use of org.xipki.litecaclient.CmpCaClient in project xipki by xipki.
the class CmpCaClientExample method main.
public static void main(String[] args) {
try {
KeyStore ks = KeyStore.getInstance("PKCS12");
char[] password = REQUESTOR_KEYSTORE_PASSWORD.toCharArray();
FileInputStream ksStream = new FileInputStream(expandPath(REQUESTOR_KEYSTORE_FILE));
ks.load(ksStream, password);
ksStream.close();
Enumeration<String> aliases = ks.aliases();
String alias = null;
while (aliases.hasMoreElements()) {
String tmp = aliases.nextElement();
if (ks.isKeyEntry(tmp)) {
alias = tmp;
break;
}
}
PrivateKey requestorKey = (PrivateKey) ks.getKey(alias, password);
X509Certificate requestorCert = (X509Certificate) ks.getCertificate(alias);
X509Certificate caCert = SdkUtil.parseCert(new File(expandPath(CA_CERT_FILE)));
X509Certificate responderCert = SdkUtil.parseCert(new File(expandPath(RESPONDER_CERT_FILE)));
CmpCaClient client = new CmpCaClient(CA_URL, caCert, requestorKey, requestorCert, responderCert, HASH_ALGO);
// Since xipki-2.2.1 the specification of CA certificate is not required, it can
// be retrieved via the CMP protocol
//
// CmpCaClient client = new CmpCaClient(CA_URL, requestorKey, requestorCert,
// responderCert, HASH_ALGO);
client.init();
// retrieve CA certificate
printCert("===== CA Certificate =====", client.getCaCert());
// Enroll certificate via CSR - RSA
MyKeypair kp = generateRsaKeypair();
CertificationRequest csr = genCsr(kp, getSubject());
X509Certificate cert = client.requestCertViaCsr(CERT_PROFILE, csr);
printCert("===== RSA via CSR (CMP) =====", cert);
// Enroll certificate via CSR - EC
kp = generateEcKeypair();
csr = genCsr(kp, getSubject());
cert = client.requestCertViaCsr(CERT_PROFILE, csr);
printCert("===== EC via CSR (CMP) =====", cert);
// Enroll certificate via CSR - DSA
kp = generateDsaKeypair();
csr = genCsr(kp, getSubject());
cert = client.requestCertViaCsr(CERT_PROFILE, csr);
printCert("===== DSA via CSR (CMP) =====", cert);
// Enroll certificate via CRMF - RSA
kp = generateRsaKeypair();
cert = client.requestCertViaCrmf(CERT_PROFILE, kp.getPrivate(), kp.getPublic(), getSubject());
printCert("===== RSA via CRMF (CMP) =====", cert);
// Enroll certificate via CRMF - EC
kp = generateEcKeypair();
cert = client.requestCertViaCrmf(CERT_PROFILE, kp.getPrivate(), kp.getPublic(), getSubject());
printCert("===== EC via CRMF (CMP) =====", cert);
// Enroll certificate via CRMF - DSA
kp = generateDsaKeypair();
cert = client.requestCertViaCrmf(CERT_PROFILE, kp.getPrivate(), kp.getPublic(), getSubject());
printCert("===== DSA via CRMF (CMP) =====", cert);
BigInteger serialNumber = cert.getSerialNumber();
// Suspend certificate
boolean flag = client.revokeCert(serialNumber, CRLReason.lookup(CRLReason.certificateHold));
if (flag) {
System.out.println("(CMP) suspended certificate");
} else {
System.err.println("(CMP) suspending certificate failed");
}
// Unsuspend certificate
flag = client.revokeCert(serialNumber, CRLReason.lookup(CRLReason.removeFromCRL));
if (flag) {
System.out.println("(CMP) unsuspended certificate");
} else {
System.err.println("(CMP) unsuspending certificate failed");
}
// Revoke certificate
flag = client.revokeCert(serialNumber, CRLReason.lookup(CRLReason.keyCompromise));
if (flag) {
System.out.println("(CMP) revoked certificate");
} else {
System.err.println("(CMP) revoking certificate failed");
}
client.shutdown();
} catch (Exception ex) {
ex.printStackTrace();
System.exit(-1);
}
}
Aggregations