1
10package org.jstk.cert;
11
12import java.util.Iterator;
13import java.util.Collection;
14import java.util.HashMap;
15import java.util.List;
16import java.util.Set;
17import java.util.ListIterator;
18import java.security.cert.Certificate;
19import java.security.cert.X509Certificate;
20import java.security.cert.X509CRL;
21import java.security.cert.X509CRLEntry;
22import java.security.cert.CertificateException;
23import java.security.cert.CertificateParsingException;
24import java.security.cert.CRLException;
25import java.security.cert.CertPath;
26import java.security.cert.CertificateFactory;
27import java.io.File;
28import java.io.FileInputStream;
29import java.io.BufferedInputStream;
30
31import org.jstk.*;
32
33public class ShowCommand extends JSTKCommandAdapter {
34 private static HashMap defaults = new HashMap();
35 static {
36 }
38
39 public String briefDescription(){
40 String briefDesc = "display contents of a PKI file";
41 return briefDesc;
42 }
43
44 public String optionsDescription(){
45 String optionsDesc =
46 " -infile <infile> : File having the PKI material ( cert, certpath, CRL, ...).\n" +
47 defaults.get("infile") + "]\n";
48 return optionsDesc;
49 }
50 public String[] useForms(){
51 String[] useForms = {
52 "-infile <infile>"
53 };
54 return useForms;
55 }
56 public String[] sampleUses(){
57 String[] sampleUses = {
58 "-infile test.cer"
59 };
60 return sampleUses;
61 }
62
63 public void formatX509Certificate(X509Certificate cert, StringBuffer sb, String indent){
64 sb.append(indent + "Certificate:\n");
65 sb.append(indent + " Data:\n");
66 sb.append(indent + " Version: " + cert.getVersion() + "\n");
67 sb.append(indent + " Serial Number: " + cert.getSerialNumber() + "\n");
68 sb.append(indent + " Signature Algorithm: " + cert.getSigAlgName() + "\n");
69 sb.append(indent + " Issuer: " + cert.getIssuerX500Principal() + "\n");
70 sb.append(indent + " Validity:\n");
71 sb.append(indent + " Not Before: " + cert.getNotBefore() +" \n");
72 sb.append(indent + " Not After: " + cert.getNotAfter() +" \n");
73 sb.append(indent + " Subject: " + cert.getSubjectX500Principal() + "\n");
74 sb.append(indent + " Extensions: \n");
75
76 sb.append(indent + " X509v3 Basic Constraints:\n");
77 int pathLen = cert.getBasicConstraints();
78 if (pathLen != -1) sb.append(indent + " CA: TRUE, pathLen: " + pathLen + "\n");
80 else
81 sb.append(indent + " CA: FALSE\n");
82
83 boolean[] keyUsage = cert.getKeyUsage();
84 if (keyUsage != null){
85 KeyUsage ku = new KeyUsage(keyUsage);
86 sb.append(indent + " Key Usage: " + ku.getKeyUsageString() + "\n");
87 }
88
89 List list = null;
90 try {
91 list = cert.getExtendedKeyUsage();
92 } catch (CertificateParsingException cpe){ }
93
94 if (list != null){
95 sb.append(indent + " Extended Key Usage:");
96 Iterator li = list.iterator();
97 while (li.hasNext()){
98 sb.append(" ");
99 sb.append((String)li.next());
00 }
01 sb.append("\n");
02 }
03 }
04
05 public void formatCertPath(CertPath cp, StringBuffer sb){
06 List list = cp.getCertificates();
07 Iterator li = list.iterator();
08 sb.append("CertPath:\n");
09 int index = 0;
10 while (li.hasNext()){
11 sb.append("CertPath Component: " + index + "\n");
12 X509Certificate cert = (X509Certificate)li.next();
13 formatX509Certificate(cert, sb, " ");
14 ++index;
15 }
16 }
17
18 public void formatX509CRL(X509CRL crl, StringBuffer sb){
