public static void main(String args[]) {
boolean dryrun = false;
boolean error = false;
boolean debug = false;
File file = null;
for (int i = 0; i < args.length; i++) {
if (args[i].equalsIgnoreCase("-dryrun")) {
dryrun = true;
} else if (args[i].equalsIgnoreCase("-help") || args[i].equalsIgnoreCase("-usage")) {
System.err.println(message);
System.exit(1);
} else {
file = new File(args[i]);
if (dryrun) {
System.out.println("Would remove " + file.getAbsolutePath());
continue;
}
Util.destroy(file);
}
}
String fn = CoGProperties.getDefault().getProxyFile();
if (fn == null) return;
file = new File(fn);
if (dryrun) {
System.out.println("Would remove " + file.getAbsolutePath());
return;
}
Util.destroy(file);
}
private OutputStream openStream(File f) throws SecurityException, IOException {
String path = f.getAbsolutePath();
File file = Util.createFile(path);
// set read only permissions
if (!Util.setOwnerAccessOnly(path)) {
logger.warn("Failed to set permissions on " + path);
}
return new FileOutputStream(file);
}
public static void createGridsshkey(char[] password, String id) throws Exception {
if (gridsshkeyExists()) {
throw new Exception("Key and/or Cert file(s) already exist.");
}
JSch jsch = new JSch();
KeyPair kpair = KeyPair.genKeyPair(jsch, KEY_TYPE);
kpair.setPassphrase(new String(password));
kpair.writePrivateKey(CommonGridProperties.getDefault().getGridSSHKey());
kpair.writePublicKey(CommonGridProperties.getDefault().getGridSSHCert(), id);
kpair.dispose();
Util.setFilePermissions(CommonGridProperties.getDefault().getGridSSHKey(), 600);
Util.setFilePermissions(CommonGridProperties.getDefault().getGridSSHCert(), 600);
}
/**
* Returns hostname of this server. The format of the host conforms to RFC 2732, i.e. for a
* literal IPv6 address, this method will return the IPv6 address enclosed in square brackets ('['
* and ']').
*
* @return hostname
*/
public String getHost() {
String host = Util.getLocalHostAddress();
try {
URL u = new URL("http", host, 80, "/");
return u.getHost();
} catch (MalformedURLException e) {
return host;
}
}
/**
* Returns hostname of this server
*
* @return hostname
*/
public String getHostname() {
return Util.getLocalHostAddress();
}
/** Generates a encrypted private key and certificate request. */
public static void genCertificateRequest(
String dname,
String emailAddressOfCA,
String password,
String privKeyLoc,
String certLoc,
String certReqLoc)
throws Exception {
String sigAlgName = "MD5WithRSA";
String keyAlgName = "RSA";
CertUtil.init();
// Generate a new key pair.
KeyPairGenerator keygen = KeyPairGenerator.getInstance(keyAlgName);
KeyPair keyPair = keygen.genKeyPair();
PrivateKey privKey = keyPair.getPrivate();
PublicKey pubKey = keyPair.getPublic();
// Generate the certificate request.
X509Name name = new X509Name(dname);
DERConstructedSet derSet = new DERConstructedSet();
PKCS10CertificationRequest request =
new PKCS10CertificationRequest(sigAlgName, name, pubKey, derSet, privKey);
// Save the certificate request to a .pem file.
byte[] data = request.getEncoded();
PrintStream ps = new PrintStream(new FileOutputStream(certReqLoc));
// build / delimited name.
