コード例 #1
0
 private void createCertificate(int certificateProfileId) throws Exception {
   KeyPair keys = KeyTools.genKeys("1024", "RSA");
   cert =
       (X509Certificate)
           signSession.createCertificate(
               admin,
               USERNAME,
               PASSWORD,
               new PublicKeyWrapper(keys.getPublic()),
               -1,
               null,
               null,
               certificateProfileId,
               SecConst.CAID_USEUSERDEFINED);
   certificatesToRemove.add(cert);
   fingerprint = CertTools.getFingerprintAsString(cert);
   X509Certificate ce =
       (X509Certificate) certificateStoreSession.findCertificateByFingerprint(fingerprint);
   if (ce == null) {
     throw new Exception("Cannot find certificate with fp=" + fingerprint);
   }
   info = certificateStoreSession.getCertificateInfo(fingerprint);
   if (!fingerprint.equals(info.getFingerprint())) {
     throw new Exception("fingerprint does not match.");
   }
   if (!cert.getSerialNumber().equals(info.getSerialNumber())) {
     throw new Exception("serialnumber does not match.");
   }
   if (!CertTools.getIssuerDN(cert).equals(info.getIssuerDN())) {
     throw new Exception("issuerdn does not match.");
   }
   if (!CertTools.getSubjectDN(cert).equals(info.getSubjectDN())) {
     throw new Exception("subjectdn does not match.");
   }
   // The cert was just stored above with status INACTIVE
   if (!(CertificateConstants.CERT_ACTIVE == info.getStatus())) {
     throw new Exception("status does not match.");
   }
 }
コード例 #2
0
  @Override
  public CommandResult execute(ParameterContainer parameters) {

    final String issuerDNStr = parameters.get(DN_KEY);
    final String issuerDN = CertTools.stringToBCDNString(issuerDNStr);
    final String certserno = parameters.get(SERIAL_NUMBER_KEY);
    final BigInteger serno;
    try {
      serno = new BigInteger(certserno, 16);
    } catch (NumberFormatException e) {
      log.error("ERROR: Invalid hexadecimal certificate serial number string: " + certserno);
      return CommandResult.FUNCTIONAL_FAILURE;
    }
    int reason;
    try {
      reason = Integer.parseInt(parameters.get(REASON_KEY));
    } catch (NumberFormatException e) {
      log.error("ERROR: " + parameters.get(REASON_KEY) + " was not a number.");
      return CommandResult.FUNCTIONAL_FAILURE;
    }
    if ((reason == 7) || (reason < 0) || (reason > 10)) {
      getLogger().error("ERROR: Reason must be an integer between 0 and 10 except 7.");
      return CommandResult.FUNCTIONAL_FAILURE;
    } else {
      Certificate cert =
          EjbRemoteHelper.INSTANCE
              .getRemoteSession(CertificateStoreSessionRemote.class)
              .findCertificateByIssuerAndSerno(issuerDN, serno);
      if (cert != null) {
        getLogger().info("Found certificate:");
        getLogger().info("Subject DN=" + CertTools.getSubjectDN(cert));
        // We need the user this cert is connected with
        // Revoke or unrevoke, will throw appropriate exceptions if parameters are wrong, such as
        // trying to unrevoke a certificate
        // that was permanently revoked
        try {
          try {
            EjbRemoteHelper.INSTANCE
                .getRemoteSession(EndEntityManagementSessionRemote.class)
                .revokeCert(getAuthenticationToken(), serno, issuerDN, reason);
          } catch (ApprovalException e) {
            log.error(e.getMessage(), e);
            return CommandResult.FUNCTIONAL_FAILURE;
          } catch (AuthorizationDeniedException e) {
            log.error("ERROR: CLI user not authorized to revoke certificate.");
            return CommandResult.FUNCTIONAL_FAILURE;
          } catch (FinderException e) {
            log.error("ERROR: " + e.getMessage());
            return CommandResult.FUNCTIONAL_FAILURE;
          } catch (WaitingForApprovalException e) {
            log.error("ERROR: " + e.getMessage());
            return CommandResult.FUNCTIONAL_FAILURE;
          }
          getLogger()
              .info(
                  (reason == 8 ? "Unrevoked" : "Revoked")
                      + " certificate with issuerDN '"
                      + issuerDN
                      + "' and serialNumber "
                      + certserno
                      + ". Revocation reason="
                      + reason);
        } catch (AlreadyRevokedException e) {
          if (reason == 8) {
            getLogger()
                .info(
                    "Certificate with issuerDN '"
                        + issuerDN
                        + "' and serialNumber "
                        + certserno
                        + " is not revoked, nothing was done.");
          } else {
            getLogger()
                .info(
                    "Certificate with issuerDN '"
                        + issuerDN
                        + "' and serialNumber "
                        + certserno
                        + " is already revoked, nothing was done.");
          }
          getLogger().info(e.getMessage());
        }
      } else {
        getLogger()
            .info(
                "No certificate found with issuerDN '"
                    + issuerDN
                    + "' and serialNumber "
                    + certserno);
      }
    }
    return CommandResult.SUCCESS;
  }