Source Code of org.ejbca.ui.cli.CreateCert

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/

package org.ejbca.ui.cli;

import java.io.FileOutputStream;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collection;

import org.ejbca.core.protocol.IRequestMessage;
import org.ejbca.core.protocol.IResponseMessage;
import org.ejbca.core.protocol.PKCS10RequestMessage;
import org.ejbca.core.protocol.X509ResponseMessage;
import org.ejbca.util.CertTools;
import org.ejbca.util.FileTools;
import org.ejbca.util.RequestMessageUtils;

/**
 * Issue a certificate for a user based on a CSR
 *
 * @version $Id: CreateCert.java 10952 2010-12-22 12:18:06Z anatom $
 */
public class CreateCert extends BaseCommand {

  public String getMainCommand() { return null; }
  public String getSubCommand() { return "createcert"; }
  public String getDescription() { return "Issue a certificate for a user based on a CSR"; }

  public void execute(String[] args) throws ErrorAdminCommandException {
        if ( args.length != 5 ) {
            getLogger().info("Usage: " + getCommand() + " <username> <password> <csr.pem> <cert.pem>");
            getLogger().info(" <csr.pem> must be a PKCS#10 request in PEM format.");
            getLogger().info(" The issued certificate will be written to <cert.pem>.");
            return;
        }
        String username = args[1];
        String password = args[2];
        String csr = args[3];
        String certf = args[4];
        try {
      byte[] bytes = FileTools.readFiletoBuffer(csr);
      IRequestMessage req = RequestMessageUtils.parseRequestMessage(bytes);
      if (req instanceof PKCS10RequestMessage) {
        PKCS10RequestMessage p10req = (PKCS10RequestMessage) req;
        p10req.setUsername(username);
        p10req.setPassword(password);
      } else {
        getLogger().error("Input file '"+csr+"' is not a PKCS#10 request.");
        return;
      }
      // Call signsession to create a certificate
      IResponseMessage resp = ejb.getSignSession().createCertificate(getAdmin(), req, X509ResponseMessage.class, null);
      byte[] respBytes = resp.getResponseMessage();
      // Convert to PEM
      Certificate cert = CertTools.getCertfromByteArray(respBytes);
      Collection certs = new ArrayList();
      certs.add(cert);
      byte[] pembytes = CertTools.getPEMFromCerts(certs);
      // Write the resulting cert to file
      FileOutputStream fos = new FileOutputStream(certf);
      fos.write(pembytes);
      fos.close();
      getLogger().info("PEM certificate written to file '"+certf+"'");
    } catch (Exception e) {
      throw new ErrorAdminCommandException(e);
    }
  }
}