Java tutorial
/* * * Copyright (c) 2013 - 2016 Lijun Liao * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License version 3 * as published by the Free Software Foundation with the addition of the * following permission added to Section 15 as permitted in Section 7(a): * * FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY * THE AUTHOR LIJUN LIAO. LIJUN LIAO DISCLAIMS THE WARRANTY OF NON INFRINGEMENT * OF THIRD PARTY RIGHTS. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * * The interactive user interfaces in modified source and object code versions * of this program must display Appropriate Legal Notices, as required under * Section 5 of the GNU Affero General Public License. * * You can be released from the requirements of the license by purchasing * a commercial license. Buying such a license is mandatory as soon as you * develop commercial activities involving the XiPKI software without * disclosing the source code of your own applications. * * For more information, please contact Lijun Liao at this * address: lijun.liao@gmail.com */ package org.xipki.pki.ca.qa.shell; import java.util.Set; import org.apache.karaf.shell.api.action.Command; import org.apache.karaf.shell.api.action.Completion; import org.apache.karaf.shell.api.action.Option; import org.apache.karaf.shell.api.action.lifecycle.Reference; import org.apache.karaf.shell.api.action.lifecycle.Service; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.pkcs.Attribute; import org.bouncycastle.asn1.pkcs.CertificationRequest; import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.Extensions; import org.xipki.commons.common.qa.ValidationIssue; import org.xipki.commons.common.qa.ValidationResult; import org.xipki.commons.common.util.IoUtil; import org.xipki.commons.console.karaf.CmdFailure; import org.xipki.commons.console.karaf.IllegalCmdParamException; import org.xipki.commons.console.karaf.XipkiCommandSupport; import org.xipki.commons.console.karaf.completer.FilePathCompleter; import org.xipki.pki.ca.qa.QaSystemManager; import org.xipki.pki.ca.qa.X509CertprofileQa; import org.xipki.pki.ca.qa.X509IssuerInfo; import org.xipki.pki.ca.qa.shell.completer.X509IssuerNameCompleter; /** * @author Lijun Liao * @since 2.0.0 */ @Command(scope = "xipki-qa", name = "check-cert", description = "check the certificate") @Service public class CheckCertCmd extends XipkiCommandSupport { @Option(name = "--cert", aliases = "-c", required = true, description = "certificate file\n" + "(required)") @Completion(FilePathCompleter.class) private String certFile; @Option(name = "--issuer", description = "issuer name\n" + "required if multiple issuers are configured") @Completion(X509IssuerNameCompleter.class) private String issuerName; @Option(name = "--csr", required = true, description = "CSR file\n" + "(required)") @Completion(FilePathCompleter.class) private String csrFile; @Option(name = "--profile", aliases = "-p", required = true, description = "certificate profile\n" + "(required)") @Completion(X509IssuerNameCompleter.class) private String profileName; @Option(name = "--verbose", aliases = "-v", description = "show status verbosely") private Boolean verbose = Boolean.FALSE; @Reference private QaSystemManager qaSystemManager; @Override protected Object doExecute() throws Exception { Set<String> issuerNames = qaSystemManager.getIssuerNames(); if (isEmpty(issuerNames)) { throw new IllegalCmdParamException("no issuer is configured"); } if (issuerName == null) { if (issuerNames.size() != 1) { throw new IllegalCmdParamException("no issuer is specified"); } issuerName = issuerNames.iterator().next(); } if (!issuerNames.contains(issuerName)) { throw new IllegalCmdParamException( "issuer " + issuerName + " is not within the configured issuers " + issuerNames); } X509IssuerInfo issuerInfo = qaSystemManager.getIssuer(issuerName); X509CertprofileQa qa = qaSystemManager.getCertprofile(profileName); if (qa == null) { throw new IllegalCmdParamException("found no certificate profile named '" + profileName + "'"); } CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile)); Extensions extensions = null; CertificationRequestInfo reqInfo = csr.getCertificationRequestInfo(); ASN1Set attrs = reqInfo.getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) { extensions = Extensions.getInstance(attr.getAttributeValues()[0]); } } byte[] certBytes = IoUtil.read(certFile); ValidationResult result = qa.checkCert(certBytes, issuerInfo, reqInfo.getSubject(), reqInfo.getSubjectPublicKeyInfo(), extensions); StringBuilder sb = new StringBuilder(); sb.append(certFile).append(" (certprofile ").append(profileName).append(")\n"); sb.append("\tcertificate is "); sb.append(result.isAllSuccessful() ? "valid" : "invalid"); if (verbose.booleanValue()) { for (ValidationIssue issue : result.getValidationIssues()) { sb.append("\n"); format(issue, " ", sb); } } println(sb.toString()); if (!result.isAllSuccessful()) { throw new CmdFailure("certificate is invalid"); } return null; } // method doExecute private static void format(final ValidationIssue issue, final String prefix, final StringBuilder sb) { sb.append(prefix).append(issue.getCode()); sb.append(", ").append(issue.getDescription()); sb.append(", ").append(issue.isFailed() ? "failed" : "successful"); if (issue.getFailureMessage() != null) { sb.append(", ").append(issue.getFailureMessage()); } } }