registercommand.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package org.ejbca.core.protocol.xkms.client;

import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;

import javax.xml.bind.JAXBElement;

import org.ejbca.core.protocol.xkms.common.XKMSConstants;
import org.ejbca.core.protocol.xkms.common.XKMSUtil;
import org.ejbca.ui.cli.ErrorAdminCommandException;
import org.ejbca.ui.cli.IAdminCommand;
import org.ejbca.ui.cli.IllegalAdminCommandException;
import org.ejbca.util.CertTools;
import org.ejbca.util.KeyTools;
import org.w3._2000._09.xmldsig_.KeyInfoType;
import org.w3._2000._09.xmldsig_.RSAKeyValueType;
import org.w3._2000._09.xmldsig_.X509DataType;
import org.w3._2002._03.xkms_.KeyBindingType;
import org.w3._2002._03.xkms_.ObjectFactory;
import org.w3._2002._03.xkms_.PrototypeKeyBindingType;
import org.w3._2002._03.xkms_.RegisterRequestType;
import org.w3._2002._03.xkms_.RegisterResultType;
import org.w3._2002._03.xkms_.UseKeyWithType;





/**
 * Performes KRSS registre calls to an web service.
 *
 * @version $Id: RegisterCommand.java,v 1.1.2.1 2007/02/02 09:34:01 anatom Exp $
 * @author Philip Vendil
 */
public class RegisterCommand extends XKMSCLIBaseCommand implements IAdminCommand{

	private ObjectFactory xKMSObjectFactory = new ObjectFactory();
	private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory();
	
	private static final int ARG_DN                 = 1;
	private static final int ARG_PASSWORD           = 2;
	private static final int ARG_REVOCATIONCODEID   = 3;
	private static final int ARG_KEYSIZE            = 4;
	private static final int ARG_ENCODING           = 5;
	private static final int ARG_OUTPUTPATH         = 6;
	    
   
	
    /**
     * Creates a new instance of RaAddUserCommand
     *
     * @param args command line arguments
     */
    public RegisterCommand(String[] args) {
        super(args);
    }

    /**
     * Runs the command
     *
     * @throws IllegalAdminCommandException Error in command args
     * @throws ErrorAdminCommandException Error running command
     */
    public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException {
    	
        try {   
           
            if(args.length < 6 || args.length > 7){
            	usage();
            	System.exit(-1);
            }  
            
            String subjectDN = args[ARG_DN];
            String password = args[ARG_PASSWORD];
            
            String revocationCodeId = args[ARG_REVOCATIONCODEID];
                        
            String encoding = useEncoding(args[ARG_ENCODING]);
            
            int keySize = getKeySize(args[ARG_KEYSIZE]);
            
            
            String outputPath = "";
            if(args.length >= ARG_OUTPUTPATH +1){
            	if(args[ARG_OUTPUTPATH] != null){
            	  outputPath = args[ARG_OUTPUTPATH] + "/";            	            	
            	}
            }

            KeyPair genKeys = null;
            if(keySize != 0){
              genKeys = KeyTools.genKeys(Integer.toString(keySize), "RSA");
            }
            
            String keyBindingId = genId();            
            PrototypeKeyBindingType prototypeKeyBinding = xKMSObjectFactory.createPrototypeKeyBindingType();
            prototypeKeyBinding.setId(keyBindingId);
            UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
            useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
            useKeyWithType.setIdentifier(subjectDN);            
            prototypeKeyBinding.getUseKeyWith().add(useKeyWithType);
            
            if(revocationCodeId != null && !revocationCodeId.equalsIgnoreCase("NULL")){
                byte[] first = XKMSUtil.getSecretKeyFromPassphrase(revocationCodeId, true,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1).getEncoded();
                byte[] second = XKMSUtil.getSecretKeyFromPassphrase(new String(first,"ISO8859-1"), false,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS2).getEncoded();
                prototypeKeyBinding.setRevocationCodeIdentifier(second);
            }
            
            String reqId = genId();
            RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType();
            registerRequestType.setId(reqId);
            registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
            if(keySize == 0){
              registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY);
            }
            registerRequestType.setPrototypeKeyBinding(prototypeKeyBinding);
            
            RegisterResultType registerResultType = null;
            if(genKeys == null){
            	registerResultType = getXKMSInvoker().register(registerRequestType, clientCert, privateKey, password, null, keyBindingId);
            }else{
            	KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
                RSAKeyValueType rsaKeyValueType = sigFactory.createRSAKeyValueType();
                rsaKeyValueType.setExponent(((RSAPublicKey) genKeys.getPublic()).getPublicExponent().toByteArray());
                rsaKeyValueType.setModulus(((RSAPublicKey) genKeys.getPublic()).getModulus().toByteArray());
                JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory.createRSAKeyValue(rsaKeyValueType);
                keyInfoType.getContent().add(rsaKeyValue);
                
                prototypeKeyBinding.setKeyInfo(keyInfoType);
            	
            	registerResultType = getXKMSInvoker().register(registerRequestType, clientCert, privateKey, password, genKeys.getPrivate(), keyBindingId);            	
            }
            
            if(registerResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS) && 
               registerResultType.getResultMinor() == null){
            
                if(registerResultType.getKeyBinding().size() >0){
                	KeyBindingType keyBinding = registerResultType.getKeyBinding().get(0);                	
                	List certs = getCertsFromKeyBinding(keyBinding);
                	  
