Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
/*
* Copyright 2017-2024 Ping Identity Corporation
* All Rights Reserved.
*/
/*
* Copyright 2017-2024 Ping Identity Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Copyright (C) 2017-2024 Ping Identity Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License (GPLv2 only)
* or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
package com.unboundid.util.ssl.cert;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.nio.file.Files;
import java.net.InetAddress;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import com.unboundid.asn1.ASN1BitString;
import com.unboundid.asn1.ASN1Element;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.Version;
import com.unboundid.util.Base64;
import com.unboundid.util.BouncyCastleFIPSHelper;
import com.unboundid.util.ByteStringBuffer;
import com.unboundid.util.CommandLineTool;
import com.unboundid.util.CryptoHelper;
import com.unboundid.util.Debug;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.OID;
import com.unboundid.util.ObjectPair;
import com.unboundid.util.PasswordReader;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
import com.unboundid.util.args.ArgumentException;
import com.unboundid.util.args.ArgumentParser;
import com.unboundid.util.args.BooleanArgument;
import com.unboundid.util.args.BooleanValueArgument;
import com.unboundid.util.args.DNArgument;
import com.unboundid.util.args.FileArgument;
import com.unboundid.util.args.IA5StringArgumentValueValidator;
import com.unboundid.util.args.IPAddressArgumentValueValidator;
import com.unboundid.util.args.IntegerArgument;
import com.unboundid.util.args.OIDArgumentValueValidator;
import com.unboundid.util.args.StringArgument;
import com.unboundid.util.args.TimestampArgument;
import com.unboundid.util.args.SubCommand;
import com.unboundid.util.ssl.JVMDefaultTrustManager;
import com.unboundid.util.ssl.PKCS11KeyManager;
import static com.unboundid.util.ssl.cert.CertMessages.*;
/**
* This class provides a tool that can be used to manage X.509 certificates for
* use in TLS communication.
*/
@ThreadSafety(level=ThreadSafetyLevel.NOT_THREADSAFE)
public final class ManageCertificates
extends CommandLineTool
{
/**
* The path to the keystore with the JVM's set of default trusted issuer
* certificates.
*/
@Nullable private static final File JVM_DEFAULT_CACERTS_FILE;
static
{
File caCertsFile;
try
{
caCertsFile = JVMDefaultTrustManager.getInstance().getCACertsFile();
}
catch (final Exception e)
{
Debug.debugException(e);
caCertsFile = null;
}
JVM_DEFAULT_CACERTS_FILE = caCertsFile;
}
/**
* The name of the keystore type that should be used for the Bouncy Castle
* FIPS 140-2-compliant keystore.
*/
@NotNull private static final String BCFKS_KEYSTORE_TYPE =
BouncyCastleFIPSHelper.FIPS_KEY_STORE_TYPE;
/**
* The name of the BCFKS keystore type, formatted in all lowercase.
*/
@NotNull private static final String BCFKS_KEYSTORE_TYPE_LC =
BCFKS_KEYSTORE_TYPE.toLowerCase();
/**
* The name of a system property that can be used to specify the default
* keystore type for new keystores.
*/
@NotNull private static final String PROPERTY_DEFAULT_KEYSTORE_TYPE =
ManageCertificates.class.getName() + ".defaultKeystoreType";
/**
* The default keystore type that will be used for new keystores when the
* type is not specified.
*/
@NotNull private static final String DEFAULT_KEYSTORE_TYPE;
static
{
final String propertyValue =
StaticUtils.getSystemProperty(PROPERTY_DEFAULT_KEYSTORE_TYPE);
if (CryptoHelper.usingFIPSMode() ||
((propertyValue != null) && propertyValue.equalsIgnoreCase(
BCFKS_KEYSTORE_TYPE)))
{
DEFAULT_KEYSTORE_TYPE = BCFKS_KEYSTORE_TYPE;
}
else if ((propertyValue != null) &&
(propertyValue.equalsIgnoreCase("PKCS12") ||
propertyValue.equalsIgnoreCase("PKCS#12") ||
propertyValue.equalsIgnoreCase("PKCS #12") ||
propertyValue.equalsIgnoreCase("PKCS 12")))
{
DEFAULT_KEYSTORE_TYPE = CryptoHelper.KEY_STORE_TYPE_PKCS_12;
}
else
{
DEFAULT_KEYSTORE_TYPE = CryptoHelper.KEY_STORE_TYPE_JKS;
}
}
/**
* The column at which to wrap long lines of output.
*/
private static final int WRAP_COLUMN = StaticUtils.TERMINAL_WIDTH_COLUMNS - 1;
/**
* The set of values that will be allowed for the keystore type argument.
*/
@NotNull private static final Set ALLOWED_KEYSTORE_TYPE_VALUES =
StaticUtils.setOf("jks",
"pkcs11", "pkcs 11", "pkcs#11", "pkcs #11",
"pkcs12", "pkcs 12", "pkcs#12", "pkcs #12",
BCFKS_KEYSTORE_TYPE_LC);
// The global argument parser used by this tool.
@Nullable private volatile ArgumentParser globalParser = null;
// The argument parser for the selected subcommand.
@Nullable private volatile ArgumentParser subCommandParser = null;
// The input stream to use for standard input.
@NotNull private final InputStream in;
/**
* Invokes this tool with the default standard output and standard error and
* the provided set of arguments.
*
* @param args The command-line arguments provided to this program.
*/
public static void main(@NotNull final String... args)
{
final ResultCode resultCode = main(System.in, System.out, System.err, args);
if (resultCode != ResultCode.SUCCESS)
{
System.exit(Math.max(1, Math.min(resultCode.intValue(), 255)));
}
}
/**
* Invokes this tool with the provided output and error streams and set of
* arguments.
*
* @param in The input stream to use for standard input. It may be
* {@code null} if no input stream should be available.
* @param out The output stream to use for standard output. It may be
* {@code null} if standard output should be suppressed.
* @param err The output stream to use for standard error. It may be
* {@code null} if standard error should be suppressed.
* @param args The command-line arguments provided to this program.
*
* @return The result code obtained from tool processing.
*/
@NotNull()
public static ResultCode main(@Nullable final InputStream in,
@Nullable final OutputStream out,
@Nullable final OutputStream err,
@NotNull final String... args)
{
final ManageCertificates manageCertificates =
new ManageCertificates(in, out, err);
return manageCertificates.runTool(args);
}
/**
* Creates a new instance of this tool with the provided output and error
* streams. Standard input will bot be available.
*
* @param out The output stream to use for standard output. It may be
* {@code null} if standard output should be suppressed.
* @param err The output stream to use for standard error. It may be
* {@code null} if standard error should be suppressed.
*/
public ManageCertificates(@Nullable final OutputStream out,
@Nullable final OutputStream err)
{
this(null, out, err);
}
/**
* Creates a new instance of this tool with the provided output and error
* streams.
*
* @param in The input stream to use for standard input. It may be
* {@code null} if no input stream should be available.
* @param out The output stream to use for standard output. It may be
* {@code null} if standard output should be suppressed.
* @param err The output stream to use for standard error. It may be
* {@code null} if standard error should be suppressed.
*/
public ManageCertificates(@Nullable final InputStream in,
@Nullable final OutputStream out,
@Nullable final OutputStream err)
{
super(out, err);
if (in == null)
{
this.in = new ByteArrayInputStream(StaticUtils.NO_BYTES);
}
else
{
this.in = in;
}
}
/**
* Retrieves the name of this tool. It should be the name of the command used
* to invoke this tool.
*
* @return The name for this tool.
*/
@Override()
@NotNull()
public String getToolName()
{
return "manage-certificates";
}
/**
* Retrieves a human-readable description for this tool.
*
* @return A human-readable description for this tool.
*/
@Override()
@NotNull()
public String getToolDescription()
{
return INFO_MANAGE_CERTS_TOOL_DESC.get();
}
/**
* Retrieves a version string for this tool, if available.
*
* @return A version string for this tool, or {@code null} if none is
* available.
*/
@Override()
@NotNull()
public String getToolVersion()
{
return Version.NUMERIC_VERSION_STRING;
}
/**
* Indicates whether this tool should provide support for an interactive mode,
* in which the tool offers a mode in which the arguments can be provided in
* a text-driven menu rather than requiring them to be given on the command
* line. If interactive mode is supported, it may be invoked using the
* "--interactive" argument. Alternately, if interactive mode is supported
* and {@link #defaultsToInteractiveMode()} returns {@code true}, then
* interactive mode may be invoked by simply launching the tool without any
* arguments.
*
* @return {@code true} if this tool supports interactive mode, or
* {@code false} if not.
*/
@Override()
public boolean supportsInteractiveMode()
{
return true;
}
/**
* Indicates whether this tool defaults to launching in interactive mode if
* the tool is invoked without any command-line arguments. This will only be
* used if {@link #supportsInteractiveMode()} returns {@code true}.
*
* @return {@code true} if this tool defaults to using interactive mode if
* launched without any command-line arguments, or {@code false} if
* not.
*/
@Override()
public boolean defaultsToInteractiveMode()
{
return true;
}
/**
* Indicates whether this tool supports the use of a properties file for
* specifying default values for arguments that aren't specified on the
* command line.
*
* @return {@code true} if this tool supports the use of a properties file
* for specifying default values for arguments that aren't specified
* on the command line, or {@code false} if not.
*/
@Override()
public boolean supportsPropertiesFile()
{
return true;
}
/**
* Indicates whether this tool should provide arguments for redirecting output
* to a file. If this method returns {@code true}, then the tool will offer
* an "--outputFile" argument that will specify the path to a file to which
* all standard output and standard error content will be written, and it will
* also offer a "--teeToStandardOut" argument that can only be used if the
* "--outputFile" argument is present and will cause all output to be written
* to both the specified output file and to standard output.
*
* @return {@code true} if this tool should provide arguments for redirecting
* output to a file, or {@code false} if not.
*/
@Override()
protected boolean supportsOutputFile()
{
return false;
}
/**
* {@inheritDoc}
*/
@Override()
protected boolean supportsDebugLogging()
{
return true;
}
/**
* Indicates whether to log messages about the launch and completion of this
* tool into the invocation log of Ping Identity server products that may
* include it. This method is not needed for tools that are not expected to
* be part of the Ping Identity server products suite. Further, this value
* may be overridden by settings in the server's
* tool-invocation-logging.properties file.
*
* This method should generally return {@code true} for tools that may alter
* the server configuration, data, or other state information, and
* {@code false} for tools that do not make any changes.
*
* @return {@code true} if Ping Identity server products should include
* messages about the launch and completion of this tool in tool
* invocation log files by default, or {@code false} if not.
*/
@Override()
protected boolean logToolInvocationByDefault()
{
return true;
}
/**
* Adds the command-line arguments supported for use with this tool to the
* provided argument parser. The tool may need to retain references to the
* arguments (and/or the argument parser, if trailing arguments are allowed)
* to it in order to obtain their values for use in later processing.
*
* @param parser The argument parser to which the arguments are to be added.
*
* @throws ArgumentException If a problem occurs while adding any of the
* tool-specific arguments to the provided
* argument parser.
*/
@Override()
public void addToolArguments(@NotNull final ArgumentParser parser)
throws ArgumentException
{
globalParser = parser;
// Define the "list-certificates" subcommand and all of its arguments.
final ArgumentParser listCertsParser = new ArgumentParser(
"list-certificates", INFO_MANAGE_CERTS_SC_LIST_CERTS_DESC.get());
final FileArgument listCertsKeystore = new FileArgument(null, "keystore",
(JVM_DEFAULT_CACERTS_FILE == null), 1, null,
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_DESC.get(), true, true, true,
false);
listCertsKeystore.addLongIdentifier("keystore-path", true);
listCertsKeystore.addLongIdentifier("keystorePath", true);
listCertsKeystore.addLongIdentifier("keystore-file", true);
listCertsKeystore.addLongIdentifier("keystoreFile", true);
listCertsParser.addArgument(listCertsKeystore);
if (JVM_DEFAULT_CACERTS_FILE != null)
{
final BooleanArgument listCertsUseJVMDefault = new BooleanArgument(null,
"use-jvm-default-trust-store", 1,
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_JVM_DEFAULT_DESC.get(
JVM_DEFAULT_CACERTS_FILE.getAbsolutePath()));
listCertsUseJVMDefault.addLongIdentifier("useJVMDefaultTrustStore", true);
listCertsUseJVMDefault.addLongIdentifier("jvm-default", true);
listCertsUseJVMDefault.addLongIdentifier("jvmDefault", true);
listCertsParser.addArgument(listCertsUseJVMDefault);
listCertsParser.addRequiredArgumentSet(listCertsUseJVMDefault,
listCertsKeystore);
listCertsParser.addExclusiveArgumentSet(listCertsUseJVMDefault,
listCertsKeystore);
}
final StringArgument listCertsKeystorePassword = new StringArgument(null,
"keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_PW_DESC.get());
listCertsKeystorePassword.addLongIdentifier("keystorePassword", true);
listCertsKeystorePassword.addLongIdentifier("keystore-passphrase", true);
listCertsKeystorePassword.addLongIdentifier("keystorePassphrase", true);
listCertsKeystorePassword.addLongIdentifier("keystore-pin", true);
listCertsKeystorePassword.addLongIdentifier("keystorePIN", true);
listCertsKeystorePassword.addLongIdentifier("storepass", true);
listCertsKeystorePassword.setSensitive(true);
listCertsParser.addArgument(listCertsKeystorePassword);
final FileArgument listCertsKeystorePasswordFile = new FileArgument(null,
"keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_PW_FILE_DESC.get(), true, true,
true, false);
listCertsKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
listCertsKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file",
true);
listCertsKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile",
true);
listCertsKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
listCertsKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
listCertsParser.addArgument(listCertsKeystorePasswordFile);
final BooleanArgument listCertsPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_PROMPT_FOR_KS_PW_DESC.get());
listCertsPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
listCertsPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
listCertsPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
listCertsPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
listCertsPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
listCertsParser.addArgument(listCertsPromptForKeystorePassword);
final StringArgument listCertsKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
listCertsKeystoreType.addLongIdentifier("key-store-type", true);
listCertsKeystoreType.addLongIdentifier("keystoreType", true);
listCertsKeystoreType.addLongIdentifier("keystore-format", true);
listCertsKeystoreType.addLongIdentifier("key-store-format", true);
listCertsKeystoreType.addLongIdentifier("keystoreFormat", true);
listCertsKeystoreType.addLongIdentifier("storetype", true);
listCertsParser.addArgument(listCertsKeystoreType);
final StringArgument listCertsAlias = new StringArgument(null, "alias",
false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_ALIAS_DESC.get());
listCertsAlias.addLongIdentifier("nickname", true);
listCertsParser.addArgument(listCertsAlias);
final BooleanArgument listCertsDisplayPEM = new BooleanArgument(null,
"display-pem-certificate", 1,
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_DISPLAY_PEM_DESC.get());
listCertsDisplayPEM.addLongIdentifier("displayPEMCertificate", true);
listCertsDisplayPEM.addLongIdentifier("display-pem", true);
listCertsDisplayPEM.addLongIdentifier("displayPEM", true);
listCertsDisplayPEM.addLongIdentifier("show-pem-certificate", true);
listCertsDisplayPEM.addLongIdentifier("showPEMCertificate", true);
listCertsDisplayPEM.addLongIdentifier("show-pem", true);
listCertsDisplayPEM.addLongIdentifier("showPEM", true);
listCertsDisplayPEM.addLongIdentifier("pem", true);
listCertsDisplayPEM.addLongIdentifier("rfc", true);
listCertsParser.addArgument(listCertsDisplayPEM);
final BooleanArgument listCertsVerbose = new BooleanArgument(null,
"verbose", 1, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_VERBOSE_DESC.get());
listCertsParser.addArgument(listCertsVerbose);
final BooleanArgument listCertsDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_DISPLAY_COMMAND_DESC.get());
listCertsDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
listCertsDisplayCommand.addLongIdentifier("show-keytool-command", true);
listCertsDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
listCertsParser.addArgument(listCertsDisplayCommand);
listCertsParser.addExclusiveArgumentSet(listCertsKeystorePassword,
listCertsKeystorePasswordFile, listCertsPromptForKeystorePassword);
final LinkedHashMap listCertsExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(3));
listCertsExamples.put(
new String[]
{
"list-certificates",
"--keystore", getPlatformSpecificPath("config", "keystore")
},
INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_1.get(
getPlatformSpecificPath("config", "keystore")));
listCertsExamples.put(
new String[]
{
"list-certificates",
"--keystore", getPlatformSpecificPath("config", "keystore.p12"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert",
"--verbose",
"--display-pem-certificate",
"--display-keytool-command"
},
INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_2.get(
getPlatformSpecificPath("config", "keystore.p12"),
getPlatformSpecificPath("config", "keystore.pin")));
if (JVM_DEFAULT_CACERTS_FILE != null)
{
listCertsExamples.put(
new String[]
{
"list-certificates",
"--use-jvm-default-trust-store"
},
INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_3.get());
}
final SubCommand listCertsSubCommand = new SubCommand("list-certificates",
INFO_MANAGE_CERTS_SC_LIST_CERTS_DESC.get(), listCertsParser,
listCertsExamples);
listCertsSubCommand.addName("listCertificates", true);
listCertsSubCommand.addName("list-certs", true);
listCertsSubCommand.addName("listCerts", true);
listCertsSubCommand.addName("list", true);
parser.addSubCommand(listCertsSubCommand);
// Define the "export-certificate" subcommand and all of its arguments.
final ArgumentParser exportCertParser = new ArgumentParser(
"export-certificate", INFO_MANAGE_CERTS_SC_EXPORT_CERT_DESC.get());
final FileArgument exportCertKeystore = new FileArgument(null, "keystore",
(JVM_DEFAULT_CACERTS_FILE == null), 1, null,
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_DESC.get(), true, true, true,
false);
exportCertKeystore.addLongIdentifier("keystore-path", true);
exportCertKeystore.addLongIdentifier("keystorePath", true);
exportCertKeystore.addLongIdentifier("keystore-file", true);
exportCertKeystore.addLongIdentifier("keystoreFile", true);
exportCertParser.addArgument(exportCertKeystore);
if (JVM_DEFAULT_CACERTS_FILE != null)
{
final BooleanArgument exportCertUseJVMDefault = new BooleanArgument(null,
"use-jvm-default-trust-store", 1,
INFO_MANAGE_CERTS_SC_EXPORT_CERTS_ARG_JVM_DEFAULT_DESC.get(
JVM_DEFAULT_CACERTS_FILE.getAbsolutePath()));
exportCertUseJVMDefault.addLongIdentifier("useJVMDefaultTrustStore",
true);
exportCertUseJVMDefault.addLongIdentifier("jvm-default", true);
exportCertUseJVMDefault.addLongIdentifier("jvmDefault", true);
exportCertParser.addArgument(exportCertUseJVMDefault);
exportCertParser.addRequiredArgumentSet(exportCertUseJVMDefault,
exportCertKeystore);
exportCertParser.addExclusiveArgumentSet(exportCertUseJVMDefault,
exportCertKeystore);
}
final StringArgument exportCertKeystorePassword = new StringArgument(null,
"keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_PW_DESC.get());
exportCertKeystorePassword.addLongIdentifier("keystorePassword", true);
exportCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
exportCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
exportCertKeystorePassword.addLongIdentifier("keystore-pin", true);
exportCertKeystorePassword.addLongIdentifier("keystorePIN", true);
exportCertKeystorePassword.addLongIdentifier("storepass", true);
exportCertKeystorePassword.setSensitive(true);
exportCertParser.addArgument(exportCertKeystorePassword);
final FileArgument exportCertKeystorePasswordFile = new FileArgument(null,
"keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_PW_FILE_DESC.get(), true, true,
true, false);
exportCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
exportCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file",
true);
exportCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile",
true);
exportCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
exportCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
exportCertParser.addArgument(exportCertKeystorePasswordFile);
final BooleanArgument exportCertPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
exportCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
exportCertPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
exportCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
exportCertPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
exportCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
exportCertParser.addArgument(exportCertPromptForKeystorePassword);
final StringArgument exportCertKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
exportCertKeystoreType.addLongIdentifier("key-store-type", true);
exportCertKeystoreType.addLongIdentifier("keystoreType", true);
exportCertKeystoreType.addLongIdentifier("keystore-format", true);
exportCertKeystoreType.addLongIdentifier("key-store-format", true);
exportCertKeystoreType.addLongIdentifier("keystoreFormat", true);
exportCertKeystoreType.addLongIdentifier("storetype", true);
exportCertParser.addArgument(exportCertKeystoreType);
final StringArgument exportCertAlias = new StringArgument(null, "alias",
true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_ALIAS_DESC.get());
exportCertAlias.addLongIdentifier("nickname", true);
exportCertParser.addArgument(exportCertAlias);
final BooleanArgument exportCertChain = new BooleanArgument(null,
"export-certificate-chain", 1,
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_CHAIN_DESC.get());
exportCertChain.addLongIdentifier("exportCertificateChain", true);
exportCertChain.addLongIdentifier("export-chain", true);
exportCertChain.addLongIdentifier("exportChain", true);
exportCertChain.addLongIdentifier("certificate-chain", true);
exportCertChain.addLongIdentifier("certificateChain", true);
exportCertChain.addLongIdentifier("chain", true);
exportCertParser.addArgument(exportCertChain);
final Set exportCertOutputFormatAllowedValues = StaticUtils.setOf(
"PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument exportCertOutputFormat = new StringArgument(null,
"output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(),
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_FORMAT_DESC.get(),
exportCertOutputFormatAllowedValues, "PEM");
exportCertOutputFormat.addLongIdentifier("outputFormat", true);
exportCertParser.addArgument(exportCertOutputFormat);
final FileArgument exportCertOutputFile = new FileArgument(null,
"output-file", false, 1, null,
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_FILE_DESC.get(), false, true,
true, false);
exportCertOutputFile.addLongIdentifier("outputFile", true);
exportCertOutputFile.addLongIdentifier("export-file", true);
exportCertOutputFile.addLongIdentifier("exportFile", true);
exportCertOutputFile.addLongIdentifier("certificate-file", true);
exportCertOutputFile.addLongIdentifier("certificateFile", true);
exportCertOutputFile.addLongIdentifier("file", true);
exportCertOutputFile.addLongIdentifier("filename", true);
exportCertParser.addArgument(exportCertOutputFile);
final BooleanArgument exportCertSeparateFile = new BooleanArgument(null,
"separate-file-per-certificate", 1,
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_SEPARATE_FILE_DESC.get());
exportCertSeparateFile.addLongIdentifier("separateFilePerCertificate",
true);
exportCertSeparateFile.addLongIdentifier("separate-files", true);
exportCertSeparateFile.addLongIdentifier("separateFiles", true);
exportCertParser.addArgument(exportCertSeparateFile);
final BooleanArgument exportCertDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_DISPLAY_COMMAND_DESC.get());
exportCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
exportCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
exportCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
exportCertParser.addArgument(exportCertDisplayCommand);
exportCertParser.addExclusiveArgumentSet(exportCertKeystorePassword,
exportCertKeystorePasswordFile, exportCertPromptForKeystorePassword);
exportCertParser.addDependentArgumentSet(exportCertSeparateFile,
exportCertChain);
exportCertParser.addDependentArgumentSet(exportCertSeparateFile,
exportCertOutputFile);
final LinkedHashMap exportCertExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
exportCertExamples.put(
new String[]
{
"export-certificate",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--alias", "server-cert"
},
INFO_MANAGE_CERTS_SC_EXPORT_CERT_EXAMPLE_1.get());
exportCertExamples.put(
new String[]
{
"export-certificate",
"--keystore", getPlatformSpecificPath("config", "keystore.p12"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert",
"--export-certificate-chain",
"--output-format", "DER",
"--output-file", "certificate-chain.der",
"--display-keytool-command"
},
INFO_MANAGE_CERTS_SC_EXPORT_CERT_EXAMPLE_2.get());
final SubCommand exportCertSubCommand = new SubCommand("export-certificate",
INFO_MANAGE_CERTS_SC_EXPORT_CERT_DESC.get(), exportCertParser,
exportCertExamples);
exportCertSubCommand.addName("exportCertificate", true);
exportCertSubCommand.addName("export-cert", true);
exportCertSubCommand.addName("exportCert", true);
exportCertSubCommand.addName("export", true);
parser.addSubCommand(exportCertSubCommand);
// Define the "export-private-key" subcommand and all of its arguments.
final ArgumentParser exportKeyParser = new ArgumentParser(
"export-private-key", INFO_MANAGE_CERTS_SC_EXPORT_KEY_DESC.get());
final FileArgument exportKeyKeystore = new FileArgument(null, "keystore",
true, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_DESC.get(),
true, true, true, false);
exportKeyKeystore.addLongIdentifier("keystore-path", true);
exportKeyKeystore.addLongIdentifier("keystorePath", true);
exportKeyKeystore.addLongIdentifier("keystore-file", true);
exportKeyKeystore.addLongIdentifier("keystoreFile", true);
exportKeyParser.addArgument(exportKeyKeystore);
final StringArgument exportKeyKeystorePassword = new StringArgument(null,
"keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_PW_DESC.get());
exportKeyKeystorePassword.addLongIdentifier("keystorePassword", true);
exportKeyKeystorePassword.addLongIdentifier("keystore-passphrase", true);
exportKeyKeystorePassword.addLongIdentifier("keystorePassphrase", true);
exportKeyKeystorePassword.addLongIdentifier("keystore-pin", true);
exportKeyKeystorePassword.addLongIdentifier("keystorePIN", true);
exportKeyKeystorePassword.addLongIdentifier("storepass", true);
exportKeyKeystorePassword.setSensitive(true);
exportKeyParser.addArgument(exportKeyKeystorePassword);
final FileArgument exportKeyKeystorePasswordFile = new FileArgument(null,
"keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_PW_FILE_DESC.get(), true, true,
true, false);
exportKeyKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
exportKeyKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file",
true);
exportKeyKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile",
true);
exportKeyKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
exportKeyKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
exportKeyParser.addArgument(exportKeyKeystorePasswordFile);
final BooleanArgument exportKeyPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PROMPT_FOR_KS_PW_DESC.get());
exportKeyPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
exportKeyPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
exportKeyPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
exportKeyPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
exportKeyPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
exportKeyParser.addArgument(exportKeyPromptForKeystorePassword);
final StringArgument exportKeyPKPassword = new StringArgument(null,
"private-key-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PK_PW_DESC.get());
exportKeyPKPassword.addLongIdentifier("privateKeyPassword", true);
exportKeyPKPassword.addLongIdentifier("private-key-passphrase", true);
exportKeyPKPassword.addLongIdentifier("privateKeyPassphrase", true);
exportKeyPKPassword.addLongIdentifier("private-key-pin", true);
exportKeyPKPassword.addLongIdentifier("privateKeyPIN", true);
exportKeyPKPassword.addLongIdentifier("key-password", true);
exportKeyPKPassword.addLongIdentifier("keyPassword", true);
exportKeyPKPassword.addLongIdentifier("key-passphrase", true);
exportKeyPKPassword.addLongIdentifier("keyPassphrase", true);
exportKeyPKPassword.addLongIdentifier("key-pin", true);
exportKeyPKPassword.addLongIdentifier("keyPIN", true);
exportKeyPKPassword.addLongIdentifier("keypass", true);
exportKeyPKPassword.setSensitive(true);
exportKeyParser.addArgument(exportKeyPKPassword);
final FileArgument exportKeyPKPasswordFile = new FileArgument(null,
"private-key-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PK_PW_FILE_DESC.get(), true, true,
true, false);
exportKeyPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
exportKeyPKPasswordFile.addLongIdentifier("private-key-passphrase-file",
true);
exportKeyPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile",
true);
exportKeyPKPasswordFile.addLongIdentifier("private-key-pin-file",
true);
exportKeyPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
exportKeyPKPasswordFile.addLongIdentifier("key-password-file", true);
exportKeyPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
exportKeyPKPasswordFile.addLongIdentifier("key-passphrase-file",
true);
exportKeyPKPasswordFile.addLongIdentifier("keyPassphraseFile",
true);
exportKeyPKPasswordFile.addLongIdentifier("key-pin-file",
true);
exportKeyPKPasswordFile.addLongIdentifier("keyPINFile", true);
exportKeyParser.addArgument(exportKeyPKPasswordFile);
final BooleanArgument exportKeyPromptForPKPassword =
new BooleanArgument(null, "prompt-for-private-key-password",
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PROMPT_FOR_PK_PW_DESC.get());
exportKeyPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassword", true);
exportKeyPromptForPKPassword.addLongIdentifier(
"prompt-for-private-key-passphrase", true);
exportKeyPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassphrase", true);
exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin",
true);
exportKeyPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN",
true);
exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-key-password",
true);
exportKeyPromptForPKPassword.addLongIdentifier("promptForKeyPassword",
true);
exportKeyPromptForPKPassword.addLongIdentifier(
"prompt-for-key-passphrase", true);
exportKeyPromptForPKPassword.addLongIdentifier(
"promptForKeyPassphrase", true);
exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
exportKeyPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
exportKeyParser.addArgument(exportKeyPromptForPKPassword);
final StringArgument exportKeyKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
exportKeyKeystoreType.addLongIdentifier("key-store-type", true);
exportKeyKeystoreType.addLongIdentifier("keystoreType", true);
exportKeyKeystoreType.addLongIdentifier("keystore-format", true);
exportKeyKeystoreType.addLongIdentifier("key-store-format", true);
exportKeyKeystoreType.addLongIdentifier("keystoreFormat", true);
exportKeyKeystoreType.addLongIdentifier("storetype", true);
exportKeyParser.addArgument(exportKeyKeystoreType);
final StringArgument exportKeyAlias = new StringArgument(null, "alias",
true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_ALIAS_DESC.get());
exportKeyAlias.addLongIdentifier("nickname", true);
exportKeyParser.addArgument(exportKeyAlias);
final Set exportKeyOutputFormatAllowedValues = StaticUtils.setOf(
"PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument exportKeyOutputFormat = new StringArgument(null,
"output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(),
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_FORMAT_DESC.get(),
exportKeyOutputFormatAllowedValues, "PEM");
exportKeyOutputFormat.addLongIdentifier("outputFormat", true);
exportKeyParser.addArgument(exportKeyOutputFormat);
final FileArgument exportKeyOutputFile = new FileArgument(null,
"output-file", false, 1, null,
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_FILE_DESC.get(), false, true,
true, false);
exportKeyOutputFile.addLongIdentifier("outputFile", true);
exportKeyOutputFile.addLongIdentifier("export-file", true);
exportKeyOutputFile.addLongIdentifier("exportFile", true);
exportKeyOutputFile.addLongIdentifier("private-key-file", true);
exportKeyOutputFile.addLongIdentifier("privateKeyFile", true);
exportKeyOutputFile.addLongIdentifier("key-file", true);
exportKeyOutputFile.addLongIdentifier("keyFile", true);
exportKeyOutputFile.addLongIdentifier("file", true);
exportKeyOutputFile.addLongIdentifier("filename", true);
exportKeyParser.addArgument(exportKeyOutputFile);
final StringArgument exportKeyEncryptionPassword = new StringArgument(null,
"encryption-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_EXPIRT_KEY_ARG_ENC_PW_DESC.get());
exportKeyEncryptionPassword.addLongIdentifier("encryptionPassword", true);
exportKeyParser.addArgument(exportKeyEncryptionPassword);
final FileArgument exportKeyEncryptionPasswordFile = new FileArgument(null,
"encryption-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_ENC_PW_FILE_DESC.get(), true, true,
true, false);
exportKeyEncryptionPasswordFile.addLongIdentifier("encryptionPasswordFile",
true);
exportKeyParser.addArgument(exportKeyEncryptionPasswordFile);
final BooleanArgument exportKeyPromptForEncryptionPassword =
new BooleanArgument(null, "prompt-for-encryption-password", 1,
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PROMPT_FOR_ENC_PW.get());
exportKeyPromptForEncryptionPassword.addLongIdentifier(
"promptForEncryptionPassword", true);
exportKeyParser.addArgument(exportKeyPromptForEncryptionPassword);
exportKeyParser.addRequiredArgumentSet(exportKeyKeystorePassword,
exportKeyKeystorePasswordFile, exportKeyPromptForKeystorePassword);
exportKeyParser.addExclusiveArgumentSet(exportKeyKeystorePassword,
exportKeyKeystorePasswordFile, exportKeyPromptForKeystorePassword);
exportKeyParser.addExclusiveArgumentSet(exportKeyPKPassword,
exportKeyPKPasswordFile, exportKeyPromptForPKPassword);
exportKeyParser.addExclusiveArgumentSet(exportKeyEncryptionPassword,
exportKeyEncryptionPasswordFile, exportKeyPromptForEncryptionPassword);
final LinkedHashMap exportKeyExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
exportKeyExamples.put(
new String[]
{
"export-private-key",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert"
},
INFO_MANAGE_CERTS_SC_EXPORT_KEY_EXAMPLE_1.get());
exportKeyExamples.put(
new String[]
{
"export-private-key",
"--keystore", getPlatformSpecificPath("config", "keystore.p12"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--private-key-password-file",
getPlatformSpecificPath("config", "server-cert-key.pin"),
"--alias", "server-cert",
"--output-format", "DER",
"--output-file", "server-cert-key.der"
},
INFO_MANAGE_CERTS_SC_EXPORT_KEY_EXAMPLE_2.get());
final SubCommand exportKeySubCommand = new SubCommand("export-private-key",
INFO_MANAGE_CERTS_SC_EXPORT_CERT_DESC.get(), exportKeyParser,
exportKeyExamples);
exportKeySubCommand.addName("exportPrivateKey", true);
exportKeySubCommand.addName("export-key", true);
exportKeySubCommand.addName("exportKey", true);
parser.addSubCommand(exportKeySubCommand);
// Define the "import-certificate" subcommand and all of its arguments.
