package com.intrbiz.bergamot.command;
import java.security.KeyPair;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import com.intrbiz.bergamot.BergamotCLI;
import com.intrbiz.bergamot.BergamotCLICommand;
import com.intrbiz.bergamot.BergamotCLIException;
import com.intrbiz.bergamot.BergamotClient;
import com.intrbiz.bergamot.agent.config.BergamotAgentCfg;
import com.intrbiz.bergamot.agent.config.CfgParameter;
import com.intrbiz.bergamot.config.CLICfg;
import com.intrbiz.bergamot.config.CLISiteCfg;
import com.intrbiz.bergamot.crypto.util.PEMUtil;
import com.intrbiz.bergamot.crypto.util.RSAUtil;
import com.intrbiz.bergamot.crypto.util.SerialNum;
public class AgentCommand extends BergamotCLICommand
{
public AgentCommand()
{
super();
}
@Override
public String name()
{
return "agent";
}
@Override
public String usage()
{
return "(generate) ...";
}
@Override
public String help()
{
return "Manager Bergamot Agent certificates\n" +
"\n" +
"Commands:\n" +
" generate <site-name> <common-name> - generate and sign a key pair for Bergamot Agent, returning a configuration file\n" +
"\n";
}
@Override
public int execute(BergamotCLI cli, List<String> args) throws Exception
{
if (args.size() < 1) throw new BergamotCLIException("No command given");
String command = args.remove(0);
// process the sub command
if ("generate".equalsIgnoreCase(command))
{
if (args.size() != 2) throw new BergamotCLIException("No site-name or common-name given");
String siteName = args.remove(0);
String commonName = args.remove(0);
// get the site config
CLISiteCfg site = CLICfg.loadConfiguration().getSite(siteName);
if (site == null) throw new BergamotCLIException("No site configured with the name '" + siteName + "'");
// connect to the API
BergamotClient client = new BergamotClient(site.getUrl(), site.getAuthToken());
// call the hello world test
try
{
client.callHelloYou().execute();
}
catch (Exception e)
{
throw new BergamotCLIException("API connectivity test failed, bailing out.", e);
}
// generate a key pair
KeyPair pair = RSAUtil.generateRSAKeyPair(2048);
// sign the certificate
List<Certificate> chain = client.callSignAgentKey().commonName(commonName).publicKey(pair.getPublic()).execute();
Certificate agentCrt = chain.get(0);
Certificate siteCrt = chain.get(1);
Certificate caCrt = chain.get(2);
// get the agent UUID
SerialNum serial = SerialNum.fromBigInt(((X509Certificate) agentCrt).getSerialNumber());
// generate the agent config
BergamotAgentCfg cfg = new BergamotAgentCfg();
cfg.setCaCertificate(PEMUtil.saveCertificate(caCrt));
cfg.setSiteCaCertificate(PEMUtil.saveCertificate(siteCrt));
cfg.setCertificate(PEMUtil.saveCertificate(agentCrt));
cfg.setKey(PEMUtil.saveKey(pair.getPrivate()));
cfg.setName(commonName);
cfg.addParameter(new CfgParameter("agent-id", null, null, serial.getId().toString()));
System.out.println(cfg.toString());
System.out.println("<!-- Agent: UUID=" + serial.getId() + " CN=" + commonName + " -->");
return 0;
}
else
{
throw new BergamotCLIException("Unknown sub command: " + command);
}
}
}