                	X509Certificate userCert = getUserCert(certs);                	
                	certs.remove(userCert);
                	
                	if(registerResultType.getPrivateKey() != null){
                		PrivateKey serverKey = XKMSUtil.getPrivateKeyFromEncryptedXML(registerResultType.getPrivateKey(), password);
                		createKeyStore(userCert, certs, serverKey,password,encoding,outputPath);
                	}else{
                		createKeyStore(userCert, certs,genKeys.getPrivate(),password,encoding,outputPath);
                	}

                }
   
            }else{
            	displayRequestErrors(registerResultType);
            }
    
        } catch (Exception e) {
            throw new ErrorAdminCommandException(e);
        }
    }

    private X509Certificate getUserCert(Collection certs) {
		X509Certificate retval = null;
		Iterator iter = certs.iterator();
		while(iter.hasNext()){
			X509Certificate next = (X509Certificate) iter.next();
			if(next.getBasicConstraints() == -1){
				retval = next;
				break;
			}
		}
    	
		return retval;
	}

	private void createKeyStore(X509Certificate userCert, List caCerts, PrivateKey privKey, String password, String encoding, String outputPath) throws Exception {
		boolean createJKS = false;
		boolean createPEM = false;
		if(encoding.equals(ENCODING_JKS)){
			createJKS = true;
		}
		if(encoding.equals(ENCODING_PEM)){
			createPEM = true;
		}
		
        String alias = getAlias(userCert);
        
        Certificate[] caChain = new Certificate[caCerts.size()];
        for(int i=0;i<caCerts.size();i++){
        	caChain[i] = (Certificate) caCerts.get(i);
        }
		
        // Store keys and certificates in keystore.
        KeyStore ks = null;

        if (createJKS) {
            ks = KeyTools.createJKS(alias, privKey, password, userCert, caChain);
        } else {
            ks = KeyTools.createP12(alias, privKey,  userCert, caChain);
        }

        storeKeyStore(ks, alias, password, createJKS, createPEM, outputPath);
		
	}

	private String getAlias(X509Certificate userCert) {
        String alias = CertTools.getPartFromDN(CertTools.getSubjectDN(userCert), "CN");
        if (alias == null) alias = "myKey";
		return alias;
	}

	private List getCertsFromKeyBinding(KeyBindingType keyBinding) throws CertificateException {
		ArrayList retval = new ArrayList();
		
		JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyBinding.getKeyInfo().getContent().get(0);		
		Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
		while(iter2.hasNext()){
			JAXBElement next = (JAXBElement) iter2.next();					
			if(next.getName().getLocalPart().equals("X509Certificate")){
			  byte[] encoded = (byte[]) next.getValue();
			  X509Certificate nextCert = CertTools.getCertfromByteArray(encoded);
			  retval.add(nextCert);
			}
		}	
		
		return retval;
	}

	private void displayRequestErrors(RegisterResultType registerResultType) {
		if(registerResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH)){
			getPrintStream().println("Error no user with given subjectDN could be found");
		}else
			if(registerResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION)){
				getPrintStream().println("Error password couldn't be verified");
			}else
				if(registerResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_REFUSED)){
					getPrintStream().println("The user doesn't seem to have the wrong status.");
				}else{
					getPrintStream().println("Error occured during processing : " + registerResultType.getResultMinor());
				}
	}

	private int getKeySize(String keySize) {
		int retval =0;
		try{
		   if(!keySize.equalsIgnoreCase("NOGEN")){
             retval = Integer.parseInt(keySize);
             
             if(retval != 512 && retval != 1024 && retval != 2048 && retval != 4096){
     			getPrintStream().println("Illegal keysize : should be a number of 512, 1024, 2048, 4096 or 'NOGEN': " + keySize);
    			usage();
    			System.exit(-1);   
             }
		   }
		   
		   
		}catch(NumberFormatException e){
			getPrintStream().println("Illegal keysize : should be a number or 'NOGEN': " + keySize);
			usage();
			System.exit(-1);    	
		}
		return retval;
	}

	
	/**
	 * Returns the encoding that the data should be written in
	 * @return
	 */
	private String useEncoding(String arg){
		if(arg.equalsIgnoreCase(ENCODING_PEM)){
			return ENCODING_PEM;
		}
		
		if(arg.equalsIgnoreCase(ENCODING_P12)){
			return ENCODING_P12;
		}
		
		if(arg.equalsIgnoreCase(ENCODING_JKS)){
			return ENCODING_JKS;
		}
		
		getPrintStream().println("Illegal encoding (should be pem, p12 or jks) : " + arg);
        usage();
    	System.exit(-1);
    	return null;
	}


	
	protected void usage() {
		getPrintStream().println("Command used to register for a certificate");
		getPrintStream().println("Usage : register <subjectDN> <password> <revocationCodeIdentifier> <keySize> <pem|p12|jks> <outputpath (optional)> \n\n");
		getPrintStream().println("The revocationCodeIdentifier is a passphrase or 'NULL' if it isn't used.\n");
		getPrintStream().println("keySize of the generated RSA keys, are only used for client generated keys, use 'NOGEN' othervise.\n");
        getPrintStream().println("Use pem, p12 or jks for encoding of the generated keystore.\n");
        getPrintStream().println("Outputpath specifies to which directory to write the keystore to, current directory is used if omitted\n\n");
        getPrintStream().println("Example: register \"CN=Test Testarson,O=someorg\" \"foo123\" \"My passphrase\"  pem");
        getPrintStream().println("Issues a certificate to  to \"CN=Test Testarson,O=someorg\" and writes it in PEM encoding in the current directory");
        
            	        
	}


}