From ece7d18cf35374bf4e26d041799cda8f791c89f8 Mon Sep 17 00:00:00 2001 From: gregor Date: Mon, 7 Jul 2003 10:58:37 +0000 Subject: Initial commit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@2 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/spss/server/tools/CertTool.java | 242 +++++++++++++++++++++ 1 file changed, 242 insertions(+) create mode 100644 spss.server/src/at/gv/egovernment/moa/spss/server/tools/CertTool.java (limited to 'spss.server/src/at/gv/egovernment/moa/spss/server/tools') diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/tools/CertTool.java b/spss.server/src/at/gv/egovernment/moa/spss/server/tools/CertTool.java new file mode 100644 index 000000000..9fe17eae2 --- /dev/null +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/tools/CertTool.java @@ -0,0 +1,242 @@ +package at.gv.egovernment.moa.spss.server.tools; + +import java.io.BufferedInputStream; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.io.PrintStream; +import java.security.cert.CertificateException; + +import iaik.asn1.structures.Name; +import iaik.pki.store.certstore.CertStoreException; +import iaik.pki.store.certstore.CertStoreTypes; +import iaik.pki.store.certstore.directory.DirectoryCertStore; +import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; +import iaik.pki.store.certstore.directory.DirectoryStoreException; +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; +import iaik.utils.RFC2253NameParserException; +import iaik.x509.X509Certificate; + +/** + * A tool to support X509 certificate handling for configuring the MOA SP/SS + * service. + * + * This class provides functions for: + * + * + * @author Patrick Peck + * @version $Id$ + */ +public class CertTool { + + /** Error message if the DN cannot be parsed according to RFC2253. */ + private static final String ILLEGAL_RFC2253_NAME = + "Kein gültiger RFC2253-Name"; + + /** + * Main entry point of the tool. + * + * @param args The command line arguments. A single argument is expected, + * which is the file name of the X509 certificate to inspect. + */ + public static void main(String args[]) { + CertTool certTool = new CertTool(); + + if (args.length == 2 && "-info".equals(args[0])) { + initProviders(); + certTool.printCertInfo(args[1], System.out); + } else if (args.length == 3 && "-add".equals(args[0])) { + initProviders(); + certTool.addCertToCertStore(args[1], args[2]); + } else { + certTool.printUsage(System.err); + } + } + + /** + * Init the JCE providers, depending on the JDK used. + * + * Adds the IAIK JCE and IAIK ECC providers. + */ + private static void initProviders() { + if (System.getProperty("java.version").startsWith("1.3")) { + IAIK.addAsProvider(); + } else { + IAIK.addAsJDK14Provider(); + } + ECCProvider.addAsProvider(); + } + + /** + * Print the information about the certificate. + * + * This method will output information about the Subject DN, the Issuer DN and + * the serial number of the certificate. + * + * @param certFile The name of the certificate file to inspect. + * @param out The stream to print the information to. + */ + public void printCertInfo(String certFile, PrintStream out) { + try { + InputStream is = new BufferedInputStream(new FileInputStream(certFile)); + X509Certificate cert = new X509Certificate(is); + String issuerDN; + String serial; + String subjectDN; + + try { + subjectDN = ((Name) (cert.getSubjectDN())).getRFC2253String(); + } catch (RFC2253NameParserException e) { + subjectDN = ILLEGAL_RFC2253_NAME; + } + + try { + issuerDN = ((Name) (cert.getIssuerDN())).getRFC2253String(); + } catch (RFC2253NameParserException e) { + issuerDN = ILLEGAL_RFC2253_NAME; + } + + serial = cert.getSerialNumber().toString(); + + out.println("SubjectDN (RFC2253): " + subjectDN); + out.println("IssuerDN (RFC2253) : " + issuerDN); + out.println("Serial Number : " + serial); + } catch (FileNotFoundException e) { + System.err.println("Zertifikat nicht gefunden: " + certFile); + } catch (IOException e) { + System.err.println( + "I/O Fehler beim Lesen des Zertifikats: " + e.getMessage()); + } catch (CertificateException e) { + System.err.println( + "Fehler beim Lesen des Zertifikats: " + e.getMessage()); + } catch (Throwable t) { + System.err.println("Allgemeiner Fehler: " + t.getMessage()); + } + } + + /** + * Add a certificate to a directory certificate store. + * + * @param certFile The certificate to add. + * @param certStoreRoot The root directory of the certificate store. + */ + public void addCertToCertStore(String certFile, String certStoreRoot) { + try { + // read the certificate + InputStream is = new BufferedInputStream(new FileInputStream(certFile)); + X509Certificate cert = new X509Certificate(is); + + // initialize the DirectoryCertStore + DirectoryCertStore certStore = + new DirectoryCertStore( + new SimpleDirectoryCertStoreParameters(certStoreRoot), + null); + + certStore.storeCertificate(cert, null); + + System.out.println("\nDas Zertifikat wurde erfolreich hinzugefügt.\n"); + + } catch (FileNotFoundException e) { + System.err.println("Zertifikat nicht gefunden: " + certFile); + } catch (IOException e) { + System.err.println( + "I/O Fehler beim Lesen des Zertifikats: " + e.getMessage()); + } catch (CertificateException e) { + System.err.println( + "Fehler beim Lesen des Zertifikats: " + e.getMessage()); + } catch (DirectoryStoreException e) { + System.err.println( + "Fehler beim Öffnen des Zertifikatsspeichers: " + e.getMessage()); + } catch (CertStoreException e) { + System.err.println( + "Fehler beim Hinzufügen des Zertifikats: " + e.getMessage()); + } catch (Throwable t) { + System.err.println("Allgemeiner Fehler: " + t.getMessage()); + t.printStackTrace(); + } + } + + /** + * Print tool usage. + * + * @param out The PrintStream to print to. + */ + private void printUsage(PrintStream out) { + out.println("\nCerttool-Syntax:\n"); + out.println("-info "); + out.println("\n"); + } + +} + +/** + * Simple implementation of the DirectoryCertStoreParameters + * interface intelligent enough for setting up a simple + * DirectoryCertStore in the CertTool. + * + * @author Patrick Peck + * @version $Id$ + */ +class SimpleDirectoryCertStoreParameters + implements DirectoryCertStoreParameters { + + /** The cert store root directory. */ + private String rootDirectory; + + /** + * Create a new SimpleDirectoryCertStoreParameters object. + * + * @param rootDirectory The root directory of the cert store. + */ + public SimpleDirectoryCertStoreParameters(String rootDirectory) { + this.rootDirectory = rootDirectory; + } + + /** + * @return "MOA Directory CertStore" + * @see iaik.pki.store.certstore.CertStoreParameters#getId() + */ + public String getId() { + return "MOA Directory CertStore"; + } + + /** + * @return CertStoreTypes.DIRECTORY + * @see iaik.pki.store.certstore.CertStoreParameters#getType() + */ + public String getType() { + return CertStoreTypes.DIRECTORY; + } + + /** + * @return false + * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() + */ + public boolean isReadOnly() { + return false; + } + + /** + * @return false + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() + */ + public boolean createNew() { + return false; + } + + /** + * @return The root directory given at construction time. + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() + */ + public String getRootDirectory() { + return rootDirectory; + } + +} \ No newline at end of file -- cgit v1.2.3