final ArgumentParser importCertParser = new ArgumentParser(
"import-certificate", INFO_MANAGE_CERTS_SC_IMPORT_CERT_DESC.get());
final FileArgument importCertKeystore = new FileArgument(null, "keystore",
true, 1, null, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_DESC.get(),
false, true, true, false);
importCertKeystore.addLongIdentifier("keystore-path", true);
importCertKeystore.addLongIdentifier("keystorePath", true);
importCertKeystore.addLongIdentifier("keystore-file", true);
importCertKeystore.addLongIdentifier("keystoreFile", true);
importCertParser.addArgument(importCertKeystore);
final StringArgument importCertKeystorePassword = new StringArgument(null,
"keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_PW_DESC.get());
importCertKeystorePassword.addLongIdentifier("keystorePassword", true);
importCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
importCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
importCertKeystorePassword.addLongIdentifier("keystore-pin", true);
importCertKeystorePassword.addLongIdentifier("keystorePIN", true);
importCertKeystorePassword.addLongIdentifier("storepass", true);
importCertKeystorePassword.setSensitive(true);
importCertParser.addArgument(importCertKeystorePassword);
final FileArgument importCertKeystorePasswordFile = new FileArgument(null,
"keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_PW_FILE_DESC.get(), true, true,
true, false);
importCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
importCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file",
true);
importCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile",
true);
importCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
importCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
importCertParser.addArgument(importCertKeystorePasswordFile);
final BooleanArgument importCertPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
importCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
importCertPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
importCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
importCertPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
importCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
importCertParser.addArgument(importCertPromptForKeystorePassword);
final StringArgument importCertKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
importCertKeystoreType.addLongIdentifier("key-store-type", true);
importCertKeystoreType.addLongIdentifier("keystoreType", true);
importCertKeystoreType.addLongIdentifier("keystore-format", true);
importCertKeystoreType.addLongIdentifier("key-store-format", true);
importCertKeystoreType.addLongIdentifier("keystoreFormat", true);
importCertKeystoreType.addLongIdentifier("storetype", true);
importCertParser.addArgument(importCertKeystoreType);
final StringArgument importCertAlias = new StringArgument(null, "alias",
true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_ALIAS_DESC.get());
importCertAlias.addLongIdentifier("nickname", true);
importCertParser.addArgument(importCertAlias);
final FileArgument importCertCertificateFile = new FileArgument(null,
"certificate-file", true, 0, null,
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_CERT_FILE_DESC.get(), true, true,
true, false);
importCertCertificateFile.addLongIdentifier("certificateFile", true);
importCertCertificateFile.addLongIdentifier("certificate-chain-file", true);
importCertCertificateFile.addLongIdentifier("certificateChainFile", true);
importCertCertificateFile.addLongIdentifier("input-file", true);
importCertCertificateFile.addLongIdentifier("inputFile", true);
importCertCertificateFile.addLongIdentifier("import-file", true);
importCertCertificateFile.addLongIdentifier("importFile", true);
importCertCertificateFile.addLongIdentifier("file", true);
importCertCertificateFile.addLongIdentifier("filename", true);
importCertParser.addArgument(importCertCertificateFile);
final FileArgument importCertPKFile = new FileArgument(null,
"private-key-file", false, 1, null,
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KEY_FILE_DESC.get(), true, true,
true, false);
importCertPKFile.addLongIdentifier("privateKeyFile", true);
importCertPKFile.addLongIdentifier("key-file", true);
importCertPKFile.addLongIdentifier("keyFile", true);
importCertParser.addArgument(importCertPKFile);
final StringArgument importCertPKPassword = new StringArgument(null,
"private-key-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PK_PW_DESC.get());
importCertPKPassword.addLongIdentifier("privateKeyPassword", true);
importCertPKPassword.addLongIdentifier("private-key-passphrase", true);
importCertPKPassword.addLongIdentifier("privateKeyPassphrase", true);
importCertPKPassword.addLongIdentifier("private-key-pin", true);
importCertPKPassword.addLongIdentifier("privateKeyPIN", true);
importCertPKPassword.addLongIdentifier("key-password", true);
importCertPKPassword.addLongIdentifier("keyPassword", true);
importCertPKPassword.addLongIdentifier("key-passphrase", true);
importCertPKPassword.addLongIdentifier("keyPassphrase", true);
importCertPKPassword.addLongIdentifier("key-pin", true);
importCertPKPassword.addLongIdentifier("keyPIN", true);
importCertPKPassword.addLongIdentifier("keypass", true);
importCertPKPassword.setSensitive(true);
importCertParser.addArgument(importCertPKPassword);
final FileArgument importCertPKPasswordFile = new FileArgument(null,
"private-key-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PK_PW_FILE_DESC.get(), true, true,
true, false);
importCertPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
importCertPKPasswordFile.addLongIdentifier("private-key-passphrase-file",
true);
importCertPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile",
true);
importCertPKPasswordFile.addLongIdentifier("private-key-pin-file",
true);
importCertPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
importCertPKPasswordFile.addLongIdentifier("key-password-file", true);
importCertPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
importCertPKPasswordFile.addLongIdentifier("key-passphrase-file",
true);
importCertPKPasswordFile.addLongIdentifier("keyPassphraseFile",
true);
importCertPKPasswordFile.addLongIdentifier("key-pin-file",
true);
importCertPKPasswordFile.addLongIdentifier("keyPINFile", true);
importCertParser.addArgument(importCertPKPasswordFile);
final BooleanArgument importCertPromptForPKPassword =
new BooleanArgument(null, "prompt-for-private-key-password",
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PROMPT_FOR_PK_PW_DESC.get());
importCertPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassword", true);
importCertPromptForPKPassword.addLongIdentifier(
"prompt-for-private-key-passphrase", true);
importCertPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassphrase", true);
importCertPromptForPKPassword.addLongIdentifier(
"prompt-for-private-key-pin", true);
importCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN",
true);
importCertPromptForPKPassword.addLongIdentifier("prompt-for-key-password",
true);
importCertPromptForPKPassword.addLongIdentifier("promptForKeyPassword",
true);
importCertPromptForPKPassword.addLongIdentifier(
"prompt-for-key-passphrase", true);
importCertPromptForPKPassword.addLongIdentifier(
"promptForKeyPassphrase", true);
importCertPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
importCertPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
importCertParser.addArgument(importCertPromptForPKPassword);
final StringArgument importCertEncryptionPassword = new StringArgument(null,
"encryption-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_ENC_PW_DESC.get());
importCertEncryptionPassword.addLongIdentifier("encryptionPassword", true);
importCertEncryptionPassword.setSensitive(true);
importCertParser.addArgument(importCertEncryptionPassword);
final FileArgument importCertEncryptionPasswordFile = new FileArgument(null,
"encryption-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_ENC_PW_FILE_DESC.get(), true,
true, true, false);
importCertEncryptionPasswordFile.addLongIdentifier("encryptionPasswordFile",
true);
importCertParser.addArgument(importCertEncryptionPasswordFile);
final BooleanArgument importCertPromptForEncryptionPassword =
new BooleanArgument(null, "prompt-for-encryption-password",
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PROMPT_FOR_ENC_PW_DESC.get());
importCertPromptForEncryptionPassword.addLongIdentifier(
"promptForEncryptionPassword", true);
importCertParser.addArgument(importCertPromptForEncryptionPassword);
final BooleanArgument importCertNoPrompt = new BooleanArgument(null,
"no-prompt", 1,
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_NO_PROMPT_DESC.get());
importCertNoPrompt.addLongIdentifier("noPrompt", true);
importCertParser.addArgument(importCertNoPrompt);
final BooleanArgument importCertDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_DISPLAY_COMMAND_DESC.get());
importCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
importCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
importCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
importCertParser.addArgument(importCertDisplayCommand);
importCertParser.addRequiredArgumentSet(importCertKeystorePassword,
importCertKeystorePasswordFile, importCertPromptForKeystorePassword);
importCertParser.addExclusiveArgumentSet(importCertKeystorePassword,
importCertKeystorePasswordFile, importCertPromptForKeystorePassword);
importCertParser.addExclusiveArgumentSet(importCertPKPassword,
importCertPKPasswordFile, importCertPromptForPKPassword);
importCertParser.addExclusiveArgumentSet(importCertEncryptionPassword,
importCertEncryptionPasswordFile,
importCertPromptForEncryptionPassword);
final LinkedHashMap importCertExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
importCertExamples.put(
new String[]
{
"import-certificate",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert",
"--certificate-file", "server-cert.crt"
},
INFO_MANAGE_CERTS_SC_IMPORT_CERT_EXAMPLE_1.get("server-cert.crt"));
importCertExamples.put(
new String[]
{
"import-certificate",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert",
"--certificate-file", "server-cert.crt",
"--certificate-file", "server-cert-issuer.crt",
"--private-key-file", "server-cert.key",
"--display-keytool-command"
},
INFO_MANAGE_CERTS_SC_IMPORT_CERT_EXAMPLE_2.get());
final SubCommand importCertSubCommand = new SubCommand("import-certificate",
INFO_MANAGE_CERTS_SC_IMPORT_CERT_DESC.get(), importCertParser,
importCertExamples);
importCertSubCommand.addName("importCertificate", true);
importCertSubCommand.addName("import-certificates", true);
importCertSubCommand.addName("importCertificates", true);
importCertSubCommand.addName("import-cert", true);
importCertSubCommand.addName("importCert", true);
importCertSubCommand.addName("import-certs", true);
importCertSubCommand.addName("importCerts", true);
importCertSubCommand.addName("import-certificate-chain", true);
importCertSubCommand.addName("importCertificateChain", true);
importCertSubCommand.addName("import-chain", true);
importCertSubCommand.addName("importChain", true);
importCertSubCommand.addName("import", true);
parser.addSubCommand(importCertSubCommand);
// Define the "delete-certificate" subcommand and all of its arguments.
final ArgumentParser deleteCertParser = new ArgumentParser(
"delete-certificate", INFO_MANAGE_CERTS_SC_DELETE_CERT_DESC.get());
final FileArgument deleteCertKeystore = new FileArgument(null, "keystore",
true, 1, null, INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_DESC.get(),
true, true, true, false);
deleteCertKeystore.addLongIdentifier("keystore-path", true);
deleteCertKeystore.addLongIdentifier("keystorePath", true);
deleteCertKeystore.addLongIdentifier("keystore-file", true);
deleteCertKeystore.addLongIdentifier("keystoreFile", true);
deleteCertParser.addArgument(deleteCertKeystore);
final StringArgument deleteCertKeystorePassword = new StringArgument(null,
"keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_PW_DESC.get());
deleteCertKeystorePassword.addLongIdentifier("keystorePassword", true);
deleteCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
deleteCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
deleteCertKeystorePassword.addLongIdentifier("keystore-pin", true);
deleteCertKeystorePassword.addLongIdentifier("keystorePIN", true);
deleteCertKeystorePassword.addLongIdentifier("storepass", true);
deleteCertKeystorePassword.setSensitive(true);
deleteCertParser.addArgument(deleteCertKeystorePassword);
final FileArgument deleteCertKeystorePasswordFile = new FileArgument(null,
"keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_PW_FILE_DESC.get(), true, true,
true, false);
deleteCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
deleteCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file",
true);
deleteCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile",
true);
deleteCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
deleteCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
deleteCertParser.addArgument(deleteCertKeystorePasswordFile);
final BooleanArgument deleteCertPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
deleteCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
deleteCertPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
deleteCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
deleteCertPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
deleteCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
deleteCertParser.addArgument(deleteCertPromptForKeystorePassword);
final StringArgument deleteCertKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
deleteCertKeystoreType.addLongIdentifier("key-store-type", true);
deleteCertKeystoreType.addLongIdentifier("keystoreType", true);
deleteCertKeystoreType.addLongIdentifier("keystore-format", true);
deleteCertKeystoreType.addLongIdentifier("key-store-format", true);
deleteCertKeystoreType.addLongIdentifier("keystoreFormat", true);
deleteCertKeystoreType.addLongIdentifier("storetype", true);
deleteCertParser.addArgument(deleteCertKeystoreType);
final StringArgument deleteCertAlias = new StringArgument(null, "alias",
true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_ALIAS_DESC.get());
deleteCertAlias.addLongIdentifier("nickname", true);
deleteCertParser.addArgument(deleteCertAlias);
final BooleanArgument deleteCertNoPrompt = new BooleanArgument(null,
"no-prompt", 1,
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_NO_PROMPT_DESC.get());
deleteCertNoPrompt.addLongIdentifier("noPrompt", true);
deleteCertParser.addArgument(deleteCertNoPrompt);
final BooleanArgument deleteCertDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_DISPLAY_COMMAND_DESC.get());
deleteCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
deleteCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
deleteCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
deleteCertParser.addArgument(deleteCertDisplayCommand);
deleteCertParser.addExclusiveArgumentSet(deleteCertKeystorePassword,
deleteCertKeystorePasswordFile, deleteCertPromptForKeystorePassword);
deleteCertParser.addRequiredArgumentSet(deleteCertKeystorePassword,
deleteCertKeystorePasswordFile, deleteCertPromptForKeystorePassword);
final LinkedHashMap deleteCertExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
deleteCertExamples.put(
new String[]
{
"delete-certificate",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--alias", "server-cert"
},
INFO_MANAGE_CERTS_SC_DELETE_CERT_EXAMPLE_1.get(
getPlatformSpecificPath("config", "keystore")));
final SubCommand deleteCertSubCommand = new SubCommand("delete-certificate",
INFO_MANAGE_CERTS_SC_DELETE_CERT_DESC.get(), deleteCertParser,
deleteCertExamples);
deleteCertSubCommand.addName("deleteCertificate", true);
deleteCertSubCommand.addName("remove-certificate", true);
deleteCertSubCommand.addName("removeCertificate", true);
deleteCertSubCommand.addName("delete", true);
deleteCertSubCommand.addName("remove", true);
parser.addSubCommand(deleteCertSubCommand);
// Define the "generate-self-signed-certificate" subcommand and all of its
// arguments.
final ArgumentParser genCertParser = new ArgumentParser(
"generate-self-signed-certificate",
INFO_MANAGE_CERTS_SC_GEN_CERT_DESC.get());
final FileArgument genCertKeystore = new FileArgument(null, "keystore",
true, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_DESC.get(), false,
true, true, false);
genCertKeystore.addLongIdentifier("keystore-path", true);
genCertKeystore.addLongIdentifier("keystorePath", true);
genCertKeystore.addLongIdentifier("keystore-file", true);
genCertKeystore.addLongIdentifier("keystoreFile", true);
genCertParser.addArgument(genCertKeystore);
final StringArgument genCertKeystorePassword = new StringArgument(null,
"keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_PW_DESC.get());
genCertKeystorePassword.addLongIdentifier("keystorePassword", true);
genCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
genCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
genCertKeystorePassword.addLongIdentifier("keystore-pin", true);
genCertKeystorePassword.addLongIdentifier("keystorePIN", true);
genCertKeystorePassword.addLongIdentifier("storepass", true);
genCertKeystorePassword.setSensitive(true);
genCertParser.addArgument(genCertKeystorePassword);
final FileArgument genCertKeystorePasswordFile = new FileArgument(null,
"keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_PW_FILE_DESC.get(), true, true,
true, false);
genCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
genCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file",
true);
genCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile",
true);
genCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
genCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
genCertParser.addArgument(genCertKeystorePasswordFile);
final BooleanArgument genCertPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
genCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
genCertPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
genCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
genCertPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
genCertPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
genCertParser.addArgument(genCertPromptForKeystorePassword);
final StringArgument genCertPKPassword = new StringArgument(null,
"private-key-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PK_PW_DESC.get());
genCertPKPassword.addLongIdentifier("privateKeyPassword", true);
genCertPKPassword.addLongIdentifier("private-key-passphrase", true);
genCertPKPassword.addLongIdentifier("privateKeyPassphrase", true);
genCertPKPassword.addLongIdentifier("private-key-pin", true);
genCertPKPassword.addLongIdentifier("privateKeyPIN", true);
genCertPKPassword.addLongIdentifier("key-password", true);
genCertPKPassword.addLongIdentifier("keyPassword", true);
genCertPKPassword.addLongIdentifier("key-passphrase", true);
genCertPKPassword.addLongIdentifier("keyPassphrase", true);
genCertPKPassword.addLongIdentifier("key-pin", true);
genCertPKPassword.addLongIdentifier("keyPIN", true);
genCertPKPassword.addLongIdentifier("keypass", true);
genCertPKPassword.setSensitive(true);
genCertParser.addArgument(genCertPKPassword);
final FileArgument genCertPKPasswordFile = new FileArgument(null,
"private-key-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PK_PW_FILE_DESC.get(), true, true,
true, false);
genCertPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
genCertPKPasswordFile.addLongIdentifier("private-key-passphrase-file",
true);
genCertPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile",
true);
genCertPKPasswordFile.addLongIdentifier("private-key-pin-file",
true);
genCertPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
genCertPKPasswordFile.addLongIdentifier("key-password-file", true);
genCertPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
genCertPKPasswordFile.addLongIdentifier("key-passphrase-file",
true);
genCertPKPasswordFile.addLongIdentifier("keyPassphraseFile",
true);
genCertPKPasswordFile.addLongIdentifier("key-pin-file",
true);
genCertPKPasswordFile.addLongIdentifier("keyPINFile", true);
genCertParser.addArgument(genCertPKPasswordFile);
final BooleanArgument genCertPromptForPKPassword =
new BooleanArgument(null, "prompt-for-private-key-password",
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PROMPT_FOR_PK_PW_DESC.get());
genCertPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassword", true);
genCertPromptForPKPassword.addLongIdentifier(
"prompt-for-private-key-passphrase", true);
genCertPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassphrase", true);
genCertPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin",
true);
genCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN",
true);
genCertPromptForPKPassword.addLongIdentifier("prompt-for-key-password",
true);
genCertPromptForPKPassword.addLongIdentifier("promptForKeyPassword",
true);
genCertPromptForPKPassword.addLongIdentifier(
"prompt-for-key-passphrase", true);
genCertPromptForPKPassword.addLongIdentifier(
"promptForKeyPassphrase", true);
genCertPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
genCertPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
genCertParser.addArgument(genCertPromptForPKPassword);
final StringArgument genCertKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
genCertKeystoreType.addLongIdentifier("key-store-type", true);
genCertKeystoreType.addLongIdentifier("keystoreType", true);
genCertKeystoreType.addLongIdentifier("keystore-format", true);
genCertKeystoreType.addLongIdentifier("key-store-format", true);
genCertKeystoreType.addLongIdentifier("keystoreFormat", true);
genCertKeystoreType.addLongIdentifier("storetype", true);
genCertParser.addArgument(genCertKeystoreType);
final StringArgument genCertAlias = new StringArgument(null, "alias",
true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_ALIAS_DESC.get());
genCertAlias.addLongIdentifier("nickname", true);
genCertParser.addArgument(genCertAlias);
final BooleanArgument genCertUseExistingKeyPair = new BooleanArgument(null,
"use-existing-key-pair", 1,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_USE_EXISTING_KP_DESC.get());
genCertUseExistingKeyPair.addLongIdentifier("use-existing-keypair", true);
genCertUseExistingKeyPair.addLongIdentifier("useExistingKeypair", true);
genCertUseExistingKeyPair.addLongIdentifier("replace-existing-certificate",
true);
genCertUseExistingKeyPair.addLongIdentifier("replaceExistingCertificate",
true);
genCertUseExistingKeyPair.addLongIdentifier("replace-certificate", true);
genCertUseExistingKeyPair.addLongIdentifier("replaceCertificate", true);
genCertUseExistingKeyPair.addLongIdentifier("replace-existing", true);
genCertUseExistingKeyPair.addLongIdentifier("replaceExisting", true);
genCertUseExistingKeyPair.addLongIdentifier("replace", true);
genCertParser.addArgument(genCertUseExistingKeyPair);
final DNArgument genCertSubjectDN = new DNArgument(null, "subject-dn",
false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SUBJECT_DN_DESC.get());
genCertSubjectDN.addLongIdentifier("subjectDN", true);
genCertSubjectDN.addLongIdentifier("subject", true);
genCertSubjectDN.addLongIdentifier("dname", true);
genCertParser.addArgument(genCertSubjectDN);
final IntegerArgument genCertDaysValid = new IntegerArgument(null,
"days-valid", false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_DAYS_VALID_DESC.get(), 1,
Integer.MAX_VALUE);
genCertDaysValid.addLongIdentifier("daysValid", true);
genCertDaysValid.addLongIdentifier("validity", true);
genCertParser.addArgument(genCertDaysValid);
final TimestampArgument genCertNotBefore = new TimestampArgument(null,
"validity-start-time", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_TIMESTAMP.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_VALIDITY_START_TIME_DESC.get(
"20180102123456"));
genCertNotBefore.addLongIdentifier("validityStartTime", true);
genCertNotBefore.addLongIdentifier("not-before", true);
genCertNotBefore.addLongIdentifier("notBefore", true);
genCertParser.addArgument(genCertNotBefore);
final StringArgument genCertKeyAlgorithm = new StringArgument(null,
"key-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KEY_ALGORITHM_DESC.get());
genCertKeyAlgorithm.addLongIdentifier("keyAlgorithm", true);
genCertKeyAlgorithm.addLongIdentifier("key-alg", true);
genCertKeyAlgorithm.addLongIdentifier("keyAlg", true);
genCertParser.addArgument(genCertKeyAlgorithm);
final IntegerArgument genCertKeySizeBits = new IntegerArgument(null,
"key-size-bits", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_BITS.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KEY_SIZE_BITS_DESC.get(), 1,
Integer.MAX_VALUE);
genCertKeySizeBits.addLongIdentifier("keySizeBits", true);
genCertKeySizeBits.addLongIdentifier("key-length-bits", true);
genCertKeySizeBits.addLongIdentifier("keyLengthBits", true);
genCertKeySizeBits.addLongIdentifier("key-size", true);
genCertKeySizeBits.addLongIdentifier("keySize", true);
genCertKeySizeBits.addLongIdentifier("key-length", true);
genCertKeySizeBits.addLongIdentifier("keyLength", true);
genCertParser.addArgument(genCertKeySizeBits);
final StringArgument genCertSignatureAlgorithm = new StringArgument(null,
"signature-algorithm", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SIG_ALG_DESC.get());
genCertSignatureAlgorithm.addLongIdentifier("signatureAlgorithm", true);
genCertSignatureAlgorithm.addLongIdentifier("signature-alg", true);
genCertSignatureAlgorithm.addLongIdentifier("signatureAlg", true);
genCertSignatureAlgorithm.addLongIdentifier("sig-alg", true);
genCertSignatureAlgorithm.addLongIdentifier("sigAlg", true);
genCertParser.addArgument(genCertSignatureAlgorithm);
final BooleanArgument genCertInheritExtensions = new BooleanArgument(null,
"inherit-extensions", 1,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_INHERIT_EXT_DESC.get());
genCertInheritExtensions.addLongIdentifier("inheritExtensions", true);
genCertParser.addArgument(genCertInheritExtensions);
final StringArgument genCertSubjectAltDNS = new StringArgument(null,
"subject-alternative-name-dns", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_DNS_DESC.get());
genCertSubjectAltDNS.addLongIdentifier("subjectAlternativeNameDNS", true);
genCertSubjectAltDNS.addLongIdentifier("subject-alt-name-dns", true);
genCertSubjectAltDNS.addLongIdentifier("subjectAltNameDNS", true);
genCertSubjectAltDNS.addLongIdentifier("subject-alternative-dns", true);
genCertSubjectAltDNS.addLongIdentifier("subjectAlternativeDNS", true);
genCertSubjectAltDNS.addLongIdentifier("subject-alt-dns", true);
genCertSubjectAltDNS.addLongIdentifier("subjectAltDNS", true);
genCertSubjectAltDNS.addLongIdentifier("san-dns", true);
genCertSubjectAltDNS.addLongIdentifier("sanDNS", true);
genCertSubjectAltDNS.addValueValidator(
new IA5StringArgumentValueValidator(false));
genCertParser.addArgument(genCertSubjectAltDNS);
final StringArgument genCertSubjectAltIP = new StringArgument(null,
"subject-alternative-name-ip-address", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_IP_DESC.get());
genCertSubjectAltIP.addLongIdentifier("subjectAlternativeNameIPAddress",
true);
genCertSubjectAltIP.addLongIdentifier("subject-alternative-name-ip", true);
genCertSubjectAltIP.addLongIdentifier("subjectAlternativeNameIP", true);
genCertSubjectAltIP.addLongIdentifier("subject-alt-name-ip-address", true);
genCertSubjectAltIP.addLongIdentifier("subjectAltNameIPAddress", true);
genCertSubjectAltIP.addLongIdentifier("subject-alt-name-ip", true);
genCertSubjectAltIP.addLongIdentifier("subjectAltNameIP", true);
genCertSubjectAltIP.addLongIdentifier("subject-alternative-ip-address",
true);
genCertSubjectAltIP.addLongIdentifier("subjectAlternativeIPAddress", true);
genCertSubjectAltIP.addLongIdentifier("subject-alternative-ip", true);
genCertSubjectAltIP.addLongIdentifier("subjectAlternativeIP", true);
genCertSubjectAltIP.addLongIdentifier("subject-alt-ip-address", true);
genCertSubjectAltIP.addLongIdentifier("subjectAltIPAddress", true);
genCertSubjectAltIP.addLongIdentifier("subject-alt-ip", true);
genCertSubjectAltIP.addLongIdentifier("subjectAltIP", true);
genCertSubjectAltIP.addLongIdentifier("san-ip-address", true);
genCertSubjectAltIP.addLongIdentifier("sanIPAddress", true);
genCertSubjectAltIP.addLongIdentifier("san-ip", true);
genCertSubjectAltIP.addLongIdentifier("sanIP", true);
genCertSubjectAltIP.addValueValidator(
new IPAddressArgumentValueValidator(true, true));
genCertParser.addArgument(genCertSubjectAltIP);
final StringArgument genCertSubjectAltEmail = new StringArgument(null,
"subject-alternative-name-email-address", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_EMAIL_DESC.get());
genCertSubjectAltEmail.addLongIdentifier(
"subjectAlternativeNameEmailAddress", true);
genCertSubjectAltEmail.addLongIdentifier("subject-alternative-name-email",
true);
genCertSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmail",
true);
genCertSubjectAltEmail.addLongIdentifier("subject-alt-name-email-address",
true);
genCertSubjectAltEmail.addLongIdentifier("subjectAltNameEmailAddress",
true);
genCertSubjectAltEmail.addLongIdentifier("subject-alt-name-email", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAltNameEmail", true);
genCertSubjectAltEmail.addLongIdentifier(
"subject-alternative-email-address", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAlternativeEmailAddress",
true);
genCertSubjectAltEmail.addLongIdentifier("subject-alternative-email", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAlternativeEmail", true);
genCertSubjectAltEmail.addLongIdentifier("subject-alt-email-address", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAltEmailAddress", true);
genCertSubjectAltEmail.addLongIdentifier("subject-alt-email", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAltEmail", true);
genCertSubjectAltEmail.addLongIdentifier("san-email-address", true);
genCertSubjectAltEmail.addLongIdentifier("sanEmailAddress", true);
genCertSubjectAltEmail.addLongIdentifier("san-email", true);
genCertSubjectAltEmail.addLongIdentifier("sanEmail", true);
genCertSubjectAltEmail.addValueValidator(
new IA5StringArgumentValueValidator(false));
genCertParser.addArgument(genCertSubjectAltEmail);
final StringArgument genCertSubjectAltURI = new StringArgument(null,
"subject-alternative-name-uri", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_URI_DESC.get());
genCertSubjectAltURI.addLongIdentifier("subjectAlternativeNameURI", true);
genCertSubjectAltURI.addLongIdentifier("subject-alt-name-uri", true);
genCertSubjectAltURI.addLongIdentifier("subjectAltNameURI", true);
genCertSubjectAltURI.addLongIdentifier("subject-alternative-uri", true);
genCertSubjectAltURI.addLongIdentifier("subjectAlternativeURI", true);
genCertSubjectAltURI.addLongIdentifier("subject-alt-uri", true);
genCertSubjectAltURI.addLongIdentifier("subjectAltURI", true);
genCertSubjectAltURI.addLongIdentifier("san-uri", true);
genCertSubjectAltURI.addLongIdentifier("sanURI", true);
genCertParser.addArgument(genCertSubjectAltURI);
final StringArgument genCertSubjectAltOID = new StringArgument(null,
"subject-alternative-name-oid", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_OID_DESC.get());
genCertSubjectAltOID.addLongIdentifier("subjectAlternativeNameOID", true);
genCertSubjectAltOID.addLongIdentifier("subject-alt-name-oid", true);
genCertSubjectAltOID.addLongIdentifier("subjectAltNameOID", true);
genCertSubjectAltOID.addLongIdentifier("subject-alternative-oid", true);
genCertSubjectAltOID.addLongIdentifier("subjectAlternativeOID", true);
genCertSubjectAltOID.addLongIdentifier("subject-alt-oid", true);
genCertSubjectAltOID.addLongIdentifier("subjectAltOID", true);
genCertSubjectAltOID.addLongIdentifier("san-oid", true);
genCertSubjectAltOID.addLongIdentifier("sanOID", true);
genCertSubjectAltOID.addValueValidator(new OIDArgumentValueValidator(true));
genCertParser.addArgument(genCertSubjectAltOID);
final BooleanValueArgument genCertBasicConstraintsIsCA =
new BooleanValueArgument(null, "basic-constraints-is-ca", false, null,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_IS_CA_DESC.get());
genCertBasicConstraintsIsCA.addLongIdentifier("basicConstraintsIsCA", true);
genCertBasicConstraintsIsCA.addLongIdentifier("bc-is-ca", true);
genCertBasicConstraintsIsCA.addLongIdentifier("bcIsCA", true);
genCertParser.addArgument(genCertBasicConstraintsIsCA);
final IntegerArgument genCertBasicConstraintsPathLength =
new IntegerArgument(null, "basic-constraints-maximum-path-length",
false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_PATH_LENGTH_DESC.get(), 0,
Integer.MAX_VALUE);
genCertBasicConstraintsPathLength.addLongIdentifier(
"basicConstraintsMaximumPathLength", true);
genCertBasicConstraintsPathLength.addLongIdentifier(
"basic-constraints-max-path-length", true);
genCertBasicConstraintsPathLength.addLongIdentifier(
"basicConstraintsMaxPathLength", true);
genCertBasicConstraintsPathLength.addLongIdentifier(
"basic-constraints-path-length", true);
genCertBasicConstraintsPathLength.addLongIdentifier(
"basicConstraintsPathLength", true);
genCertBasicConstraintsPathLength.addLongIdentifier(
"bc-maximum-path-length", true);
genCertBasicConstraintsPathLength.addLongIdentifier("bcMaximumPathLength",
true);
genCertBasicConstraintsPathLength.addLongIdentifier("bc-max-path-length",
true);
genCertBasicConstraintsPathLength.addLongIdentifier("bcMaxPathLength",
true);
genCertBasicConstraintsPathLength.addLongIdentifier("bc-path-length", true);
genCertBasicConstraintsPathLength.addLongIdentifier("bcPathLength", true);
genCertParser.addArgument(genCertBasicConstraintsPathLength);
final StringArgument genCertKeyUsage = new StringArgument(null, "key-usage",
false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KU_DESC.get());
genCertKeyUsage.addLongIdentifier("keyUsage", true);
genCertParser.addArgument(genCertKeyUsage);
final StringArgument genCertExtendedKeyUsage = new StringArgument(null,
"extended-key-usage", false, 0, null,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_EKU_DESC.get());
genCertExtendedKeyUsage.addLongIdentifier("extendedKeyUsage", true);
genCertParser.addArgument(genCertExtendedKeyUsage);
final StringArgument genCertExtension = new StringArgument(null,
"extension", false, 0, null,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_EXT_DESC.get());
genCertExtension.addLongIdentifier("ext", true);
genCertParser.addArgument(genCertExtension);
final FileArgument genCertOutputFile = new FileArgument(null, "output-file",
false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_OUTPUT_FILE_DESC.get(), false, true,
true, false);
genCertOutputFile.addLongIdentifier("outputFile", true);
genCertOutputFile.addLongIdentifier("filename", true);
genCertOutputFile.addLongIdentifier("file", true);
genCertParser.addArgument(genCertOutputFile);
final Set genCertOutputFormatAllowedValues = StaticUtils.setOf(
"PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument genCertOutputFormat = new StringArgument(null,
"output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(),
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_FORMAT_DESC.get(),
genCertOutputFormatAllowedValues, "PEM");
genCertOutputFormat.addLongIdentifier("outputFormat", true);
genCertParser.addArgument(genCertOutputFormat);
final BooleanArgument genCertDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_DISPLAY_COMMAND_DESC.get());
genCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
genCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
genCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
genCertParser.addArgument(genCertDisplayCommand);
genCertParser.addRequiredArgumentSet(genCertKeystorePassword,
genCertKeystorePasswordFile, genCertPromptForKeystorePassword);
genCertParser.addExclusiveArgumentSet(genCertKeystorePassword,
genCertKeystorePasswordFile, genCertPromptForKeystorePassword);
genCertParser.addExclusiveArgumentSet(genCertPKPassword,
genCertPKPasswordFile, genCertPromptForPKPassword);
genCertParser.addExclusiveArgumentSet(genCertUseExistingKeyPair,
genCertKeyAlgorithm);
genCertParser.addExclusiveArgumentSet(genCertUseExistingKeyPair,
genCertKeySizeBits);
genCertParser.addExclusiveArgumentSet(genCertUseExistingKeyPair,
genCertSignatureAlgorithm);
genCertParser.addDependentArgumentSet(genCertBasicConstraintsPathLength,
genCertBasicConstraintsIsCA);
genCertParser.addDependentArgumentSet(genCertOutputFormat,
genCertOutputFile);
final LinkedHashMap genCertExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(4));
genCertExamples.put(
new String[]
{
"generate-self-signed-certificate",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert",
"--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US"
},
INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_1.get());
genCertExamples.put(
new String[]
{
"generate-self-signed-certificate",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert",
"--use-existing-key-pair",
"--inherit-extensions"
},
INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_2.get());
genCertExamples.put(
new String[]
{
"generate-self-signed-certificate",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert",
"--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US",
"--days-valid", "3650",
"--validity-start-time", "20170101000000",
"--key-algorithm", "RSA",
"--key-size-bits", "4096",
"--signature-algorithm", "SHA256withRSA",
"--subject-alternative-name-dns", "ldap1.example.com",
"--subject-alternative-name-dns", "ldap2.example.com",
"--subject-alternative-name-ip-address", "1.2.3.4",
"--subject-alternative-name-ip-address", "1.2.3.5",
"--extended-key-usage", "server-auth",
"--extended-key-usage", "client-auth",
"--display-keytool-command"
},
INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_3.get());
genCertExamples.put(
new String[]
{
"generate-self-signed-certificate",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "ca-cert",
"--subject-dn",
"CN=Example Certification Authority,O=Example Corp,C=US",
"--days-valid", "7300",
"--validity-start-time", "20170101000000",
"--key-algorithm", "EC",
"--key-size-bits", "256",
"--signature-algorithm", "SHA256withECDSA",
"--basic-constraints-is-ca", "true",
"--key-usage", "key-cert-sign",
"--key-usage", "crl-sign",
"--display-keytool-command"
},
INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_4.get());
final SubCommand genCertSubCommand = new SubCommand(
"generate-self-signed-certificate",
INFO_MANAGE_CERTS_SC_GEN_CERT_DESC.get(), genCertParser,
genCertExamples);
genCertSubCommand.addName("generateSelfSignedCertificate", true);
genCertSubCommand.addName("generate-certificate", true);
genCertSubCommand.addName("generateCertificate", true);
genCertSubCommand.addName("self-signed-certificate", true);
genCertSubCommand.addName("selfSignedCertificate", true);
genCertSubCommand.addName("selfcert", true);
parser.addSubCommand(genCertSubCommand);
// Define the "generate-certificate-signing-request" subcommand and all of
// its arguments.
