Coverage Report - org.openpermis.cert.RoleAttributeCertificateManager
 
Classes in this File Line Coverage Branch Coverage Complexity
RoleAttributeCertificateManager
0%
0/150
0%
0/42
13
 
 1  
 /*
 2  
  * Copyright (c) 2009, Swiss Federal Department of Defence Civil Protection and Sport
 3  
  *                     (http://www.vbs.admin.ch)
 4  
  * Copyright (c) 2009, Ergon Informatik AG (http://www.ergon.ch)
 5  
  * All rights reserved.
 6  
  *
 7  
  * Licensed under the Open Permis License which accompanies this distribution,
 8  
  * and is available at http://www.openpermis.org/BSDlicenceKent.txt
 9  
  */
 10  
 
 11  
 package org.openpermis.cert;
 12  
 
 13  
 import java.io.File;
 14  
 import java.io.FileInputStream;
 15  
 import java.io.FileNotFoundException;
 16  
 import java.io.FileOutputStream;
 17  
 import java.io.FileReader;
 18  
 import java.io.IOException;
 19  
 import java.io.LineNumberReader;
 20  
 import java.io.Reader;
 21  
 import java.math.BigInteger;
 22  
 import java.security.InvalidKeyException;
 23  
 import java.security.NoSuchAlgorithmException;
 24  
 import java.security.NoSuchProviderException;
 25  
 import java.security.SignatureException;
 26  
 import java.security.cert.CertificateEncodingException;
 27  
 import java.util.ArrayList;
 28  
 import java.util.Arrays;
 29  
 import java.util.Date;
 30  
 import java.util.List;
 31  
 
 32  
 import javax.security.auth.x500.X500Principal;
 33  
 
 34  
 import org.openpermis.cert.RoleAttribute.RoleDefinition;
 35  
 
 36  
 
 37  
 /*
 38  
  * Copyright (c) 2009, Ergon Informatik AG (http://www.ergon.ch)
 39  
  * All rights reserved.
 40  
  * 
 41  
  * Licensed under the Open Permis License which accompanies this distribution, 
 42  
  * and is available at http://www.openpermis.org/BSDlicenceKent.txt
 43  
  */
 44  
 
 45  
 /**
 46  
  * Simple command line tool for creating attribute certificates containing roles using BouncyCastle
 47  
  * as security provider.
 48  
  * @since 0.3.0
 49  
  */
 50  
 public final class RoleAttributeCertificateManager {
 51  
         
 52  
         //---- Constructors
 53  
         
 54  
         /**
 55  
          * @since 0.3.0
 56  
          */
 57  0
         private RoleAttributeCertificateManager () {
 58  
                 // Prevents instantiation.
 59  0
         }
 60  
         
 61  
         //---- Methods
 62  
         
 63  
         /**
 64  
          * @since 0.3.0
 65  
          */
 66  
         private static void println (String string) {
 67  0
                 System.out.println(string);
 68  0
         }
 69  
         
 70  
         private static void printUsage () {
 71  0
                 println(
 72  
                         "Usage:\n" +
 73  
                         "1. Option [-role | -policy]\n\n" +
 74  
                         
 75  
                         "Option Role:\n" +
 76  
                         "2. Key Store PKC12 File  [key-store.p12]\n" +
 77  
                         "3. Keystore password and private key password  [password]\n" +
 78  
                         "4. Number of Valid Days  [356]\n" +
 79  
                         "5. AC Output File  [role-cert.ace]\n" +
 80  
                         "6. Comma seperated list of roles  " +
 81  
                                 "[permisRole#developer,permisRole#administrator]\n" +
 82  
                         "7. Holder Distinguished Name  [cn=SomeName]\n\n" +
 83  
                         
 84  
                         "Option Policy:\n" +
 85  
                         "2. Key Store PKC12 File  [key-store.p12]\n" +
 86  
                         "3. Key Store Password  [password]\n" +
 87  
                         "4. Number of Valid Days  [356]\n" +
 88  
                         "5. AC Output File  [policy.ace]\n" +
 89  
                         "6. Policy XML file with UTF-8 encoding  [policy.xml]"
 90  
                 );
 91  0
         }
 92  
         
 93  
         /**
 94  
          * @since 0.3.0
 95  
          */
 96  
         protected static boolean generateRoleAttributeCertificate (String[] args) {
 97  0
                 final int roleOptionArgLen = 7;
 98  0
                 final int policyOptionArgLen = 6;
 99  0
                 if (args.length < 1) {
 100  0
                         println("Wrong number of arguments.\n");
 101  0
                         printUsage();
 102  0
                         return false;
 103  
                 }
 104  
                 
