1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
package org.openpermis.cert; |
12 | |
|
13 | |
import java.io.File; |
14 | |
import java.io.FileInputStream; |
15 | |
import java.io.FileNotFoundException; |
16 | |
import java.io.FileOutputStream; |
17 | |
import java.io.FileReader; |
18 | |
import java.io.IOException; |
19 | |
import java.io.LineNumberReader; |
20 | |
import java.io.Reader; |
21 | |
import java.math.BigInteger; |
22 | |
import java.security.InvalidKeyException; |
23 | |
import java.security.NoSuchAlgorithmException; |
24 | |
import java.security.NoSuchProviderException; |
25 | |
import java.security.SignatureException; |
26 | |
import java.security.cert.CertificateEncodingException; |
27 | |
import java.util.ArrayList; |
28 | |
import java.util.Arrays; |
29 | |
import java.util.Date; |
30 | |
import java.util.List; |
31 | |
|
32 | |
import javax.security.auth.x500.X500Principal; |
33 | |
|
34 | |
import org.openpermis.cert.RoleAttribute.RoleDefinition; |
35 | |
|
36 | |
|
37 | |
|
38 | |
|
39 | |
|
40 | |
|
41 | |
|
42 | |
|
43 | |
|
44 | |
|
45 | |
|
46 | |
|
47 | |
|
48 | |
|
49 | |
|
50 | |
public final class RoleAttributeCertificateManager { |
51 | |
|
52 | |
|
53 | |
|
54 | |
|
55 | |
|
56 | |
|
57 | 0 | private RoleAttributeCertificateManager () { |
58 | |
|
59 | 0 | } |
60 | |
|
61 | |
|
62 | |
|
63 | |
|
64 | |
|
65 | |
|
66 | |
private static void println (String string) { |
67 | 0 | System.out.println(string); |
68 | 0 | } |
69 | |
|
70 | |
private static void printUsage () { |
71 | 0 | println( |
72 | |
"Usage:\n" + |
73 | |
"1. Option [-role | -policy]\n\n" + |
74 | |
|
75 | |
"Option Role:\n" + |
76 | |
"2. Key Store PKC12 File [key-store.p12]\n" + |
77 | |
"3. Keystore password and private key password [password]\n" + |
78 | |
"4. Number of Valid Days [356]\n" + |
79 | |
"5. AC Output File [role-cert.ace]\n" + |
80 | |
"6. Comma seperated list of roles " + |
81 | |
"[permisRole#developer,permisRole#administrator]\n" + |
82 | |
"7. Holder Distinguished Name [cn=SomeName]\n\n" + |
83 | |
|
84 | |
"Option Policy:\n" + |
85 | |
"2. Key Store PKC12 File [key-store.p12]\n" + |
86 | |
"3. Key Store Password [password]\n" + |
87 | |
"4. Number of Valid Days [356]\n" + |
88 | |
"5. AC Output File [policy.ace]\n" + |
89 | |
"6. Policy XML file with UTF-8 encoding [policy.xml]" |
90 | |
); |
91 | 0 | } |
92 | |
|
93 | |
|
94 | |
|
95 | |
|
96 | |
protected static boolean generateRoleAttributeCertificate (String[] args) { |
97 | 0 | final int roleOptionArgLen = 7; |
98 | 0 | final int policyOptionArgLen = 6; |
99 | 0 | if (args.length < 1) { |
100 | 0 | println("Wrong number of arguments.\n"); |
101 | 0 | printUsage(); |
102 | 0 | return false; |
103 | |
} |
104 | |
|
105 | 0 | int i = 0; |
106 | |
|
107 | |
|
108 | 0 | final String inputOption = args[i++]; |
109 | |
final boolean isRoleOption; |
110 | 0 | if ("-role".equals(inputOption)) { |
111 | 0 | isRoleOption = true; |
112 | 0 | } else if ("-policy".equals(inputOption)) { |
113 | 0 | isRoleOption = false; |
114 | |
} else { |
115 | 0 | println("Fail - " + inputOption + " is not a valid option."); |
116 | 0 | return false; |
117 | |
} |
118 | |
|
119 | 0 | if ((isRoleOption && roleOptionArgLen != args.length) || |
120 | |
!isRoleOption && policyOptionArgLen != args.length |
121 | |
) { |
122 | 0 | println("Wrong number of arguments.\n"); |
123 | 0 | printUsage(); |
124 | 0 | return false; |
125 | |
} |
126 | |
