/**
* Pull the cert back OUT of the keystore and save it in Base64-encoded X.509 format so the
* clients can get to it.
*
* @param ks path to the keystore
* @param ksPW the keystore password, may be null
* @param alias the name of the key
* @param certFile output
* @return success
* @since 0.8.3 moved from SSLClientListenerRunner in 0.9.9
*/
public static boolean exportCert(File ks, String ksPW, String alias, File certFile) {
InputStream fis = null;
try {
Certificate cert = getCert(ks, ksPW, alias);
if (cert != null) return CertUtil.saveCert(cert, certFile);
} catch (GeneralSecurityException gse) {
error("Error saving ASCII SSL keys", gse);
} catch (IOException ioe) {
error("Error saving ASCII SSL keys", ioe);
}
return false;
}
public void scepCLI() throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyManager km = new KeyManager();
CertUtil certutil = new CertUtil();
KeyPair kp = km.createRSA(params.getKeySize());
X509Certificate cert = certutil.createSelfSignedCertificate(kp, params.getDn());
CertificationRequest request =
certutil.createCertificationRequest(kp, params.getDn(), params.getChallenge());
CallbackHandler handler = new ConsoleCallbackHandler();
URL serverURL = new URL(params.getUrl());
try {
if (params.getCsrFile() != null) {
saveToPEM(params.getCsrFile(), (PKCS10CertificationRequest) request);
}
Client client =
new Client(serverURL, cert, kp.getPrivate(), handler, params.getCaIdentifier());
client.getCaCertificate();
EnrolmentTransaction tx = client.enrol(request);
Transaction.State response = tx.send();
/*
* handle asynchronous response
*/
while (response == Transaction.State.CERT_REQ_PENDING) {
Thread.currentThread().sleep(1000);
System.out.println("CERT_REQ_PENDING, wait 1 second");
response = tx.poll();
}
if (response == Transaction.State.CERT_ISSUED) {
try {
saveToPEM(params.getCrlFile(), (X509CRL) client.getRevocationList());
} catch (Exception e) {
System.err.println("Exception while saving CRL");
}
try {
saveToPEM(params.getKeyFile(), (RSAPrivateCrtKey) kp.getPrivate());
CertStore store = tx.getCertStore();
Collection<? extends Certificate> certs = store.getCertificates(null);
Iterator it = certs.iterator();
while (it.hasNext()) {
X509Certificate certificate = (X509Certificate) it.next();
if (certificate.getBasicConstraints() != -1) {
saveToPEM(params.getCaCertificateFile(), (X509Certificate) certificate);
} else {
saveToPEM(params.getCertificateFile(), (X509Certificate) certificate);
}
}
System.out.println("Certificate issued");
} catch (Exception e) {
System.err.println("Exception while saving files: " + e);
}
} else {
System.err.println("Unknown error" + response);
}
} catch (IOException e) {
if (params.getVerbose()) {
e.printStackTrace();
}
System.err.println(e.getMessage());
if (e.getMessage().contains("400")) {
System.err.println(". Probably a template issue, look at PKI log");
} else if (e.getMessage().contains("404")) {
System.err.println(". Invalid URL or CA identifier");
} else if (e.getMessage().contains("401")) {
System.err.println(". Probably EJBCA invalid entity status");
}
} catch (Exception e) {
System.out.println(e);
}
}