CreateHostCertificate.java example

Explorer
cagrid2-master
package org.cagrid.dorian.service.tools;

import java.io.File;
import java.io.FileOutputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Properties;

import org.cagrid.core.commandline.BaseCommandLine;
import org.cagrid.dorian.model.federation.HostCertificateRecord;
import org.cagrid.dorian.model.federation.HostCertificateRequest;
import org.cagrid.dorian.model.federation.PublicKey;
import org.cagrid.dorian.service.CertificateSignatureAlgorithm;
import org.cagrid.dorian.service.Dorian;
import org.cagrid.dorian.service.ca.CertificateAuthorityProperties;
import org.cagrid.dorian.service.federation.IdentityAssignmentPolicy;
import org.cagrid.gaards.pki.CertUtil;
import org.cagrid.gaards.pki.KeyUtil;

public class CreateHostCertificate extends BaseCommandLine {

	public static final String PROPERTIES_FILE = "src/main/resources/host-certificate-request.properties";
	public static final String HOSTNAME_PROMPT = "Please enter a hostname";
	public static final String HOSTNAME_PROPERTY = "org.cagrid.dorian.cert.request.hostname";
	public static final String ADMIN_USER_ID_PROMPT = "Please enter the user id of admin";
	public static final String ADMIN_USER_ID_PROPERTY = "org.cagrid.dorian.admin.user.id";
	public static final String KEYSTORE_ALIAS_PROMPT = "Please enter a alias for the keystore";
	public static final String KEYSTORE_ALIAS_PROPERTY = "org.cagrid.dorian.keystore.alias";
	public static final String KEYSTORE_PASSWORD_PROMPT = "Please enter a password for the keystore";
	public static final String KEYSTORE_PASSWORD_PROPERTY = "org.cagrid.dorian.keystore.password";
	public static final String KEY_PASSWORD_PROMPT = "Please enter a password for the private key";
	public static final String KEY_PASSWORD_PROPERTY = "org.cagrid.dorian.key.password";

	public CreateHostCertificate(File propertiesFile) {
		super(propertiesFile);
	}

	public CreateHostCertificate(Properties properties) {
		super(properties);
	}

	@Override
	public void execute() throws Exception {

		BootstrapperSpringUtils utils = new BootstrapperSpringUtils();
		Dorian dorian = utils.getDorian();
		String hostname = getValue(HOSTNAME_PROMPT, HOSTNAME_PROPERTY);
		String userId = getValue(ADMIN_USER_ID_PROMPT, ADMIN_USER_ID_PROPERTY);
		CertificateAuthorityProperties caProperties = utils.getCertificateAuthorityProperties();
		KeyPair pair = KeyUtil.generateRSAKeyPair(caProperties.getIssuedCertificateKeySize());
		X509Certificate cacert = dorian.getCACertificate();
		String caSubject = cacert.getSubjectDN().getName();
		int index = caSubject.lastIndexOf(",");
		String subjectPrefix = caSubject.substring(0, index);

		String gridId = null;
		if (utils.getIdentityFederationProperties().getIdentityAssignmentPolicy().equals(IdentityAssignmentPolicy.NAME)) {
			gridId = CertUtil.subjectToIdentity(subjectPrefix + ",OU=" + utils.getIdentityProviderProperties().getName() + "/CN=" + userId);
		} else {
			gridId = CertUtil.subjectToIdentity(subjectPrefix + ",OU=IdP [1]/CN=" + userId);
		}
		System.out.println(gridId);
		HostCertificateRequest req = new HostCertificateRequest();
		req.setHostname(hostname);
		PublicKey publicKey = new PublicKey();
		publicKey.setKeyAsString(KeyUtil.writePublicKey(pair.getPublic()));
		req.setPublicKey(publicKey);
		HostCertificateRecord record = dorian.requestHostCertificate(gridId, req, CertificateSignatureAlgorithm.SHA2);
		X509Certificate cert = CertUtil.loadCertificate(record.getCertificate().getCertificateAsString());
		System.out.println("Successfully created the host certificate:");
		System.out.println("Subject: " + cert.getSubjectDN());
		System.out.println("Created: " + cert.getNotBefore());
		System.out.println("Expires: " + cert.getNotAfter());

		String keyStorePassword = getValue(KEYSTORE_PASSWORD_PROMPT, KEYSTORE_PASSWORD_PROPERTY);
		String keyPassword = getValue(KEY_PASSWORD_PROMPT, KEY_PASSWORD_PROPERTY);
		String keyStoreAlias = getValue(KEYSTORE_ALIAS_PROMPT, KEYSTORE_ALIAS_PROPERTY);

		KeyStore hks = KeyStore.getInstance("jks");
		hks.load(null);
		java.security.cert.Certificate[] hostCertChain = { cert };
		hks.setKeyEntry(keyStoreAlias, pair.getPrivate(), keyPassword.toCharArray(), hostCertChain);
		File keyStoreFile = new File(hostname + ".jks");
		FileOutputStream out = new FileOutputStream(keyStoreFile);
		hks.store(out, keyStorePassword.toCharArray());
		out.close();
		System.out.println("Keystore created for " + cert.getSubjectDN() + " at " + keyStoreFile);
	}

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		try {
			CreateHostCertificate main = new CreateHostCertificate(new File(PROPERTIES_FILE));
			main.execute();
		} catch (Exception e) {
			e.printStackTrace();
		}
	}

}