public void scepCLI() throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyManager km = new KeyManager(); CertUtil certutil = new CertUtil(); KeyPair kp = km.createRSA(params.getKeySize()); X509Certificate cert = certutil.createSelfSignedCertificate(kp, params.getDn()); CertificationRequest request = certutil.createCertificationRequest(kp, params.getDn(), params.getChallenge()); CallbackHandler handler = new ConsoleCallbackHandler(); URL serverURL = new URL(params.getUrl()); try { if (params.getCsrFile() != null) { saveToPEM(params.getCsrFile(), (PKCS10CertificationRequest) request); } Client client = new Client(serverURL, cert, kp.getPrivate(), handler, params.getCaIdentifier()); client.getCaCertificate(); EnrolmentTransaction tx = client.enrol(request); Transaction.State response = tx.send(); /* * handle asynchronous response */ while (response == Transaction.State.CERT_REQ_PENDING) { Thread.currentThread().sleep(1000); System.out.println("CERT_REQ_PENDING, wait 1 second"); response = tx.poll(); } if (response == Transaction.State.CERT_ISSUED) { try { saveToPEM(params.getCrlFile(), (X509CRL) client.getRevocationList()); } catch (Exception e) { System.err.println("Exception while saving CRL"); } try { saveToPEM(params.getKeyFile(), (RSAPrivateCrtKey) kp.getPrivate()); CertStore store = tx.getCertStore(); Collection<? extends Certificate> certs = store.getCertificates(null); Iterator it = certs.iterator(); while (it.hasNext()) { X509Certificate certificate = (X509Certificate) it.next(); if (certificate.getBasicConstraints() != -1) { saveToPEM(params.getCaCertificateFile(), (X509Certificate) certificate); } else { saveToPEM(params.getCertificateFile(), (X509Certificate) certificate); } } System.out.println("Certificate issued"); } catch (Exception e) { System.err.println("Exception while saving files: " + e); } } else { System.err.println("Unknown error" + response); } } catch (IOException e) { if (params.getVerbose()) { e.printStackTrace(); } System.err.println(e.getMessage()); if (e.getMessage().contains("400")) { System.err.println(". Probably a template issue, look at PKI log"); } else if (e.getMessage().contains("404")) { System.err.println(". Invalid URL or CA identifier"); } else if (e.getMessage().contains("401")) { System.err.println(". Probably EJBCA invalid entity status"); } } catch (Exception e) { System.out.println(e); } }