final ArgumentParser genCSRParser = new ArgumentParser(
"generate-certificate-signing-request",
INFO_MANAGE_CERTS_SC_GEN_CSR_DESC.get());
final Set genCSROutputFormatAllowedValues = StaticUtils.setOf(
"PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument genCSROutputFormat = new StringArgument(null,
"output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_FORMAT_DESC.get(),
genCSROutputFormatAllowedValues, "PEM");
genCSROutputFormat.addLongIdentifier("outputFormat", true);
genCSRParser.addArgument(genCSROutputFormat);
final FileArgument genCSROutputFile = new FileArgument(null, "output-file",
false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_OUTPUT_FILE_DESC.get(), false, true,
true, false);
genCSROutputFile.addLongIdentifier("outputFile", true);
genCSROutputFile.addLongIdentifier("filename", true);
genCSROutputFile.addLongIdentifier("file", true);
genCSRParser.addArgument(genCSROutputFile);
final FileArgument genCSRKeystore = new FileArgument(null, "keystore",
true, 1, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_DESC.get(), false,
true, true, false);
genCSRKeystore.addLongIdentifier("keystore-path", true);
genCSRKeystore.addLongIdentifier("keystorePath", true);
genCSRKeystore.addLongIdentifier("keystore-file", true);
genCSRKeystore.addLongIdentifier("keystoreFile", true);
genCSRParser.addArgument(genCSRKeystore);
final StringArgument genCSRKeystorePassword = new StringArgument(null,
"keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_PW_DESC.get());
genCSRKeystorePassword.addLongIdentifier("keystorePassword", true);
genCSRKeystorePassword.addLongIdentifier("keystore-passphrase", true);
genCSRKeystorePassword.addLongIdentifier("keystorePassphrase", true);
genCSRKeystorePassword.addLongIdentifier("keystore-pin", true);
genCSRKeystorePassword.addLongIdentifier("keystorePIN", true);
genCSRKeystorePassword.addLongIdentifier("storepass", true);
genCSRKeystorePassword.setSensitive(true);
genCSRParser.addArgument(genCSRKeystorePassword);
final FileArgument genCSRKeystorePasswordFile = new FileArgument(null,
"keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_PW_FILE_DESC.get(), true, true,
true, false);
genCSRKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
genCSRKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file",
true);
genCSRKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile",
true);
genCSRKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
genCSRKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
genCSRParser.addArgument(genCSRKeystorePasswordFile);
final BooleanArgument genCSRPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PROMPT_FOR_KS_PW_DESC.get());
genCSRPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
genCSRPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
genCSRPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
genCSRPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
genCSRPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
genCSRParser.addArgument(genCSRPromptForKeystorePassword);
final StringArgument genCSRPKPassword = new StringArgument(null,
"private-key-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PK_PW_DESC.get());
genCSRPKPassword.addLongIdentifier("privateKeyPassword", true);
genCSRPKPassword.addLongIdentifier("private-key-passphrase", true);
genCSRPKPassword.addLongIdentifier("privateKeyPassphrase", true);
genCSRPKPassword.addLongIdentifier("private-key-pin", true);
genCSRPKPassword.addLongIdentifier("privateKeyPIN", true);
genCSRPKPassword.addLongIdentifier("key-password", true);
genCSRPKPassword.addLongIdentifier("keyPassword", true);
genCSRPKPassword.addLongIdentifier("key-passphrase", true);
genCSRPKPassword.addLongIdentifier("keyPassphrase", true);
genCSRPKPassword.addLongIdentifier("key-pin", true);
genCSRPKPassword.addLongIdentifier("keyPIN", true);
genCSRPKPassword.addLongIdentifier("keypass", true);
genCSRPKPassword.setSensitive(true);
genCSRParser.addArgument(genCSRPKPassword);
final FileArgument genCSRPKPasswordFile = new FileArgument(null,
"private-key-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PK_PW_FILE_DESC.get(), true, true,
true, false);
genCSRPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
genCSRPKPasswordFile.addLongIdentifier("private-key-passphrase-file",
true);
genCSRPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile",
true);
genCSRPKPasswordFile.addLongIdentifier("private-key-pin-file",
true);
genCSRPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
genCSRPKPasswordFile.addLongIdentifier("key-password-file", true);
genCSRPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
genCSRPKPasswordFile.addLongIdentifier("key-passphrase-file",
true);
genCSRPKPasswordFile.addLongIdentifier("keyPassphraseFile",
true);
genCSRPKPasswordFile.addLongIdentifier("key-pin-file",
true);
genCSRPKPasswordFile.addLongIdentifier("keyPINFile", true);
genCSRParser.addArgument(genCSRPKPasswordFile);
final BooleanArgument genCSRPromptForPKPassword =
new BooleanArgument(null, "prompt-for-private-key-password",
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PROMPT_FOR_PK_PW_DESC.get());
genCSRPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassword", true);
genCSRPromptForPKPassword.addLongIdentifier(
"prompt-for-private-key-passphrase", true);
genCSRPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassphrase", true);
genCSRPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin",
true);
genCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN",
true);
genCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-password",
true);
genCSRPromptForPKPassword.addLongIdentifier("promptForKeyPassword",
true);
genCSRPromptForPKPassword.addLongIdentifier(
"prompt-for-key-passphrase", true);
genCSRPromptForPKPassword.addLongIdentifier(
"promptForKeyPassphrase", true);
genCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
genCSRPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
genCSRParser.addArgument(genCSRPromptForPKPassword);
final StringArgument genCSRKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
genCSRKeystoreType.addLongIdentifier("key-store-type", true);
genCSRKeystoreType.addLongIdentifier("keystoreType", true);
genCSRKeystoreType.addLongIdentifier("keystore-format", true);
genCSRKeystoreType.addLongIdentifier("key-store-format", true);
genCSRKeystoreType.addLongIdentifier("keystoreFormat", true);
genCSRKeystoreType.addLongIdentifier("storetype", true);
genCSRParser.addArgument(genCSRKeystoreType);
final StringArgument genCSRAlias = new StringArgument(null, "alias",
true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_ALIAS_DESC.get());
genCSRAlias.addLongIdentifier("nickname", true);
genCSRParser.addArgument(genCSRAlias);
final BooleanArgument genCSRUseExistingKeyPair = new BooleanArgument(null,
"use-existing-key-pair", 1,
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_USE_EXISTING_KP_DESC.get());
genCSRUseExistingKeyPair.addLongIdentifier("use-existing-keypair", true);
genCSRUseExistingKeyPair.addLongIdentifier("useExistingKeyPair", true);
genCSRUseExistingKeyPair.addLongIdentifier("replace-existing-certificate",
true);
genCSRUseExistingKeyPair.addLongIdentifier("replaceExistingCertificate",
true);
genCSRUseExistingKeyPair.addLongIdentifier("replace-certificate", true);
genCSRUseExistingKeyPair.addLongIdentifier("replaceCertificate", true);
genCSRUseExistingKeyPair.addLongIdentifier("replace-existing", true);
genCSRUseExistingKeyPair.addLongIdentifier("replaceExisting", true);
genCSRUseExistingKeyPair.addLongIdentifier("replace", true);
genCSRParser.addArgument(genCSRUseExistingKeyPair);
final DNArgument genCSRSubjectDN = new DNArgument(null, "subject-dn",
false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SUBJECT_DN_DESC.get());
genCSRSubjectDN.addLongIdentifier("subjectDN", true);
genCSRSubjectDN.addLongIdentifier("subject", true);
genCSRSubjectDN.addLongIdentifier("dname", true);
genCSRParser.addArgument(genCSRSubjectDN);
final StringArgument genCSRKeyAlgorithm = new StringArgument(null,
"key-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KEY_ALGORITHM_DESC.get());
genCSRKeyAlgorithm.addLongIdentifier("keyAlgorithm", true);
genCSRKeyAlgorithm.addLongIdentifier("key-alg", true);
genCSRKeyAlgorithm.addLongIdentifier("keyAlg", true);
genCSRParser.addArgument(genCSRKeyAlgorithm);
final IntegerArgument genCSRKeySizeBits = new IntegerArgument(null,
"key-size-bits", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_BITS.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KEY_SIZE_BITS_DESC.get(), 1,
Integer.MAX_VALUE);
genCSRKeySizeBits.addLongIdentifier("keySizeBits", true);
genCSRKeySizeBits.addLongIdentifier("key-length-bits", true);
genCSRKeySizeBits.addLongIdentifier("keyLengthBits", true);
genCSRKeySizeBits.addLongIdentifier("key-size", true);
genCSRKeySizeBits.addLongIdentifier("keySize", true);
genCSRKeySizeBits.addLongIdentifier("key-length", true);
genCSRKeySizeBits.addLongIdentifier("keyLength", true);
genCSRParser.addArgument(genCSRKeySizeBits);
final StringArgument genCSRSignatureAlgorithm = new StringArgument(null,
"signature-algorithm", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SIG_ALG_DESC.get());
genCSRSignatureAlgorithm.addLongIdentifier("signatureAlgorithm", true);
genCSRSignatureAlgorithm.addLongIdentifier("signature-alg", true);
genCSRSignatureAlgorithm.addLongIdentifier("signatureAlg", true);
genCSRSignatureAlgorithm.addLongIdentifier("sig-alg", true);
genCSRSignatureAlgorithm.addLongIdentifier("sigAlg", true);
genCSRParser.addArgument(genCSRSignatureAlgorithm);
final BooleanArgument genCSRInheritExtensions = new BooleanArgument(null,
"inherit-extensions", 1,
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_INHERIT_EXT_DESC.get());
genCSRInheritExtensions.addLongIdentifier("inheritExtensions", true);
genCSRParser.addArgument(genCSRInheritExtensions);
final StringArgument genCSRSubjectAltDNS = new StringArgument(null,
"subject-alternative-name-dns", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_DNS_DESC.get());
genCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeNameDNS", true);
genCSRSubjectAltDNS.addLongIdentifier("subject-alt-name-dns", true);
genCSRSubjectAltDNS.addLongIdentifier("subjectAltNameDNS", true);
genCSRSubjectAltDNS.addLongIdentifier("subject-alternative-dns", true);
genCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeDNS", true);
genCSRSubjectAltDNS.addLongIdentifier("subject-alt-dns", true);
genCSRSubjectAltDNS.addLongIdentifier("subjectAltDNS", true);
genCSRSubjectAltDNS.addLongIdentifier("san-dns", true);
genCSRSubjectAltDNS.addLongIdentifier("sanDNS", true);
genCSRSubjectAltDNS.addValueValidator(
new IA5StringArgumentValueValidator(false));
genCSRParser.addArgument(genCSRSubjectAltDNS);
final StringArgument genCSRSubjectAltIP = new StringArgument(null,
"subject-alternative-name-ip-address", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_IP_DESC.get());
genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIPAddress",
true);
genCSRSubjectAltIP.addLongIdentifier("subject-alternative-name-ip", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIP", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip-address", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAltNameIPAddress", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAltNameIP", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip-address",
true);
genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIPAddress", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIP", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alt-ip-address", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAltIPAddress", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alt-ip", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAltIP", true);
genCSRSubjectAltIP.addLongIdentifier("san-ip-address", true);
genCSRSubjectAltIP.addLongIdentifier("sanIPAddress", true);
genCSRSubjectAltIP.addLongIdentifier("san-ip", true);
genCSRSubjectAltIP.addLongIdentifier("sanIP", true);
genCSRSubjectAltIP.addValueValidator(
new IPAddressArgumentValueValidator(true, true));
genCSRParser.addArgument(genCSRSubjectAltIP);
final StringArgument genCSRSubjectAltEmail = new StringArgument(null,
"subject-alternative-name-email-address", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_EMAIL_DESC.get());
genCSRSubjectAltEmail.addLongIdentifier(
"subjectAlternativeNameEmailAddress", true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alternative-name-email",
true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmail",
true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email-address",
true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmailAddress",
true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmail", true);
genCSRSubjectAltEmail.addLongIdentifier(
"subject-alternative-email-address", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmailAddress",
true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alternative-email", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmail", true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alt-email-address", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAltEmailAddress", true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alt-email", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAltEmail", true);
genCSRSubjectAltEmail.addLongIdentifier("san-email-address", true);
genCSRSubjectAltEmail.addLongIdentifier("sanEmailAddress", true);
genCSRSubjectAltEmail.addLongIdentifier("san-email", true);
genCSRSubjectAltEmail.addLongIdentifier("sanEmail", true);
genCSRSubjectAltEmail.addValueValidator(
new IA5StringArgumentValueValidator(false));
genCSRParser.addArgument(genCSRSubjectAltEmail);
final StringArgument genCSRSubjectAltURI = new StringArgument(null,
"subject-alternative-name-uri", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_URI_DESC.get());
genCSRSubjectAltURI.addLongIdentifier("subjectAlternativeNameURI", true);
genCSRSubjectAltURI.addLongIdentifier("subject-alt-name-uri", true);
genCSRSubjectAltURI.addLongIdentifier("subjectAltNameURI", true);
genCSRSubjectAltURI.addLongIdentifier("subject-alternative-uri", true);
genCSRSubjectAltURI.addLongIdentifier("subjectAlternativeURI", true);
genCSRSubjectAltURI.addLongIdentifier("subject-alt-uri", true);
genCSRSubjectAltURI.addLongIdentifier("subjectAltURI", true);
genCSRSubjectAltURI.addLongIdentifier("san-uri", true);
genCSRSubjectAltURI.addLongIdentifier("sanURI", true);
genCSRParser.addArgument(genCSRSubjectAltURI);
final StringArgument genCSRSubjectAltOID = new StringArgument(null,
"subject-alternative-name-oid", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(),
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_OID_DESC.get());
genCSRSubjectAltOID.addLongIdentifier("subjectAlternativeNameOID", true);
genCSRSubjectAltOID.addLongIdentifier("subject-alt-name-oid", true);
genCSRSubjectAltOID.addLongIdentifier("subjectAltNameOID", true);
genCSRSubjectAltOID.addLongIdentifier("subject-alternative-oid", true);
genCSRSubjectAltOID.addLongIdentifier("subjectAlternativeOID", true);
genCSRSubjectAltOID.addLongIdentifier("subject-alt-oid", true);
genCSRSubjectAltOID.addLongIdentifier("subjectAltOID", true);
genCSRSubjectAltOID.addLongIdentifier("san-oid", true);
genCSRSubjectAltOID.addLongIdentifier("sanOID", true);
genCSRSubjectAltOID.addValueValidator(new OIDArgumentValueValidator(true));
genCSRParser.addArgument(genCSRSubjectAltOID);
final BooleanValueArgument genCSRBasicConstraintsIsCA =
new BooleanValueArgument(null, "basic-constraints-is-ca", false, null,
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_BC_IS_CA_DESC.get());
genCSRBasicConstraintsIsCA.addLongIdentifier("basicConstraintsIsCA", true);
genCSRBasicConstraintsIsCA.addLongIdentifier("bc-is-ca", true);
genCSRBasicConstraintsIsCA.addLongIdentifier("bcIsCA", true);
genCSRParser.addArgument(genCSRBasicConstraintsIsCA);
final IntegerArgument genCSRBasicConstraintsPathLength =
new IntegerArgument(null, "basic-constraints-maximum-path-length",
false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_PATH_LENGTH_DESC.get(), 0,
Integer.MAX_VALUE);
genCSRBasicConstraintsPathLength.addLongIdentifier(
"basicConstraintsMaximumPathLength", true);
genCSRBasicConstraintsPathLength.addLongIdentifier(
"basic-constraints-max-path-length", true);
genCSRBasicConstraintsPathLength.addLongIdentifier(
"basicConstraintsMaxPathLength", true);
genCSRBasicConstraintsPathLength.addLongIdentifier(
"basic-constraints-path-length", true);
genCSRBasicConstraintsPathLength.addLongIdentifier(
"basicConstraintsPathLength", true);
genCSRBasicConstraintsPathLength.addLongIdentifier(
"bc-maximum-path-length", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("bcMaximumPathLength",
true);
genCSRBasicConstraintsPathLength.addLongIdentifier("bc-max-path-length",
true);
genCSRBasicConstraintsPathLength.addLongIdentifier("bcMaxPathLength",
true);
genCSRBasicConstraintsPathLength.addLongIdentifier("bc-path-length", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("bcPathLength", true);
genCSRParser.addArgument(genCSRBasicConstraintsPathLength);
final StringArgument genCSRKeyUsage = new StringArgument(null, "key-usage",
false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KU_DESC.get());
genCSRKeyUsage.addLongIdentifier("keyUsage", true);
genCSRParser.addArgument(genCSRKeyUsage);
final StringArgument genCSRExtendedKeyUsage = new StringArgument(null,
"extended-key-usage", false, 0, null,
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_EKU_DESC.get());
genCSRExtendedKeyUsage.addLongIdentifier("extendedKeyUsage", true);
genCSRParser.addArgument(genCSRExtendedKeyUsage);
final StringArgument genCSRExtension = new StringArgument(null,
"extension", false, 0, null,
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_EXT_DESC.get());
genCSRExtension.addLongIdentifier("ext", true);
genCSRParser.addArgument(genCSRExtension);
final BooleanArgument genCSRDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_DISPLAY_COMMAND_DESC.get());
genCSRDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
genCSRDisplayCommand.addLongIdentifier("show-keytool-command", true);
genCSRDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
genCSRParser.addArgument(genCSRDisplayCommand);
genCSRParser.addRequiredArgumentSet(genCSRKeystorePassword,
genCSRKeystorePasswordFile, genCSRPromptForKeystorePassword);
genCSRParser.addExclusiveArgumentSet(genCSRKeystorePassword,
genCSRKeystorePasswordFile, genCSRPromptForKeystorePassword);
genCSRParser.addExclusiveArgumentSet(genCSRPKPassword,
genCSRPKPasswordFile, genCSRPromptForPKPassword);
genCSRParser.addExclusiveArgumentSet(genCSRUseExistingKeyPair,
genCSRKeyAlgorithm);
genCSRParser.addExclusiveArgumentSet(genCSRUseExistingKeyPair,
genCSRKeySizeBits);
genCSRParser.addExclusiveArgumentSet(genCSRUseExistingKeyPair,
genCSRSignatureAlgorithm);
genCSRParser.addDependentArgumentSet(genCSRBasicConstraintsPathLength,
genCSRBasicConstraintsIsCA);
final LinkedHashMap genCSRExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(3));
genCSRExamples.put(
new String[]
{
"generate-certificate-signing-request",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert",
"--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US"
},
INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_1.get());
genCSRExamples.put(
new String[]
{
"generate-certificate-signing-request",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert",
"--use-existing-key-pair",
"--inherit-extensions",
"--output-file", "server-cert.csr"
},
INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_2.get());
genCSRExamples.put(
new String[]
{
"generate-certificate-signing-request",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert",
"--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US",
"--key-algorithm", "EC",
"--key-size-bits", "256",
"--signature-algorithm", "SHA256withECDSA",
"--subject-alternative-name-dns", "ldap1.example.com",
"--subject-alternative-name-dns", "ldap2.example.com",
"--subject-alternative-name-ip-address", "1.2.3.4",
"--subject-alternative-name-ip-address", "1.2.3.5",
"--extended-key-usage", "server-auth",
"--extended-key-usage", "client-auth",
"--output-file", "server-cert.csr",
"--display-keytool-command"
},
INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_3.get());
final SubCommand genCSRSubCommand = new SubCommand(
"generate-certificate-signing-request",
INFO_MANAGE_CERTS_SC_GEN_CSR_DESC.get(), genCSRParser,
genCSRExamples);
genCSRSubCommand.addName("generateCertificateSigningRequest", true);
genCSRSubCommand.addName("generate-certificate-request", true);
genCSRSubCommand.addName("generateCertificateRequest", true);
genCSRSubCommand.addName("generate-csr", true);
genCSRSubCommand.addName("generateCSR", true);
genCSRSubCommand.addName("certificate-signing-request", true);
genCSRSubCommand.addName("certificateSigningRequest", true);
genCSRSubCommand.addName("csr", true);
genCSRSubCommand.addName("certreq", true);
parser.addSubCommand(genCSRSubCommand);
// Define the "sign-certificate-signing-request" subcommand and all of its
// arguments.
final ArgumentParser signCSRParser = new ArgumentParser(
"sign-certificate-signing-request",
INFO_MANAGE_CERTS_SC_SIGN_CSR_DESC.get());
final FileArgument signCSRInputFile = new FileArgument(null,
"request-input-file", true, 1, null,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_INPUT_FILE_DESC.get(), true, true,
true, false);
signCSRInputFile.addLongIdentifier("requestInputFile", true);
signCSRInputFile.addLongIdentifier("certificate-signing-request", true);
signCSRInputFile.addLongIdentifier("certificateSigningRequest", true);
signCSRInputFile.addLongIdentifier("input-file", false);
signCSRInputFile.addLongIdentifier("inputFile", true);
signCSRInputFile.addLongIdentifier("csr", true);
signCSRParser.addArgument(signCSRInputFile);
final FileArgument signCSROutputFile = new FileArgument(null,
"certificate-output-file", false, 1, null,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_OUTPUT_FILE_DESC.get(), false, true,
true, false);
signCSROutputFile.addLongIdentifier("certificateOutputFile", true);
signCSROutputFile.addLongIdentifier("output-file", false);
signCSROutputFile.addLongIdentifier("outputFile", true);
signCSROutputFile.addLongIdentifier("certificate-file", true);
signCSROutputFile.addLongIdentifier("certificateFile", true);
signCSRParser.addArgument(signCSROutputFile);
final Set signCSROutputFormatAllowedValues = StaticUtils.setOf(
"PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument signCSROutputFormat = new StringArgument(null,
"output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_FORMAT_DESC.get(),
signCSROutputFormatAllowedValues, "PEM");
signCSROutputFormat.addLongIdentifier("outputFormat", true);
signCSRParser.addArgument(signCSROutputFormat);
final FileArgument signCSRKeystore = new FileArgument(null, "keystore",
true, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_DESC.get(), true,
true, true, false);
signCSRKeystore.addLongIdentifier("keystore-path", true);
signCSRKeystore.addLongIdentifier("keystorePath", true);
signCSRKeystore.addLongIdentifier("keystore-file", true);
signCSRKeystore.addLongIdentifier("keystoreFile", true);
signCSRParser.addArgument(signCSRKeystore);
final StringArgument signCSRKeystorePassword = new StringArgument(null,
"keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_PW_DESC.get());
signCSRKeystorePassword.addLongIdentifier("keystorePassword", true);
signCSRKeystorePassword.addLongIdentifier("keystore-passphrase", true);
signCSRKeystorePassword.addLongIdentifier("keystorePassphrase", true);
signCSRKeystorePassword.addLongIdentifier("keystore-pin", true);
signCSRKeystorePassword.addLongIdentifier("keystorePIN", true);
signCSRKeystorePassword.addLongIdentifier("storepass", true);
signCSRKeystorePassword.setSensitive(true);
signCSRParser.addArgument(signCSRKeystorePassword);
final FileArgument signCSRKeystorePasswordFile = new FileArgument(null,
"keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_PW_FILE_DESC.get(), true, true,
true, false);
signCSRKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
signCSRKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file",
true);
signCSRKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile",
true);
signCSRKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
signCSRKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
signCSRParser.addArgument(signCSRKeystorePasswordFile);
final BooleanArgument signCSRPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PROMPT_FOR_KS_PW_DESC.get());
signCSRPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
signCSRPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
signCSRPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
signCSRPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
signCSRPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
signCSRParser.addArgument(signCSRPromptForKeystorePassword);
final StringArgument signCSRPKPassword = new StringArgument(null,
"private-key-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PK_PW_DESC.get());
signCSRPKPassword.addLongIdentifier("privateKeyPassword", true);
signCSRPKPassword.addLongIdentifier("private-key-passphrase", true);
signCSRPKPassword.addLongIdentifier("privateKeyPassphrase", true);
signCSRPKPassword.addLongIdentifier("private-key-pin", true);
signCSRPKPassword.addLongIdentifier("privateKeyPIN", true);
signCSRPKPassword.addLongIdentifier("key-password", true);
signCSRPKPassword.addLongIdentifier("keyPassword", true);
signCSRPKPassword.addLongIdentifier("key-passphrase", true);
signCSRPKPassword.addLongIdentifier("keyPassphrase", true);
signCSRPKPassword.addLongIdentifier("key-pin", true);
signCSRPKPassword.addLongIdentifier("keyPIN", true);
signCSRPKPassword.addLongIdentifier("keypass", true);
signCSRPKPassword.setSensitive(true);
signCSRParser.addArgument(signCSRPKPassword);
final FileArgument signCSRPKPasswordFile = new FileArgument(null,
"private-key-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PK_PW_FILE_DESC.get(), true, true,
true, false);
signCSRPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
signCSRPKPasswordFile.addLongIdentifier("private-key-passphrase-file",
true);
signCSRPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile",
true);
signCSRPKPasswordFile.addLongIdentifier("private-key-pin-file",
true);
signCSRPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
signCSRPKPasswordFile.addLongIdentifier("key-password-file", true);
signCSRPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
signCSRPKPasswordFile.addLongIdentifier("key-passphrase-file",
true);
signCSRPKPasswordFile.addLongIdentifier("keyPassphraseFile",
true);
signCSRPKPasswordFile.addLongIdentifier("key-pin-file",
true);
signCSRPKPasswordFile.addLongIdentifier("keyPINFile", true);
signCSRParser.addArgument(signCSRPKPasswordFile);
final BooleanArgument signCSRPromptForPKPassword =
new BooleanArgument(null, "prompt-for-private-key-password",
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PROMPT_FOR_PK_PW_DESC.get());
signCSRPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassword", true);
signCSRPromptForPKPassword.addLongIdentifier(
"prompt-for-private-key-passphrase", true);
signCSRPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassphrase", true);
signCSRPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin",
true);
signCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN",
true);
signCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-password",
true);
signCSRPromptForPKPassword.addLongIdentifier("promptForKeyPassword",
true);
signCSRPromptForPKPassword.addLongIdentifier(
"prompt-for-key-passphrase", true);
signCSRPromptForPKPassword.addLongIdentifier(
"promptForKeyPassphrase", true);
signCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
signCSRPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
signCSRParser.addArgument(signCSRPromptForPKPassword);
final StringArgument signCSRKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
signCSRKeystoreType.addLongIdentifier("key-store-type", true);
signCSRKeystoreType.addLongIdentifier("keystoreType", true);
signCSRKeystoreType.addLongIdentifier("keystore-format", true);
signCSRKeystoreType.addLongIdentifier("key-store-format", true);
signCSRKeystoreType.addLongIdentifier("keystoreFormat", true);
signCSRKeystoreType.addLongIdentifier("storetype", true);
signCSRParser.addArgument(signCSRKeystoreType);
final StringArgument signCSRAlias = new StringArgument(null,
"signing-certificate-alias",
true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_ALIAS_DESC.get());
signCSRAlias.addLongIdentifier("signingCertificateAlias", true);
signCSRAlias.addLongIdentifier("signing-certificate-nickname", true);
signCSRAlias.addLongIdentifier("signingCertificateNickname", true);
signCSRAlias.addLongIdentifier("alias", true);
signCSRAlias.addLongIdentifier("nickname", true);
signCSRParser.addArgument(signCSRAlias);
final DNArgument signCSRSubjectDN = new DNArgument(null, "subject-dn",
false, 1, null,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SUBJECT_DN_DESC.get());
signCSRSubjectDN.addLongIdentifier("subjectDN", true);
signCSRSubjectDN.addLongIdentifier("subject", true);
signCSRSubjectDN.addLongIdentifier("dname", true);
signCSRParser.addArgument(signCSRSubjectDN);
final IntegerArgument signCSRDaysValid = new IntegerArgument(null,
"days-valid", false, 1, null,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_DAYS_VALID_DESC.get(), 1,
Integer.MAX_VALUE);
signCSRDaysValid.addLongIdentifier("daysValid", true);
signCSRDaysValid.addLongIdentifier("validity", true);
signCSRParser.addArgument(signCSRDaysValid);
final TimestampArgument signCSRNotBefore = new TimestampArgument(null,
"validity-start-time", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_TIMESTAMP.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_VALIDITY_START_TIME_DESC.get(
"20180102123456"));
signCSRNotBefore.addLongIdentifier("validityStartTime", true);
signCSRNotBefore.addLongIdentifier("not-before", true);
signCSRNotBefore.addLongIdentifier("notBefore", true);
signCSRParser.addArgument(signCSRNotBefore);
final StringArgument signCSRSignatureAlgorithm = new StringArgument(null,
"signature-algorithm", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SIG_ALG_DESC.get());
signCSRSignatureAlgorithm.addLongIdentifier("signatureAlgorithm", true);
signCSRSignatureAlgorithm.addLongIdentifier("signature-alg", true);
signCSRSignatureAlgorithm.addLongIdentifier("signatureAlg", true);
signCSRSignatureAlgorithm.addLongIdentifier("sig-alg", true);
signCSRSignatureAlgorithm.addLongIdentifier("sigAlg", true);
signCSRParser.addArgument(signCSRSignatureAlgorithm);
final BooleanArgument signCSRIncludeExtensions = new BooleanArgument(null,
"include-requested-extensions", 1,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_INCLUDE_EXT_DESC.get());
signCSRIncludeExtensions.addLongIdentifier("includeRequestedExtensions",
true);
signCSRParser.addArgument(signCSRIncludeExtensions);
final StringArgument signCSRSubjectAltDNS = new StringArgument(null,
"subject-alternative-name-dns", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_DNS_DESC.get());
signCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeNameDNS", true);
signCSRSubjectAltDNS.addLongIdentifier("subject-alt-name-dns", true);
signCSRSubjectAltDNS.addLongIdentifier("subjectAltNameDNS", true);
signCSRSubjectAltDNS.addLongIdentifier("subject-alternative-dns", true);
signCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeDNS", true);
signCSRSubjectAltDNS.addLongIdentifier("subject-alt-dns", true);
signCSRSubjectAltDNS.addLongIdentifier("subjectAltDNS", true);
signCSRSubjectAltDNS.addLongIdentifier("san-dns", true);
signCSRSubjectAltDNS.addLongIdentifier("sanDNS", true);
signCSRSubjectAltDNS.addValueValidator(
new IA5StringArgumentValueValidator(false));
signCSRParser.addArgument(signCSRSubjectAltDNS);
final StringArgument signCSRSubjectAltIP = new StringArgument(null,
"subject-alternative-name-ip-address", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_IP_DESC.get());
signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIPAddress",
true);
signCSRSubjectAltIP.addLongIdentifier("subject-alternative-name-ip", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIP", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip-address", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAltNameIPAddress", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAltNameIP", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip-address",
true);
signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIPAddress", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIP", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alt-ip-address", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAltIPAddress", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alt-ip", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAltIP", true);
signCSRSubjectAltIP.addLongIdentifier("san-ip-address", true);
signCSRSubjectAltIP.addLongIdentifier("sanIPAddress", true);
signCSRSubjectAltIP.addLongIdentifier("san-ip", true);
signCSRSubjectAltIP.addLongIdentifier("sanIP", true);
signCSRSubjectAltIP.addValueValidator(
new IPAddressArgumentValueValidator(true, true));
signCSRParser.addArgument(signCSRSubjectAltIP);
final StringArgument signCSRSubjectAltEmail = new StringArgument(null,
"subject-alternative-name-email-address", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_EMAIL_DESC.get());
signCSRSubjectAltEmail.addLongIdentifier(
"subjectAlternativeNameEmailAddress", true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alternative-name-email",
true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmail",
true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email-address",
true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmailAddress",
true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmail", true);
signCSRSubjectAltEmail.addLongIdentifier(
"subject-alternative-email-address", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmailAddress",
true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alternative-email", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmail", true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alt-email-address", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAltEmailAddress", true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alt-email", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAltEmail", true);
signCSRSubjectAltEmail.addLongIdentifier("san-email-address", true);
signCSRSubjectAltEmail.addLongIdentifier("sanEmailAddress", true);
signCSRSubjectAltEmail.addLongIdentifier("san-email", true);
signCSRSubjectAltEmail.addLongIdentifier("sanEmail", true);
signCSRSubjectAltEmail.addValueValidator(
new IA5StringArgumentValueValidator(false));
signCSRParser.addArgument(signCSRSubjectAltEmail);
final StringArgument signCSRSubjectAltURI = new StringArgument(null,
"subject-alternative-name-uri", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_URI_DESC.get());
signCSRSubjectAltURI.addLongIdentifier("subjectAlternativeNameURI", true);
signCSRSubjectAltURI.addLongIdentifier("subject-alt-name-uri", true);
signCSRSubjectAltURI.addLongIdentifier("subjectAltNameURI", true);
signCSRSubjectAltURI.addLongIdentifier("subject-alternative-uri", true);
signCSRSubjectAltURI.addLongIdentifier("subjectAlternativeURI", true);
signCSRSubjectAltURI.addLongIdentifier("subject-alt-uri", true);
signCSRSubjectAltURI.addLongIdentifier("subjectAltURI", true);
signCSRSubjectAltURI.addLongIdentifier("san-uri", true);
signCSRSubjectAltURI.addLongIdentifier("sanURI", true);
signCSRParser.addArgument(signCSRSubjectAltURI);
final StringArgument signCSRSubjectAltOID = new StringArgument(null,
"subject-alternative-name-oid", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_OID_DESC.get());
signCSRSubjectAltOID.addLongIdentifier("subjectAlternativeNameOID", true);
signCSRSubjectAltOID.addLongIdentifier("subject-alt-name-oid", true);
signCSRSubjectAltOID.addLongIdentifier("subjectAltNameOID", true);
signCSRSubjectAltOID.addLongIdentifier("subject-alternative-oid", true);
signCSRSubjectAltOID.addLongIdentifier("subjectAlternativeOID", true);
signCSRSubjectAltOID.addLongIdentifier("subject-alt-oid", true);
signCSRSubjectAltOID.addLongIdentifier("subjectAltOID", true);
signCSRSubjectAltOID.addLongIdentifier("san-oid", true);
signCSRSubjectAltOID.addLongIdentifier("sanOID", true);
signCSRSubjectAltOID.addValueValidator(new OIDArgumentValueValidator(true));
signCSRParser.addArgument(signCSRSubjectAltOID);
final StringArgument signCSRIssuerAltDNS = new StringArgument(null,
"issuer-alternative-name-dns", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_DNS_DESC.get());
signCSRIssuerAltDNS.addLongIdentifier("issuerAlternativeNameDNS", true);
signCSRIssuerAltDNS.addLongIdentifier("issuer-alt-name-dns", true);
signCSRIssuerAltDNS.addLongIdentifier("issuerAltNameDNS", true);
signCSRIssuerAltDNS.addLongIdentifier("issuer-alternative-dns", true);
signCSRIssuerAltDNS.addLongIdentifier("issuerAlternativeDNS", true);
signCSRIssuerAltDNS.addLongIdentifier("issuer-alt-dns", true);
signCSRIssuerAltDNS.addLongIdentifier("issuerAltDNS", true);
signCSRIssuerAltDNS.addLongIdentifier("ian-dns", true);
signCSRIssuerAltDNS.addLongIdentifier("ianDNS", true);
signCSRIssuerAltDNS.addValueValidator(
new IA5StringArgumentValueValidator(false));
signCSRParser.addArgument(signCSRIssuerAltDNS);
final StringArgument signCSRIssuerAltIP = new StringArgument(null,
"issuer-alternative-name-ip-address", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_IP_DESC.get());
signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeNameIPAddress",
true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alternative-name-ip", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeNameIP", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alt-name-ip-address", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAltNameIPAddress", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alt-name-ip", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAltNameIP", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alternative-ip-address",
true);
signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeIPAddress", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alternative-ip", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeIP", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alt-ip-address", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAltIPAddress", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alt-ip", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAltIP", true);
signCSRIssuerAltIP.addLongIdentifier("ian-ip-address", true);
signCSRIssuerAltIP.addLongIdentifier("ianIPAddress", true);
signCSRIssuerAltIP.addLongIdentifier("ian-ip", true);
signCSRIssuerAltIP.addLongIdentifier("ianIP", true);
signCSRIssuerAltIP.addValueValidator(
new IPAddressArgumentValueValidator(true, true));
signCSRParser.addArgument(signCSRIssuerAltIP);
final StringArgument signCSRIssuerAltEmail = new StringArgument(null,
"issuer-alternative-name-email-address", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_EMAIL_DESC.get());
signCSRIssuerAltEmail.addLongIdentifier(
"issuerAlternativeNameEmailAddress", true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alternative-name-email",
true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAlternativeNameEmail",
true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-name-email-address",
true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAltNameEmailAddress",
true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-name-email", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAltNameEmail", true);
signCSRIssuerAltEmail.addLongIdentifier(
"issuer-alternative-email-address", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAlternativeEmailAddress",
true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alternative-email", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAlternativeEmail", true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-email-address", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAltEmailAddress", true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-email", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAltEmail", true);
signCSRIssuerAltEmail.addLongIdentifier("ian-email-address", true);
signCSRIssuerAltEmail.addLongIdentifier("ianEmailAddress", true);
signCSRIssuerAltEmail.addLongIdentifier("ian-email", true);
signCSRIssuerAltEmail.addLongIdentifier("ianEmail", true);
signCSRIssuerAltEmail.addValueValidator(
new IA5StringArgumentValueValidator(false));
signCSRParser.addArgument(signCSRIssuerAltEmail);
final StringArgument signCSRIssuerAltURI = new StringArgument(null,
"issuer-alternative-name-uri", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_URI_DESC.get());
signCSRIssuerAltURI.addLongIdentifier("issuerAlternativeNameURI", true);
signCSRIssuerAltURI.addLongIdentifier("issuer-alt-name-uri", true);
signCSRIssuerAltURI.addLongIdentifier("issuerAltNameURI", true);
signCSRIssuerAltURI.addLongIdentifier("issuer-alternative-uri", true);
signCSRIssuerAltURI.addLongIdentifier("issuerAlternativeURI", true);
signCSRIssuerAltURI.addLongIdentifier("issuer-alt-uri", true);
signCSRIssuerAltURI.addLongIdentifier("issuerAltURI", true);
signCSRIssuerAltURI.addLongIdentifier("ian-uri", true);
signCSRIssuerAltURI.addLongIdentifier("ianURI", true);
signCSRParser.addArgument(signCSRIssuerAltURI);
final StringArgument signCSRIssuerAltOID = new StringArgument(null,
"issuer-alternative-name-oid", false, 0,
INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(),
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_OID_DESC.get());
signCSRIssuerAltOID.addLongIdentifier("issuerAlternativeNameOID", true);
signCSRIssuerAltOID.addLongIdentifier("issuer-alt-name-oid", true);
signCSRIssuerAltOID.addLongIdentifier("issuerAltNameOID", true);
signCSRIssuerAltOID.addLongIdentifier("issuer-alternative-oid", true);
signCSRIssuerAltOID.addLongIdentifier("issuerAlternativeOID", true);
signCSRIssuerAltOID.addLongIdentifier("issuer-alt-oid", true);
signCSRIssuerAltOID.addLongIdentifier("issuerAltOID", true);
signCSRIssuerAltOID.addLongIdentifier("ian-oid", true);
signCSRIssuerAltOID.addLongIdentifier("ianOID", true);
signCSRIssuerAltOID.addValueValidator(new OIDArgumentValueValidator(true));
signCSRParser.addArgument(signCSRIssuerAltOID);
final BooleanValueArgument signCSRBasicConstraintsIsCA =
new BooleanValueArgument(null, "basic-constraints-is-ca", false, null,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_BC_IS_CA_DESC.get());
signCSRBasicConstraintsIsCA.addLongIdentifier("basicConstraintsIsCA", true);
signCSRBasicConstraintsIsCA.addLongIdentifier("bc-is-ca", true);
signCSRBasicConstraintsIsCA.addLongIdentifier("bcIsCA", true);
signCSRParser.addArgument(signCSRBasicConstraintsIsCA);
final IntegerArgument signCSRBasicConstraintsPathLength =
new IntegerArgument(null, "basic-constraints-maximum-path-length",
false, 1, null,
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_PATH_LENGTH_DESC.get(), 0,
Integer.MAX_VALUE);
signCSRBasicConstraintsPathLength.addLongIdentifier(
"basicConstraintsMaximumPathLength", true);
signCSRBasicConstraintsPathLength.addLongIdentifier(
"basic-constraints-max-path-length", true);
signCSRBasicConstraintsPathLength.addLongIdentifier(
"basicConstraintsMaxPathLength", true);
signCSRBasicConstraintsPathLength.addLongIdentifier(
"basic-constraints-path-length", true);
signCSRBasicConstraintsPathLength.addLongIdentifier(
"basicConstraintsPathLength", true);
signCSRBasicConstraintsPathLength.addLongIdentifier(
"bc-maximum-path-length", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("bcMaximumPathLength",
true);
signCSRBasicConstraintsPathLength.addLongIdentifier("bc-max-path-length",
true);
signCSRBasicConstraintsPathLength.addLongIdentifier("bcMaxPathLength",
true);
signCSRBasicConstraintsPathLength.addLongIdentifier("bc-path-length", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("bcPathLength", true);
signCSRParser.addArgument(signCSRBasicConstraintsPathLength);
final StringArgument signCSRKeyUsage = new StringArgument(null, "key-usage",
false, 0, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KU_DESC.get());
signCSRKeyUsage.addLongIdentifier("keyUsage", true);
signCSRParser.addArgument(signCSRKeyUsage);
final StringArgument signCSRExtendedKeyUsage = new StringArgument(null,
"extended-key-usage", false, 0, null,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_EKU_DESC.get());
signCSRExtendedKeyUsage.addLongIdentifier("extendedKeyUsage", true);
signCSRParser.addArgument(signCSRExtendedKeyUsage);
final StringArgument signCSRExtension = new StringArgument(null,
"extension", false, 0, null,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_EXT_DESC.get());
signCSRExtension.addLongIdentifier("ext", true);
signCSRParser.addArgument(signCSRExtension);
final BooleanArgument signCSRNoPrompt = new BooleanArgument(null,
"no-prompt", 1,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_NO_PROMPT_DESC.get());
signCSRNoPrompt.addLongIdentifier("noPrompt", true);
signCSRParser.addArgument(signCSRNoPrompt);
final BooleanArgument signCSRDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_DISPLAY_COMMAND_DESC.get());
signCSRDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
signCSRDisplayCommand.addLongIdentifier("show-keytool-command", true);
signCSRDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
signCSRParser.addArgument(signCSRDisplayCommand);
signCSRParser.addRequiredArgumentSet(signCSRKeystorePassword,
signCSRKeystorePasswordFile, signCSRPromptForKeystorePassword);
signCSRParser.addExclusiveArgumentSet(signCSRKeystorePassword,
signCSRKeystorePasswordFile, signCSRPromptForKeystorePassword);
signCSRParser.addExclusiveArgumentSet(signCSRPKPassword,
signCSRPKPasswordFile, signCSRPromptForPKPassword);
signCSRParser.addDependentArgumentSet(signCSRBasicConstraintsPathLength,
signCSRBasicConstraintsIsCA);
final LinkedHashMap signCSRExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
signCSRExamples.put(
new String[]
{
"sign-certificate-signing-request",
"--request-input-file", "server-cert.csr",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--signing-certificate-alias", "ca-cert",
"--include-requested-extensions"
},
INFO_MANAGE_CERTS_SC_SIGN_CSR_EXAMPLE_1.get(
getPlatformSpecificPath("config", "keystore")));
signCSRExamples.put(
new String[]
{
"sign-certificate-signing-request",
"--request-input-file", "server-cert.csr",
"--certificate-output-file", "server-cert.der",
"--output-format", "DER",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--signing-certificate-alias", "ca-cert",
"--days-valid", "730",
"--validity-start-time", "20170101000000",
"--include-requested-extensions",
"--issuer-alternative-name-email-address", "[email protected]",
},
INFO_MANAGE_CERTS_SC_SIGN_CSR_EXAMPLE_2.get(
getPlatformSpecificPath("config", "keystore")));
final SubCommand signCSRSubCommand = new SubCommand(
"sign-certificate-signing-request",
INFO_MANAGE_CERTS_SC_SIGN_CSR_DESC.get(), signCSRParser,
signCSRExamples);
signCSRSubCommand.addName("signCertificateSigningRequest", true);
signCSRSubCommand.addName("sign-certificate-request", true);
signCSRSubCommand.addName("signCertificateRequest", true);
signCSRSubCommand.addName("sign-certificate", true);
signCSRSubCommand.addName("signCertificate", true);
signCSRSubCommand.addName("sign-csr", true);
signCSRSubCommand.addName("signCSR", true);
signCSRSubCommand.addName("sign", true);
signCSRSubCommand.addName("gencert", true);
parser.addSubCommand(signCSRSubCommand);
// Define the "change-certificate-alias" subcommand and all of its
// arguments.
final ArgumentParser changeAliasParser = new ArgumentParser(
"change-certificate-alias",
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_DESC.get());
final FileArgument changeAliasKeystore = new FileArgument(null, "keystore",
true, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_DESC.get(),
true, true, true, false);
changeAliasKeystore.addLongIdentifier("keystore-path", true);
changeAliasKeystore.addLongIdentifier("keystorePath", true);
changeAliasKeystore.addLongIdentifier("keystore-file", true);
changeAliasKeystore.addLongIdentifier("keystoreFile", true);
changeAliasParser.addArgument(changeAliasKeystore);
final StringArgument changeAliasKeystorePassword = new StringArgument(null,
"keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_PW_DESC.get());
changeAliasKeystorePassword.addLongIdentifier("keystorePassword", true);
changeAliasKeystorePassword.addLongIdentifier("keystore-passphrase", true);
changeAliasKeystorePassword.addLongIdentifier("keystorePassphrase", true);
changeAliasKeystorePassword.addLongIdentifier("keystore-pin", true);
changeAliasKeystorePassword.addLongIdentifier("keystorePIN", true);
changeAliasKeystorePassword.addLongIdentifier("storepass", true);
changeAliasKeystorePassword.setSensitive(true);
changeAliasParser.addArgument(changeAliasKeystorePassword);
final FileArgument changeAliasKeystorePasswordFile = new FileArgument(null,
"keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_PW_FILE_DESC.get(), true,
true, true, false);
changeAliasKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
changeAliasKeystorePasswordFile.addLongIdentifier(
"keystore-passphrase-file", true);
changeAliasKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile",
true);
changeAliasKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
changeAliasKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
changeAliasParser.addArgument(changeAliasKeystorePasswordFile);
final BooleanArgument changeAliasPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PROMPT_FOR_KS_PW_DESC.get());
changeAliasPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
changeAliasPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
changeAliasPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
changeAliasPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
changeAliasPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
changeAliasParser.addArgument(changeAliasPromptForKeystorePassword);
final StringArgument changeAliasPKPassword = new StringArgument(null,
"private-key-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PK_PW_DESC.get());
changeAliasPKPassword.addLongIdentifier("privateKeyPassword", true);
changeAliasPKPassword.addLongIdentifier("private-key-passphrase", true);
changeAliasPKPassword.addLongIdentifier("privateKeyPassphrase", true);
changeAliasPKPassword.addLongIdentifier("private-key-pin", true);
changeAliasPKPassword.addLongIdentifier("privateKeyPIN", true);
changeAliasPKPassword.addLongIdentifier("key-password", true);
changeAliasPKPassword.addLongIdentifier("keyPassword", true);
changeAliasPKPassword.addLongIdentifier("key-passphrase", true);
changeAliasPKPassword.addLongIdentifier("keyPassphrase", true);
changeAliasPKPassword.addLongIdentifier("key-pin", true);
changeAliasPKPassword.addLongIdentifier("keyPIN", true);
changeAliasPKPassword.addLongIdentifier("keypass", true);
changeAliasPKPassword.setSensitive(true);
changeAliasParser.addArgument(changeAliasPKPassword);
final FileArgument changeAliasPKPasswordFile = new FileArgument(null,
"private-key-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PK_PW_FILE_DESC.get(), true,
true, true, false);
changeAliasPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
changeAliasPKPasswordFile.addLongIdentifier("private-key-passphrase-file",
true);
changeAliasPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile",
true);
changeAliasPKPasswordFile.addLongIdentifier("private-key-pin-file",
true);
changeAliasPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
changeAliasPKPasswordFile.addLongIdentifier("key-password-file", true);
changeAliasPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
changeAliasPKPasswordFile.addLongIdentifier("key-passphrase-file",
true);
changeAliasPKPasswordFile.addLongIdentifier("keyPassphraseFile",
true);
changeAliasPKPasswordFile.addLongIdentifier("key-pin-file",
true);
changeAliasPKPasswordFile.addLongIdentifier("keyPINFile", true);
changeAliasParser.addArgument(changeAliasPKPasswordFile);
final BooleanArgument changeAliasPromptForPKPassword =
new BooleanArgument(null, "prompt-for-private-key-password",
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PROMPT_FOR_PK_PW_DESC.get());
changeAliasPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassword", true);
changeAliasPromptForPKPassword.addLongIdentifier(
"prompt-for-private-key-passphrase", true);
changeAliasPromptForPKPassword.addLongIdentifier(
"promptForPrivateKeyPassphrase", true);
changeAliasPromptForPKPassword.addLongIdentifier(
"prompt-for-private-key-pin", true);
changeAliasPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN",
true);
changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-key-password",
true);
changeAliasPromptForPKPassword.addLongIdentifier("promptForKeyPassword",
true);
changeAliasPromptForPKPassword.addLongIdentifier(
"prompt-for-key-passphrase", true);
changeAliasPromptForPKPassword.addLongIdentifier(
"promptForKeyPassphrase", true);
changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-key-pin",
true);
changeAliasPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
changeAliasParser.addArgument(changeAliasPromptForPKPassword);
final StringArgument changeAliasKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
changeAliasKeystoreType.addLongIdentifier("key-store-type", true);
changeAliasKeystoreType.addLongIdentifier("keystoreType", true);
changeAliasKeystoreType.addLongIdentifier("keystore-format", true);
changeAliasKeystoreType.addLongIdentifier("key-store-format", true);
changeAliasKeystoreType.addLongIdentifier("keystoreFormat", true);
changeAliasKeystoreType.addLongIdentifier("storetype", true);
changeAliasParser.addArgument(changeAliasKeystoreType);
final StringArgument changeAliasCurrentAlias = new StringArgument(null,
"current-alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_CURRENT_ALIAS_DESC.get());
changeAliasCurrentAlias.addLongIdentifier("currentAlias", true);
changeAliasCurrentAlias.addLongIdentifier("old-alias", true);
changeAliasCurrentAlias.addLongIdentifier("oldAlias", true);
changeAliasCurrentAlias.addLongIdentifier("source-alias", true);
changeAliasCurrentAlias.addLongIdentifier("sourceAlias", true);
changeAliasCurrentAlias.addLongIdentifier("alias", true);
changeAliasCurrentAlias.addLongIdentifier("current-nickname", true);
changeAliasCurrentAlias.addLongIdentifier("currentNickname", true);
changeAliasCurrentAlias.addLongIdentifier("old-nickname", true);
changeAliasCurrentAlias.addLongIdentifier("oldNickname", true);
changeAliasCurrentAlias.addLongIdentifier("source-nickname", true);
changeAliasCurrentAlias.addLongIdentifier("sourceNickname", true);
changeAliasCurrentAlias.addLongIdentifier("nickname", true);
changeAliasCurrentAlias.addLongIdentifier("from", false);
changeAliasParser.addArgument(changeAliasCurrentAlias);
final StringArgument changeAliasNewAlias = new StringArgument(null,
"new-alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_NEW_ALIAS_DESC.get());
changeAliasNewAlias.addLongIdentifier("newAlias", true);
changeAliasNewAlias.addLongIdentifier("destination-alias", true);
changeAliasNewAlias.addLongIdentifier("destinationAlias", true);
changeAliasNewAlias.addLongIdentifier("new-nickname", true);
changeAliasNewAlias.addLongIdentifier("newNickname", true);
changeAliasNewAlias.addLongIdentifier("destination-nickname", true);
changeAliasNewAlias.addLongIdentifier("destinationNickname", true);
changeAliasNewAlias.addLongIdentifier("to", false);
changeAliasParser.addArgument(changeAliasNewAlias);
final BooleanArgument changeAliasDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_DISPLAY_COMMAND_DESC.get());
changeAliasDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
changeAliasDisplayCommand.addLongIdentifier("show-keytool-command", true);
changeAliasDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
changeAliasParser.addArgument(changeAliasDisplayCommand);
changeAliasParser.addRequiredArgumentSet(changeAliasKeystorePassword,
changeAliasKeystorePasswordFile, changeAliasPromptForKeystorePassword);
changeAliasParser.addExclusiveArgumentSet(changeAliasKeystorePassword,
changeAliasKeystorePasswordFile, changeAliasPromptForKeystorePassword);
changeAliasParser.addExclusiveArgumentSet(changeAliasPKPassword,
changeAliasPKPasswordFile, changeAliasPromptForPKPassword);
final LinkedHashMap changeAliasExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
changeAliasExamples.put(
new String[]
{
"change-certificate-alias",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--current-alias", "server-cert",
"--new-alias", "server-certificate",
"--display-keytool-command"
},
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_EXAMPLE_1.get());
final SubCommand changeAliasSubCommand = new SubCommand(
"change-certificate-alias",
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_DESC.get(), changeAliasParser,
changeAliasExamples);
changeAliasSubCommand.addName("changeCertificateAlias", true);
changeAliasSubCommand.addName("change-alias", true);
changeAliasSubCommand.addName("changeAlias", true);
changeAliasSubCommand.addName("rename-certificate", true);
changeAliasSubCommand.addName("renameCertificate", true);
changeAliasSubCommand.addName("rename", true);
parser.addSubCommand(changeAliasSubCommand);
// Define the "change-keystore-password" subcommand and all of its
// arguments.
final ArgumentParser changeKSPWParser = new ArgumentParser(
"change-keystore-password",
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_DESC.get());
final FileArgument changeKSPWKeystore = new FileArgument(null, "keystore",
true, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_KS_DESC.get(),
true, true, true, false);
changeKSPWKeystore.addLongIdentifier("keystore-path", true);
changeKSPWKeystore.addLongIdentifier("keystorePath", true);
changeKSPWKeystore.addLongIdentifier("keystore-file", true);
changeKSPWKeystore.addLongIdentifier("keystoreFile", true);
changeKSPWParser.addArgument(changeKSPWKeystore);
final StringArgument changeKSPWCurrentPassword = new StringArgument(null,
"current-keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_CURRENT_PW_DESC.get());
changeKSPWCurrentPassword.addLongIdentifier("currentKeystorePassword",
true);
changeKSPWCurrentPassword.addLongIdentifier("current-keystore-passphrase",
true);
changeKSPWCurrentPassword.addLongIdentifier("currentKeystorePassphrase",
true);
changeKSPWCurrentPassword.addLongIdentifier("current-keystore-pin", true);
changeKSPWCurrentPassword.addLongIdentifier("currentKeystorePIN", true);
changeKSPWCurrentPassword.addLongIdentifier("storepass", true);
changeKSPWCurrentPassword.setSensitive(true);
changeKSPWParser.addArgument(changeKSPWCurrentPassword);
final FileArgument changeKSPWCurrentPasswordFile = new FileArgument(null,
"current-keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_CURRENT_PW_FILE_DESC.get(), true,
true, true, false);
changeKSPWCurrentPasswordFile.addLongIdentifier(
"currentKeystorePasswordFile", true);
changeKSPWCurrentPasswordFile.addLongIdentifier(
"current-keystore-passphrase-file", true);
changeKSPWCurrentPasswordFile.addLongIdentifier(
"currentKeystorePassphraseFile", true);
changeKSPWCurrentPasswordFile.addLongIdentifier("current-keystore-pin-file",
true);
changeKSPWCurrentPasswordFile.addLongIdentifier("currentKeystorePINFile",
true);
changeKSPWParser.addArgument(changeKSPWCurrentPasswordFile);
final BooleanArgument changeKSPWPromptForCurrentPassword =
new BooleanArgument(null, "prompt-for-current-keystore-password",
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_PROMPT_FOR_CURRENT_PW_DESC.get());
changeKSPWPromptForCurrentPassword.addLongIdentifier(
"promptForCurrentKeystorePassword", true);
changeKSPWPromptForCurrentPassword.addLongIdentifier(
"prompt-for-current-keystore-passphrase", true);
changeKSPWPromptForCurrentPassword.addLongIdentifier(
"promptForCurrentKeystorePassphrase", true);
changeKSPWPromptForCurrentPassword.addLongIdentifier(
"prompt-for-current-keystore-pin", true);
changeKSPWPromptForCurrentPassword.addLongIdentifier(
"promptForCurrentKeystorePIN", true);
changeKSPWParser.addArgument(changeKSPWPromptForCurrentPassword);
final StringArgument changeKSPWNewPassword = new StringArgument(null,
"new-keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_NEW_PW_DESC.get());
changeKSPWNewPassword.addLongIdentifier("newKeystorePassword",
true);
changeKSPWNewPassword.addLongIdentifier("new-keystore-passphrase",
true);
changeKSPWNewPassword.addLongIdentifier("newKeystorePassphrase",
true);
changeKSPWNewPassword.addLongIdentifier("new-keystore-pin", true);
changeKSPWNewPassword.addLongIdentifier("newKeystorePIN", true);
changeKSPWNewPassword.addLongIdentifier("new", true);
changeKSPWNewPassword.setSensitive(true);
changeKSPWParser.addArgument(changeKSPWNewPassword);
final FileArgument changeKSPWNewPasswordFile = new FileArgument(null,
"new-keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_NEW_PW_FILE_DESC.get(), true,
true, true, false);
changeKSPWNewPasswordFile.addLongIdentifier("newKeystorePasswordFile",
true);
changeKSPWNewPasswordFile.addLongIdentifier("new-keystore-passphrase-file",
true);
changeKSPWNewPasswordFile.addLongIdentifier("newKeystorePassphraseFile",
true);
changeKSPWNewPasswordFile.addLongIdentifier("new-keystore-pin-file", true);
changeKSPWNewPasswordFile.addLongIdentifier("newKeystorePINFile", true);
changeKSPWParser.addArgument(changeKSPWNewPasswordFile);
final BooleanArgument changeKSPWPromptForNewPassword =
new BooleanArgument(null, "prompt-for-new-keystore-password",
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_PROMPT_FOR_NEW_PW_DESC.get());
changeKSPWPromptForNewPassword.addLongIdentifier(
"promptForNewKeystorePassword", true);
changeKSPWPromptForNewPassword.addLongIdentifier(
"prompt-for-new-keystore-passphrase", true);
changeKSPWPromptForNewPassword.addLongIdentifier(
"promptForNewKeystorePassphrase", true);
changeKSPWPromptForNewPassword.addLongIdentifier(
"prompt-for-new-keystore-pin", true);
changeKSPWPromptForNewPassword.addLongIdentifier(
"promptForNewKeystorePIN", true);
changeKSPWParser.addArgument(changeKSPWPromptForNewPassword);
final BooleanArgument changeKSPWDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_DISPLAY_COMMAND_DESC.get());
changeKSPWDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
changeKSPWDisplayCommand.addLongIdentifier("show-keytool-command", true);
changeKSPWDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
changeKSPWParser.addArgument(changeKSPWDisplayCommand);
changeKSPWParser.addRequiredArgumentSet(changeKSPWCurrentPassword,
changeKSPWCurrentPasswordFile, changeKSPWPromptForCurrentPassword);
changeKSPWParser.addExclusiveArgumentSet(changeKSPWCurrentPassword,
changeKSPWCurrentPasswordFile, changeKSPWPromptForCurrentPassword);
changeKSPWParser.addRequiredArgumentSet(changeKSPWNewPassword,
changeKSPWNewPasswordFile, changeKSPWPromptForNewPassword);
changeKSPWParser.addExclusiveArgumentSet(changeKSPWNewPassword,
changeKSPWNewPasswordFile, changeKSPWPromptForNewPassword);
final LinkedHashMap changeKSPWExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
changeKSPWExamples.put(
new String[]
{
"change-keystore-password",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--current-keystore-password-file",
getPlatformSpecificPath("config", "current.pin"),
"--new-keystore-password-file",
getPlatformSpecificPath("config", "new.pin"),
"--display-keytool-command"
},
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_EXAMPLE_1.get(
getPlatformSpecificPath("config", "keystore"),
getPlatformSpecificPath("config", "current.pin"),
getPlatformSpecificPath("config", "new.pin")));
final SubCommand changeKSPWSubCommand = new SubCommand(
"change-keystore-password",
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_DESC.get(), changeKSPWParser,
changeKSPWExamples);
changeKSPWSubCommand.addName("changeKeystorePassword", true);
changeKSPWSubCommand.addName("change-keystore-passphrase", true);
changeKSPWSubCommand.addName("changeKeystorePassphrase", true);
changeKSPWSubCommand.addName("change-keystore-pin", true);
changeKSPWSubCommand.addName("changeKeystorePIN", true);
changeKSPWSubCommand.addName("storepasswd", true);
parser.addSubCommand(changeKSPWSubCommand);
// Define the "change-private-key-password" subcommand and all of its
// arguments.
final ArgumentParser changePKPWParser = new ArgumentParser(
"change-private-key-password",
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_DESC.get());
final FileArgument changePKPWKeystore = new FileArgument(null, "keystore",
true, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_DESC.get(),
true, true, true, false);
changePKPWKeystore.addLongIdentifier("keystore-path", true);
changePKPWKeystore.addLongIdentifier("keystorePath", true);
changePKPWKeystore.addLongIdentifier("keystore-file", true);
changePKPWKeystore.addLongIdentifier("keystoreFile", true);
changePKPWParser.addArgument(changePKPWKeystore);
final StringArgument changePKPWKeystorePassword = new StringArgument(null,
"keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_PW_DESC.get());
changePKPWKeystorePassword.addLongIdentifier("keystorePassword", true);
changePKPWKeystorePassword.addLongIdentifier("keystore-passphrase", true);
changePKPWKeystorePassword.addLongIdentifier("keystorePassphrase", true);
changePKPWKeystorePassword.addLongIdentifier("keystore-pin", true);
changePKPWKeystorePassword.addLongIdentifier("keystorePIN", true);
changePKPWKeystorePassword.addLongIdentifier("storepass", true);
changePKPWKeystorePassword.setSensitive(true);
changePKPWParser.addArgument(changePKPWKeystorePassword);
final FileArgument changePKPWKeystorePasswordFile = new FileArgument(null,
"keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_PW_FILE_DESC.get(), true,
true, true, false);
changePKPWKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
changePKPWKeystorePasswordFile.addLongIdentifier(
"keystore-passphrase-file", true);
changePKPWKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile",
true);
changePKPWKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
changePKPWKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
changePKPWParser.addArgument(changePKPWKeystorePasswordFile);
final BooleanArgument changePKPWPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_KS_PW_DESC.get());
changePKPWPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
changePKPWPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
changePKPWPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
changePKPWPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
changePKPWPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
changePKPWParser.addArgument(changePKPWPromptForKeystorePassword);
final StringArgument changePKPWKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
changePKPWKeystoreType.addLongIdentifier("key-store-type", true);
changePKPWKeystoreType.addLongIdentifier("keystoreType", true);
changePKPWKeystoreType.addLongIdentifier("keystore-format", true);
changePKPWKeystoreType.addLongIdentifier("key-store-format", true);
changePKPWKeystoreType.addLongIdentifier("keystoreFormat", true);
changePKPWKeystoreType.addLongIdentifier("storetype", true);
changePKPWParser.addArgument(changePKPWKeystoreType);
final StringArgument changePKPWAlias = new StringArgument(null, "alias",
true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_ALIAS_DESC.get());
changePKPWAlias.addLongIdentifier("nickname", true);
changePKPWParser.addArgument(changePKPWAlias);
final StringArgument changePKPWCurrentPassword = new StringArgument(null,
"current-private-key-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_CURRENT_PW_DESC.get());
changePKPWCurrentPassword.addLongIdentifier("currentPrivateKeyPassword",
true);
changePKPWCurrentPassword.addLongIdentifier(
"current-private-key-passphrase", true);
changePKPWCurrentPassword.addLongIdentifier("currentPrivateKeyPassphrase",
true);
changePKPWCurrentPassword.addLongIdentifier("current-private-key-pin",
true);
changePKPWCurrentPassword.addLongIdentifier("currentPrivateKeyPIN", true);
changePKPWCurrentPassword.addLongIdentifier("keypass", true);
changePKPWCurrentPassword.setSensitive(true);
changePKPWParser.addArgument(changePKPWCurrentPassword);
final FileArgument changePKPWCurrentPasswordFile = new FileArgument(null,
"current-private-key-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_CURRENT_PW_FILE_DESC.get(), true,
true, true, false);
changePKPWCurrentPasswordFile.addLongIdentifier(
"currentPrivateKeyPasswordFile", true);
changePKPWCurrentPasswordFile.addLongIdentifier(
"current-private-key-passphrase-file", true);
changePKPWCurrentPasswordFile.addLongIdentifier(
"currentPrivateKeyPassphraseFile", true);
changePKPWCurrentPasswordFile.addLongIdentifier(
"current-private-key-pin-file", true);
changePKPWCurrentPasswordFile.addLongIdentifier("currentPrivateKeyPINFile",
true);
changePKPWParser.addArgument(changePKPWCurrentPasswordFile);
final BooleanArgument changePKPWPromptForCurrentPassword =
new BooleanArgument(null, "prompt-for-current-private-key-password",
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_CURRENT_PW_DESC.get());
changePKPWPromptForCurrentPassword.addLongIdentifier(
"promptForCurrentPrivateKeyPassword", true);
changePKPWPromptForCurrentPassword.addLongIdentifier(
"prompt-for-current-private-key-passphrase", true);
changePKPWPromptForCurrentPassword.addLongIdentifier(
"promptForCurrentPrivateKeyPassphrase", true);
changePKPWPromptForCurrentPassword.addLongIdentifier(
"prompt-for-current-private-key-pin", true);
changePKPWPromptForCurrentPassword.addLongIdentifier(
"promptForCurrentPrivateKeyPIN", true);
changePKPWParser.addArgument(changePKPWPromptForCurrentPassword);
final StringArgument changePKPWNewPassword = new StringArgument(null,
"new-private-key-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_NEW_PW_DESC.get());
changePKPWNewPassword.addLongIdentifier("newPrivateKeyPassword",
true);
changePKPWNewPassword.addLongIdentifier("new-private-key-passphrase", true);
changePKPWNewPassword.addLongIdentifier("newPrivateKeyPassphrase", true);
changePKPWNewPassword.addLongIdentifier("new-private-key-pin", true);
changePKPWNewPassword.addLongIdentifier("newPrivateKeyPIN", true);
changePKPWNewPassword.addLongIdentifier("new", true);
changePKPWNewPassword.setSensitive(true);
changePKPWParser.addArgument(changePKPWNewPassword);
final FileArgument changePKPWNewPasswordFile = new FileArgument(null,
"new-private-key-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_NEW_PW_FILE_DESC.get(), true,
true, true, false);
changePKPWNewPasswordFile.addLongIdentifier("newPrivateKeyPasswordFile",
true);
changePKPWNewPasswordFile.addLongIdentifier(
"new-private-key-passphrase-file", true);
changePKPWNewPasswordFile.addLongIdentifier("newPrivateKeyPassphraseFile",
true);
changePKPWNewPasswordFile.addLongIdentifier("new-private-key-pin-file",
true);
changePKPWNewPasswordFile.addLongIdentifier("newPrivateKeyPINFile", true);
changePKPWParser.addArgument(changePKPWNewPasswordFile);
final BooleanArgument changePKPWPromptForNewPassword =
new BooleanArgument(null, "prompt-for-new-private-key-password",
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_NEW_PW_DESC.get());
changePKPWPromptForNewPassword.addLongIdentifier(
"promptForNewPrivateKeyPassword", true);
changePKPWPromptForNewPassword.addLongIdentifier(
"prompt-for-new-private-key-passphrase", true);
changePKPWPromptForNewPassword.addLongIdentifier(
"promptForNewPrivateKeyPassphrase", true);
changePKPWPromptForNewPassword.addLongIdentifier(
"prompt-for-new-private-key-pin", true);
changePKPWPromptForNewPassword.addLongIdentifier(
"promptForNewPrivateKeyPIN", true);
changePKPWParser.addArgument(changePKPWPromptForNewPassword);
final BooleanArgument changePKPWDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_DISPLAY_COMMAND_DESC.get());
changePKPWDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
changePKPWDisplayCommand.addLongIdentifier("show-keytool-command", true);
changePKPWDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
changePKPWParser.addArgument(changePKPWDisplayCommand);
changePKPWParser.addRequiredArgumentSet(changePKPWKeystorePassword,
changePKPWKeystorePasswordFile, changePKPWPromptForKeystorePassword);
changePKPWParser.addExclusiveArgumentSet(changePKPWKeystorePassword,
changePKPWKeystorePasswordFile, changePKPWPromptForKeystorePassword);
changePKPWParser.addRequiredArgumentSet(changePKPWCurrentPassword,
changePKPWCurrentPasswordFile, changePKPWPromptForCurrentPassword);
changePKPWParser.addExclusiveArgumentSet(changePKPWCurrentPassword,
changePKPWCurrentPasswordFile, changePKPWPromptForCurrentPassword);
changePKPWParser.addRequiredArgumentSet(changePKPWNewPassword,
changePKPWNewPasswordFile, changePKPWPromptForNewPassword);
changePKPWParser.addExclusiveArgumentSet(changePKPWNewPassword,
changePKPWNewPasswordFile, changePKPWPromptForNewPassword);
final LinkedHashMap changePKPWExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
changePKPWExamples.put(
new String[]
{
"change-private-key-password",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert",
"--current-private-key-password-file",
getPlatformSpecificPath("config", "current.pin"),
"--new-private-key-password-file",
getPlatformSpecificPath("config", "new.pin"),
"--display-keytool-command"
},
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_EXAMPLE_1.get(
getPlatformSpecificPath("config", "keystore"),
getPlatformSpecificPath("config", "current.pin"),
getPlatformSpecificPath("config", "new.pin")));
final SubCommand changePKPWSubCommand = new SubCommand(
"change-private-key-password",
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_DESC.get(), changePKPWParser,
changePKPWExamples);
changePKPWSubCommand.addName("changePrivateKeyPassword", true);
changePKPWSubCommand.addName("change-private-key-passphrase", true);
changePKPWSubCommand.addName("changePrivateKeyPassphrase", true);
changePKPWSubCommand.addName("change-private-key-pin", true);
changePKPWSubCommand.addName("changePrivateKeyPIN", true);
changePKPWSubCommand.addName("change-key-password", true);
changePKPWSubCommand.addName("changeKeyPassword", true);
changePKPWSubCommand.addName("change-key-passphrase", true);
changePKPWSubCommand.addName("changeKeyPassphrase", true);
changePKPWSubCommand.addName("change-key-pin", true);
changePKPWSubCommand.addName("changeKeyPIN", true);
changePKPWSubCommand.addName("keypasswd", true);
parser.addSubCommand(changePKPWSubCommand);
// Define the "copy-keystore" subcommand and all of its arguments.
final ArgumentParser copyKSParser = new ArgumentParser("copy-keystore",
INFO_MANAGE_CERTS_SC_COPY_KS_DESC.get());
final FileArgument copyKSSourceKeystore = new FileArgument(null,
"source-keystore", true, 1, null,
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_DESC.get(), true, true, true,
false);
copyKSSourceKeystore.addLongIdentifier("sourceKeystore", true);
copyKSSourceKeystore.addLongIdentifier("source-keystore-path", true);
copyKSSourceKeystore.addLongIdentifier("sourceKeystorePath", true);
copyKSSourceKeystore.addLongIdentifier("source-keystore-file", true);
copyKSSourceKeystore.addLongIdentifier("sourceKeystoreFile", true);
copyKSParser.addArgument(copyKSSourceKeystore);
final StringArgument copyKSSourceKeystorePassword = new StringArgument(null,
"source-keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_PW_DESC.get());
copyKSSourceKeystorePassword.addLongIdentifier("sourceKeystorePassword",
true);
copyKSSourceKeystorePassword.addLongIdentifier("source-keystore-passphrase",
true);
copyKSSourceKeystorePassword.addLongIdentifier("sourceKeystorePassphrase",
true);
copyKSSourceKeystorePassword.addLongIdentifier("source-keystore-pin", true);
copyKSSourceKeystorePassword.addLongIdentifier("sourceKeystorePIN", true);
copyKSParser.addArgument(copyKSSourceKeystorePassword);
final FileArgument copyKSSourceKeystorePasswordFile = new FileArgument(null,
"source-keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_PW_FILE_DESC.get(), true, true,
true, false);
copyKSSourceKeystorePasswordFile.addLongIdentifier(
"sourceKeystorePasswordFile", true);
copyKSSourceKeystorePasswordFile.addLongIdentifier(
"source-keystore-passphrase-file", true);
copyKSSourceKeystorePasswordFile.addLongIdentifier(
"sourceKeystorePassphraseFile", true);
copyKSSourceKeystorePasswordFile.addLongIdentifier(
"source-keystore-pin-file", true);
copyKSSourceKeystorePasswordFile.addLongIdentifier(
"sourceKeystorePINFile", true);
copyKSParser.addArgument(copyKSSourceKeystorePasswordFile);
final BooleanArgument copyKSPromptForSourceKeystorePassword =
new BooleanArgument(null, "prompt-for-source-keystore-password", 1,
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_SRC_KS_PW.get());
copyKSPromptForSourceKeystorePassword.addLongIdentifier(
"promptForSourceKeystorePassword", true);
copyKSPromptForSourceKeystorePassword.addLongIdentifier(
"prompt-for-source-keystore-passphrase", true);
copyKSPromptForSourceKeystorePassword.addLongIdentifier(
"promptForSourceKeystorePassphrase", true);
copyKSPromptForSourceKeystorePassword.addLongIdentifier(
"prompt-for-source-keystore-pin", true);
copyKSPromptForSourceKeystorePassword.addLongIdentifier(
"promptForSourceKeystorePIN", true);
copyKSParser.addArgument(copyKSPromptForSourceKeystorePassword);
final StringArgument copyKSSourcePKPassword = new StringArgument(null,
"source-private-key-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_PK_PW_DESC.get());
copyKSSourcePKPassword.addLongIdentifier("sourcePrivateKeyPassword", true);
copyKSSourcePKPassword.addLongIdentifier("source-private-key-passphrase",
true);
copyKSSourcePKPassword.addLongIdentifier("sourcePrivateKeyPassphrase",
true);
copyKSSourcePKPassword.addLongIdentifier("source-private-key-pin", true);
copyKSSourcePKPassword.addLongIdentifier("sourcePrivateKeyPIN", true);
copyKSParser.addArgument(copyKSSourcePKPassword);
final FileArgument copyKSSourcePKPasswordFile = new FileArgument(null,
"source-private-key-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_PK_PW_FILE_DESC.get(), true, true,
true, false);
copyKSSourcePKPasswordFile.addLongIdentifier(
"sourcePrivateKeyPasswordFile", true);
copyKSSourcePKPasswordFile.addLongIdentifier(
"source-private-key-passphrase-file", true);
copyKSSourcePKPasswordFile.addLongIdentifier(
"sourcePrivateKeyPassphraseFile", true);
copyKSSourcePKPasswordFile.addLongIdentifier(
"source-private-key-pin-file", true);
copyKSSourcePKPasswordFile.addLongIdentifier(
"sourcePrivateKeyPINFile", true);
copyKSParser.addArgument(copyKSSourcePKPasswordFile);
final BooleanArgument copyKSPromptForSourcePKPassword =
new BooleanArgument(null, "prompt-for-source-private-key-password", 1,
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_SRC_PK_PW.get());
copyKSPromptForSourcePKPassword.addLongIdentifier(
"promptForSourcePrivateKeyPassword", true);
copyKSPromptForSourcePKPassword.addLongIdentifier(
"prompt-for-source-private-key-passphrase", true);
copyKSPromptForSourcePKPassword.addLongIdentifier(
"promptForSourcePrivateKeyPassphrase", true);
copyKSPromptForSourcePKPassword.addLongIdentifier(
"prompt-for-source-private-key-pin", true);
copyKSPromptForSourcePKPassword.addLongIdentifier(
"promptForSourcePrivateKeyPIN", true);
copyKSParser.addArgument(copyKSPromptForSourcePKPassword);
final StringArgument copyKSSourceKeystoreType = new StringArgument(null,
"source-keystore-type", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_TYPE.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
copyKSSourceKeystoreType.addLongIdentifier("source-key-store-type", true);
copyKSSourceKeystoreType.addLongIdentifier("sourceKeystoreType", true);
copyKSSourceKeystoreType.addLongIdentifier("source-keystore-format", true);
copyKSSourceKeystoreType.addLongIdentifier("source-key-store-format", true);
copyKSSourceKeystoreType.addLongIdentifier("sourceKeystoreFormat", true);
copyKSParser.addArgument(copyKSSourceKeystoreType);
final FileArgument copyKSDestKeystore = new FileArgument(null,
"destination-keystore", true, 1, null,
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_DESC.get(), false, true, true,
false);
copyKSDestKeystore.addLongIdentifier("destinationKeystore", true);
copyKSDestKeystore.addLongIdentifier("destination-keystore-path", true);
copyKSDestKeystore.addLongIdentifier("destinationKeystorePath", true);
copyKSDestKeystore.addLongIdentifier("destination-keystore-file", true);
copyKSDestKeystore.addLongIdentifier("destinationKeystoreFile", true);
copyKSDestKeystore.addLongIdentifier("target-keystore", true);
copyKSDestKeystore.addLongIdentifier("targetKeystore", true);
copyKSDestKeystore.addLongIdentifier("target-keystore-path", true);
copyKSDestKeystore.addLongIdentifier("targetKeystorePath", true);
copyKSDestKeystore.addLongIdentifier("target-keystore-file", true);
copyKSDestKeystore.addLongIdentifier("targetKeystoreFile", true);
copyKSParser.addArgument(copyKSDestKeystore);
final StringArgument copyKSDestKeystorePassword = new StringArgument(null,
"destination-keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_PW_DESC.get());
copyKSDestKeystorePassword.addLongIdentifier("destinationKeystorePassword",
true);
copyKSDestKeystorePassword.addLongIdentifier(
"destination-keystore-passphrase", true);
copyKSDestKeystorePassword.addLongIdentifier(
"destinationKeystorePassphrase", true);
copyKSDestKeystorePassword.addLongIdentifier("destination-keystore-pin",
true);
copyKSDestKeystorePassword.addLongIdentifier("destinationKeystorePIN",
true);
copyKSDestKeystorePassword.addLongIdentifier("target-keystore-password",
true);
copyKSDestKeystorePassword.addLongIdentifier("targetKeystorePassword",
true);
copyKSDestKeystorePassword.addLongIdentifier("target-keystore-passphrase",
true);
copyKSDestKeystorePassword.addLongIdentifier("targetKeystorePassphrase",
true);
copyKSDestKeystorePassword.addLongIdentifier("target-keystore-pin", true);
copyKSDestKeystorePassword.addLongIdentifier("targetKeystorePIN", true);
copyKSParser.addArgument(copyKSDestKeystorePassword);
final FileArgument copyKSDestKeystorePasswordFile = new FileArgument(null,
"destination-keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_PW_FILE_DESC.get(), true, true,
true, false);
copyKSDestKeystorePasswordFile.addLongIdentifier(
"destinationKeystorePasswordFile", true);
copyKSDestKeystorePasswordFile.addLongIdentifier(
"destination-keystore-passphrase-file", true);
copyKSDestKeystorePasswordFile.addLongIdentifier(
"destinationKeystorePassphraseFile", true);
copyKSDestKeystorePasswordFile.addLongIdentifier(
"destination-keystore-pin-file", true);
copyKSDestKeystorePasswordFile.addLongIdentifier(
"destinationKeystorePINFile", true);
copyKSDestKeystorePasswordFile.addLongIdentifier(
"target-keystore-password-file", true);
copyKSDestKeystorePasswordFile.addLongIdentifier(
"targetKeystorePasswordFile", true);
copyKSDestKeystorePasswordFile.addLongIdentifier(
"target-keystore-passphrase-file", true);
copyKSDestKeystorePasswordFile.addLongIdentifier(
"targetKeystorePassphraseFile", true);
copyKSDestKeystorePasswordFile.addLongIdentifier("target-keystore-pin-file",
true);
copyKSDestKeystorePasswordFile.addLongIdentifier("targetKeystorePINFile",
true);
copyKSParser.addArgument(copyKSDestKeystorePasswordFile);
final BooleanArgument copyKSPromptForDestKeystorePassword =
new BooleanArgument(null, "prompt-for-destination-keystore-password",
1, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_DST_KS_PW.get());
copyKSPromptForDestKeystorePassword.addLongIdentifier(
"promptForDestinationKeystorePassword", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier(
"prompt-for-Destination-keystore-passphrase", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier(
"promptForDestinationKeystorePassphrase", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier(
"prompt-for-Destination-keystore-pin", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier(
"promptForDestinationKeystorePIN", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier(
"prompt-for-target-keystore-password", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier(
"promptForTargetKeystorePassword", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier(
"prompt-for-Target-keystore-passphrase", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier(
"promptForTargetKeystorePassphrase", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier(
"prompt-for-Target-keystore-pin", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier(
"promptForTargetKeystorePIN", true);
copyKSParser.addArgument(copyKSPromptForDestKeystorePassword);
final StringArgument copyKSDestPKPassword = new StringArgument(null,
"destination-private-key-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_PK_PW_DESC.get());
copyKSDestPKPassword.addLongIdentifier("destinationPrivateKeyPassword",
true);
copyKSDestPKPassword.addLongIdentifier("destination-private-key-passphrase",
true);
copyKSDestPKPassword.addLongIdentifier("destinationPrivateKeyPassphrase",
true);
copyKSDestPKPassword.addLongIdentifier("destination-private-key-pin", true);
copyKSDestPKPassword.addLongIdentifier("destinationPrivateKeyPIN", true);
copyKSDestPKPassword.addLongIdentifier("target-private-key-password",
true);
copyKSDestPKPassword.addLongIdentifier("targetPrivateKeyPassword",
true);
copyKSDestPKPassword.addLongIdentifier("target-private-key-passphrase",
true);
copyKSDestPKPassword.addLongIdentifier("targetPrivateKeyPassphrase",
true);
copyKSDestPKPassword.addLongIdentifier("target-private-key-pin", true);
copyKSDestPKPassword.addLongIdentifier("targetPrivateKeyPIN", true);
copyKSParser.addArgument(copyKSDestPKPassword);
final FileArgument copyKSDestPKPasswordFile = new FileArgument(null,
"destination-private-key-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_PK_PW_FILE_DESC.get(), true, true,
true, false);
copyKSDestPKPasswordFile.addLongIdentifier(
"destinationPrivateKeyPasswordFile", true);
copyKSDestPKPasswordFile.addLongIdentifier(
"destination-private-key-passphrase-file", true);
copyKSDestPKPasswordFile.addLongIdentifier(
"destinationPrivateKeyPassphraseFile", true);
copyKSDestPKPasswordFile.addLongIdentifier(
"destination-private-key-pin-file", true);
copyKSDestPKPasswordFile.addLongIdentifier(
"destinationPrivateKeyPINFile", true);
copyKSDestPKPasswordFile.addLongIdentifier(
"target-private-key-password-file", true);
copyKSDestPKPasswordFile.addLongIdentifier(
"targetPrivateKeyPasswordFile", true);
copyKSDestPKPasswordFile.addLongIdentifier(
"target-private-key-passphrase-file", true);
copyKSDestPKPasswordFile.addLongIdentifier(
"targetPrivateKeyPassphraseFile", true);
copyKSDestPKPasswordFile.addLongIdentifier(
"target-private-key-pin-file", true);
copyKSDestPKPasswordFile.addLongIdentifier(
"targetPrivateKeyPINFile", true);
copyKSParser.addArgument(copyKSDestPKPasswordFile);
final BooleanArgument copyKSPromptForDestPKPassword =
new BooleanArgument(null,
"prompt-for-destination-private-key-password", 1,
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_DST_PK_PW.get());
copyKSPromptForDestPKPassword.addLongIdentifier(
"promptForDestinationPrivateKeyPassword", true);
copyKSPromptForDestPKPassword.addLongIdentifier(
"prompt-for-Destination-private-key-passphrase", true);
copyKSPromptForDestPKPassword.addLongIdentifier(
"promptForDestinationPrivateKeyPassphrase", true);
copyKSPromptForDestPKPassword.addLongIdentifier(
"prompt-for-Destination-private-key-pin", true);
copyKSPromptForDestPKPassword.addLongIdentifier(
"promptForDestinationPrivateKeyPIN", true);
copyKSPromptForDestPKPassword.addLongIdentifier(
"prompt-for-target-private-key-password", true);
copyKSPromptForDestPKPassword.addLongIdentifier(
"promptForTargetPrivateKeyPassword", true);
copyKSPromptForDestPKPassword.addLongIdentifier(
"prompt-for-Target-private-key-passphrase", true);
copyKSPromptForDestPKPassword.addLongIdentifier(
"promptForTargetPrivateKeyPassphrase", true);
copyKSPromptForDestPKPassword.addLongIdentifier(
"prompt-for-Target-private-key-pin", true);
copyKSPromptForDestPKPassword.addLongIdentifier(
"promptForTargetPrivateKeyPIN", true);
copyKSParser.addArgument(copyKSPromptForDestPKPassword);
final StringArgument copyKSDestKeystoreType = new StringArgument(null,
"destination-keystore-type", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_TYPE.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
copyKSDestKeystoreType.addLongIdentifier("destination-key-store-type",
true);
copyKSDestKeystoreType.addLongIdentifier("destinationKeystoreType", true);
copyKSDestKeystoreType.addLongIdentifier("destination-keystore-format",
true);
copyKSDestKeystoreType.addLongIdentifier("destination-key-store-format",
true);
copyKSDestKeystoreType.addLongIdentifier("destinationKeystoreFormat", true);
copyKSDestKeystoreType.addLongIdentifier("target-key-store-type", true);
copyKSDestKeystoreType.addLongIdentifier("targetKeystoreType", true);
copyKSDestKeystoreType.addLongIdentifier("target-keystore-format", true);
copyKSDestKeystoreType.addLongIdentifier("target-key-store-format", true);
copyKSDestKeystoreType.addLongIdentifier("targetKeystoreFormat", true);
copyKSParser.addArgument(copyKSDestKeystoreType);
final StringArgument copyKSAlias = new StringArgument(null, "alias", false,
0, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_ALIAS.get());
copyKSAlias.addLongIdentifier("nickname", true);
copyKSParser.addArgument(copyKSAlias);
copyKSParser.addRequiredArgumentSet(copyKSSourceKeystorePassword,
copyKSSourceKeystorePasswordFile,
copyKSPromptForSourceKeystorePassword);
copyKSParser.addExclusiveArgumentSet(copyKSSourceKeystorePassword,
copyKSSourceKeystorePasswordFile,
copyKSPromptForSourceKeystorePassword);
copyKSParser.addExclusiveArgumentSet(copyKSSourcePKPassword,
copyKSSourcePKPasswordFile, copyKSPromptForDestPKPassword);
copyKSParser.addExclusiveArgumentSet(copyKSDestKeystorePassword,
copyKSDestKeystorePasswordFile, copyKSPromptForDestKeystorePassword);
copyKSParser.addExclusiveArgumentSet(copyKSDestPKPassword,
copyKSDestPKPasswordFile, copyKSPromptForDestPKPassword);
final LinkedHashMap copyKeyStoreExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
copyKeyStoreExamples.put(
new String[]
{
"copy-keystore",
"--source-keystore",
getPlatformSpecificPath("config", "keystore.jks"),
"--source-keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--source-keystore-type", "JKS",
"--destination-keystore",
getPlatformSpecificPath("config", "keystore.p12"),
"--destination-keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--destination-keystore-type", "PKCS12"
},
INFO_MANAGE_CERTS_SC_COPY_KS_EXAMPLE_1.get("keystore.jks",
"keystore.p12"));
final SubCommand copyKeyStoreSubCommand = new SubCommand("copy-keystore",
INFO_MANAGE_CERTS_SC_COPY_KS_DESC.get(), copyKSParser,
copyKeyStoreExamples);
copyKeyStoreSubCommand.addName("copy-key-store", true);
copyKeyStoreSubCommand.addName("copyKeyStore", true);
copyKeyStoreSubCommand.addName("import-keystore", true);
copyKeyStoreSubCommand.addName("import-key-store", true);
copyKeyStoreSubCommand.addName("importKeyStore", true);
copyKeyStoreSubCommand.addName("convert-keystore", true);
copyKeyStoreSubCommand.addName("convert-key-store", true);
copyKeyStoreSubCommand.addName("convertKeyStore", true);
parser.addSubCommand(copyKeyStoreSubCommand);
// Define the "retrieve-server-certificate" subcommand and all of its
// arguments.
final ArgumentParser retrieveCertParser = new ArgumentParser(
"retrieve-server-certificate",
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_DESC.get());
final StringArgument retrieveCertHostname = new StringArgument('h',
"hostname", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_HOST.get(),
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_HOSTNAME_DESC.get());
retrieveCertHostname.addLongIdentifier("server-address", true);
retrieveCertHostname.addLongIdentifier("serverAddress", true);
retrieveCertHostname.addLongIdentifier("address", true);
retrieveCertParser.addArgument(retrieveCertHostname);
final IntegerArgument retrieveCertPort = new IntegerArgument('p',
"port", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PORT.get(),
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_PORT_DESC.get(), 1, 65_535);
retrieveCertPort.addLongIdentifier("server-port", true);
retrieveCertPort.addLongIdentifier("serverPort", true);
retrieveCertParser.addArgument(retrieveCertPort);
final BooleanArgument retrieveCertUseStartTLS = new BooleanArgument('q',
"use-ldap-start-tls", 1,
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_USE_START_TLS_DESC.get());
retrieveCertUseStartTLS.addLongIdentifier("use-ldap-starttls", true);
retrieveCertUseStartTLS.addLongIdentifier("useLDAPStartTLS", true);
retrieveCertUseStartTLS.addLongIdentifier("use-start-tls", true);
retrieveCertUseStartTLS.addLongIdentifier("use-starttls", true);
retrieveCertUseStartTLS.addLongIdentifier("useStartTLS", true);
retrieveCertParser.addArgument(retrieveCertUseStartTLS);
final FileArgument retrieveCertOutputFile = new FileArgument(null,
"output-file", false, 1, null,
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_FILE_DESC.get(), false, true,
true, false);
retrieveCertOutputFile.addLongIdentifier("outputFile", true);
retrieveCertOutputFile.addLongIdentifier("export-file", true);
retrieveCertOutputFile.addLongIdentifier("exportFile", true);
retrieveCertOutputFile.addLongIdentifier("certificate-file", true);
retrieveCertOutputFile.addLongIdentifier("certificateFile", true);
retrieveCertOutputFile.addLongIdentifier("file", true);
retrieveCertOutputFile.addLongIdentifier("filename", true);
retrieveCertParser.addArgument(retrieveCertOutputFile);
final Set retrieveCertOutputFormatAllowedValues = StaticUtils.setOf(
"PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument retrieveCertOutputFormat = new StringArgument(null,
"output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(),
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_FORMAT_DESC.get(),
retrieveCertOutputFormatAllowedValues, "PEM");
retrieveCertOutputFormat.addLongIdentifier("outputFormat", true);
retrieveCertParser.addArgument(retrieveCertOutputFormat);
final BooleanArgument retrieveCertOnlyPeer = new BooleanArgument(null,
"only-peer-certificate", 1,
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_ONLY_PEER_DESC.get());
retrieveCertOnlyPeer.addLongIdentifier("onlyPeerCertificate", true);
retrieveCertOnlyPeer.addLongIdentifier("only-peer", true);
retrieveCertOnlyPeer.addLongIdentifier("onlyPeer", true);
retrieveCertOnlyPeer.addLongIdentifier("peer-certificate-only", true);
retrieveCertOnlyPeer.addLongIdentifier("peerCertificateOnly", true);
retrieveCertOnlyPeer.addLongIdentifier("peer-only", true);
retrieveCertOnlyPeer.addLongIdentifier("peerOnly", true);
retrieveCertParser.addArgument(retrieveCertOnlyPeer);
final BooleanArgument retrieveCertEnableSSLDebugging = new BooleanArgument(
null, "enableSSLDebugging", 1,
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_ENABLE_SSL_DEBUGGING_DESC.
get());
retrieveCertEnableSSLDebugging.addLongIdentifier("enableTLSDebugging",
true);
retrieveCertEnableSSLDebugging.addLongIdentifier("enableStartTLSDebugging",
true);
retrieveCertEnableSSLDebugging.addLongIdentifier("enable-ssl-debugging",
true);
retrieveCertEnableSSLDebugging.addLongIdentifier("enable-tls-debugging",
true);
retrieveCertEnableSSLDebugging.addLongIdentifier(
"enable-starttls-debugging", true);
retrieveCertEnableSSLDebugging.addLongIdentifier(
"enable-start-tls-debugging", true);
retrieveCertParser.addArgument(retrieveCertEnableSSLDebugging);
addEnableSSLDebuggingArgument(retrieveCertEnableSSLDebugging);
final BooleanArgument retrieveCertVerbose = new BooleanArgument(null,
"verbose", 1,
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_VERBOSE_DESC.get());
retrieveCertParser.addArgument(retrieveCertVerbose);
retrieveCertParser.addDependentArgumentSet(retrieveCertOutputFormat,
retrieveCertOutputFile);
final LinkedHashMap retrieveCertExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
retrieveCertExamples.put(
new String[]
{
"retrieve-server-certificate",
"--hostname", "ds.example.com",
"--port", "636"
},
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_EXAMPLE_1.get(
getPlatformSpecificPath("config", "truststore")));
retrieveCertExamples.put(
new String[]
{
"retrieve-server-certificate",
"--hostname", "ds.example.com",
"--port", "389",
"--use-ldap-start-tls",
"--only-peer-certificate",
"--output-file", "ds-cert.pem",
"--output-format", "PEM",
"--verbose"
},
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_EXAMPLE_2.get(
getPlatformSpecificPath("config", "truststore")));
final SubCommand retrieveCertSubCommand = new SubCommand(
"retrieve-server-certificate",
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_DESC.get(), retrieveCertParser,
retrieveCertExamples);
retrieveCertSubCommand.addName("retrieveServerCertificate", true);
retrieveCertSubCommand.addName("retrieve-certificate", true);
retrieveCertSubCommand.addName("retrieveCertificate", true);
retrieveCertSubCommand.addName("get-server-certificate", true);
retrieveCertSubCommand.addName("getServerCertificate", true);
retrieveCertSubCommand.addName("get-certificate", true);
retrieveCertSubCommand.addName("getCertificate", true);
retrieveCertSubCommand.addName("display-server-certificate", true);
retrieveCertSubCommand.addName("displayServerCertificate", true);
parser.addSubCommand(retrieveCertSubCommand);
// Define the "trust-server-certificate" subcommand and all of its
// arguments.
final ArgumentParser trustServerParser = new ArgumentParser(
"trust-server-certificate",
INFO_MANAGE_CERTS_SC_TRUST_SERVER_DESC.get());
final StringArgument trustServerHostname = new StringArgument('h',
"hostname", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_HOST.get(),
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_HOSTNAME_DESC.get());
trustServerHostname.addLongIdentifier("server-address", true);
trustServerHostname.addLongIdentifier("serverAddress", true);
trustServerHostname.addLongIdentifier("address", true);
trustServerParser.addArgument(trustServerHostname);
final IntegerArgument trustServerPort = new IntegerArgument('p',
"port", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PORT.get(),
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_PORT_DESC.get(), 1, 65_535);
trustServerPort.addLongIdentifier("server-port", true);
trustServerPort.addLongIdentifier("serverPort", true);
trustServerParser.addArgument(trustServerPort);
final BooleanArgument trustServerUseStartTLS = new BooleanArgument('q',
"use-ldap-start-tls", 1,
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_USE_START_TLS_DESC.get());
trustServerUseStartTLS.addLongIdentifier("use-ldap-starttls", true);
trustServerUseStartTLS.addLongIdentifier("useLDAPStartTLS", true);
trustServerUseStartTLS.addLongIdentifier("use-start-tls", true);
trustServerUseStartTLS.addLongIdentifier("use-starttls", true);
trustServerUseStartTLS.addLongIdentifier("useStartTLS", true);
trustServerParser.addArgument(trustServerUseStartTLS);
final FileArgument trustServerKeystore = new FileArgument(null, "keystore",
true, 1, null, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_DESC.get(),
false, true, true, false);
trustServerKeystore.addLongIdentifier("keystore-path", true);
trustServerKeystore.addLongIdentifier("keystorePath", true);
trustServerKeystore.addLongIdentifier("keystore-file", true);
trustServerKeystore.addLongIdentifier("keystoreFile", true);
trustServerParser.addArgument(trustServerKeystore);
final StringArgument trustServerKeystorePassword = new StringArgument(null,
"keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_PW_DESC.get());
trustServerKeystorePassword.addLongIdentifier("keystorePassword", true);
trustServerKeystorePassword.addLongIdentifier("keystore-passphrase", true);
trustServerKeystorePassword.addLongIdentifier("keystorePassphrase", true);
trustServerKeystorePassword.addLongIdentifier("keystore-pin", true);
trustServerKeystorePassword.addLongIdentifier("keystorePIN", true);
trustServerKeystorePassword.addLongIdentifier("storepass", true);
trustServerKeystorePassword.setSensitive(true);
trustServerParser.addArgument(trustServerKeystorePassword);
final FileArgument trustServerKeystorePasswordFile = new FileArgument(null,
"keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_PW_FILE_DESC.get(), true,
true, true, false);
trustServerKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
trustServerKeystorePasswordFile.addLongIdentifier(
"keystore-passphrase-file", true);
trustServerKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile",
true);
trustServerKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
trustServerKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
trustServerParser.addArgument(trustServerKeystorePasswordFile);
final BooleanArgument trustServerPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_PROMPT_FOR_KS_PW_DESC.get());
trustServerPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
trustServerPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
trustServerPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
trustServerPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
trustServerPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
trustServerParser.addArgument(trustServerPromptForKeystorePassword);
final StringArgument trustServerKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
trustServerKeystoreType.addLongIdentifier("key-store-type", true);
trustServerKeystoreType.addLongIdentifier("keystoreType", true);
trustServerKeystoreType.addLongIdentifier("keystore-format", true);
trustServerKeystoreType.addLongIdentifier("key-store-format", true);
trustServerKeystoreType.addLongIdentifier("keystoreFormat", true);
trustServerKeystoreType.addLongIdentifier("storetype", true);
trustServerParser.addArgument(trustServerKeystoreType);
final StringArgument trustServerAlias = new StringArgument(null,
"alias", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ALIAS_DESC.get());
trustServerAlias.addLongIdentifier("nickname", true);
trustServerParser.addArgument(trustServerAlias);
final BooleanArgument trustServerIssuersOnly = new BooleanArgument(null,
"issuers-only", 1,
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ISSUERS_ONLY_DESC.get());
trustServerIssuersOnly.addLongIdentifier("issuersOnly", true);
trustServerIssuersOnly.addLongIdentifier("issuer-certificates-only", true);
trustServerIssuersOnly.addLongIdentifier("issuerCertificatesOnly", true);
trustServerIssuersOnly.addLongIdentifier("only-issuers", true);
trustServerIssuersOnly.addLongIdentifier("onlyIssuers", true);
trustServerIssuersOnly.addLongIdentifier("only-issuer-certificates", true);
trustServerIssuersOnly.addLongIdentifier("onlyIssuerCertificates", true);
trustServerParser.addArgument(trustServerIssuersOnly);
final BooleanArgument trustServerEnableSSLDebugging = new BooleanArgument(
null, "enableSSLDebugging", 1,
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ENABLE_SSL_DEBUGGING_DESC.get());
trustServerEnableSSLDebugging.addLongIdentifier("enableTLSDebugging", true);
trustServerEnableSSLDebugging.addLongIdentifier("enableStartTLSDebugging",
true);
trustServerEnableSSLDebugging.addLongIdentifier("enable-ssl-debugging",
true);
trustServerEnableSSLDebugging.addLongIdentifier("enable-tls-debugging",
true);
trustServerEnableSSLDebugging.addLongIdentifier("enable-starttls-debugging",
true);
trustServerEnableSSLDebugging.addLongIdentifier(
"enable-start-tls-debugging", true);
trustServerParser.addArgument(trustServerEnableSSLDebugging);
addEnableSSLDebuggingArgument(trustServerEnableSSLDebugging);
final BooleanArgument trustServerVerbose = new BooleanArgument(null,
"verbose", 1,
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_VERBOSE_DESC.get());
trustServerParser.addArgument(trustServerVerbose);
final BooleanArgument trustServerNoPrompt = new BooleanArgument(null,
"no-prompt", 1,
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_NO_PROMPT_DESC.get());
trustServerNoPrompt.addLongIdentifier("noPrompt", true);
trustServerParser.addArgument(trustServerNoPrompt);
trustServerParser.addRequiredArgumentSet(trustServerKeystorePassword,
trustServerKeystorePasswordFile, trustServerPromptForKeystorePassword);
trustServerParser.addExclusiveArgumentSet(trustServerKeystorePassword,
trustServerKeystorePasswordFile, trustServerPromptForKeystorePassword);
final LinkedHashMap trustServerExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
trustServerExamples.put(
new String[]
{
"trust-server-certificate",
"--hostname", "ds.example.com",
"--port", "636",
"--keystore", getPlatformSpecificPath("config", "truststore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "truststore.pin"),
"--verbose"
},
INFO_MANAGE_CERTS_SC_TRUST_SERVER_EXAMPLE_1.get(
getPlatformSpecificPath("config", "truststore")));
trustServerExamples.put(
new String[]
{
"trust-server-certificate",
"--hostname", "ds.example.com",
"--port", "389",
"--use-ldap-start-tls",
"--keystore", getPlatformSpecificPath("config", "truststore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "truststore.pin"),
"--issuers-only",
"--alias", "ds-start-tls-cert",
"--no-prompt"
},
INFO_MANAGE_CERTS_SC_TRUST_SERVER_EXAMPLE_2.get(
getPlatformSpecificPath("config", "truststore")));
final SubCommand trustServerSubCommand = new SubCommand(
"trust-server-certificate",
INFO_MANAGE_CERTS_SC_TRUST_SERVER_DESC.get(), trustServerParser,
trustServerExamples);
trustServerSubCommand.addName("trustServerCertificate", true);
trustServerSubCommand.addName("trust-server", true);
trustServerSubCommand.addName("trustServer", true);
parser.addSubCommand(trustServerSubCommand);
// Define the "check-certificate-usability" subcommand and all of its
// arguments.
final ArgumentParser checkUsabilityParser = new ArgumentParser(
"check-certificate-usability",
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_DESC.get());
final FileArgument checkUsabilityKeystore = new FileArgument(null,
"keystore", true, 1, null,
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_DESC.get(),
true, true, true, false);
checkUsabilityKeystore.addLongIdentifier("keystore-path", true);
checkUsabilityKeystore.addLongIdentifier("keystorePath", true);
checkUsabilityKeystore.addLongIdentifier("keystore-file", true);
checkUsabilityKeystore.addLongIdentifier("keystoreFile", true);
checkUsabilityParser.addArgument(checkUsabilityKeystore);
final StringArgument checkUsabilityKeystorePassword = new StringArgument(
null, "keystore-password", false, 1,
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(),
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_PW_DESC.get());
checkUsabilityKeystorePassword.addLongIdentifier("keystorePassword", true);
checkUsabilityKeystorePassword.addLongIdentifier("keystore-passphrase",
true);
checkUsabilityKeystorePassword.addLongIdentifier("keystorePassphrase",
true);
checkUsabilityKeystorePassword.addLongIdentifier("keystore-pin", true);
checkUsabilityKeystorePassword.addLongIdentifier("keystorePIN", true);
checkUsabilityKeystorePassword.addLongIdentifier("storepass", true);
checkUsabilityKeystorePassword.setSensitive(true);
checkUsabilityParser.addArgument(checkUsabilityKeystorePassword);
final FileArgument checkUsabilityKeystorePasswordFile = new FileArgument(
null, "keystore-password-file", false, 1, null,
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_PW_FILE_DESC.get(), true,
true, true, false);
checkUsabilityKeystorePasswordFile.addLongIdentifier("keystorePasswordFile",
true);
checkUsabilityKeystorePasswordFile.addLongIdentifier(
"keystore-passphrase-file", true);
checkUsabilityKeystorePasswordFile.addLongIdentifier(
"keystorePassphraseFile", true);
checkUsabilityKeystorePasswordFile.addLongIdentifier("keystore-pin-file",
true);
checkUsabilityKeystorePasswordFile.addLongIdentifier("keystorePINFile",
true);
checkUsabilityParser.addArgument(checkUsabilityKeystorePasswordFile);
final BooleanArgument checkUsabilityPromptForKeystorePassword =
new BooleanArgument(null, "prompt-for-keystore-password",
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_PROMPT_FOR_KS_PW_DESC.get());
checkUsabilityPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassword", true);
checkUsabilityPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-passphrase", true);
checkUsabilityPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePassphrase", true);
checkUsabilityPromptForKeystorePassword.addLongIdentifier(
"prompt-for-keystore-pin", true);
checkUsabilityPromptForKeystorePassword.addLongIdentifier(
"promptForKeystorePIN", true);
checkUsabilityParser.addArgument(checkUsabilityPromptForKeystorePassword);
final StringArgument checkUsabilityKeystoreType = new StringArgument(null,
"keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(),
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_TYPE_DESC.get(),
ALLOWED_KEYSTORE_TYPE_VALUES);
checkUsabilityKeystoreType.addLongIdentifier("key-store-type", true);
checkUsabilityKeystoreType.addLongIdentifier("keystoreType", true);
checkUsabilityKeystoreType.addLongIdentifier("keystore-format", true);
checkUsabilityKeystoreType.addLongIdentifier("key-store-format", true);
checkUsabilityKeystoreType.addLongIdentifier("keystoreFormat", true);
checkUsabilityKeystoreType.addLongIdentifier("storetype", true);
checkUsabilityParser.addArgument(checkUsabilityKeystoreType);
final StringArgument checkUsabilityAlias = new StringArgument(null, "alias",
true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(),
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_ALIAS_DESC.get());
checkUsabilityAlias.addLongIdentifier("nickname", true);
checkUsabilityParser.addArgument(checkUsabilityAlias);
final BooleanArgument checkUsabilityIgnoreSHA1Signature =
new BooleanArgument(null,
"allow-sha-1-signature-for-issuer-certificates", 1,
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_IGNORE_SHA1_WARNING_DESC.
get());
checkUsabilityIgnoreSHA1Signature.addLongIdentifier(
"allow-sha1-signature-for-issuer-certificates", true);
checkUsabilityIgnoreSHA1Signature.addLongIdentifier(
"allowSHA1SignatureForIssuerCertificates", true);
checkUsabilityParser.addArgument(checkUsabilityIgnoreSHA1Signature);
checkUsabilityParser.addRequiredArgumentSet(checkUsabilityKeystorePassword,
checkUsabilityKeystorePasswordFile,
checkUsabilityPromptForKeystorePassword);
checkUsabilityParser.addExclusiveArgumentSet(checkUsabilityKeystorePassword,
checkUsabilityKeystorePasswordFile,
checkUsabilityPromptForKeystorePassword);
final LinkedHashMap checkUsabilityExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
checkUsabilityExamples.put(
new String[]
{
"check-certificate-usability",
"--keystore", getPlatformSpecificPath("config", "keystore"),
"--keystore-password-file",
getPlatformSpecificPath("config", "keystore.pin"),
"--alias", "server-cert"
},
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_EXAMPLE_1.get(
getPlatformSpecificPath("config", "keystore")));
final SubCommand checkUsabilitySubCommand = new SubCommand(
"check-certificate-usability",
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_DESC.get(), checkUsabilityParser,
checkUsabilityExamples);
checkUsabilitySubCommand.addName("checkCertificateUsability", true);
checkUsabilitySubCommand.addName("check-usability", true);
checkUsabilitySubCommand.addName("checkUsability", true);
parser.addSubCommand(checkUsabilitySubCommand);
// Define the "display-certificate-file" subcommand and all of its
// arguments.
final ArgumentParser displayCertParser = new ArgumentParser(
"display-certificate-file",
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_DESC.get());
final FileArgument displayCertFile = new FileArgument(null,
"certificate-file", true, 1, null,
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_FILE_DESC.get(), true, true,
true, false);
displayCertFile.addLongIdentifier("certificateFile", true);
displayCertFile.addLongIdentifier("input-file", true);
displayCertFile.addLongIdentifier("inputFile", true);
displayCertFile.addLongIdentifier("file", true);
displayCertFile.addLongIdentifier("filename", true);
displayCertParser.addArgument(displayCertFile);
final BooleanArgument displayCertVerbose = new BooleanArgument(null,
"verbose", 1,
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_VERBOSE_DESC.get());
displayCertParser.addArgument(displayCertVerbose);
final BooleanArgument displayCertDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_DISPLAY_COMMAND_DESC.get());
displayCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
displayCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
displayCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
displayCertParser.addArgument(displayCertDisplayCommand);
final LinkedHashMap displayCertExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
displayCertExamples.put(
new String[]
{
"display-certificate-file",
"--certificate-file", "certificate.pem",
},
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_EXAMPLE_1.get("certificate.pem"));
displayCertExamples.put(
new String[]
{
"display-certificate-file",
"--certificate-file", "certificate.pem",
"--verbose",
"--display-keytool-command"
},
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_EXAMPLE_2.get("certificate.pem"));
final SubCommand displayCertSubCommand = new SubCommand(
"display-certificate-file",
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_DESC.get(), displayCertParser,
displayCertExamples);
displayCertSubCommand.addName("displayCertificateFile", true);
displayCertSubCommand.addName("display-certificate", true);
displayCertSubCommand.addName("displayCertificate", true);
displayCertSubCommand.addName("display-certificates", true);
displayCertSubCommand.addName("displayCertificates", true);
displayCertSubCommand.addName("show-certificate", true);
displayCertSubCommand.addName("showCertificate", true);
displayCertSubCommand.addName("show-certificate-file", true);
displayCertSubCommand.addName("showCertificateFile", true);
displayCertSubCommand.addName("show-certificates", true);
displayCertSubCommand.addName("showCertificates", true);
displayCertSubCommand.addName("print-certificate-file", true);
displayCertSubCommand.addName("printCertificateFile", true);
displayCertSubCommand.addName("print-certificate", true);
displayCertSubCommand.addName("printCertificate", true);
displayCertSubCommand.addName("print-certificates", true);
displayCertSubCommand.addName("printCertificates", true);
displayCertSubCommand.addName("printcert", true);
parser.addSubCommand(displayCertSubCommand);
// Define the "display-certificate-signing-request-file" subcommand and all
// of its arguments.
final ArgumentParser displayCSRParser = new ArgumentParser(
"display-certificate-signing-request-file",
INFO_MANAGE_CERTS_SC_DISPLAY_CSR_DESC.get());
final FileArgument displayCSRFile = new FileArgument(null,
"certificate-signing-request-file", true, 1, null,
INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_FILE_DESC.get(), true, true,
true, false);
displayCSRFile.addLongIdentifier("certificateSigningRequestFile", true);
displayCSRFile.addLongIdentifier("request-file", true);
displayCSRFile.addLongIdentifier("requestFile", true);
displayCSRFile.addLongIdentifier("input-file", true);
displayCSRFile.addLongIdentifier("inputFile", true);
displayCSRFile.addLongIdentifier("file", true);
displayCSRFile.addLongIdentifier("filename", true);
displayCSRParser.addArgument(displayCSRFile);
final BooleanArgument displayCSRVerbose = new BooleanArgument(null,
"verbose", 1,
INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_VERBOSE_DESC.get());
displayCSRParser.addArgument(displayCSRVerbose);
final BooleanArgument displayCSRDisplayCommand = new BooleanArgument(null,
"display-keytool-command", 1,
INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_DISPLAY_COMMAND_DESC.get());
displayCSRDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
displayCSRDisplayCommand.addLongIdentifier("show-keytool-command", true);
displayCSRDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
displayCSRParser.addArgument(displayCSRDisplayCommand);
final LinkedHashMap displayCSRExamples =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
displayCSRExamples.put(
new String[]
{
"display-certificate-signing-request-file",
"--certificate-signing-request-file", "server-cert.csr",
"--display-keytool-command"
},
INFO_MANAGE_CERTS_SC_DISPLAY_CSR_EXAMPLE_1.get("server-cert.csr"));
final SubCommand displayCSRSubCommand = new SubCommand(
"display-certificate-signing-request-file",
INFO_MANAGE_CERTS_SC_DISPLAY_CSR_DESC.get(), displayCSRParser,
displayCSRExamples);
displayCSRSubCommand.addName("displayCertificateSigningRequestFile", true);
displayCSRSubCommand.addName("display-certificate-signing-request", true);
displayCSRSubCommand.addName("displayCertificateSigningRequest", true);
displayCSRSubCommand.addName("display-certificate-request-file", true);
displayCSRSubCommand.addName("displayCertificateRequestFile", true);
displayCSRSubCommand.addName("display-certificate-request", true);
displayCSRSubCommand.addName("displayCertificateRequest", true);
displayCSRSubCommand.addName("display-csr-file", true);
displayCSRSubCommand.addName("displayCSRFile", true);
displayCSRSubCommand.addName("display-csr", true);
displayCSRSubCommand.addName("displayCSR", true);
displayCSRSubCommand.addName("show-certificate-signing-request-file", true);
displayCSRSubCommand.addName("showCertificateSigningRequestFile", true);
displayCSRSubCommand.addName("show-certificate-signing-request", true);
displayCSRSubCommand.addName("showCertificateSigningRequest", true);
displayCSRSubCommand.addName("show-certificate-request-file", true);
displayCSRSubCommand.addName("showCertificateRequestFile", true);
displayCSRSubCommand.addName("show-certificate-request", true);
displayCSRSubCommand.addName("showCertificateRequest", true);
displayCSRSubCommand.addName("show-csr-file", true);
displayCSRSubCommand.addName("showCSRFile", true);
displayCSRSubCommand.addName("show-csr", true);
displayCSRSubCommand.addName("showCSR", true);
displayCSRSubCommand.addName("print-certificate-signing-request-file",
true);
displayCSRSubCommand.addName("printCertificateSigningRequestFile", true);
displayCSRSubCommand.addName("print-certificate-signing-request", true);
displayCSRSubCommand.addName("printCertificateSigningRequest", true);
displayCSRSubCommand.addName("print-certificate-request-file", true);
displayCSRSubCommand.addName("printCertificateRequestFile", true);
displayCSRSubCommand.addName("print-certificate-request", true);
displayCSRSubCommand.addName("printCertificateRequest", true);
displayCSRSubCommand.addName("print-csr-file", true);
displayCSRSubCommand.addName("printCSRFile", true);
displayCSRSubCommand.addName("print-csr", true);
displayCSRSubCommand.addName("printCSR", true);
displayCSRSubCommand.addName("printcertreq", true);
parser.addSubCommand(displayCSRSubCommand);
}
/**
* Constructs a platform-specific relative path from the provided elements.
*
* @param pathElements The elements of the path to construct. It must not
* be {@code null} or empty.
*
* @return The constructed path.
*/
@NotNull()
private static String getPlatformSpecificPath(
@NotNull final String... pathElements)
{
final StringBuilder buffer = new StringBuilder();
for (int i=0; i < pathElements.length; i++)
{
if (i > 0)
{
buffer.append(File.separatorChar);
}
buffer.append(pathElements[i]);
}
return buffer.toString();
}
/**
* Performs the core set of processing for this tool.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@Override()
@NotNull()
public ResultCode doToolProcessing()
{
final SubCommand selectedSubCommand = globalParser.getSelectedSubCommand();
if (selectedSubCommand == null)
{
// This should never happen.
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_NO_SUBCOMMAND.get());
return ResultCode.PARAM_ERROR;
}
subCommandParser = selectedSubCommand.getArgumentParser();
if (selectedSubCommand.hasName("list-certificates"))
{
return doListCertificates();
}
else if (selectedSubCommand.hasName("export-certificate"))
{
return doExportCertificate();
}
else if (selectedSubCommand.hasName("export-private-key"))
{
return doExportPrivateKey();
}
else if (selectedSubCommand.hasName("import-certificate"))
{
return doImportCertificate();
}
else if (selectedSubCommand.hasName("delete-certificate"))
{
return doDeleteCertificate();
}
else if (selectedSubCommand.hasName("generate-self-signed-certificate"))
{
return doGenerateOrSignCertificateOrCSR();
}
else if (selectedSubCommand.hasName("generate-certificate-signing-request"))
{
return doGenerateOrSignCertificateOrCSR();
}
else if (selectedSubCommand.hasName("sign-certificate-signing-request"))
{
return doGenerateOrSignCertificateOrCSR();
}
else if (selectedSubCommand.hasName("change-certificate-alias"))
{
return doChangeCertificateAlias();
}
else if (selectedSubCommand.hasName("change-keystore-password"))
{
return doChangeKeystorePassword();
}
else if (selectedSubCommand.hasName("change-private-key-password"))
{
return doChangePrivateKeyPassword();
}
else if (selectedSubCommand.hasName("copy-keystore"))
{
return doCopyKeystore();
}
else if (selectedSubCommand.hasName("retrieve-server-certificate"))
{
return doRetrieveServerCertificate();
}
else if (selectedSubCommand.hasName("trust-server-certificate"))
{
return doTrustServerCertificate();
}
else if (selectedSubCommand.hasName("check-certificate-usability"))
{
return doCheckCertificateUsability();
}
else if (selectedSubCommand.hasName("display-certificate-file"))
{
return doDisplayCertificateFile();
}
else if (selectedSubCommand.hasName(
"display-certificate-signing-request-file"))
{
return doDisplayCertificateSigningRequestFile();
}
else
{
// This should never happen.
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_UNKNOWN_SUBCOMMAND.get(
selectedSubCommand.getPrimaryName()));
return ResultCode.PARAM_ERROR;
}
}
/**
* Performs the necessary processing for the list-certificates subcommand.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doListCertificates()
{
// Get the values of a number of configured arguments.
final BooleanArgument displayPEMArgument =
subCommandParser.getBooleanArgument("display-pem-certificate");
final boolean displayPEM =
((displayPEMArgument != null) && displayPEMArgument.isPresent());
final BooleanArgument verboseArgument =
subCommandParser.getBooleanArgument("verbose");
final boolean verbose =
((verboseArgument != null) && verboseArgument.isPresent());
final Map missingAliases;
final Set aliases;
final StringArgument aliasArgument =
subCommandParser.getStringArgument("alias");
if ((aliasArgument == null) || (! aliasArgument.isPresent()))
{
aliases = Collections.emptySet();
missingAliases = Collections.emptyMap();
}
else
{
final List values = aliasArgument.getValues();
aliases = new LinkedHashSet<>(StaticUtils.computeMapCapacity(
values.size()));
missingAliases =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(values.size()));
for (final String alias : values)
{
final String lowerAlias = StaticUtils.toLowerCase(alias);
aliases.add(StaticUtils.toLowerCase(lowerAlias));
missingAliases.put(lowerAlias, alias);
}
}
final String keystoreType;
final File keystorePath = getKeystorePath();
try
{
keystoreType = inferKeystoreType(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] keystorePassword;
try
{
keystorePassword = getKeystorePassword(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final BooleanArgument displayKeytoolCommandArgument =
subCommandParser.getBooleanArgument("display-keytool-command");
if ((displayKeytoolCommandArgument != null) &&
displayKeytoolCommandArgument.isPresent())
{
final ArrayList keytoolArgs = new ArrayList<>(10);
keytoolArgs.add("-list");
keytoolArgs.add("-keystore");
keytoolArgs.add(keystorePath.getAbsolutePath());
keytoolArgs.add("-storetype");
keytoolArgs.add(keystoreType);
if (keystorePassword != null)
{
keytoolArgs.add("-storepass");
keytoolArgs.add("*****REDACTED*****");
}
for (final String alias : missingAliases.values())
{
keytoolArgs.add("-alias");
keytoolArgs.add(alias);
}
if (displayPEM)
{
keytoolArgs.add("-rfc");
}
if (verbose)
{
keytoolArgs.add("-v");
}
displayKeytoolCommand(keytoolArgs);
}
// Get the keystore.
final KeyStore keystore;
try
{
keystore = getKeystore(keystoreType, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Display a message with the keystore type.
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_LIST_KEYSTORE_TYPE.get(keystoreType));
// Iterate through the keystore and display the appropriate certificates.
final Enumeration aliasEnumeration;
try
{
aliasEnumeration = keystore.aliases();
}
catch (final Exception e)
{
Debug.debugException(e);
err();
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_LIST_CERTS_CANNOT_GET_ALIASES.get(
keystorePath.getAbsolutePath()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
int listedCount = 0;
ResultCode resultCode = ResultCode.SUCCESS;
while (aliasEnumeration.hasMoreElements())
{
final String alias = aliasEnumeration.nextElement();
final String lowerAlias = StaticUtils.toLowerCase(alias);
if ((!aliases.isEmpty()) && (missingAliases.remove(lowerAlias) == null))
{
// We don't care about this alias.
continue;
}
final X509Certificate[] certificateChain;
try
{
// NOTE: Keystore entries that have private keys may have a certificate
// chain associated with them (the end certificate plus all of the
// issuer certificates). In that case all of those certificates in the
// chain will be stored under the same alias, and the only way we can
// access them is to call the getCertificateChain method. However, if
// the keystore only has a certificate for the alias but no private key,
// then the entry will not have a chain, and the call to
// getCertificateChain will return null for that alias. We want to be
// able to handle both of these cases, so we will first try
// getCertificateChain to see if we can get a complete chain, but if
// that returns null, then use getCertificate to see if we can get a
// single certificate. That call to getCertificate can also return null
// because the entry with this alias might be some other type of entry,
// like a secret key entry.
Certificate[] chain = keystore.getCertificateChain(alias);
if ((chain == null) || (chain.length == 0))
{
final Certificate cert = keystore.getCertificate(alias);
if (cert == null)
{
continue;
}
else
{
chain = new Certificate[] { cert };
}
}
certificateChain = new X509Certificate[chain.length];
for (int i = 0; i < chain.length; i++)
{
certificateChain[i] = new X509Certificate(chain[i].getEncoded());
}
}
catch (final Exception e)
{
Debug.debugException(e);
err();
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_LIST_CERTS_ERROR_GETTING_CERT.get(alias,
StaticUtils.getExceptionMessage(e)));
resultCode = ResultCode.LOCAL_ERROR;
continue;
}
listedCount++;
for (int i = 0; i < certificateChain.length; i++)
{
out();
if (certificateChain.length == 1)
{
out(INFO_MANAGE_CERTS_LIST_CERTS_LABEL_ALIAS_WITHOUT_CHAIN.get(
alias));
}
else
{
out(INFO_MANAGE_CERTS_LIST_CERTS_LABEL_ALIAS_WITH_CHAIN.get(alias,
(i + 1), certificateChain.length));
}
printCertificate(certificateChain[i], "", verbose);
if (i == 0)
{
if (hasKeyAlias(keystore, alias))
{
out(INFO_MANAGE_CERTS_LIST_CERTS_LABEL_HAS_PK_YES.get());
}
else
{
out(INFO_MANAGE_CERTS_LIST_CERTS_LABEL_HAS_PK_NO.get());
}
}
CertException signatureVerificationException = null;
if (certificateChain[i].isSelfSigned())
{
try
{
certificateChain[i].verifySignature(null);
}
catch (final CertException ce)
{
Debug.debugException(ce);
signatureVerificationException = ce;
}
}
else
{
X509Certificate issuerCertificate = null;
try
{
final AtomicReference jvmDefaultTrustStoreRef =
new AtomicReference<>();
final AtomicReference missingIssuerRef =
new AtomicReference<>();
issuerCertificate = getIssuerCertificate(certificateChain[i],
keystore, jvmDefaultTrustStoreRef, missingIssuerRef);
}
catch (final Exception e)
{
Debug.debugException(e);
}
if (issuerCertificate == null)
{
signatureVerificationException = new CertException(
ERR_MANAGE_CERTS_LIST_CERTS_VERIFY_SIGNATURE_NO_ISSUER.get(
certificateChain[i].getIssuerDN()));
}
else
{
try
{
certificateChain[i].verifySignature(issuerCertificate);
}
catch (final CertException ce)
{
Debug.debugException(ce);
signatureVerificationException = ce;
}
}
}
if (signatureVerificationException == null)
{
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_LIST_CERTS_SIGNATURE_VALID.get());
}
else
{
wrapErr(0, WRAP_COLUMN,
signatureVerificationException.getMessage());
}
if (displayPEM)
{
out(INFO_MANAGE_CERTS_LIST_CERTS_LABEL_PEM.get());
writePEMCertificate(getOut(),
certificateChain[i].getX509CertificateBytes());
}
}
}
if (! missingAliases.isEmpty())
{
err();
for (final String missingAlias : missingAliases.values())
{
wrapErr(0, WRAP_COLUMN,
WARN_MANAGE_CERTS_LIST_CERTS_ALIAS_NOT_IN_KS.get(missingAlias,
keystorePath.getAbsolutePath()));
resultCode = ResultCode.PARAM_ERROR;
}
}
else if (listedCount == 0)
{
out();
if (keystorePassword == null)
{
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_LIST_CERTS_NO_CERTS_OR_KEYS_WITHOUT_PW.get());
}
else
{
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_LIST_CERTS_NO_CERTS_OR_KEYS_WITH_PW.get());
}
}
return resultCode;
}
/**
* Performs the necessary processing for the export-certificate subcommand.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doExportCertificate()
{
// Get the values of a number of configured arguments.
final StringArgument aliasArgument =
subCommandParser.getStringArgument("alias");
final String alias = aliasArgument.getValue();
final BooleanArgument exportChainArgument =
subCommandParser.getBooleanArgument("export-certificate-chain");
final boolean exportChain =
((exportChainArgument != null) && exportChainArgument.isPresent());
final BooleanArgument separateFilePerCertificateArgument =
subCommandParser.getBooleanArgument("separate-file-per-certificate");
final boolean separateFilePerCertificate =
((separateFilePerCertificateArgument != null) &&
separateFilePerCertificateArgument.isPresent());
boolean exportPEM = true;
final StringArgument outputFormatArgument =
subCommandParser.getStringArgument("output-format");
if ((outputFormatArgument != null) && outputFormatArgument.isPresent())
{
final String format = outputFormatArgument.getValue().toLowerCase();
if (format.equals("der") || format.equals("binary") ||
format.equals("bin"))
{
exportPEM = false;
}
}
File outputFile = null;
final FileArgument outputFileArgument =
subCommandParser.getFileArgument("output-file");
if ((outputFileArgument != null) && outputFileArgument.isPresent())
{
outputFile = outputFileArgument.getValue();
}
if ((outputFile == null) && (! exportPEM))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_EXPORT_CERT_NO_FILE_WITH_DER.get());
return ResultCode.PARAM_ERROR;
}
final String keystoreType;
final File keystorePath = getKeystorePath();
try
{
keystoreType = inferKeystoreType(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] keystorePassword;
try
{
keystorePassword = getKeystorePassword(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final BooleanArgument displayKeytoolCommandArgument =
subCommandParser.getBooleanArgument("display-keytool-command");
if ((displayKeytoolCommandArgument != null) &&
displayKeytoolCommandArgument.isPresent())
{
final ArrayList keytoolArgs = new ArrayList<>(10);
keytoolArgs.add("-list");
keytoolArgs.add("-keystore");
keytoolArgs.add(keystorePath.getAbsolutePath());
keytoolArgs.add("-storetype");
keytoolArgs.add(keystoreType);
if (keystorePassword != null)
{
keytoolArgs.add("-storepass");
keytoolArgs.add("*****REDACTED*****");
}
keytoolArgs.add("-alias");
keytoolArgs.add(alias);
if (exportPEM)
{
keytoolArgs.add("-rfc");
}
if (outputFile != null)
{
keytoolArgs.add("-file");
keytoolArgs.add(outputFile.getAbsolutePath());
}
displayKeytoolCommand(keytoolArgs);
}
// Get the keystore.
final KeyStore keystore;
try
{
keystore = getKeystore(keystoreType, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the certificates to export. If the --export-certificate-chain
// argument was provided, this can be multiple certificates. Otherwise, it
// there will only be one.
DN missingIssuerDN = null;
final X509Certificate[] certificatesToExport;
if (exportChain)
{
try
{
final AtomicReference missingIssuerRef = new AtomicReference<>();
certificatesToExport =
getCertificateChain(alias, keystore, missingIssuerRef);
missingIssuerDN = missingIssuerRef.get();
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
}
else
{
try
{
final Certificate cert = keystore.getCertificate(alias);
if (cert == null)
{
certificatesToExport = new X509Certificate[0];
}
else
{
certificatesToExport = new X509Certificate[]
{
new X509Certificate(cert.getEncoded())
};
}
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_EXPORT_CERT_ERROR_GETTING_CERT.get(alias,
keystorePath.getAbsolutePath()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
if (certificatesToExport.length == 0)
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_EXPORT_CERT_NO_CERT_WITH_ALIAS.get(alias,
keystorePath.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
}
// Get a PrintStream to use for the output.
int fileCounter = 1;
String filename = null;
PrintStream printStream;
if (outputFile == null)
{
printStream = getOut();
}
else
{
try
{
if ((certificatesToExport.length > 1) && separateFilePerCertificate)
{
filename = outputFile.getAbsolutePath() + '.' + fileCounter;
}
else
{
filename = outputFile.getAbsolutePath();
}
printStream = new PrintStream(filename);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_EXPORT_CERT_ERROR_OPENING_OUTPUT.get(
outputFile.getAbsolutePath()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
try
{
for (final X509Certificate certificate : certificatesToExport)
{
try
{
if (separateFilePerCertificate && (certificatesToExport.length > 1))
{
if (fileCounter > 1)
{
printStream.close();
filename = outputFile.getAbsolutePath() + '.' + fileCounter;
printStream = new PrintStream(filename);
}
fileCounter++;
}
if (exportPEM)
{
writePEMCertificate(printStream,
certificate.getX509CertificateBytes());
}
else
{
printStream.write(certificate.getX509CertificateBytes());
}
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_EXPORT_CERT_ERROR_WRITING_CERT.get(alias,
certificate.getSubjectDN()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
if (outputFile != null)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_EXPORT_CERT_EXPORT_SUCCESSFUL.get(filename));
printCertificate(certificate, "", false);
}
}
}
finally
{
printStream.flush();
if (outputFile != null)
{
printStream.close();
}
}
if (missingIssuerDN != null)
{
err();
wrapErr(0, WRAP_COLUMN,
WARN_MANAGE_CERTS_EXPORT_CERT_MISSING_CERT_IN_CHAIN.get(
missingIssuerDN, keystorePath.getAbsolutePath()));
return ResultCode.NO_SUCH_OBJECT;
}
return ResultCode.SUCCESS;
}
/**
* Performs the necessary processing for the export-private-key subcommand.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doExportPrivateKey()
{
// Get the values of a number of configured arguments.
final StringArgument aliasArgument =
subCommandParser.getStringArgument("alias");
final String alias = aliasArgument.getValue();
boolean exportPEM = true;
final StringArgument outputFormatArgument =
subCommandParser.getStringArgument("output-format");
if ((outputFormatArgument != null) && outputFormatArgument.isPresent())
{
final String format = outputFormatArgument.getValue().toLowerCase();
if (format.equals("der") || format.equals("binary") ||
format.equals("bin"))
{
exportPEM = false;
}
}
File outputFile = null;
final FileArgument outputFileArgument =
subCommandParser.getFileArgument("output-file");
if ((outputFileArgument != null) && outputFileArgument.isPresent())
{
outputFile = outputFileArgument.getValue();
}
if ((outputFile == null) && (! exportPEM))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_EXPORT_KEY_NO_FILE_WITH_DER.get());
return ResultCode.PARAM_ERROR;
}
final String keystoreType;
final File keystorePath = getKeystorePath();
try
{
keystoreType = inferKeystoreType(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] keystorePassword;
try
{
keystorePassword = getKeystorePassword(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the keystore.
final KeyStore keystore;
try
{
keystore = getKeystore(keystoreType, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// See if we need to use a private key password that is different from the
// keystore password.
final char[] privateKeyPassword;
try
{
privateKeyPassword =
getPrivateKeyPassword(keystore, alias, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the password to use to encrypt the private key when it is exported.
final char[] encryptionPassword;
try
{
encryptionPassword = getPrivateKeyEncryptionPassword(false);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the private key to export.
final PrivateKey privateKey;
try
{
final Key key = keystore.getKey(alias, privateKeyPassword);
if (key == null)
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_EXPORT_KEY_NO_KEY_WITH_ALIAS.get(alias,
keystorePath.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
}
privateKey = (PrivateKey) key;
}
catch (final UnrecoverableKeyException e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_EXPORT_KEY_WRONG_KEY_PW.get(alias,
keystorePath.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_EXPORT_KEY_ERROR_GETTING_KEY.get(alias,
keystorePath.getAbsolutePath()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Get a PrintStream to use for the output.
final PrintStream printStream;
if (outputFile == null)
{
printStream = getOut();
}
else
{
try
{
printStream = new PrintStream(outputFile);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_EXPORT_KEY_ERROR_OPENING_OUTPUT.get(
outputFile.getAbsolutePath()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
try
{
try
{
if (exportPEM)
{
writePEMPrivateKey(printStream, privateKey.getEncoded(),
encryptionPassword);
}
else
{
if (encryptionPassword == null)
{
printStream.write(privateKey.getEncoded());
}
else
{
final byte[] encryptedPrivateKey =
PKCS8EncryptionHandler.encryptPrivateKey(
privateKey.getEncoded(), encryptionPassword,
new PKCS8EncryptionProperties());
printStream.write(encryptedPrivateKey);
}
}
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_EXPORT_KEY_ERROR_WRITING_KEY.get(alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
if (outputFile != null)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_EXPORT_KEY_EXPORT_SUCCESSFUL.get());
}
}
finally
{
printStream.flush();
if (outputFile != null)
{
printStream.close();
}
}
return ResultCode.SUCCESS;
}
/**
* Performs the necessary processing for the import-certificate subcommand.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doImportCertificate()
{
// Get the values of a number of configured arguments.
final StringArgument aliasArgument =
subCommandParser.getStringArgument("alias");
final String alias = aliasArgument.getValue();
final FileArgument certificateFileArgument =
subCommandParser.getFileArgument("certificate-file");
final List certFiles = certificateFileArgument.getValues();
final File privateKeyFile;
final FileArgument privateKeyFileArgument =
subCommandParser.getFileArgument("private-key-file");
if ((privateKeyFileArgument != null) && privateKeyFileArgument.isPresent())
{
privateKeyFile = privateKeyFileArgument.getValue();
}
else
{
privateKeyFile = null;
}
final BooleanArgument noPromptArgument =
subCommandParser.getBooleanArgument("no-prompt");
final boolean noPrompt =
((noPromptArgument != null) && noPromptArgument.isPresent());
final String keystoreType;
final File keystorePath = getKeystorePath();
final boolean isNewKeystore = (! keystorePath.exists());
try
{
keystoreType = inferKeystoreType(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] keystorePassword;
try
{
keystorePassword = getKeystorePassword(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Read the contents of the certificate files.
final ArrayList certList = new ArrayList<>(5);
for (final File certFile : certFiles)
{
try
{
final List certs = readCertificatesFromFile(certFile);
if (certs.isEmpty())
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_NO_CERTS_IN_FILE.get(
certFile.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
}
certList.addAll(certs);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
}
// See if there is a password to use to decrypt the private key that is
// being imported.
final char[] encryptionPassword;
try
{
encryptionPassword = getPrivateKeyEncryptionPassword(true);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// If a private key file was specified, then read the private key.
final PKCS8PrivateKey privateKey;
if (privateKeyFile == null)
{
privateKey = null;
}
else
{
try
{
privateKey = readPrivateKeyFromFile(privateKeyFile, encryptionPassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
}
// Get the keystore.
final KeyStore keystore;
try
{
keystore = getKeystore(keystoreType, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// If there is a private key, then see if we need to use a private key
// password that is different from the keystore password.
final char[] privateKeyPassword;
try
{
privateKeyPassword =
getPrivateKeyPassword(keystore, alias, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// If we should display an equivalent keytool command, then do that now.
final BooleanArgument displayKeytoolCommandArgument =
subCommandParser.getBooleanArgument("display-keytool-command");
if ((displayKeytoolCommandArgument != null) &&
displayKeytoolCommandArgument.isPresent())
{
final ArrayList keytoolArgs = new ArrayList<>(10);
keytoolArgs.add("-import");
keytoolArgs.add("-keystore");
keytoolArgs.add(keystorePath.getAbsolutePath());
keytoolArgs.add("-storetype");
keytoolArgs.add(keystoreType);
keytoolArgs.add("-storepass");
keytoolArgs.add("*****REDACTED*****");
keytoolArgs.add("-keypass");
keytoolArgs.add("*****REDACTED*****");
keytoolArgs.add("-alias");
keytoolArgs.add(alias);
keytoolArgs.add("-file");
keytoolArgs.add(certFiles.get(0).getAbsolutePath());
keytoolArgs.add("-trustcacerts");
displayKeytoolCommand(keytoolArgs);
}
// Look at all the certificates to be imported. Make sure that every
// subsequent certificate in the chain is the issuer for the previous.
final Iterator certIterator = certList.iterator();
X509Certificate subjectCert = certIterator.next();
while (true)
{
if (subjectCert.isSelfSigned())
{
if (certIterator.hasNext())
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_SELF_SIGNED_NOT_LAST.get(
subjectCert.getSubjectDN()));
return ResultCode.PARAM_ERROR;
}
}
if (! certIterator.hasNext())
{
break;
}
final X509Certificate issuerCert = certIterator.next();
final StringBuilder notIssuerReason = new StringBuilder();
if (! issuerCert.isIssuerFor(subjectCert, notIssuerReason))
{
// In some cases, the process of signing a certificate can put two
// certificates in the output file (both the signed certificate and its
// issuer. If the same certificate is in the chain twice, then we'll
// silently ignore it.
if (Arrays.equals(issuerCert.getX509CertificateBytes(),
subjectCert.getX509CertificateBytes()))
{
certIterator.remove();
}
else
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_NEXT_NOT_ISSUER_OF_PREV.get(
notIssuerReason.toString()));
return ResultCode.PARAM_ERROR;
}
}
subjectCert = issuerCert;
}
// If the last certificate in the chain is not self-signed, then make sure
// that we can complete the chain using other certificates in the keystore
// or in the JVM's set of default trusted issuers. If we can't complete
// the chain, then that's an error, although we'll go ahead and proceed
// anyway with the import if we're not also importing a private key.
final ArrayList chain;
if (certList.get(certList.size() - 1).isSelfSigned())
{
chain = certList;
}
else
{
chain = new ArrayList<>(certList.size() + 5);
chain.addAll(certList);
final AtomicReference jvmDefaultTrustStoreRef =
new AtomicReference<>();
final AtomicReference missingIssuerRef = new AtomicReference<>();
X509Certificate c = certList.get(certList.size() - 1);
while (! c.isSelfSigned())
{
final X509Certificate issuer;
try
{
issuer = getIssuerCertificate(c, keystore, jvmDefaultTrustStoreRef,
missingIssuerRef);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_CANNOT_GET_ISSUER.get(
c.getIssuerDN()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
if (issuer == null)
{
final byte[] authorityKeyIdentifier = getAuthorityKeyIdentifier(c);
// We couldn't find the issuer certificate. If we're importing a
// private key, or if the keystore already has a key entry with the
// same alias that we're going to use, then this is definitely an
// error because we can only write a key entry if we have a complete
// certificate chain.
//
// If we weren't explicitly provided with a private key, then it's
// still an undesirable thing to import a certificate without having
// the complete set of issuers, but we'll go ahead and let it slide
// with just a warning.
if ((privateKey != null) || hasKeyAlias(keystore, alias))
{
if (authorityKeyIdentifier == null)
{
err();
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_NO_ISSUER_NO_AKI.get(
c.getIssuerDN()));
}
else
{
err();
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_NO_ISSUER_WITH_AKI.get(
c.getIssuerDN(),
toColonDelimitedHex(authorityKeyIdentifier)));
}
return ResultCode.PARAM_ERROR;
}
else
{
if (authorityKeyIdentifier == null)
{
err();
wrapErr(0, WRAP_COLUMN,
WARN_MANAGE_CERTS_IMPORT_CERT_NO_ISSUER_NO_AKI.get(
c.getIssuerDN()));
}
else
{
err();
wrapErr(0, WRAP_COLUMN,
WARN_MANAGE_CERTS_IMPORT_CERT_NO_ISSUER_WITH_AKI.get(
c.getIssuerDN(),
toColonDelimitedHex(authorityKeyIdentifier)));
}
break;
}
}
else
{
chain.add(issuer);
c = issuer;
}
}
}
// If we're going to import a private key with a certificate chain, then
// perform the necessary validation and do the import.
if (privateKey != null)
{
// Make sure that the keystore doesn't already have a key or certificate
// with the specified alias.
if (hasKeyAlias(keystore, alias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_WITH_PK_KEY_ALIAS_CONFLICT.get(
alias));
return ResultCode.PARAM_ERROR;
}
else if (hasCertificateAlias(keystore, alias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_WITH_PK_CERT_ALIAS_CONFLICT.get(
alias));
return ResultCode.PARAM_ERROR;
}
// Make sure that the private key has a key algorithm of either RSA or EC,
// and convert it into a Java PrivateKey object.
final PrivateKey javaPrivateKey;
try
{
javaPrivateKey = privateKey.toPrivateKey();
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_ERROR_CONVERTING_KEY.get(
privateKeyFile.getAbsolutePath()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Convert the certificate chain into a Java Certificate[].
final Certificate[] javaCertificateChain = new Certificate[chain.size()];
for (int i=0; i < javaCertificateChain.length; i++)
{
final X509Certificate c = chain.get(i);
try
{
javaCertificateChain[i] = c.toCertificate();
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_ERROR_CONVERTING_CERT.get(
c.getSubjectDN()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
// Prompt the user to confirm the import, if appropriate.
if (! noPrompt)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_IMPORT_CERT_CONFIRM_IMPORT_CHAIN_NEW_KEY.get(
alias));
for (final X509Certificate c : chain)
{
out();
printCertificate(c, "", false);
}
out();
try
{
if (! promptForYesNo(
INFO_MANAGE_CERTS_IMPORT_CERT_PROMPT_IMPORT_CHAIN.get()))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_CANCELED.get());
return ResultCode.USER_CANCELED;
}
}
catch (final LDAPException le)
{
Debug.debugException(le);
err();
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
}
// Set the private key entry in the keystore.
try
{
keystore.setKeyEntry(alias, javaPrivateKey, privateKeyPassword,
javaCertificateChain);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_ERROR_UPDATING_KS_WITH_CHAIN.get(
alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Write the updated keystore to disk.
try
{
writeKeystore(keystore, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
if (isNewKeystore)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_IMPORT_CERT_CREATED_KEYSTORE.get(
getUserFriendlyKeystoreType(keystoreType)));
}
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_IMPORT_CERT_IMPORTED_CHAIN_WITH_PK.get());
return ResultCode.SUCCESS;
}
// If we've gotten here, then we were given one or more certificates but no
// private key. See if the keystore already has a certificate entry with
// the specified alias. If so, then that's always an error.
if (hasCertificateAlias(keystore, alias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_WITH_CONFLICTING_CERT_ALIAS.get(alias));
return ResultCode.PARAM_ERROR;
}
// See if the keystore already has a key entry with the specified alias.
// If so, then it may or may not be an error. This can happen if we
// generated a certificate signing request from an existing key pair, and
// now want to import the signed certificate. If that is the case, then we
// will replace the existing key entry with a new one that contains the full
// new certificate chain and the existing private key, but only if the
// new certificate uses the same public key as the certificate at the head
// of the existing chain in that alias.
if (hasKeyAlias(keystore, alias))
{
// Make sure that the existing key pair uses the same public key as the
// new certificate we are importing.
final PrivateKey existingPrivateKey;
final Certificate[] existingChain;
final X509Certificate existingEndCertificate;
try
{
existingPrivateKey =
(PrivateKey) keystore.getKey(alias, privateKeyPassword);
existingChain = keystore.getCertificateChain(alias);
existingEndCertificate =
new X509Certificate(existingChain[0].getEncoded());
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_INTO_KEY_ALIAS_CANNOT_GET_KEY.get(
alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
final boolean[] existingPublicKeyBits =
existingEndCertificate.getEncodedPublicKey().getBits();
final boolean[] newPublicKeyBits =
chain.get(0).getEncodedPublicKey().getBits();
if (! Arrays.equals(existingPublicKeyBits, newPublicKeyBits))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_INTO_KEY_ALIAS_KEY_MISMATCH.get(
alias));
return ResultCode.PARAM_ERROR;
}
// Prepare the new certificate chain to store in the alias.
final Certificate[] newChain = new Certificate[chain.size()];
for (int i=0; i < chain.size(); i++)
{
final X509Certificate c = chain.get(i);
try
{
newChain[i] = c.toCertificate();
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_ERROR_CONVERTING_CERT.get(
c.getSubjectDN()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
// Prompt the user to confirm the import, if appropriate.
if (! noPrompt)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_IMPORT_CERT_CONFIRM_IMPORT_CHAIN_EXISTING_KEY.
get(alias));
for (final X509Certificate c : chain)
{
out();
printCertificate(c, "", false);
}
out();
try
{
if (! promptForYesNo(
INFO_MANAGE_CERTS_IMPORT_CERT_PROMPT_IMPORT_CHAIN.get()))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_CANCELED.get());
return ResultCode.USER_CANCELED;
}
}
catch (final LDAPException le)
{
Debug.debugException(le);
err();
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
}
// Set the private key entry in the keystore.
try
{
keystore.setKeyEntry(alias, existingPrivateKey, privateKeyPassword,
newChain);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_ERROR_UPDATING_KS_WITH_CHAIN.get(
alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Write the updated keystore to disk.
try
{
writeKeystore(keystore, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
out();
if (isNewKeystore)
{
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_IMPORT_CERT_CREATED_KEYSTORE.get(
getUserFriendlyKeystoreType(keystoreType)));
}
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_IMPORT_CERT_IMPORTED_CHAIN_WITHOUT_PK.get());
return ResultCode.SUCCESS;
}
// If we've gotten here, then we know that we're just going to add
// certificate entries to the keystore. Iterate through the certificates
// and add them to the keystore under the appropriate aliases, first making
// sure that the alias isn't already in use.
final LinkedHashMap certMap =
new LinkedHashMap<>(StaticUtils.computeMapCapacity(certList.size()));
for (int i=0; i < certList.size(); i++)
{
final X509Certificate x509Certificate = certList.get(i);
final Certificate javaCertificate;
try
{
javaCertificate = x509Certificate.toCertificate();
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_ERROR_CONVERTING_CERT.get(
x509Certificate.getSubjectDN()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
final String certAlias;
if (i == 0)
{
certAlias = alias;
}
else if (certList.size() > 2)
{
certAlias = alias + "-issuer-" + i;
}
else
{
certAlias = alias + "-issuer";
}
certMap.put(certAlias, x509Certificate);
if (hasKeyAlias(keystore, certAlias) ||
hasCertificateAlias(keystore, certAlias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_WITH_CONFLICTING_ISSUER_ALIAS.get(
x509Certificate.getSubjectDN(), certAlias));
return ResultCode.PARAM_ERROR;
}
try
{
keystore.setCertificateEntry(certAlias, javaCertificate);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_ERROR_UPDATING_KS_WITH_CERT.get(
x509Certificate.getSubjectDN(), alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
// Prompt about whether to perform the import, if appropriate.
if (! noPrompt)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_IMPORT_CERT_CONFIRM_IMPORT_CHAIN_NO_KEY.
get(alias));
for (final Map.Entry e : certMap.entrySet())
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_IMPORT_CERT_LABEL_ALIAS.get(e.getKey()));
printCertificate(e.getValue(), "", false);
}
out();
try
{
if (! promptForYesNo(
INFO_MANAGE_CERTS_IMPORT_CERT_PROMPT_IMPORT_CHAIN.get()))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_IMPORT_CERT_CANCELED.get());
return ResultCode.USER_CANCELED;
}
}
catch (final LDAPException le)
{
Debug.debugException(le);
err();
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
}
// Write the updated keystore to disk.
try
{
writeKeystore(keystore, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
out();
if (isNewKeystore)
{
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_IMPORT_CERT_CREATED_KEYSTORE.get(
getUserFriendlyKeystoreType(keystoreType)));
}
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_IMPORT_CERT_IMPORTED_CHAIN_WITHOUT_PK.get());
return ResultCode.SUCCESS;
}
/**
* Performs the necessary processing for the delete-certificate subcommand.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doDeleteCertificate()
{
// Get the values of a number of configured arguments.
final StringArgument aliasArgument =
subCommandParser.getStringArgument("alias");
final String alias = aliasArgument.getValue();
final BooleanArgument noPromptArgument =
subCommandParser.getBooleanArgument("no-prompt");
final boolean noPrompt =
((noPromptArgument != null) && noPromptArgument.isPresent());
final String keystoreType;
final File keystorePath = getKeystorePath();
try
{
keystoreType = inferKeystoreType(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] keystorePassword;
try
{
keystorePassword = getKeystorePassword(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final BooleanArgument displayKeytoolCommandArgument =
subCommandParser.getBooleanArgument("display-keytool-command");
if ((displayKeytoolCommandArgument != null) &&
displayKeytoolCommandArgument.isPresent())
{
final ArrayList keytoolArgs = new ArrayList<>(10);
keytoolArgs.add("-delete");
keytoolArgs.add("-keystore");
keytoolArgs.add(keystorePath.getAbsolutePath());
keytoolArgs.add("-storetype");
keytoolArgs.add(keystoreType);
keytoolArgs.add("-storepass");
keytoolArgs.add("*****REDACTED*****");
keytoolArgs.add("-alias");
keytoolArgs.add(alias);
displayKeytoolCommand(keytoolArgs);
}
// Get the keystore.
final KeyStore keystore;
try
{
keystore = getKeystore(keystoreType, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the entry for the specified alias.
final boolean hasPrivateKey;
final ArrayList certList = new ArrayList<>(5);
if (hasCertificateAlias(keystore, alias))
{
try
{
hasPrivateKey = false;
certList.add(
new X509Certificate(keystore.getCertificate(alias).getEncoded()));
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_DELETE_CERT_ERROR_GETTING_CERT.get(alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
else if (hasKeyAlias(keystore, alias))
{
try
{
hasPrivateKey = true;
for (final Certificate c : keystore.getCertificateChain(alias))
{
certList.add(new X509Certificate(c.getEncoded()));
}
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_DELETE_CERT_ERROR_GETTING_CHAIN.get(alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
else
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_DELETE_CERT_ERROR_ALIAS_NOT_CERT_OR_KEY.get(alias));
return ResultCode.PARAM_ERROR;
}
// Prompt about whether to perform the delete, if appropriate.
if (! noPrompt)
{
out();
if (! hasPrivateKey)
{
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_DELETE_CERT_CONFIRM_DELETE_CERT.get());
}
else
{
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_DELETE_CERT_CONFIRM_DELETE_CHAIN.get());
}
for (final X509Certificate c : certList)
{
out();
printCertificate(c, "", false);
}
out();
try
{
if (! promptForYesNo(
INFO_MANAGE_CERTS_DELETE_CERT_PROMPT_DELETE.get()))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_DELETE_CERT_CANCELED.get());
return ResultCode.USER_CANCELED;
}
}
catch (final LDAPException le)
{
Debug.debugException(le);
err();
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
}
// Delete the entry from the keystore.
try
{
keystore.deleteEntry(alias);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_DELETE_CERT_DELETE_ERROR.get(alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Write the updated keystore to disk.
try
{
writeKeystore(keystore, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
if (certList.size() == 1)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_DELETE_CERT_DELETED_CERT.get());
}
else
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_DELETE_CERT_DELETED_CHAIN.get());
}
return ResultCode.SUCCESS;
}
/**
* Performs the necessary processing for the generate-self-signed-certificate,
* generate-certificate-signing-request, and sign-certificate-signing-request
* subcommands.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doGenerateOrSignCertificateOrCSR()
{
// Figure out which subcommand we're processing.
final boolean isGenerateCertificate;
final boolean isGenerateCSR;
final boolean isSignCSR;
final SubCommand selectedSubCommand = globalParser.getSelectedSubCommand();
if (selectedSubCommand.hasName("generate-self-signed-certificate"))
{
isGenerateCertificate = true;
isGenerateCSR = false;
isSignCSR = false;
}
else if (selectedSubCommand.hasName("generate-certificate-signing-request"))
{
isGenerateCertificate = false;
isGenerateCSR = true;
isSignCSR = false;
}
else
{
Validator.ensureTrue(
selectedSubCommand.hasName("sign-certificate-signing-request"));
isGenerateCertificate = false;
isGenerateCSR = false;
isSignCSR = true;
}
// Get the values of a number of configured arguments.
final StringArgument aliasArgument =
subCommandParser.getStringArgument("alias");
final String alias = aliasArgument.getValue();
final File keystorePath = getKeystorePath();
final boolean isNewKeystore = (! keystorePath.exists());
DN subjectDN = null;
final DNArgument subjectDNArgument =
subCommandParser.getDNArgument("subject-dn");
if ((subjectDNArgument != null) && subjectDNArgument.isPresent())
{
subjectDN = subjectDNArgument.getValue();
}
File inputFile = null;
final FileArgument inputFileArgument =
subCommandParser.getFileArgument("input-file");
if ((inputFileArgument != null) && inputFileArgument.isPresent())
{
inputFile = inputFileArgument.getValue();
}
File outputFile = null;
final FileArgument outputFileArgument =
subCommandParser.getFileArgument("output-file");
if ((outputFileArgument != null) && outputFileArgument.isPresent())
{
outputFile = outputFileArgument.getValue();
}
boolean outputPEM = true;
final StringArgument outputFormatArgument =
subCommandParser.getStringArgument("output-format");
if ((outputFormatArgument != null) && outputFormatArgument.isPresent())
{
final String format = outputFormatArgument.getValue().toLowerCase();
if (format.equals("der") || format.equals("binary") ||
format.equals("bin"))
{
outputPEM = false;
}
}
if ((! outputPEM) && (outputFile == null))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_NO_FILE_WITH_DER.get());
return ResultCode.PARAM_ERROR;
}
final BooleanArgument useExistingKeyPairArgument =
subCommandParser.getBooleanArgument("use-existing-key-pair");
final boolean useExistingKeyPair =
((useExistingKeyPairArgument != null) &&
useExistingKeyPairArgument.isPresent());
if (useExistingKeyPair && (! keystorePath.exists()))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_USE_EXISTING_KP_WITHOUT_KS.get());
return ResultCode.PARAM_ERROR;
}
final BooleanArgument inheritExtensionsArgument =
subCommandParser.getBooleanArgument("inherit-extensions");
final boolean inheritExtensions =
((inheritExtensionsArgument != null) &&
inheritExtensionsArgument.isPresent());
final BooleanArgument includeRequestedExtensionsArgument =
subCommandParser.getBooleanArgument("include-requested-extensions");
final boolean includeRequestedExtensions =
((includeRequestedExtensionsArgument != null) &&
includeRequestedExtensionsArgument.isPresent());
final BooleanArgument noPromptArgument =
subCommandParser.getBooleanArgument("no-prompt");
final boolean noPrompt =
((noPromptArgument != null) && noPromptArgument.isPresent());
final BooleanArgument displayKeytoolCommandArgument =
subCommandParser.getBooleanArgument("display-keytool-command");
final boolean displayKeytoolCommand =
((displayKeytoolCommandArgument != null) &&
displayKeytoolCommandArgument.isPresent());
int daysValid = 365;
final IntegerArgument daysValidArgument =
subCommandParser.getIntegerArgument("days-valid");
if ((daysValidArgument != null) && daysValidArgument.isPresent())
{
daysValid = daysValidArgument.getValue();
}
Date validityStartTime = null;
final TimestampArgument validityStartTimeArgument =
subCommandParser.getTimestampArgument("validity-start-time");
if ((validityStartTimeArgument != null) &&
validityStartTimeArgument.isPresent())
{
validityStartTime = validityStartTimeArgument.getValue();
}
PublicKeyAlgorithmIdentifier keyAlgorithmIdentifier = null;
String keyAlgorithmName = null;
final StringArgument keyAlgorithmArgument =
subCommandParser.getStringArgument("key-algorithm");
if ((keyAlgorithmArgument != null) && keyAlgorithmArgument.isPresent())
{
final String name = keyAlgorithmArgument.getValue();
keyAlgorithmIdentifier = PublicKeyAlgorithmIdentifier.forName(name);
if (keyAlgorithmIdentifier == null)
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_KEY_ALG.get(name));
return ResultCode.PARAM_ERROR;
}
else
{
keyAlgorithmName = keyAlgorithmIdentifier.getName();
}
}
Integer keySizeBits = null;
final IntegerArgument keySizeBitsArgument =
subCommandParser.getIntegerArgument("key-size-bits");
if ((keySizeBitsArgument != null) && keySizeBitsArgument.isPresent())
{
keySizeBits = keySizeBitsArgument.getValue();
}
if ((keyAlgorithmIdentifier != null) &&
(keyAlgorithmIdentifier != PublicKeyAlgorithmIdentifier.RSA) &&
(keySizeBits == null))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_NO_KEY_SIZE_FOR_NON_RSA_KEY.get());
return ResultCode.PARAM_ERROR;
}
String signatureAlgorithmName = null;
SignatureAlgorithmIdentifier signatureAlgorithmIdentifier = null;
final StringArgument signatureAlgorithmArgument =
subCommandParser.getStringArgument("signature-algorithm");
if ((signatureAlgorithmArgument != null) &&
signatureAlgorithmArgument.isPresent())
{
final String name = signatureAlgorithmArgument.getValue();
signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forName(name);
if (signatureAlgorithmIdentifier == null)
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG.get(name));
return ResultCode.PARAM_ERROR;
}
else
{
signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
}
}
if ((keyAlgorithmIdentifier != null) &&
(keyAlgorithmIdentifier != PublicKeyAlgorithmIdentifier.RSA) &&
(signatureAlgorithmIdentifier == null))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_NO_SIG_ALG_FOR_NON_RSA_KEY.get());
return ResultCode.PARAM_ERROR;
}
// Build a subject alternative name extension, if appropriate.
final ArrayList extensionList =
new ArrayList<>(10);
final GeneralNamesBuilder sanBuilder = new GeneralNamesBuilder();
final LinkedHashSet sanValues =
new LinkedHashSet<>(StaticUtils.computeMapCapacity(10));
final StringArgument sanDNSArgument =
subCommandParser.getStringArgument("subject-alternative-name-dns");
if ((sanDNSArgument != null) && sanDNSArgument.isPresent())
{
for (final String value : sanDNSArgument.getValues())
{
sanBuilder.addDNSName(value);
sanValues.add("DNS:" + value);
}
}
final StringArgument sanIPArgument = subCommandParser.getStringArgument(
"subject-alternative-name-ip-address");
if ((sanIPArgument != null) && sanIPArgument.isPresent())
{
for (final String value : sanIPArgument.getValues())
{
try
{
sanBuilder.addIPAddress(LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.
getByName(value));
sanValues.add("IP:" + value);
}
catch (final Exception e)
{
// This should never happen.
Debug.debugException(e);
throw new RuntimeException(e);
}
}
}
final StringArgument sanEmailArgument = subCommandParser.getStringArgument(
"subject-alternative-name-email-address");
if ((sanEmailArgument != null) && sanEmailArgument.isPresent())
{
for (final String value : sanEmailArgument.getValues())
{
sanBuilder.addRFC822Name(value);
sanValues.add("EMAIL:" + value);
}
}
final StringArgument sanURIArgument =
subCommandParser.getStringArgument("subject-alternative-name-uri");
if ((sanURIArgument != null) && sanURIArgument.isPresent())
{
for (final String value : sanURIArgument.getValues())
{
sanBuilder.addUniformResourceIdentifier(value);
sanValues.add("URI:" + value);
}
}
final StringArgument sanOIDArgument =
subCommandParser.getStringArgument("subject-alternative-name-oid");
if ((sanOIDArgument != null) && sanOIDArgument.isPresent())
{
for (final String value : sanOIDArgument.getValues())
{
sanBuilder.addRegisteredID(new OID(value));
sanValues.add("OID:" + value);
}
}
if (! sanValues.isEmpty())
{
try
{
extensionList.add(
new SubjectAlternativeNameExtension(false, sanBuilder.build()));
}
catch (final Exception e)
{
// This should never happen.
