📄 xkmsclibasecommand.java
字号:
package org.ejbca.core.protocol.xkms.client;import java.io.BufferedInputStream;import java.io.BufferedReader;import java.io.FileInputStream;import java.io.FileNotFoundException;import java.io.FileOutputStream;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintStream;import java.math.BigInteger;import java.security.Key;import java.security.KeyStore;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.NoSuchProviderException;import java.security.SecureRandom;import java.security.UnrecoverableKeyException;import java.security.cert.Certificate;import java.security.cert.CertificateException;import java.security.cert.X509Certificate;import java.util.ArrayList;import java.util.Collection;import java.util.Date;import java.util.Iterator;import java.util.List;import java.util.Properties;import java.util.Random;import org.ejbca.core.model.ca.crl.RevokedCertInfo;import org.ejbca.core.protocol.xkms.common.XKMSConstants;import org.ejbca.util.CertTools;import org.ejbca.util.P12toPEM;import org.w3._2002._03.xkms_.KeyBindingType;import org.w3._2002._03.xkms_.StatusType;import org.w3._2002._03.xkms_.UnverifiedKeyBindingType;import org.w3._2002._03.xkms_.UseKeyWithType;/** * Base class inherited by all XKMS cli commands. * Checks the property file and creates a webservice connection. * * @author Philip Vendil * $Id: XKMSCLIBaseCommand.java,v 1.2.2.1 2007/05/22 12:50:45 anatom Exp $ */public abstract class XKMSCLIBaseCommand { protected String[] args = null; private XKMSInvoker xkms = null; private Properties props = null; private String password = null; protected X509Certificate clientCert = null; protected Key privateKey = null; private Collection catrustlist = null; protected static final String[] REASON_TEXTS ={"NOT REVOKED","UNSPECIFIED","KEYCOMPROMISE","CACOMPROMISE", "AFFILIATIONCHANGED","SUPERSEDED","CESSATIONOFOPERATION", "CERTIFICATEHOLD","REMOVEFROMCRL","PRIVILEGESWITHDRAWN", "AACOMPROMISE"}; protected static final String RESPONDWITH_X509CERT = "X509CERT"; protected static final String RESPONDWITH_X509CHAIN = "X509CHAIN"; protected static final String RESPONDWITH_X509CHAINANDCRL = "X509CHAINANDCRL"; protected static final String ENCODING_PEM = "pem"; protected static final String ENCODING_DER = "der"; protected static final String ENCODING_P12 = "p12"; protected static final String ENCODING_JKS = "jks"; protected static final String KEYUSAGE_ALL = "ALL"; protected static final String KEYUSAGE_SIGNATURE = "SIGNATURE"; protected static final String KEYUSAGE_ENCRYPTION = "ENCRYPTION"; protected static final String KEYUSAGE_EXCHANGE = "EXCHANGE"; protected static final String QUERYTYPE_CERT = "CERT"; protected static final String QUERYTYPE_SMIME = "SMIME"; protected static final String QUERYTYPE_TLS = "TLS"; protected static final String QUERYTYPE_TLSHTTP = "TLSHTTP"; protected static final String QUERYTYPE_TLSSMTP = "TLSSMTP"; protected static final String QUERYTYPE_IPSEC = "IPSEC"; protected static final String QUERYTYPE_PKIX = "PKIX"; public static final int NOT_REVOKED = RevokedCertInfo.NOT_REVOKED; public static final int REVOKATION_REASON_UNSPECIFIED = RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED; public static final int REVOKATION_REASON_KEYCOMPROMISE = RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE; public static final int REVOKATION_REASON_CACOMPROMISE = RevokedCertInfo.REVOKATION_REASON_CACOMPROMISE; public static final int REVOKATION_REASON_AFFILIATIONCHANGED = RevokedCertInfo.REVOKATION_REASON_AFFILIATIONCHANGED; public static final int REVOKATION_REASON_SUPERSEDED = RevokedCertInfo.REVOKATION_REASON_SUPERSEDED; public static final int REVOKATION_REASON_CESSATIONOFOPERATION = RevokedCertInfo.REVOKATION_REASON_CESSATIONOFOPERATION; public static final int REVOKATION_REASON_CERTIFICATEHOLD = RevokedCertInfo.REVOKATION_REASON_CERTIFICATEHOLD; public