Update pki ca-cert-request-submit

The pki ca-cert-request-submit has been added to wrap CACertClient.submitRequest().
dogtagpki · Feb 9, 2021 · 1a47986 · 1a47986
1 parent 2d52e54
commit 1a47986
Showing 1 changed file with 75 additions and 4 deletions.
diff --git a/base/tools/src/main/java/com/netscape/cmstools/ca/CACertRequestSubmitCLI.java b/base/tools/src/main/java/com/netscape/cmstools/ca/CACertRequestSubmitCLI.java
@@ -3,7 +3,12 @@
 import java.io.Console;
 import java.io.File;
 import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Scanner;
@@ -12,7 +17,10 @@
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
 import org.dogtagpki.cli.CommandCLI;
+import org.mozilla.jss.netscape.security.util.Cert;
+import org.mozilla.jss.netscape.security.util.Utils;
 import org.mozilla.jss.netscape.security.x509.X500Name;
+import org.mozilla.jss.netscape.security.x509.X509CertImpl;
 
 import com.netscape.certsrv.ca.AuthorityID;
 import com.netscape.certsrv.ca.CACertClient;
@@ -76,6 +84,22 @@ public void createOptions() {
         option = new Option(null, "subject", true, "Subject DN");
         option.setArgName("DN");
         options.addOption(option);
+
+        option = new Option(null, "session", true, "Session ID");
+        option.setArgName("ID");
+        options.addOption(option);
+
+        option = new Option(null, "install-token", true, "Install token");
+        option.setArgName("path");
+        options.addOption(option);
+
+        option = new Option(null, "output-format", true, "Output format: PEM (default), DER");
+        option.setArgName("format");
+        options.addOption(option);
+
+        option = new Option(null, "output-file", true, "Output file");
+        option.setArgName("file");
+        options.addOption(option);
     }
 
     public void printHelp() {
@@ -158,9 +182,11 @@ public void execute(CommandLine cmd) throws Exception {
         request.setRenewal(cmd.hasOption("renewal"));
 
         String csrFilename = cmd.getOptionValue("csr-file");
+        String csr = null;
+
         if (csrFilename != null) {
 
-            String csr = loadFile(csrFilename);
+            csr = loadFile(csrFilename);
 
             logger.info("CSR:\n" + csr);
 
@@ -248,9 +274,54 @@ public void execute(CommandLine cmd) throws Exception {
         mainCLI.init();
 
         CACertClient certClient = certRequestCLI.getCertClient();
-        CertRequestInfos cri = certClient.enrollRequest(request, aid, adn);
-        MainCLI.printMessage("Submitted certificate request");
-        CACertRequestCLI.printCertRequestInfos(cri);
+
+        String installToken = cmd.getOptionValue("install-token");
+        String sessionID;
+
+        if (installToken != null) {
+            sessionID = new String(Files.readAllBytes(Paths.get(installToken)));
+        } else {
+            sessionID = cmd.getOptionValue("session");
+        }
+
+        if (sessionID == null) {
+            CertRequestInfos cri = certClient.enrollRequest(request, aid, adn);
+            MainCLI.printMessage("Submitted certificate request");
+            CACertRequestCLI.printCertRequestInfos(cri);
+            return;
+        }
+
+        X509CertImpl cert = certClient.submitRequest(requestType, csr, profileID, subjectDN, sessionID);
+        byte[] bytes = cert.getEncoded();
+
+        String outputFormat = cmd.getOptionValue("output-format");
+        if (outputFormat == null || "PEM".equalsIgnoreCase(outputFormat)) {
+            StringWriter sw = new StringWriter();
+
+            try (PrintWriter out = new PrintWriter(sw, true)) {
+                out.println(Cert.HEADER);
+                out.print(Utils.base64encodeMultiLine(cert.getEncoded()));
+                out.println(Cert.FOOTER);
+            }
+
+            bytes = sw.toString().getBytes();
+
+        } else if ("DER".equalsIgnoreCase(outputFormat)) {
+            bytes = cert.getEncoded();
+
+        } else {
+            throw new Exception("Unsupported format: " + outputFormat);
+        }
+
+        String outputFile = cmd.getOptionValue("output-file");
+        if (outputFile != null) {
+            try (FileOutputStream out = new FileOutputStream(outputFile)) {
+                out.write(bytes);
+            }
+
+        } else {
+            System.out.write(bytes);
+        }
     }
 
     private String loadFile(String fileName) throws FileNotFoundException {