private void createCertificate(int certificateProfileId) throws Exception {
KeyPair keys = KeyTools.genKeys("1024", "RSA");
cert =
(X509Certificate)
signSession.createCertificate(
admin,
USERNAME,
PASSWORD,
new PublicKeyWrapper(keys.getPublic()),
-1,
null,
null,
certificateProfileId,
SecConst.CAID_USEUSERDEFINED);
certificatesToRemove.add(cert);
fingerprint = CertTools.getFingerprintAsString(cert);
X509Certificate ce =
(X509Certificate) certificateStoreSession.findCertificateByFingerprint(fingerprint);
if (ce == null) {
throw new Exception("Cannot find certificate with fp=" + fingerprint);
}
info = certificateStoreSession.getCertificateInfo(fingerprint);
if (!fingerprint.equals(info.getFingerprint())) {
throw new Exception("fingerprint does not match.");
}
if (!cert.getSerialNumber().equals(info.getSerialNumber())) {
throw new Exception("serialnumber does not match.");
}
if (!CertTools.getIssuerDN(cert).equals(info.getIssuerDN())) {
throw new Exception("issuerdn does not match.");
}
if (!CertTools.getSubjectDN(cert).equals(info.getSubjectDN())) {
throw new Exception("subjectdn does not match.");
}
// The cert was just stored above with status INACTIVE
if (!(CertificateConstants.CERT_ACTIVE == info.getStatus())) {
throw new Exception("status does not match.");
}
}
@Override
public CommandResult execute(ParameterContainer parameters) {
final String issuerDNStr = parameters.get(DN_KEY);
final String issuerDN = CertTools.stringToBCDNString(issuerDNStr);
final String certserno = parameters.get(SERIAL_NUMBER_KEY);
final BigInteger serno;
try {
serno = new BigInteger(certserno, 16);
} catch (NumberFormatException e) {
log.error("ERROR: Invalid hexadecimal certificate serial number string: " + certserno);
return CommandResult.FUNCTIONAL_FAILURE;
}
int reason;
try {
reason = Integer.parseInt(parameters.get(REASON_KEY));
} catch (NumberFormatException e) {
log.error("ERROR: " + parameters.get(REASON_KEY) + " was not a number.");
return CommandResult.FUNCTIONAL_FAILURE;
}
if ((reason == 7) || (reason < 0) || (reason > 10)) {
getLogger().error("ERROR: Reason must be an integer between 0 and 10 except 7.");
return CommandResult.FUNCTIONAL_FAILURE;
} else {
Certificate cert =
EjbRemoteHelper.INSTANCE
.getRemoteSession(CertificateStoreSessionRemote.class)
.findCertificateByIssuerAndSerno(issuerDN, serno);
if (cert != null) {
getLogger().info("Found certificate:");
getLogger().info("Subject DN=" + CertTools.getSubjectDN(cert));
// We need the user this cert is connected with
// Revoke or unrevoke, will throw appropriate exceptions if parameters are wrong, such as
// trying to unrevoke a certificate
// that was permanently revoked
try {
try {
EjbRemoteHelper.INSTANCE
.getRemoteSession(EndEntityManagementSessionRemote.class)
.revokeCert(getAuthenticationToken(), serno, issuerDN, reason);
} catch (ApprovalException e) {
log.error(e.getMessage(), e);
return CommandResult.FUNCTIONAL_FAILURE;
} catch (AuthorizationDeniedException e) {
log.error("ERROR: CLI user not authorized to revoke certificate.");
return CommandResult.FUNCTIONAL_FAILURE;
} catch (FinderException e) {
log.error("ERROR: " + e.getMessage());
return CommandResult.FUNCTIONAL_FAILURE;
} catch (WaitingForApprovalException e) {
log.error("ERROR: " + e.getMessage());
return CommandResult.FUNCTIONAL_FAILURE;
}
getLogger()
.info(
(reason == 8 ? "Unrevoked" : "Revoked")
+ " certificate with issuerDN '"
+ issuerDN
+ "' and serialNumber "
+ certserno
+ ". Revocation reason="
+ reason);
} catch (AlreadyRevokedException e) {
if (reason == 8) {
getLogger()
.info(
"Certificate with issuerDN '"
+ issuerDN
+ "' and serialNumber "
+ certserno
+ " is not revoked, nothing was done.");
} else {
getLogger()
.info(
"Certificate with issuerDN '"
+ issuerDN
+ "' and serialNumber "
+ certserno
+ " is already revoked, nothing was done.");
}
getLogger().info(e.getMessage());
}
} else {
getLogger()
.info(
"No certificate found with issuerDN '"
+ issuerDN
+ "' and serialNumber "
+ certserno);
}
}
return CommandResult.SUCCESS;
}
