diff --git a/base/ocsp/src/CMakeLists.txt b/base/ocsp/src/CMakeLists.txt index fd7bf520e87..b60469ada58 100644 --- a/base/ocsp/src/CMakeLists.txt +++ b/base/ocsp/src/CMakeLists.txt @@ -12,6 +12,7 @@ javac(pki-ocsp-classes ${JAXRS_API_JAR} ${JSS_JAR} ${SYMKEY_JAR} ${LDAPJDK_JAR} + ${TOMCATJSS_JAR} ${PKI_CMSUTIL_JAR} ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} OUTPUT_DIR ${CMAKE_CURRENT_BINARY_DIR}/classes diff --git a/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCLI.java b/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCLI.java index f637401879d..1b409c80d23 100644 --- a/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCLI.java +++ b/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCLI.java @@ -29,9 +29,10 @@ */ public class OCSPCLI extends CLI { - public OCSPCLI(CLI parent) { + public OCSPCLI(CLI parent) throws Exception { super("ocsp", "OCSP subsystem management commands", parent); + addModule(new OCSPCRLCLI(this)); addModule(new SubsystemDBCLI(this)); addModule(new SubsystemGroupCLI(this)); addModule(new SubsystemUserCLI(this)); diff --git a/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCRLCLI.java b/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCRLCLI.java new file mode 100644 index 00000000000..5fde3821788 --- /dev/null +++ b/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCRLCLI.java @@ -0,0 +1,20 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.ocsp.cli; + +import org.dogtagpki.cli.CLI; + +/** + * @author Endi S. Dewata + */ +public class OCSPCRLCLI extends CLI { + + public OCSPCRLCLI(CLI parent) { + super("crl", "OCSP CRL management commands", parent); + + addModule(new OCSPCRLIssuingPointCLI(this)); + } +} diff --git a/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCRLIssuingPointCLI.java b/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCRLIssuingPointCLI.java new file mode 100644 index 00000000000..e278291e89b --- /dev/null +++ b/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCRLIssuingPointCLI.java @@ -0,0 +1,20 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.ocsp.cli; + +import org.dogtagpki.cli.CLI; + +/** + * @author Endi S. Dewata + */ +public class OCSPCRLIssuingPointCLI extends CLI { + + public OCSPCRLIssuingPointCLI(CLI parent) { + super("issuingpoint", "OCSP CRL issuing point management commands", parent); + + addModule(new OCSPCRLIssuingPointFindCLI(this)); + } +} diff --git a/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCRLIssuingPointFindCLI.java b/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCRLIssuingPointFindCLI.java new file mode 100644 index 00000000000..57f9d11c299 --- /dev/null +++ b/base/ocsp/src/org/dogtagpki/server/ocsp/cli/OCSPCRLIssuingPointFindCLI.java @@ -0,0 +1,120 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.ocsp.cli; + +import java.io.File; +import java.util.Enumeration; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; +import org.apache.tomcat.util.net.jss.TomcatJSS; +import org.dogtagpki.cli.CLI; +import org.dogtagpki.cli.CommandCLI; +import org.dogtagpki.server.ocsp.OCSPConfig; +import org.dogtagpki.server.ocsp.OCSPEngineConfig; +import org.mozilla.jss.netscape.security.x509.X509CertImpl; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord; +import com.netscape.certsrv.ocsp.IDefStore; +import com.netscape.certsrv.ocsp.IOCSPAuthority; +import com.netscape.cmscore.apps.CMS; +import com.netscape.cmscore.apps.DatabaseConfig; +import com.netscape.cmscore.base.ConfigStorage; +import com.netscape.cmscore.base.FileConfigStore; +import com.netscape.cmscore.dbs.DBSubsystem; +import com.netscape.cmscore.ldapconn.PKISocketConfig; +import com.netscape.cmsutil.password.IPasswordStore; +import com.netscape.cmsutil.password.PasswordStoreConfig; + +/** + * @author Endi S. Dewata + */ +public class OCSPCRLIssuingPointFindCLI extends CommandCLI { + + public static Logger logger = LoggerFactory.getLogger(OCSPCRLIssuingPointFindCLI.class); + + public OCSPCRLIssuingPointFindCLI(CLI parent) { + super("find", "Find OCSP CRL issuing points", parent); + } + + public void createOptions() { + Option option = new Option(null, "size", true, "Page size"); + option.setArgName("size"); + options.addOption(option); + } + + public void execute(CommandLine cmd) throws Exception { + + String s = cmd.getOptionValue("size", "100"); + int size = Integer.valueOf(s); + + TomcatJSS tomcatjss = TomcatJSS.getInstance(); + tomcatjss.loadConfig(); + tomcatjss.init(); + + String catalinaBase = System.getProperty("catalina.base"); + String subsystem = parent.getParent().getParent().getName(); + String subsystemDir = catalinaBase + File.separator + subsystem; + String configFile = subsystemDir + File.separator + + "conf" + File.separator + CMS.CONFIG_FILE; + + logger.info("Loading " + configFile); + ConfigStorage storage = new FileConfigStore(configFile); + OCSPEngineConfig engineConfig = new OCSPEngineConfig(storage); + engineConfig.load(); + + DatabaseConfig dbConfig = engineConfig.getDatabaseConfig(); + PKISocketConfig socketConfig = engineConfig.getSocketConfig(); + + PasswordStoreConfig psc = engineConfig.getPasswordStoreConfig(); + IPasswordStore passwordStore = IPasswordStore.create(psc); + + DBSubsystem dbSubsystem = new DBSubsystem(); + dbSubsystem.init(dbConfig, socketConfig, passwordStore); + + OCSPConfig ocspConfig = engineConfig.getOCSPConfig(); + String storeID = ocspConfig.getString(IOCSPAuthority.PROP_DEF_STORE_ID); + + String className = ocspConfig.getString(IOCSPAuthority.PROP_STORE + "." + storeID + ".class"); + IConfigStore storeConfig = ocspConfig.getSubStore(IOCSPAuthority.PROP_STORE + "." + storeID); + + IDefStore store = (IDefStore) Class.forName(className).newInstance(); + store.init(storeConfig, dbSubsystem); + + Enumeration records = store.searchAllCRLIssuingPointRecord(size); + boolean first = true; + + while (records.hasMoreElements()) { + ICRLIssuingPointRecord record = records.nextElement(); + + if (first) { + first = false; + } else { + System.out.println(); + } + + System.out.println(" CRL Issuing Point ID: " + record.getId()); + + X509CertImpl certImpl = new X509CertImpl(record.getCACert()); + System.out.println(" CA Subject DN: " + certImpl.getSubjectDN()); + System.out.println(" CA Issuer DN: " + certImpl.getIssuerDN()); + + System.out.println(" CRL Number: " + record.getCRLNumber()); + System.out.println(" CRL Size: " + record.getCRLSize()); + + System.out.println(" Delta CRL Number: " + record.getDeltaCRLNumber()); + System.out.println(" Delta CRL Size: " + record.getDeltaCRLSize()); + + System.out.println(" This Update: " + record.getThisUpdate()); + System.out.println(" Next Update: " + record.getNextUpdate()); + + System.out.println(" First Unsaved: " + record.getFirstUnsaved()); + } + } +}