1 /*
2  * @(#) $Id: CRLGenCommand.java,v 1.2 2003/07/08 08:13:52 pankaj Exp $
3  *
4  * Copyright (c) 2002-03 by Pankaj Kumar (http://www.pankaj-k.net). 
5  * All rights reserved.
6  *
7  * The license governing the use of this file can be found in the 
8  * root directory of the containing software.
9  */
10package org.jstk.cert;
11
12import java.util.*;
13import java.security.Signature;
14import java.security.KeyPair;
15import java.security.PrivateKey;
16import java.security.PublicKey;
17import java.security.cert.X509Certificate;
18import java.security.cert.CertPath;
19import java.io.*;
20
21import org.jstk.*;
22import org.jstk.asn1.DefASN1PullParser;
23import org.jstk.asn1.ASN1Seq;
24import org.jstk.asn1.ASN1Set;
25import org.jstk.asn1.ASN1Oid;
26import org.jstk.asn1.ASN1Explicit;
27import org.jstk.asn1.ASN1Null;
28import org.jstk.asn1.ASN1BitString;
29import org.jstk.asn1.OidMap;
30import org.jstk.pki.SignedData;
31import org.jstk.pki.ContentInfo;
32import org.jstk.pki.Name;
33import org.jstk.pki.CertificateList;
34import org.jstk.pki.TBSCertList;
35import org.jstk.pki.AlgorithmIdentifier;
36import org.jstk.cert.ca.CADatabase;
37import org.jstk.cert.ca.FileBasedCADatabaseParams;
38import java.math.BigInteger;
39
40public class CRLGenCommand extends JSTKCommandAdapter {
41    private static HashMap defaults = new HashMap();
42    static {
43        defaults.put("crlfile", "my.crl");
44        defaults.put("cadir", "cadir");
45    }
46
47    public String briefDescription(){
48        String briefDesc = "generates CRL of all the revoked certificates";
49        return briefDesc;
50    }
51
52    public String optionsDescription(){
53        String optionsDesc =
54            "  -crlfile <crlfile>  : CRL file.[" +
55            defaults.get("crlfile") + "]\n";
56        return optionsDesc;
57    }
58    public String[] useForms(){
59        String[] useForms = {
60            "[-crlfile <crlfile>]"
61        };
62        return useForms;
63    }
64    public String[] sampleUses(){
65        String[] sampleUses = {
66            "",
67            "-crlfile test.crl"
68        };
69        return sampleUses;
70    }
71
72    private void signTBSCertList(CertificateList certList, String sigAlgorithm,
73            PrivateKey prvKey) throws Exception {
74
75        AlgorithmIdentifier algorithm = certList.getAlgorithm();
76        algorithm.setOid(OidMap.getId(sigAlgorithm));
77        algorithm.setParams(new ASN1Null());
78
79        TBSCertList tbsCertList = certList.getTBSCertList();
80
81        // Get the DER encoded TBSCertificate and sign it.
82        byte[] encodedTBSCertList = tbsCertList.encode();
83        Signature sig = Signature.getInstance(sigAlgorithm);
84        sig.initSign(prvKey);
85        sig.update(encodedTBSCertList);
86        byte[] sigbytes = sig.sign();
87
88        ASN1BitString signatureBytes = certList.getSignatureBytes();
89        signatureBytes.setValue(sigbytes);
90    }
91
92    public Object execute(JSTKArgs args) throws JSTKException{
93        try {
94            args.setDefaults(defaults);
95            String crlfile = args.get("crlfile");
96            String cadir = args.get("cadir");
97
98            FileBasedCADatabaseParams fbParams = new FileBasedCADatabaseParams(cadir);
99            CADatabase cadb = CADatabase.getInstance("file", fbParams);
00
01            // cadb.getIssuedCerts().add(cert);
02
03            byte[] outBytes;
04            CertificateList certList = new CertificateList();
05
06            TBSCertList tbsCertList = certList.getTBSCertList();
07
08            tbsCertList.getVersion().setValue(new BigInteger("1"));
09
10            AlgorithmIdentifier algorithm = tbsCertList.getAlgorithm();
11            algorithm.setOid(OidMap.getId("dsaWithSHA1"));
12            algorithm.setParams(new ASN1Null());
13
14            X509Certificate caCert = (X509Certificate)cadb.getCACert();
15
16            // Setup Issuer
17            javax.security.auth.x500.X500Principal p = caCert.getSubjectX500Principal();
18            Name issuer = tbsCertList.getIssuer();
19            issuer.setValue(p.getEncoded());
20            issuer.setIgnoreMembers(true);
21
22            java.util.Calendar cal = java.util.Calendar.getInstance();
23            java.util.Date thisUpdate = cal.getTime();
24            tbsCertList.getThisUpdate().setDate(thisUpdate);
25            cal.add(Calendar.DATE, 30);
26            java.util.Date nextUpdate = cal.getTime();
27            tbsCertList.getNextUpdate().setDate(nextUpdate);
28
29            // Add revoked certificates.
30            TBSCertList.RevokedCerts rcs = tbsCertList.getRevokedCerts();
31            org.jstk.cert.ca.RevokedCerts revokedCerts = cadb.getRevokedCerts();
32            Iterator itr = revokedCerts.iterator();
33            while (itr.hasNext()){
34                TBSCertList.RevokedCert rc = new TBSCertList.RevokedCert();
35                org.jstk.cert.ca.RevokedCert revokedCert = (org.jstk.cert.ca.RevokedCert)itr.next();
36                rc.getUserCertificate().setValue(revokedCert.getSerialNumber());
37                rc.getRevocationDate().setDate(revokedCert.getRevocationDate());
38                rcs.add(rc);
39            }
40
41            signTBSCertList(certList, "dsaWithSHA1", cadb.getCAPrivateKey());
42
43            outBytes = certList.encode();
44            FileOutputStream fos = new FileOutputStream(crlfile);
45            fos.write(outBytes);
46            fos.close();
47
48            return new JSTKResult(null, true, "Generated CRL written to file: " + crlfile);
49        } catch (Exception exc){
50            throw new JSTKException("CRLGenCommand execution failed", exc);
51        }
52    }
53
54    public static void main(String[] args) throws Exception {
55        JSTKOptions opts = new JSTKOptions();
56        opts.parse(args, 0);
57        CRLGenCommand crlGenCmd = new CRLGenCommand();
58        JSTKResult result = (JSTKResult)crlGenCmd.execute(opts);
59        System.out.println(result.getText());
60        System.exit(result.isSuccess()? 0 : 1);
61    }
62}