String certSubject = "";
StringTokenizer tokens = new StringTokenizer(dname, ",");
while (tokens.hasMoreTokens()) {
certSubject = certSubject + "/" + tokens.nextToken();
}
/* ps.print( "\n\n"
+ "Please mail the following certificate request to " + emailAddressOfCA + "\n"
+ "\n"
+ "==================================================================\n"
+ "\n"
+ "Certificate Subject:\n"
+ "\n"
+ certSubject
+ "\n"
+ "\n"
+ "The above string is known as your user certificate subject, and it \n"
+ "uniquely identifies this user.\n"
+ "\n"
+ "To install this user certificate, please save this e-mail message\n"
+ "into the following file.\n"
+ "\n"
+ "\n"
+ certLoc
+ "\n"
+ "\n"
+ "\n"
+ " You need not edit this message in any way. Simply \n"
+ " save this e-mail message to the file.\n"
+ "\n"
+ "\n"
+ "If you have any questions about the certificate contact\n"
+ "the Certificate Authority at " + emailAddressOfCA + "\n"
+ "\n");*/
ps.print(toPEM(data));
ps.close();
// Save private key to a .pem file.
OpenSSLKey key = new BouncyCastleOpenSSLKey(privKey);
if (password.length() != 0) {
key.encrypt(password);
}
key.writeTo(new File(privKeyLoc).getAbsolutePath());
// set read only permissions
Util.setFilePermissions(privKeyLoc, 600);
// Create an empty cert file.
/* File f = new File(certLoc);
f.createNewFile();*/
}
public static void main(String[] args) {
boolean bOk = parseCmdLine(args);
String userCertFile = "";
String userKeyFile = "";
String userCertReqFile = "";
if (bOk) {
// Get default location of cert.
CoGProperties props = CoGProperties.getDefault();
// If no alternate directory specified.
if (certDir == null) {
userCertFile = props.getUserCertFile();
userKeyFile = props.getUserKeyFile();
// Get root dir of default cert location.
int pos = userKeyFile.lastIndexOf(File.separator);
certDir = userKeyFile.substring(0, pos + 1);
} else {
// If alternate directory specified set cert locations.
if (certDir.endsWith(File.separator) == false) {
certDir += File.separator;
}
userCertFile = certDir + prefix + "cert.pem";
userKeyFile = certDir + prefix + "key.pem";
}
// Cert request file name.
userCertReqFile = userCertFile.substring(0, userCertFile.length() - 4) + "_request.pem";
}
File fDir = null;
fDir = new File(certDir);
if (bOk) {
// Create dir if does not exists.
if (!fDir.exists()) {
fDir.mkdir();
}
// Make sure directory exists.
if (!fDir.exists() || !fDir.isDirectory()) {
System.out.println("The directory " + certDir + " does not exists.");
bOk = false;
}
}
// Make sure we can write to it.
if (bOk) {
if (!fDir.canWrite()) {
System.out.println("Can't write to " + certDir);
bOk = false;
}
}
// Check not to overwrite any of these files.
if (bOk) {
if (force == false) {
boolean bFileExists = false;
File f = new File(userKeyFile);
if (f.exists()) {
System.out.println(userKeyFile + " exists");
bFileExists = true;
}
f = new File(userCertFile);
if (f.exists()) {
System.out.println(userCertFile + " exists");
bFileExists = true;
}
f = new File(userCertReqFile);
if (f.exists()) {
System.out.println(userCertReqFile + " exists");
bFileExists = true;
}
if (bFileExists) {
System.out.println("If you wish to overwrite, run the script again with -force.");
bOk = false;
}
}
}
String password = "";
if (bOk && !noPswd) {
// Get password from user.
bOk = false;
int attempts = 0;
System.out.println(message);
while (bOk == false && attempts < 3) {
password = Util.getInput("Enter PEM pass phrase: ");
String password2 = Util.getInput("Verify password Enter PEM pass phrase: ");
if (password.compareTo(password2) != 0) {
System.out.println("Verify failure");
} else {
if (password.length() < 4) {
System.out.println("phrase is too short, needs to be at least 4 chars");
} else {
bOk = true;
}
}
attempts++;
}
}
// Generate cert request.
if (bOk) {
try {
System.out.println("writing new private key to " + userKeyFile);
genCertificateRequest(
cn, "*****@*****.**", password, userKeyFile, userCertFile, userCertReqFile);
} catch (Exception e) {
System.out.println("error: " + e);
e.printStackTrace();
}
}
}