 105  0
                 int i = 0;
 106  
                 
 107  
                 // Option.
 108  0
                 final String inputOption = args[i++];
 109  
                 final boolean isRoleOption;
 110  0
                 if ("-role".equals(inputOption)) {
 111  0
                         isRoleOption = true;
 112  0
                 } else if ("-policy".equals(inputOption)) {
 113  0
                         isRoleOption = false;
 114  
                 } else {
 115  0
                         println("Fail - " + inputOption + " is not a valid option.");
 116  0
                         return false;
 117  
                 }
 118  
                 
 119  0
                 if ((isRoleOption && roleOptionArgLen != args.length) || 
 120  
                         !isRoleOption && policyOptionArgLen != args.length
 121  
                 ) {
 122  0
                         println("Wrong number of arguments.\n");
 123  0
                         printUsage();
 124  0
                         return false;
 125  
                 }
 126  
 
 127  0
                 final String inputKeyStore = args[i++]; 
 128  0
                 final String inputPassword = args[i++]; 
 129  0
                 final int inputValidDays = Integer.parseInt(args[i++]);
 130  0
                 final String inputOutputFile = args[i++]; 
 131  
                 final String inputRoles;
 132  
                 final String inputHolder;
 133  
                 final String inputPolicy;
 134  0
                 if (isRoleOption) {
 135  0
                         inputRoles = args[i++]; 
 136  0
                         inputHolder = args[i++];
 137  0
                         inputPolicy = "";
 138  
                 } else {
 139  0
                         inputRoles = "";
 140  0
                         inputHolder = "cn=soa";
 141  0
                         inputPolicy = args[i++];
 142  
                 }
 143  
                 
 144  
                 // ValidDays
 145  0
                 if (inputValidDays < 0) {
 146  0
                         println("FAIL - Number of valid days must be positive.");
 147  0
                         return false;
 148  
                 }
 149  0
                 final long dayMillis = 24 * 60 * 60 * 1000;
 150  0
                 long notValidBefore = System.currentTimeMillis();
 151  0
                 long notValidAfter = notValidBefore + (inputValidDays * dayMillis);
 152  
                 
 153  
                 // KeyStore.
 154  0
                 final File keyStoreFile = new File(inputKeyStore);
 155  0
                 if (!keyStoreFile.isFile()) {
 156  0
                         println("FAIL - Key store is not a valid file.");
 157  0
                         return false;
 158  
                 }
 159  0
                 if (!keyStoreFile.canRead()) {
 160  0
                         println("FAIL - Can not read key store file.");
 161  0
                         return false;
 162  
                 }
 163  
                 
 164  
                 KeyStoreReader reader;
 165  
                 try {
 166  0
                         reader = new KeyStoreReader(
 167  
                                 new FileInputStream(keyStoreFile), 
 168  
                                 inputPassword.toCharArray()
 169  
                         );
 170  0
                 } catch (KeyStoreReaderException e) {
 171  0
                         println(e.getMessage());
 172  0
                         return false;
 173  0
                 } catch (FileNotFoundException e) {
 174  0
                         println(e.getMessage());
 175  0
                         return false;
 176  0
                 }
 177  0
                 println("OK - Key store is read.");
 178  0
                 println(
 179  
                         "OK - Issuer distinguished name is: " + 
 180  
                         reader.getFirstX509Certificate().getSubjectX500Principal().getName()
 181  
                 );
 182  
                 
 183  
                 // Attribute.
 184  
                 Attribute attribute;
 185  0
                 if (isRoleOption) {
 186  0
                         final List<String> roles = Arrays.asList(inputRoles.split(","));
 187  0
                         if (roles.size() == 0) {
 188  0
                                 println("FAIL - No roles specified.");
 189  0
                                 return false;
 190  
                         }
 191  0
                         final List<RoleDefinition> rolesDefs = new ArrayList<RoleDefinition>();
 192  0
                         for (String role : roles) {
 193  0
                                 final String[] array = role.split("#");
 194  0
                                 if (array.length != 2) {
 195  0
                                         println("FAIL - Wrong roles syntax.");
 196  0
                                         return false;
 197  
                                 }
 198  0
                                 rolesDefs.add(new RoleAttribute.RoleDefinition(array[0], array[1]));
 199  0
                         }
 200  0
                         attribute = new RoleAttribute(rolesDefs);
 201  0
                         println("OK - The following roles are written to the attribute certificate.");
 202  0
                         for (String role : roles) {
 203  0
                                 println("\tRole = " + role);
 204  
                         }
 205  0
                 } else {
 206  
 