|
127 | 0 | final String inputKeyStore = args[i++]; |
128 | 0 | final String inputPassword = args[i++]; |
129 | 0 | final int inputValidDays = Integer.parseInt(args[i++]); |
130 | 0 | final String inputOutputFile = args[i++]; |
131 | |
final String inputRoles; |
132 | |
final String inputHolder; |
133 | |
final String inputPolicy; |
134 | 0 | if (isRoleOption) { |
135 | 0 | inputRoles = args[i++]; |
136 | 0 | inputHolder = args[i++]; |
137 | 0 | inputPolicy = ""; |
138 | |
} else { |
139 | 0 | inputRoles = ""; |
140 | 0 | inputHolder = "cn=soa"; |
141 | 0 | inputPolicy = args[i++]; |
142 | |
} |
143 | |
|
144 | |
|
145 | 0 | if (inputValidDays < 0) { |
146 | 0 | println("FAIL - Number of valid days must be positive."); |
147 | 0 | return false; |
148 | |
} |
149 | 0 | final long dayMillis = 24 * 60 * 60 * 1000; |
150 | 0 | long notValidBefore = System.currentTimeMillis(); |
151 | 0 | long notValidAfter = notValidBefore + (inputValidDays * dayMillis); |
152 | |
|
153 | |
|
154 | 0 | final File keyStoreFile = new File(inputKeyStore); |
155 | 0 | if (!keyStoreFile.isFile()) { |
156 | 0 | println("FAIL - Key store is not a valid file."); |
157 | 0 | return false; |
158 | |
} |
159 | 0 | if (!keyStoreFile.canRead()) { |
160 | 0 | println("FAIL - Can not read key store file."); |
161 | 0 | return false; |
162 | |
} |
163 | |
|
164 | |
KeyStoreReader reader; |
165 | |
try { |
166 | 0 | reader = new KeyStoreReader( |
167 | |
new FileInputStream(keyStoreFile), |
168 | |
inputPassword.toCharArray() |
169 | |
); |
170 | 0 | } catch (KeyStoreReaderException e) { |
171 | 0 | println(e.getMessage()); |
172 | 0 | return false; |
173 | 0 | } catch (FileNotFoundException e) { |
174 | 0 | println(e.getMessage()); |
175 | 0 | return false; |
176 | 0 | } |
177 | 0 | println("OK - Key store is read."); |
178 | 0 | println( |
179 | |
"OK - Issuer distinguished name is: " + |
180 | |
reader.getFirstX509Certificate().getSubjectX500Principal().getName() |
181 | |
); |
182 | |
|
183 | |
|
184 | |
Attribute attribute; |
185 | 0 | if (isRoleOption) { |
186 | 0 | final List<String> roles = Arrays.asList(inputRoles.split(",")); |
187 | 0 | if (roles.size() == 0) { |
188 | 0 | println("FAIL - No roles specified."); |
189 | 0 | return false; |
190 | |
} |
191 | 0 | final List<RoleDefinition> rolesDefs = new ArrayList<RoleDefinition>(); |
192 | 0 | for (String role : roles) { |
193 | 0 | final String[] array = role.split("#"); |
194 | 0 | if (array.length != 2) { |
195 | 0 | println("FAIL - Wrong roles syntax."); |
196 | 0 | return false; |
197 | |
} |
198 | 0 | rolesDefs.add(new RoleAttribute.RoleDefinition(array[0], array[1])); |
199 | 0 | } |
200 | 0 | attribute = new RoleAttribute(rolesDefs); |
201 | 0 | println("OK - The following roles are written to the attribute certificate."); |
202 | 0 | for (String role : roles) { |
203 | 0 | println("\tRole = " + role); |
204 | |
} |
205 | 0 | } else { |
206 | |
|
207 | 0 | final File policyFile = new File(inputPolicy); |
208 | 0 | if (!policyFile.isFile()) { |
209 | 0 | println("FAIL - " + inputPolicy + " is not a valid file."); |
210 | 0 | return false; |
211 | |
} |
212 | 0 | if (!policyFile.canRead()) { |
213 | 0 | println("FAIL - Can not read " + inputPolicy + " file."); |
214 | 0 | return false; |
215 | |
} |
216 | |
|
217 | |
try { |
218 | 0 | Reader fileReader = new FileReader(policyFile); |
219 | 0 | LineNumberReader lineReader = new LineNumberReader(fileReader); |
