Search in sources :

Example 1 with CmpCaClient

use of org.xipki.litecaclient.CmpCaClient in project xipki by xipki.

the class CmpCaClientExample method main.

public static void main(String[] args) {
    try {
        KeyStore ks = KeyStore.getInstance("PKCS12");
        char[] password = REQUESTOR_KEYSTORE_PASSWORD.toCharArray();
        FileInputStream ksStream = new FileInputStream(expandPath(REQUESTOR_KEYSTORE_FILE));
        ks.load(ksStream, password);
        ksStream.close();
        Enumeration<String> aliases = ks.aliases();
        String alias = null;
        while (aliases.hasMoreElements()) {
            String tmp = aliases.nextElement();
            if (ks.isKeyEntry(tmp)) {
                alias = tmp;
                break;
            }
        }
        PrivateKey requestorKey = (PrivateKey) ks.getKey(alias, password);
        X509Certificate requestorCert = (X509Certificate) ks.getCertificate(alias);
        X509Certificate caCert = SdkUtil.parseCert(new File(expandPath(CA_CERT_FILE)));
        X509Certificate responderCert = SdkUtil.parseCert(new File(expandPath(RESPONDER_CERT_FILE)));
        CmpCaClient client = new CmpCaClient(CA_URL, caCert, requestorKey, requestorCert, responderCert, HASH_ALGO);
        // Since xipki-2.2.1 the specification of CA certificate is not required, it can
        // be retrieved via the CMP protocol
        // 
        // CmpCaClient client = new CmpCaClient(CA_URL, requestorKey, requestorCert,
        // responderCert, HASH_ALGO);
        client.init();
        // retrieve CA certificate
        printCert("===== CA Certificate =====", client.getCaCert());
        // Enroll certificate via CSR - RSA
        MyKeypair kp = generateRsaKeypair();
        CertificationRequest csr = genCsr(kp, getSubject());
        X509Certificate cert = client.requestCertViaCsr(CERT_PROFILE, csr);
        printCert("===== RSA via CSR (CMP) =====", cert);
        // Enroll certificate via CSR - EC
        kp = generateEcKeypair();
        csr = genCsr(kp, getSubject());
        cert = client.requestCertViaCsr(CERT_PROFILE, csr);
        printCert("===== EC via CSR (CMP) =====", cert);
        // Enroll certificate via CSR - DSA
        kp = generateDsaKeypair();
        csr = genCsr(kp, getSubject());
        cert = client.requestCertViaCsr(CERT_PROFILE, csr);
        printCert("===== DSA via CSR (CMP) =====", cert);
        // Enroll certificate via CRMF - RSA
        kp = generateRsaKeypair();
        cert = client.requestCertViaCrmf(CERT_PROFILE, kp.getPrivate(), kp.getPublic(), getSubject());
        printCert("===== RSA via CRMF (CMP) =====", cert);
        // Enroll certificate via CRMF - EC
        kp = generateEcKeypair();
        cert = client.requestCertViaCrmf(CERT_PROFILE, kp.getPrivate(), kp.getPublic(), getSubject());
        printCert("===== EC via CRMF (CMP) =====", cert);
        // Enroll certificate via CRMF - DSA
        kp = generateDsaKeypair();
        cert = client.requestCertViaCrmf(CERT_PROFILE, kp.getPrivate(), kp.getPublic(), getSubject());
        printCert("===== DSA via CRMF (CMP) =====", cert);
        BigInteger serialNumber = cert.getSerialNumber();
        // Suspend certificate
        boolean flag = client.revokeCert(serialNumber, CRLReason.lookup(CRLReason.certificateHold));
        if (flag) {
            System.out.println("(CMP) suspended certificate");
        } else {
            System.err.println("(CMP) suspending certificate failed");
        }
        // Unsuspend certificate
        flag = client.revokeCert(serialNumber, CRLReason.lookup(CRLReason.removeFromCRL));
        if (flag) {
            System.out.println("(CMP) unsuspended certificate");
        } else {
            System.err.println("(CMP) unsuspending certificate failed");
        }
        // Revoke certificate
        flag = client.revokeCert(serialNumber, CRLReason.lookup(CRLReason.keyCompromise));
        if (flag) {
            System.out.println("(CMP) revoked certificate");
        } else {
            System.err.println("(CMP) revoking certificate failed");
        }
        client.shutdown();
    } catch (Exception ex) {
        ex.printStackTrace();
        System.exit(-1);
    }
}
Also used : PrivateKey(java.security.PrivateKey) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) BigInteger(java.math.BigInteger) CmpCaClient(org.xipki.litecaclient.CmpCaClient) File(java.io.File) CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)

Aggregations

File (java.io.File)1 FileInputStream (java.io.FileInputStream)1 BigInteger (java.math.BigInteger)1 KeyStore (java.security.KeyStore)1 PrivateKey (java.security.PrivateKey)1 X509Certificate (java.security.cert.X509Certificate)1 CertificationRequest (org.bouncycastle.asn1.pkcs.CertificationRequest)1 CmpCaClient (org.xipki.litecaclient.CmpCaClient)1