 207  0
                         final File policyFile = new File(inputPolicy);
 208  0
                         if (!policyFile.isFile()) {
 209  0
                                 println("FAIL - " + inputPolicy + " is not a valid file.");
 210  0
                                 return false;
 211  
                         }
 212  0
                         if (!policyFile.canRead()) {
 213  0
                                 println("FAIL - Can not read " + inputPolicy + " file.");
 214  0
                                 return false;
 215  
                         }
 216  
                         
 217  
                         try {
 218  0
                                 Reader fileReader = new FileReader(policyFile);
 219  0
                                 LineNumberReader lineReader = new LineNumberReader(fileReader);
 220  0
                                 String line = lineReader.readLine();
 221  0
                                 StringBuilder builder = new StringBuilder();
 222  0
                                 while (line != null) {
 223  0
                                         builder.append(line);
 224  0
                                         line = lineReader.readLine();
 225  
                                 }
 226  
                                 
 227  
                                 
 228  0
                                 attribute = new PolicyAttribute(builder.toString());
 229  0
                                 println("OK - Policy is written to the attribute certificate.");
 230  0
                         } catch (FileNotFoundException e) {
 231  0
                                 println("FAIL - File not found");
 232  0
                                 return false;
 233  0
                         } catch (IOException e) {
 234  0
                                 println("FAIL - IO Exception.");
 235  0
                                 return false;
 236  0
                         }
 237  
                 }
 238  
                 
 239  
                 // Holder distinguished name.
 240  
                 final X500Principal principal;
 241  0
                 if (isRoleOption) {
 242  
                         try {
 243  0
                                 principal = new X500Principal(inputHolder);
 244  0
                         } catch (Exception e) {
 245  0
                                 println("FAIL - Holder is not a valid distinguished name.");
 246  0
                                 return false;
 247  0
                         }
 248  
                 } else {
 249  0
                         principal = reader.getFirstX509Certificate().getIssuerX500Principal();
 250  
                 }
 251  0
                 println("OK - Holder distinguished name is: " + inputHolder);
 252  
                 
 253  
                 // Generate AC.
 254  
                 AttributeCertificate certificate;
 255  
                 try {
 256  0
                         certificate = new AttributeCertificateGenerator().
 257  
                         reset().
 258  
                                 withIssuer(reader.getFirstX509Certificate(), reader.getFirstPrivateKey()).
 259  
                                 withHolder(principal).
 260  
                                 withAttribute(attribute).
 261  
                                 withSerialNumber(BigInteger.ONE).
 262  
                                 notValidBefore(new Date(notValidBefore)).
 263  
                                 notValidAfter(new Date(notValidAfter)).
 264  
                                 generate();
 265  
                                 
 266  0
                 } catch (CertificateEncodingException e) {
 267  0
                         println(e.getMessage());
 268  0
                         return false;
 269  0
                 } catch (InvalidKeyException e) {
 270  0
                         println(e.getMessage());
 271  0
                         return false;
 272  0
                 } catch (NoSuchProviderException e) {
 273  0
                         println(e.getMessage());
 274  0
                         return false;
 275  0
                 } catch (SignatureException e) {
 276  0
                         println(e.getMessage());
 277  0
                         return false;
 278  0
                 } catch (NoSuchAlgorithmException e) {
 279  0
                         println(e.getMessage());
 280  0
                         return false;
 281  0
                 } catch (IOException e) {
 282  0
                         println(e.getMessage());
 283  0
                         return false;
 284  0
                 }
 285  0
                 println("OK - Successfully createt attribute certificate.");
 286  
                 
 287  
                 // Output file.
 288  0
                 final File outputFile = new File(inputOutputFile);
 289  0
                 if (outputFile.exists()) {
 290  0
                         println("FAIL - Output file already exists.");
 291  0
                         return false;
 292  
                 }
 293  
                 
 294  
                 // Write certificate to file.
 295  
                 try {
 296  0
                         FileOutputStream fos = new FileOutputStream(outputFile);
 297  0
                         fos.write(certificate.getEncoded());
 298  0
                         fos.flush();
 299  0
                         fos.close();
 300  0
                 } catch (FileNotFoundException e) {
 301  0
                         println(e.getMessage());
 302  0
                         return false;
 303  0
                 } catch (CertificateEncodingException e) {
 304  0
                         println(e.getMessage());
 305  0
                         return false;
 306  0
                 } catch (IOException e) {
 307  0
                         println(e.getMessage());
 308  0
                         return false;
 309  0
                 }
 310  0
                 println("OK - Successfully wrote AC to " + inputOutputFile);
 311  0
                 return true;
 312  
         }
 313  
         
 314  
         /**
 315  
          * @since 0.3.0
 316  
          */
 317  
         public static void main (String[] args) {
 318  0
                 generateRoleAttributeCertificate(args);
 319  0
         }
 320  
 
 321  
 }