19 sb.append("CRL:\n");
20 sb.append(" Version: " + crl.getVersion() + "\n");
21 sb.append(" Signature Algorithm: " + crl.getSigAlgName() + "\n");
22 sb.append(" Issuer: " + crl.getIssuerX500Principal() + "\n");
23 sb.append(" This Update: " + crl.getThisUpdate() + "\n");
24 sb.append(" Next Update: " + crl.getNextUpdate() + "\n");
25
26 Set revokedCerts = crl.getRevokedCertificates();
27 if (revokedCerts == null)
28 return;
29 Iterator itr = revokedCerts.iterator();
30 int index = 0;
31 while (itr.hasNext()){
32 formatX509CRLEntry((X509CRLEntry)itr.next(), sb, index);
33 ++index;
34 }
35 }
36
37 public void formatX509CRLEntry(X509CRLEntry crlEntry, StringBuffer sb, int index){
38 sb.append(" CRLEntry[" + index + "]:\n");
39 sb.append(" Serial Number: " + crlEntry.getSerialNumber() + "\n");
40 sb.append(" Revocation Date: " + crlEntry.getRevocationDate() + "\n");
41 }
42
43 public Object execute(JSTKArgs args) throws JSTKException{
44 try {
45 args.setDefaults(defaults);
46 String infile = args.get("infile");
47 if (infile == null){
48 return new JSTKResult(null, false, "No input file. Specify -infile option.");
49 }
50
51 CertificateFactory cf = CertificateFactory.getInstance("X.509");
52
53 StringBuffer sb = new StringBuffer();
54
55 File file = new File(infile);
56 int bufsize = (int)file.length() + 1024; BufferedInputStream bis = new BufferedInputStream(new FileInputStream(infile), bufsize);
58 bis.mark(bufsize);
59
60 try {
61 Certificate cert = cf.generateCertificate(bis);
62 formatX509Certificate((X509Certificate)cert, sb, "");
63 return new JSTKResult(null, true, sb.toString());
64 } catch (CertificateException ce) {
65 CertTool.logger.fine("Cannot parse input as a Certificate");
66 CertTool.logger.log(java.util.logging.Level.FINER, "Not a Certificate", ce);
67 }
69 bis.reset();
70 try {
71 CertPath cp = cf.generateCertPath(bis, "PkiPath");
72 formatCertPath(cp, sb);
73 return new JSTKResult(null, true, sb.toString());
74 } catch (CertificateException ce) {
75 CertTool.logger.fine("Cannot parse input as a PkiPath Cert Path");
76 CertTool.logger.log(java.util.logging.Level.FINER, "Not a PkiPath Cert Path", ce);
77 }
79 bis.reset();
80 try {
81 CertPath cp = cf.generateCertPath(bis, "PKCS7");
82 formatCertPath(cp, sb);
83 return new JSTKResult(null, true, sb.toString());
84 } catch (CertificateException ce) {
85 CertTool.logger.fine("Cannot parse input as a PKCS7 Cert Path");
86 CertTool.logger.log(java.util.logging.Level.FINER, "Not a PKCS7 Cert Path", ce);
87 }
89 bis.reset();
90 try {
91 X509CRL crl = (X509CRL)cf.generateCRL(bis);
92 formatX509CRL(crl, sb);
93 return new JSTKResult(null, true, sb.toString());
94 } catch (CRLException crle) {
95 CertTool.logger.fine("Cannot parse input as a CRL");
96 CertTool.logger.log(java.util.logging.Level.FINER, "Not a CRL", crle);
97 }
99 return new JSTKResult(null, false, "Unknown format");
00 } catch (Exception exc){
01 throw new JSTKException("ShowCommand execution failed", exc);
02 }
03 }
04
05 public static void main(String[] args) throws Exception {
06 JSTKOptions opts = new JSTKOptions();
07 opts.parse(args, 0);
08 ShowCommand showCmd = new ShowCommand();
09 JSTKResult result = (JSTKResult)showCmd.execute(opts);
10 System.out.println(result.getText());
11 System.exit(result.isSuccess()? 0 : 1);
12 }
13}