220 | 0 | String line = lineReader.readLine(); |
221 | 0 | StringBuilder builder = new StringBuilder(); |
222 | 0 | while (line != null) { |
223 | 0 | builder.append(line); |
224 | 0 | line = lineReader.readLine(); |
225 | |
} |
226 | |
|
227 | |
|
228 | 0 | attribute = new PolicyAttribute(builder.toString()); |
229 | 0 | println("OK - Policy is written to the attribute certificate."); |
230 | 0 | } catch (FileNotFoundException e) { |
231 | 0 | println("FAIL - File not found"); |
232 | 0 | return false; |
233 | 0 | } catch (IOException e) { |
234 | 0 | println("FAIL - IO Exception."); |
235 | 0 | return false; |
236 | 0 | } |
237 | |
} |
238 | |
|
239 | |
|
240 | |
final X500Principal principal; |
241 | 0 | if (isRoleOption) { |
242 | |
try { |
243 | 0 | principal = new X500Principal(inputHolder); |
244 | 0 | } catch (Exception e) { |
245 | 0 | println("FAIL - Holder is not a valid distinguished name."); |
246 | 0 | return false; |
247 | 0 | } |
248 | |
} else { |
249 | 0 | principal = reader.getFirstX509Certificate().getIssuerX500Principal(); |
250 | |
} |
251 | 0 | println("OK - Holder distinguished name is: " + inputHolder); |
252 | |
|
253 | |
|
254 | |
AttributeCertificate certificate; |
255 | |
try { |
256 | 0 | certificate = new AttributeCertificateGenerator(). |
257 | |
reset(). |
258 | |
withIssuer(reader.getFirstX509Certificate(), reader.getFirstPrivateKey()). |
259 | |
withHolder(principal). |
260 | |
withAttribute(attribute). |
261 | |
withSerialNumber(BigInteger.ONE). |
262 | |
notValidBefore(new Date(notValidBefore)). |
263 | |
notValidAfter(new Date(notValidAfter)). |
264 | |
generate(); |
265 | |
|
266 | 0 | } catch (CertificateEncodingException e) { |
267 | 0 | println(e.getMessage()); |
268 | 0 | return false; |
269 | 0 | } catch (InvalidKeyException e) { |
270 | 0 | println(e.getMessage()); |
271 | 0 | return false; |
272 | 0 | } catch (NoSuchProviderException e) { |
273 | 0 | println(e.getMessage()); |
274 | 0 | return false; |
275 | 0 | } catch (SignatureException e) { |
276 | 0 | println(e.getMessage()); |
277 | 0 | return false; |
278 | 0 | } catch (NoSuchAlgorithmException e) { |
279 | 0 | println(e.getMessage()); |
280 | 0 | return false; |
281 | 0 | } catch (IOException e) { |
282 | 0 | println(e.getMessage()); |
283 | 0 | return false; |
284 | 0 | } |
285 | 0 | println("OK - Successfully createt attribute certificate."); |
286 | |
|
287 | |
|
288 | 0 | final File outputFile = new File(inputOutputFile); |
289 | 0 | if (outputFile.exists()) { |
290 | 0 | println("FAIL - Output file already exists."); |
291 | 0 | return false; |
292 | |
} |
293 | |
|
294 | |
|
295 | |
try { |
296 | 0 | FileOutputStream fos = new FileOutputStream(outputFile); |
297 | 0 | fos.write(certificate.getEncoded()); |
298 | 0 | fos.flush(); |
299 | 0 | fos.close(); |
300 | 0 | } catch (FileNotFoundException e) { |
301 | 0 | println(e.getMessage()); |
302 | 0 | return false; |
303 | 0 | } catch (CertificateEncodingException e) { |
304 | 0 | println(e.getMessage()); |
305 | 0 | return false; |
306 | 0 | } catch (IOException e) { |
307 | 0 | println(e.getMessage()); |
308 | 0 | return false; |
309 | 0 | } |
310 | 0 | println("OK - Successfully wrote AC to " + inputOutputFile); |
311 | 0 | return true; |
312 | |
} |
313 | |
|
314 | |
|
315 | |
|
316 | |
|
317 | |
public static void main (String[] args) { |
318 | 0 | generateRoleAttributeCertificate(args); |
319 | 0 | } |
320 | |
|
321 | |
} |