1
10package org.jstk.cert;
11
12import java.util.Iterator;
13import java.util.Collection;
14import java.util.HashMap;
15import java.util.Vector;
16import java.security.cert.*;
17import java.security.PublicKey;
18import java.security.KeyStore;
19import java.io.FileInputStream;
20import java.io.FileOutputStream;
21import java.io.BufferedInputStream;
22import org.jstk.cert.rep.FileBasedRepository;
23
24import org.jstk.*;
25
26public class BuildCertPathCommand extends JSTKCommandAdapter {
27 private static HashMap defaults = new HashMap();
28 static {
29 defaults.put("truststore", "my.ts");
30 defaults.put("storetype", "JCEKS");
31 defaults.put("outfile", "my.p7b");
32 }
33
34 public String briefDescription(){
35 String briefDesc = "display contents of a Certificate or Certificate Chain";
36 return briefDesc;
37 }
38
39 public String optionsDescription(){
40 String optionsDesc =
41 " -dn <dname> : Distinguished name of the target subject.\n" +
42 " -truststore <file> : keystore with trusted certificates.[" +
43 defaults.get("truststore") + "]\n" +
44 " -storetype <type> : keystore type (JKS or JCEKS).[" +
45 defaults.get("storetype") + "]\n" +
46 " -outfile <outfile> : file to write the certificate chain in PKCS#7 format.[" +
47 defaults.get("outfile") + "]\n" +
48 " -repfile <repfile> : repository file.\n";
49 return optionsDesc;
50 }
51 public String[] useForms(){
52 String[] useForms = {
53 "[-cerfile <cerfile>]"
54 };
55 return useForms;
56 }
57 public String[] sampleUses(){
58 String[] sampleUses = {
59 "",
60 "-cerfile test.cer"
61 };
62 return sampleUses;
63 }
64
65
66 public Object execute(JSTKArgs args) throws JSTKException{
67 try {
68 args.setDefaults(defaults);
69 String dn = args.get("dn");
70 String trustStoreFile = args.get("truststore");
71 String storeType = args.get("storetype");
72 String repfile = args.get("repfile");
73 String outfile = args.get("outfile");
74
75 if (dn == null)
76 return new JSTKResult(null, false, "Must specify dn of the target subject.");
77
78 StringBuffer sb = new StringBuffer();
79
80 CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX");
81
82 FileInputStream fis = new FileInputStream(trustStoreFile);
84 KeyStore trustStore = KeyStore.getInstance(storeType);
85 trustStore.load(fis, null);
86 X509CertSelector targetConstraints = new X509CertSelector();
87 targetConstraints.setSubject(dn);
88 PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, targetConstraints);
89 pkixParams.setMaxPathLength(5);
90 pkixParams.setRevocationEnabled(false);
91
92 if (repfile != null && (new java.io.File(repfile)).exists()){
94 FileBasedRepository fbr = new FileBasedRepository(repfile);
95 Collection params = fbr.getRepository();
96 CollectionCertStoreParameters csParams = new CollectionCertStoreParameters(params);
97 CertStore cs = CertStore.getInstance("Collection", csParams);
98 pkixParams.addCertStore(cs);
99 }
01
02 try {
03 PKIXCertPathBuilderResult result =
04 (PKIXCertPathBuilderResult)cpb.build(pkixParams);
05 CertPath cp = result.getCertPath();
06 FileOutputStream fos = new FileOutputStream(outfile);
07 fos.write(cp.getEncoded());
08 fos.close();
09 sb.append("Build succeeded. CertPath written to file: " + outfile);
10 } catch (CertPathBuilderException cpbe){
11 sb.append("Build failed:" + cpbe.getMessage());
12 }
13
14 return new JSTKResult(null, true, sb.toString());
15 } catch (Exception exc){
16 throw new JSTKException("BuildCertPathCommand execution failed", exc);
17 }
18 }
19
20 public static void main(String[] args) throws Exception {
21 JSTKOptions opts = new JSTKOptions();
22 opts.parse(args, 0);
23 BuildCertPathCommand buildCmd = new BuildCertPathCommand();
24 JSTKResult result = (JSTKResult)buildCmd.execute(opts);
25 System.out.println(result.getText());
26 System.exit(result.isSuccess()? 0 : 1);
27 }
28}