static final int REVOKATION_REASON_REMOVEFROMCRL = RevokedCertInfo.REVOKATION_REASON_REMOVEFROMCRL; public static final int REVOKATION_REASON_PRIVILEGESWITHDRAWN = RevokedCertInfo.REVOKATION_REASON_PRIVILEGESWITHDRAWN; public static final int REVOKATION_REASON_AACOMPROMISE = RevokedCertInfo.REVOKATION_REASON_AACOMPROMISE; protected static final int[] REASON_VALUES = {NOT_REVOKED,REVOKATION_REASON_UNSPECIFIED, REVOKATION_REASON_KEYCOMPROMISE, REVOKATION_REASON_CACOMPROMISE, REVOKATION_REASON_AFFILIATIONCHANGED, REVOKATION_REASON_SUPERSEDED, REVOKATION_REASON_CESSATIONOFOPERATION, REVOKATION_REASON_CERTIFICATEHOLD, REVOKATION_REASON_REMOVEFROMCRL, REVOKATION_REASON_PRIVILEGESWITHDRAWN, REVOKATION_REASON_AACOMPROMISE}; XKMSCLIBaseCommand(String[] args){ CertTools.installBCProvider(); this.args = args; } /** * Method creating a connection to the webservice * using the information stored in the property files. * @throws IOException * @throws FileNotFoundException */ protected XKMSInvoker getXKMSInvoker() throws FileNotFoundException, IOException{ if(xkms == null){ if(getKeyStorePath()!=null){ try{ KeyStore clientKeyStore = KeyStore.getInstance("JKS"); clientKeyStore.load(new FileInputStream(getKeyStorePath()), getKeyStorePassword().toCharArray()); if(getKeyStoreAlias() == null){ throw new IOException("Error no alias specified in the property file"); } String alias = getKeyStoreAlias(); clientCert = (java.security.cert.X509Certificate)clientKeyStore.getCertificate(alias); privateKey = clientKeyStore.getKey(alias,"foo123".toCharArray()); Certificate[] trustedcerts = clientKeyStore.getCertificateChain(alias); catrustlist = new ArrayList(); for(int i=0;i<trustedcerts.length;i++ ){ if(((X509Certificate)trustedcerts[i]).getBasicConstraints() != -1){ catrustlist.add(trustedcerts[i]); } } }catch(Exception e){ throw new IOException("Error reading client keystore " + e.getMessage()); } } xkms = new XKMSInvoker(getWebServiceURL(),catrustlist); } return xkms; } private String getKeyStorePassword() throws FileNotFoundException, IOException { if(password == null){ if(getProperties().getProperty("xkmscli.keystore.password") == null){ BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); System.out.print("Enter keystore password :"); password = reader.readLine(); }else{ password = getProperties().getProperty("xkmscli.keystore.password"); } } return password; } private String getKeyStorePath() throws FileNotFoundException, IOException { return getProperties().getProperty("xkmscli.keystore.path"); } private String getKeyStoreAlias() throws FileNotFoundException, IOException { return getProperties().getProperty("xkmscli.keystore.alias"); } private String getWebServiceURL() throws FileNotFoundException, IOException { return getProperties().getProperty("xkmscli.url", "http://localhost:8080/ejbca/xkms/xkms"); } private Properties getProperties() throws FileNotFoundException, IOException { if(props == null){ props = new Properties(); try { props.load(new FileInputStream("xkmscli.properties")); } catch (FileNotFoundException e) { // Try in parent directory props.load(new FileInputStream("../xkmscli.properties")); } } return props; } protected PrintStream getPrintStream(){ return System.out; } protected int getRevokeReason(String reason) throws Exception{ for(int i=0;i<REASON_TEXTS.length;i++){ if(REASON_TEXTS[i].equalsIgnoreCase(reason)){ return REASON_VALUES[i]; } } getPrintStream().println("Error : Unsupported reason " + reason); usage(); System.exit(-1); return 0; } protected String genId() throws NoSuchAlgorithmException { BigInteger serno = null; Random random = SecureRandom.getInstance("SHA1PRNG"); long seed = Math.abs((new Date().getTime()) + this.hashCode()); random.setSeed(seed); try { byte[] sernobytes = new byte[8];⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -