illegal validation flag " + arg);
        usage();
    	System.exit(-1);
		return false;
	}

	/**
     * Returns the query usekeywith type or null
     * if it is a certificate query
     * @param arg
     */
    private String getQueryType(String arg) {
        if(arg.equalsIgnoreCase(QUERYTYPE_CERT)){
        	return null;
        }
        
        if(arg.equalsIgnoreCase(QUERYTYPE_IPSEC)){
        	return XKMSConstants.USEKEYWITH_IPSEC;
        }
        
        if(arg.equalsIgnoreCase(QUERYTYPE_PKIX)){
        	return XKMSConstants.USEKEYWITH_PKIX;
        }
        
        if(arg.equalsIgnoreCase(QUERYTYPE_SMIME)){
        	return XKMSConstants.USEKEYWITH_SMIME;
        }
        
        if(arg.equalsIgnoreCase(QUERYTYPE_TLS)){
        	return XKMSConstants.USEKEYWITH_TLS;
        }
        
        if(arg.equalsIgnoreCase(QUERYTYPE_TLSHTTP)){
        	return XKMSConstants.USEKEYWITH_TLSHTTP;
        }

        if(arg.equalsIgnoreCase(QUERYTYPE_TLSSMTP)){
        	return XKMSConstants.USEKEYWITH_TLSSMTP;
        }
        
		getPrintStream().println("Illegal query type " + arg);
        usage();
    	System.exit(-1);
		return null;
	}

	/**
     * Mthod returning the keyUsage tag or null if all i acceptable
     * @param keyusage from args
     * @return
     */
	private String getKeyUsage(String arg) {
		if(arg.equalsIgnoreCase(KEYUSAGE_ALL)){
			return null;
		}
		if(arg.equalsIgnoreCase(KEYUSAGE_SIGNATURE)){
			return XKMSConstants.KEYUSAGE_SIGNATURE;
		}
		if(arg.equalsIgnoreCase(KEYUSAGE_ENCRYPTION)){
			return XKMSConstants.KEYUSAGE_ENCRYPTION;
		}
		if(arg.equalsIgnoreCase(KEYUSAGE_EXCHANGE)){
			return XKMSConstants.KEYUSAGE_EXCHANGE;
		}		
			
		getPrintStream().println("Illegal key usage " + arg);
        usage();
    	System.exit(-1);
		return null;
	}
	
	
	/**
	 * Returns true if encoding is PEM othervise DER
	 * @return
	 */
	private boolean usePEMEncoding(String arg){
		if(arg.equalsIgnoreCase(ENCODING_PEM)){
			return true;
		}

		if(arg.equalsIgnoreCase(ENCODING_DER)){
			return false;
		}
		
		getPrintStream().println("Illegal encoding (should be pem or der) : " + arg);
        usage();
    	System.exit(-1);
    	return false;
	}

	
	protected void usage() {
		getPrintStream().println("Command used to locate and optionaly validate a certificate");
		getPrintStream().println("Usage : locate <querytype> <queryvalue> <keyusage> <respondwith> <validate|novalidation> <der|pem> <outputpath (optional)> \n\n");
        getPrintStream().println("Querytypes are:");
        getPrintStream().println(" CERT     : Use a existing certificate from file, queryvalue should be path to certificate.\n"
        		                +" SMIME    : Lookup by the RFC882 Name of certificate\n"
        		                +" TLS      : Lookup by the URI in the certificate\n"
        		                +" TLSHTTP  : Lookup by the CN in the certificate\n"
        		                +" TSLSMTP  : Lookup by the DNS Name of the certificate\n"
        		                +" IPSEC    : Lookup by the IP address of the certificate\n"
        		                +" PKIX     : Lookup by the SubjectDN of the certificate\n");
        getPrintStream().println("Available Keyusages are:");
        getPrintStream().println(" ALL        : Any key usage will do\n"
                                +" SIGNATURE  : Return certificate that can be used for signing\n"
                                +" ENCRYPTION : Return certificate that can be used for encryption\n"
                                +" EXCHANGE   : Return certificate that can be used for exchange\n");
        getPrintStream().println("Available Respond With values are:");                
        getPrintStream().println(" X509CERT        : Respond with the certificate.\n"
                                +" X509CHAIN       : Respond with the entire certificate chain\n"
                                +" X509CHAINANDCRL : Respond with the chain and CRL\n");
        getPrintStream().println("Use 'validate' if you want the status of the certificate, othervise use 'novalidation'.\n");
        getPrintStream().println("Use 'pem' or 'der' depending on prefered encoding.\n");
        getPrintStream().println("Outputpath specifies to which directory to write certificate and CRLs, current directory is used if omitted\n\n");
        getPrintStream().println("Example: locate TLSHTTP \"John Doe\" SIGNATURE X509CERT validation pem");
        getPrintStream().println("Returns the signing certificate belonging to CN=John Doe and specifies if it is valid to the current directory");
        
            	        
	}


}