Debug.debugException(e);
throw new RuntimeException(e);
}
}
// Build a set of issuer alternative name extension values.
final GeneralNamesBuilder ianBuilder = new GeneralNamesBuilder();
final LinkedHashSet ianValues =
new LinkedHashSet<>(StaticUtils.computeMapCapacity(10));
final StringArgument ianDNSArgument =
subCommandParser.getStringArgument("issuer-alternative-name-dns");
if ((ianDNSArgument != null) && ianDNSArgument.isPresent())
{
for (final String value : ianDNSArgument.getValues())
{
ianBuilder.addDNSName(value);
ianValues.add("DNS:" + value);
}
}
final StringArgument ianIPArgument = subCommandParser.getStringArgument(
"issuer-alternative-name-ip-address");
if ((ianIPArgument != null) && ianIPArgument.isPresent())
{
for (final String value : ianIPArgument.getValues())
{
try
{
ianBuilder.addIPAddress(LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.
getByName(value));
ianValues.add("IP:" + value);
}
catch (final Exception e)
{
// This should never happen.
Debug.debugException(e);
throw new RuntimeException(e);
}
}
}
final StringArgument ianEmailArgument = subCommandParser.getStringArgument(
"issuer-alternative-name-email-address");
if ((ianEmailArgument != null) && ianEmailArgument.isPresent())
{
for (final String value : ianEmailArgument.getValues())
{
ianBuilder.addRFC822Name(value);
ianValues.add("EMAIL:" + value);
}
}
final StringArgument ianURIArgument =
subCommandParser.getStringArgument("issuer-alternative-name-uri");
if ((ianURIArgument != null) && ianURIArgument.isPresent())
{
for (final String value : ianURIArgument.getValues())
{
ianBuilder.addUniformResourceIdentifier(value);
ianValues.add("URI:" + value);
}
}
final StringArgument ianOIDArgument =
subCommandParser.getStringArgument("issuer-alternative-name-oid");
if ((ianOIDArgument != null) && ianOIDArgument.isPresent())
{
for (final String value : ianOIDArgument.getValues())
{
ianBuilder.addRegisteredID(new OID(value));
ianValues.add("OID:" + value);
}
}
if (! ianValues.isEmpty())
{
try
{
extensionList.add(
new IssuerAlternativeNameExtension(false, ianBuilder.build()));
}
catch (final Exception e)
{
// This should never happen.
Debug.debugException(e);
throw new RuntimeException(e);
}
}
// Build a basic constraints extension, if appropriate.
BasicConstraintsExtension basicConstraints = null;
final BooleanValueArgument basicConstraintsIsCAArgument =
subCommandParser.getBooleanValueArgument("basic-constraints-is-ca");
if ((basicConstraintsIsCAArgument != null) &&
basicConstraintsIsCAArgument.isPresent())
{
final boolean isCA = basicConstraintsIsCAArgument.getValue();
Integer pathLength = null;
final IntegerArgument pathLengthArgument =
subCommandParser.getIntegerArgument(
"basic-constraints-maximum-path-length");
if ((pathLengthArgument != null) && pathLengthArgument.isPresent())
{
if (isCA)
{
pathLength = pathLengthArgument.getValue();
}
else
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_BC_PATH_LENGTH_WITHOUT_CA.get());
return ResultCode.PARAM_ERROR;
}
}
basicConstraints = new BasicConstraintsExtension(false, isCA, pathLength);
extensionList.add(basicConstraints);
}
// Build a key usage extension, if appropriate.
KeyUsageExtension keyUsage = null;
final StringArgument keyUsageArgument =
subCommandParser.getStringArgument("key-usage");
if ((keyUsageArgument != null) && keyUsageArgument.isPresent())
{
boolean digitalSignature = false;
boolean nonRepudiation = false;
boolean keyEncipherment = false;
boolean dataEncipherment = false;
boolean keyAgreement = false;
boolean keyCertSign = false;
boolean crlSign = false;
boolean encipherOnly = false;
boolean decipherOnly = false;
for (final String value : keyUsageArgument.getValues())
{
if (value.equalsIgnoreCase("digital-signature") ||
value.equalsIgnoreCase("digitalSignature"))
{
digitalSignature = true;
}
else if (value.equalsIgnoreCase("non-repudiation") ||
value.equalsIgnoreCase("nonRepudiation") ||
value.equalsIgnoreCase("content-commitment") ||
value.equalsIgnoreCase("contentCommitment"))
{
nonRepudiation = true;
}
else if (value.equalsIgnoreCase("key-encipherment") ||
value.equalsIgnoreCase("keyEncipherment"))
{
keyEncipherment = true;
}
else if (value.equalsIgnoreCase("data-encipherment") ||
value.equalsIgnoreCase("dataEncipherment"))
{
dataEncipherment = true;
}
else if (value.equalsIgnoreCase("key-agreement") ||
value.equalsIgnoreCase("keyAgreement"))
{
keyAgreement = true;
}
else if (value.equalsIgnoreCase("key-cert-sign") ||
value.equalsIgnoreCase("keyCertSign"))
{
keyCertSign = true;
}
else if (value.equalsIgnoreCase("crl-sign") ||
value.equalsIgnoreCase("crlSign"))
{
crlSign = true;
}
else if (value.equalsIgnoreCase("encipher-only") ||
value.equalsIgnoreCase("encipherOnly"))
{
encipherOnly = true;
}
else if (value.equalsIgnoreCase("decipher-only") ||
value.equalsIgnoreCase("decipherOnly"))
{
decipherOnly = true;
}
else
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_INVALID_KEY_USAGE.get(value));
return ResultCode.PARAM_ERROR;
}
}
keyUsage = new KeyUsageExtension(false, digitalSignature, nonRepudiation,
keyEncipherment, dataEncipherment, keyAgreement, keyCertSign,
crlSign, encipherOnly, decipherOnly);
extensionList.add(keyUsage);
}
// Build an extended key usage extension, if appropriate.
ExtendedKeyUsageExtension extendedKeyUsage = null;
final StringArgument extendedKeyUsageArgument =
subCommandParser.getStringArgument("extended-key-usage");
if ((extendedKeyUsageArgument != null) &&
extendedKeyUsageArgument.isPresent())
{
final List values = extendedKeyUsageArgument.getValues();
final ArrayList keyPurposeIDs = new ArrayList<>(values.size());
for (final String value : values)
{
if (value.equalsIgnoreCase("server-auth") ||
value.equalsIgnoreCase("serverAuth") ||
value.equalsIgnoreCase("server-authentication") ||
value.equalsIgnoreCase("serverAuthentication") ||
value.equalsIgnoreCase("tls-server-authentication") ||
value.equalsIgnoreCase("tlsServerAuthentication"))
{
keyPurposeIDs.add(
ExtendedKeyUsageID.TLS_SERVER_AUTHENTICATION.getOID());
}
else if (value.equalsIgnoreCase("client-auth") ||
value.equalsIgnoreCase("clientAuth") ||
value.equalsIgnoreCase("client-authentication") ||
value.equalsIgnoreCase("clientAuthentication") ||
value.equalsIgnoreCase("tls-client-authentication") ||
value.equalsIgnoreCase("tlsClientAuthentication"))
{
keyPurposeIDs.add(
ExtendedKeyUsageID.TLS_CLIENT_AUTHENTICATION.getOID());
}
else if (value.equalsIgnoreCase("code-signing") ||
value.equalsIgnoreCase("codeSigning"))
{
keyPurposeIDs.add(ExtendedKeyUsageID.CODE_SIGNING.getOID());
}
else if (value.equalsIgnoreCase("email-protection") ||
value.equalsIgnoreCase("emailProtection"))
{
keyPurposeIDs.add(ExtendedKeyUsageID.EMAIL_PROTECTION.getOID());
}
else if (value.equalsIgnoreCase("time-stamping") ||
value.equalsIgnoreCase("timeStamping"))
{
keyPurposeIDs.add(ExtendedKeyUsageID.TIME_STAMPING.getOID());
}
else if (value.equalsIgnoreCase("ocsp-signing") ||
value.equalsIgnoreCase("ocspSigning"))
{
keyPurposeIDs.add(ExtendedKeyUsageID.OCSP_SIGNING.getOID());
}
else if (OID.isStrictlyValidNumericOID(value))
{
keyPurposeIDs.add(new OID(value));
}
else
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_INVALID_EXTENDED_KEY_USAGE.get(value));
return ResultCode.PARAM_ERROR;
}
}
try
{
extendedKeyUsage = new ExtendedKeyUsageExtension(false, keyPurposeIDs);
}
catch (final Exception e)
{
// This should never happen.
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_EXTENDED_KEY_USAGE_ERROR.get());
e.printStackTrace(getErr());
return ResultCode.PARAM_ERROR;
}
extensionList.add(extendedKeyUsage);
}
// Build a list of generic extensions.
final ArrayList genericExtensions =
new ArrayList<>(5);
final StringArgument extensionArgument =
subCommandParser.getStringArgument("extension");
if ((extensionArgument != null) && extensionArgument.isPresent())
{
for (final String value : extensionArgument.getValues())
{
try
{
final int firstColonPos = value.indexOf(':');
final int secondColonPos = value.indexOf(':', firstColonPos + 1);
final OID oid = new OID(value.substring(0, firstColonPos));
if (! oid.isStrictlyValidNumericOID())
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_EXT_MALFORMED_OID.get(value,
oid.toString()));
return ResultCode.PARAM_ERROR;
}
final boolean criticality;
final String criticalityString =
value.substring(firstColonPos + 1, secondColonPos);
if (criticalityString.equalsIgnoreCase("true") ||
criticalityString.equalsIgnoreCase("t") ||
criticalityString.equalsIgnoreCase("yes") ||
criticalityString.equalsIgnoreCase("y") ||
criticalityString.equalsIgnoreCase("on") ||
criticalityString.equalsIgnoreCase("1"))
{
criticality = true;
}
else if (criticalityString.equalsIgnoreCase("false") ||
criticalityString.equalsIgnoreCase("f") ||
criticalityString.equalsIgnoreCase("no") ||
criticalityString.equalsIgnoreCase("n") ||
criticalityString.equalsIgnoreCase("off") ||
criticalityString.equalsIgnoreCase("0"))
{
criticality = false;
}
else
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_EXT_INVALID_CRITICALITY.get(
value, criticalityString));
return ResultCode.PARAM_ERROR;
}
final byte[] valueBytes;
try
{
valueBytes = StaticUtils.fromHex(value.substring(secondColonPos+1));
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_EXT_INVALID_VALUE.get(value));
return ResultCode.PARAM_ERROR;
}
final X509CertificateExtension extension =
new X509CertificateExtension(oid, criticality, valueBytes);
genericExtensions.add(extension);
extensionList.add(extension);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_EXT_MALFORMED.get(value));
return ResultCode.PARAM_ERROR;
}
}
}
final String keystoreType;
try
{
keystoreType = inferKeystoreType(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] keystorePassword;
try
{
keystorePassword = getKeystorePassword(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the keystore.
final KeyStore keystore;
try
{
keystore = getKeystore(keystoreType, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// If there is a private key, then see if we need to use a private key
// password that is different from the keystore password.
final char[] privateKeyPassword;
try
{
privateKeyPassword =
getPrivateKeyPassword(keystore, alias, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// If we're going to replace an existing certificate in the keystore, then
// perform the appropriate processing for that.
if (useExistingKeyPair)
{
// Make sure that the keystore already has a private key entry with the
// specified alias.
if (! hasKeyAlias(keystore, alias))
{
if (hasCertificateAlias(keystore, alias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_USE_EXISTING_KP_ALIAS_IS_CERT.get(
alias, keystorePath.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
}
else
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_USE_EXISTING_KP_NO_SUCH_ALIAS.get(
alias, keystorePath.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
}
}
// Get the certificate to replace, along with its key pair.
final X509Certificate certToReplace;
final KeyPair keyPair;
try
{
final Certificate[] chain = keystore.getCertificateChain(alias);
certToReplace = new X509Certificate(chain[0].getEncoded());
final PublicKey publicKey = chain[0].getPublicKey();
final PrivateKey privateKey =
(PrivateKey) keystore.getKey(alias, privateKeyPassword);
keyPair = new KeyPair(publicKey, privateKey);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_USE_EXISTING_KP_COULD_NOT_GET_CERT.get(
alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Assign the remaining values using information in the existing
// certificate.
signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forOID(
certToReplace.getSignatureAlgorithmOID());
if (signatureAlgorithmIdentifier == null)
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG_IN_CERT.get(
certToReplace.getSignatureAlgorithmOID()));
return ResultCode.PARAM_ERROR;
}
else
{
signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
}
if (subjectDN == null)
{
subjectDN = certToReplace.getSubjectDN();
}
if (inheritExtensions)
{
for (final X509CertificateExtension extension :
certToReplace.getExtensions())
{
if ((extension instanceof AuthorityKeyIdentifierExtension) ||
(extension instanceof IssuerAlternativeNameExtension))
{
// This extension applies to the issuer. We won't include this in
// the set of inherited extensions.
}
else if (extension instanceof SubjectKeyIdentifierExtension)
{
// The generated certificate will automatically include a subject
// key identifier extension, so we don't need to include it.
}
else if (extension instanceof BasicConstraintsExtension)
{
// Don't override a value already provided on the command line.
if (basicConstraints == null)
{
basicConstraints = (BasicConstraintsExtension) extension;
extensionList.add(basicConstraints);
}
}
else if (extension instanceof ExtendedKeyUsageExtension)
{
// Don't override a value already provided on the command line.
if (extendedKeyUsage == null)
{
extendedKeyUsage = (ExtendedKeyUsageExtension) extension;
extensionList.add(extendedKeyUsage);
}
}
else if (extension instanceof KeyUsageExtension)
{
// Don't override a value already provided on the command line.
if (keyUsage == null)
{
keyUsage = (KeyUsageExtension) extension;
extensionList.add(keyUsage);
}
}
else if (extension instanceof SubjectAlternativeNameExtension)
{
// Although we could merge values, it's safer to not do that if any
// subject alternative name values were provided on the command
// line.
if (sanValues.isEmpty())
{
final SubjectAlternativeNameExtension e =
(SubjectAlternativeNameExtension) extension;
for (final String dnsName : e.getDNSNames())
{
sanValues.add("DNS:" + dnsName);
}
for (final InetAddress ipAddress : e.getIPAddresses())
{
sanValues.add("IP:" + ipAddress.getHostAddress());
}
for (final String emailAddress : e.getRFC822Names())
{
sanValues.add("EMAIL:" + emailAddress);
}
for (final String uri : e.getUniformResourceIdentifiers())
{
sanValues.add("URI:" + uri);
}
for (final OID oid : e.getRegisteredIDs())
{
sanValues.add("OID:" + oid.toString());
}
extensionList.add(extension);
}
}
else
{
genericExtensions.add(extension);
extensionList.add(extension);
}
}
}
// Create an array with the final set of extensions to include in the
// certificate or certificate signing request.
final X509CertificateExtension[] extensions =
new X509CertificateExtension[extensionList.size()];
extensionList.toArray(extensions);
// If we're generating a self-signed certificate or a certificate signing
// request, then we should now have everything we need to do that. Build
// a keytool command that we could use to accomplish it.
if (isGenerateCertificate)
{
if (displayKeytoolCommand)
{
final ArrayList keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-selfcert");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(alias);
keytoolArguments.add("-dname");
keytoolArguments.add(subjectDN.toString());
keytoolArguments.add("-sigalg");
keytoolArguments.add(signatureAlgorithmName);
keytoolArguments.add("-validity");
keytoolArguments.add(String.valueOf(daysValid));
if (validityStartTime != null)
{
keytoolArguments.add("-startdate");
keytoolArguments.add(formatValidityStartTime(validityStartTime));
}
addExtensionArguments(keytoolArguments, basicConstraints, keyUsage,
extendedKeyUsage, sanValues, ianValues, genericExtensions);
displayKeytoolCommand(keytoolArguments);
}
// Generate the self-signed certificate.
final long notBefore;
if (validityStartTime == null)
{
notBefore = System.currentTimeMillis();
}
else
{
notBefore = validityStartTime.getTime();
}
final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
final X509Certificate certificate;
final Certificate[] chain;
try
{
certificate = X509Certificate.generateSelfSignedCertificate(
signatureAlgorithmIdentifier, keyPair, subjectDN, notBefore,
notAfter, extensions);
chain = new Certificate[] { certificate.toCertificate() };
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CERT.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Update the keystore with the new certificate.
try
{
keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword,
chain);
writeKeystore(keystore, keystorePath, keystorePassword);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_UPDATING_KEYSTORE.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Display the certificate we just generated to the end user.
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_SELF_CERT.
get());
printCertificate(certificate, "", false);
// If we should write an output file, then do that now.
if (outputFile != null)
{
try (PrintStream ps = new PrintStream(outputFile))
{
final byte[] certBytes = certificate.getX509CertificateBytes();
if (outputPEM)
{
writePEMCertificate(ps, certBytes);
}
else
{
ps.write(certBytes);
}
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_GEN_CERT_WROTE_OUTPUT_FILE.get(
outputFile.getAbsolutePath()));
}
catch (final Exception e)
{
Debug.debugException(e);
err();
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CERT.get(
outputFile.getAbsolutePath()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
return ResultCode.SUCCESS;
}
else
{
// Build the keytool command used to generate the certificate signing
// request.
Validator.ensureTrue(isGenerateCSR);
if (displayKeytoolCommand)
{
final ArrayList keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-certreq");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(alias);
keytoolArguments.add("-dname");
keytoolArguments.add(subjectDN.toString());
keytoolArguments.add("-sigalg");
keytoolArguments.add(signatureAlgorithmName);
addExtensionArguments(keytoolArguments, basicConstraints, keyUsage,
extendedKeyUsage, sanValues, ianValues, genericExtensions);
if (outputFile != null)
{
keytoolArguments.add("-file");
keytoolArguments.add(outputFile.getAbsolutePath());
}
displayKeytoolCommand(keytoolArguments);
}
// Generate the certificate signing request.
final PKCS10CertificateSigningRequest certificateSigningRequest;
try
{
certificateSigningRequest = PKCS10CertificateSigningRequest.
generateCertificateSigningRequest(signatureAlgorithmIdentifier,
keyPair, subjectDN, extensions);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CSR.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Write the generated certificate signing request to the appropriate
// location.
try
{
final PrintStream ps;
if (outputFile == null)
{
ps = getOut();
}
else
{
ps = new PrintStream(outputFile);
}
if (outputPEM)
{
writePEMCertificateSigningRequest(ps,
certificateSigningRequest.
getPKCS10CertificateSigningRequestBytes());
}
else
{
ps.write(certificateSigningRequest.
getPKCS10CertificateSigningRequestBytes());
}
if (outputFile != null)
{
ps.close();
}
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CSR.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// If the certificate signing request was written to an output file,
// then let the user know that it was successful. If it was written to
// standard output, then we don't need to tell them because they'll be
// able to see it.
if (outputFile != null)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_CSR.get(
outputFile.getAbsolutePath()));
}
return ResultCode.SUCCESS;
}
}
// If we've gotten here, then we know we're not replacing an existing
// certificate. Perform any remaining argument assignment and validation.
if ((subjectDN == null) && (! isSignCSR))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_NO_SUBJECT_DN_WITHOUT_USE_EXISTING_KP.
get());
return ResultCode.PARAM_ERROR;
}
if (keyAlgorithmIdentifier == null)
{
keyAlgorithmIdentifier = PublicKeyAlgorithmIdentifier.RSA;
keyAlgorithmName = keyAlgorithmIdentifier.getName();
}
if (keySizeBits == null)
{
keySizeBits = 2048;
}
if ((signatureAlgorithmIdentifier == null) && (! isSignCSR))
{
signatureAlgorithmIdentifier =
SignatureAlgorithmIdentifier.SHA_256_WITH_RSA;
signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
}
// If we're going to generate a self-signed certificate or a certificate
// signing request, then we first need to generate a key pair. Put together
// the appropriate set of keytool arguments and then generate a self-signed
// certificate.
if (isGenerateCertificate || isGenerateCSR)
{
// Make sure that the specified alias is not already in use in the
// keystore.
if (hasKeyAlias(keystore, alias) || hasCertificateAlias(keystore, alias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ALIAS_EXISTS_WITHOUT_USE_EXISTING_KP.get(
alias));
return ResultCode.PARAM_ERROR;
}
if (displayKeytoolCommand)
{
final ArrayList keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-genkeypair");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(alias);
keytoolArguments.add("-dname");
keytoolArguments.add(subjectDN.toString());
keytoolArguments.add("-keyalg");
keytoolArguments.add(keyAlgorithmName);
keytoolArguments.add("-keysize");
keytoolArguments.add(String.valueOf(keySizeBits));
keytoolArguments.add("-sigalg");
keytoolArguments.add(signatureAlgorithmName);
keytoolArguments.add("-validity");
keytoolArguments.add(String.valueOf(daysValid));
if (validityStartTime != null)
{
keytoolArguments.add("-startdate");
keytoolArguments.add(formatValidityStartTime(validityStartTime));
}
addExtensionArguments(keytoolArguments, basicConstraints,
keyUsage, extendedKeyUsage, sanValues, ianValues,
genericExtensions);
displayKeytoolCommand(keytoolArguments);
}
// Generate the self-signed certificate.
final long notBefore;
if (validityStartTime == null)
{
notBefore = System.currentTimeMillis();
}
else
{
notBefore = validityStartTime.getTime();
}
final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
final X509CertificateExtension[] extensions =
new X509CertificateExtension[extensionList.size()];
extensionList.toArray(extensions);
final Certificate[] chain;
final KeyPair keyPair;
final X509Certificate certificate;
try
{
final ObjectPair p =
X509Certificate.generateSelfSignedCertificate(
signatureAlgorithmIdentifier, keyAlgorithmIdentifier,
keySizeBits, subjectDN, notBefore, notAfter, extensions);
certificate = p.getFirst();
chain = new Certificate[] { certificate.toCertificate() };
keyPair = p.getSecond();
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CERT.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Update the keystore with the new certificate.
try
{
keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword,
chain);
writeKeystore(keystore, keystorePath, keystorePassword);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_UPDATING_KEYSTORE.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
if (isNewKeystore)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_GEN_CERT_CERT_CREATED_KEYSTORE.get(
getUserFriendlyKeystoreType(keystoreType)));
}
// If we're just generating a self-signed certificate, then display the
// certificate that we generated and potentially write it to an output
// file.
if (isGenerateCertificate)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_SELF_CERT.get());
printCertificate(certificate, "", false);
// If we should write an output file, then do that now.
if (outputFile != null)
{
try (PrintStream ps = new PrintStream(outputFile))
{
final byte[] certBytes = certificate.getX509CertificateBytes();
if (outputPEM)
{
writePEMCertificate(ps, certBytes);
}
else
{
ps.write(certBytes);
}
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_GEN_CERT_WROTE_OUTPUT_FILE.get(
outputFile.getAbsolutePath()));
}
catch (final Exception e)
{
Debug.debugException(e);
err();
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CERT.get(
outputFile.getAbsolutePath()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
return ResultCode.SUCCESS;
}
// If we're generating a certificate signing request, then put together
// the appropriate set of arguments for that.
Validator.ensureTrue(isGenerateCSR);
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_KEYPAIR.get());
if (displayKeytoolCommand)
{
final ArrayList keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-certreq");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(alias);
keytoolArguments.add("-dname");
keytoolArguments.add(subjectDN.toString());
keytoolArguments.add("-sigalg");
keytoolArguments.add(signatureAlgorithmName);
addExtensionArguments(keytoolArguments, basicConstraints, keyUsage,
extendedKeyUsage, sanValues, ianValues, genericExtensions);
if (outputFile != null)
{
keytoolArguments.add("-file");
keytoolArguments.add(outputFile.getAbsolutePath());
}
displayKeytoolCommand(keytoolArguments);
}
// Generate the certificate signing request.
final PKCS10CertificateSigningRequest certificateSigningRequest;
try
{
certificateSigningRequest = PKCS10CertificateSigningRequest.
generateCertificateSigningRequest(signatureAlgorithmIdentifier,
keyPair, subjectDN, extensions);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CSR.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Write the generated certificate signing request to the appropriate
// location.
try
{
final PrintStream ps;
if (outputFile == null)
{
ps = getOut();
}
else
{
ps = new PrintStream(outputFile);
}
if (outputPEM)
{
writePEMCertificateSigningRequest(ps,
certificateSigningRequest.
getPKCS10CertificateSigningRequestBytes());
}
else
{
ps.write(certificateSigningRequest.
getPKCS10CertificateSigningRequestBytes());
}
if (outputFile != null)
{
ps.close();
}
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CSR.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// If the certificate signing request was written to an output file,
// then let the user know that it was successful. If it was written to
// standard output, then we don't need to tell them because they'll be
// able to see it.
if (outputFile != null)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_CSR.get(
outputFile.getAbsolutePath()));
}
return ResultCode.SUCCESS;
}
// If we've gotten here, then we should be signing a certificate signing
// request. Make sure that the keystore already has a private key entry
// with the specified alias.
Validator.ensureTrue(isSignCSR);
if (! hasKeyAlias(keystore, alias))
{
if (hasCertificateAlias(keystore, alias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_SIGN_ALIAS_IS_CERT.get(alias,
keystorePath.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
}
else
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_SIGN_NO_SUCH_ALIAS.get(alias,
keystorePath.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
}
}
// Get the signing certificate and its key pair.
final PrivateKey issuerPrivateKey;
final X509Certificate issuerCertificate;
try
{
final Certificate[] chain = keystore.getCertificateChain(alias);
issuerCertificate = new X509Certificate(chain[0].getEncoded());
issuerPrivateKey =
(PrivateKey) keystore.getKey(alias, privateKeyPassword);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_SIGN_CANNOT_GET_SIGNING_CERT.get(alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Make sure that we can decode the certificate signing request.
final PKCS10CertificateSigningRequest csr;
try
{
csr = readCertificateSigningRequestFromFile(inputFile);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Make sure that we can verify the certificate signing request's signature.
try
{
csr.verifySignature();
}
catch (final CertException ce)
{
Debug.debugException(ce);
wrapErr(0, WRAP_COLUMN, ce.getMessage());
return ResultCode.PARAM_ERROR;
}
// Prompt about whether to sign the request, if appropriate.
if (! noPrompt)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_GEN_CERT_SIGN_CONFIRM.get());
out();
printCertificateSigningRequest(csr, false, "");
out();
try
{
if (! promptForYesNo(
INFO_MANAGE_CERTS_GEN_CERT_PROMPT_SIGN.get()))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_SIGN_CANCELED.get());
return ResultCode.USER_CANCELED;
}
}
catch (final LDAPException le)
{
Debug.debugException(le);
err();
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
}
// Read the certificate signing request and see if we need to take values
// from it.
if ((subjectDN == null) || (signatureAlgorithmIdentifier == null) ||
includeRequestedExtensions)
{
if (subjectDN == null)
{
subjectDN = csr.getSubjectDN();
}
if (signatureAlgorithmIdentifier == null)
{
signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forOID(
csr.getSignatureAlgorithmOID());
if (signatureAlgorithmIdentifier == null)
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG_IN_CSR.get(
csr.getSignatureAlgorithmOID()));
return ResultCode.PARAM_ERROR;
}
else
{
signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
}
}
if (includeRequestedExtensions)
{
for (final X509CertificateExtension extension : csr.getExtensions())
{
if ((extension instanceof AuthorityKeyIdentifierExtension) ||
(extension instanceof IssuerAlternativeNameExtension))
{
// This extension applies to the issuer. We won't include this in
// the set of inherited extensions.
}
else if (extension instanceof SubjectKeyIdentifierExtension)
{
// The generated certificate will automatically include a subject
// key identifier extension, so we don't need to include it.
}
else if (extension instanceof BasicConstraintsExtension)
{
// Don't override a value already provided on the command line.
if (basicConstraints == null)
{
basicConstraints = (BasicConstraintsExtension) extension;
extensionList.add(basicConstraints);
}
}
else if (extension instanceof ExtendedKeyUsageExtension)
{
// Don't override a value already provided on the command line.
if (extendedKeyUsage == null)
{
extendedKeyUsage = (ExtendedKeyUsageExtension) extension;
extensionList.add(extendedKeyUsage);
}
}
else if (extension instanceof KeyUsageExtension)
{
// Don't override a value already provided on the command line.
if (keyUsage == null)
{
keyUsage = (KeyUsageExtension) extension;
extensionList.add(keyUsage);
}
}
else if (extension instanceof SubjectAlternativeNameExtension)
{
// Although we could merge values, it's safer to not do that if any
// subject alternative name values were provided on the command
// line.
if (sanValues.isEmpty())
{
final SubjectAlternativeNameExtension e =
(SubjectAlternativeNameExtension) extension;
for (final String dnsName : e.getDNSNames())
{
sanBuilder.addDNSName(dnsName);
sanValues.add("DNS:" + dnsName);
}
for (final InetAddress ipAddress : e.getIPAddresses())
{
sanBuilder.addIPAddress(ipAddress);
sanValues.add("IP:" + ipAddress.getHostAddress());
}
for (final String emailAddress : e.getRFC822Names())
{
sanBuilder.addRFC822Name(emailAddress);
sanValues.add("EMAIL:" + emailAddress);
}
for (final String uri : e.getUniformResourceIdentifiers())
{
sanBuilder.addUniformResourceIdentifier(uri);
sanValues.add("URI:" + uri);
}
for (final OID oid : e.getRegisteredIDs())
{
sanBuilder.addRegisteredID(oid);
sanValues.add("OID:" + oid.toString());
}
try
{
extensionList.add(
new SubjectAlternativeNameExtension(false,
sanBuilder.build()));
}
catch (final Exception ex)
{
// This should never happen.
Debug.debugException(ex);
throw new RuntimeException(ex);
}
}
}
else
{
genericExtensions.add(extension);
extensionList.add(extension);
}
}
}
}
// Generate the keytool arguments to use to sign the requested certificate.
final ArrayList keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-gencert");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(alias);
keytoolArguments.add("-dname");
keytoolArguments.add(subjectDN.toString());
keytoolArguments.add("-sigalg");
keytoolArguments.add(signatureAlgorithmName);
keytoolArguments.add("-validity");
keytoolArguments.add(String.valueOf(daysValid));
if (validityStartTime != null)
{
keytoolArguments.add("-startdate");
keytoolArguments.add(formatValidityStartTime(validityStartTime));
}
addExtensionArguments(keytoolArguments, basicConstraints, keyUsage,
extendedKeyUsage, sanValues, ianValues, genericExtensions);
keytoolArguments.add("-infile");
keytoolArguments.add(inputFile.getAbsolutePath());
if (outputFile != null)
{
keytoolArguments.add("-outfile");
keytoolArguments.add(outputFile.getAbsolutePath());
}
if (outputPEM)
{
keytoolArguments.add("-rfc");
}
if (displayKeytoolCommand)
{
displayKeytoolCommand(keytoolArguments);
}
// Generate the signed certificate.
final long notBefore;
if (validityStartTime == null)
{
notBefore = System.currentTimeMillis();
}
else
{
notBefore = validityStartTime.getTime();
}
final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
final X509CertificateExtension[] extensions =
new X509CertificateExtension[extensionList.size()];
extensionList.toArray(extensions);
final X509Certificate signedCertificate;
try
{
signedCertificate = X509Certificate.generateIssuerSignedCertificate(
signatureAlgorithmIdentifier, issuerCertificate, issuerPrivateKey,
csr.getPublicKeyAlgorithmOID(),
csr.getPublicKeyAlgorithmParameters(), csr.getEncodedPublicKey(),
csr.getDecodedPublicKey(), subjectDN, notBefore, notAfter,
extensions);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_SIGNING_CERT.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Write the signed certificate signing request to the appropriate location.
try
{
final PrintStream ps;
if (outputFile == null)
{
ps = getOut();
}
else
{
ps = new PrintStream(outputFile);
}
if (outputPEM)
{
writePEMCertificate(ps, signedCertificate.getX509CertificateBytes());
}
else
{
ps.write(signedCertificate.getX509CertificateBytes());
}
if (outputFile != null)
{
ps.close();
}
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_SIGNED_CERT.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// If the certificate signing request was written to an output file,
// then let the user know that it was successful. If it was written to
// standard output, then we don't need to tell them because they'll be
// able to see it.
if (outputFile != null)
{
out();
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_SIGNED_CERT.get(
outputFile.getAbsolutePath()));
}
return ResultCode.SUCCESS;
}
/**
* Performs the necessary processing for the change-certificate-alias
* subcommand.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doChangeCertificateAlias()
{
// Get the values of a number of configured arguments.
final StringArgument currentAliasArgument =
subCommandParser.getStringArgument("current-alias");
final String currentAlias = currentAliasArgument.getValue();
final StringArgument newAliasArgument =
subCommandParser.getStringArgument("new-alias");
final String newAlias = newAliasArgument.getValue();
final String keystoreType;
final File keystorePath = getKeystorePath();
try
{
keystoreType = inferKeystoreType(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] keystorePassword;
try
{
keystorePassword = getKeystorePassword(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the keystore.
final KeyStore keystore;
try
{
keystore = getKeystore(keystoreType, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// See if we need to use a private key password that is different from the
// keystore password.
final char[] privateKeyPassword;
try
{
privateKeyPassword =
getPrivateKeyPassword(keystore, currentAlias, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Make sure that the keystore has an existing entry with the current alias.
// It must be either a certificate entry or a private key entry.
final Certificate existingCertificate;
final Certificate[] existingCertificateChain;
final PrivateKey existingPrivateKey;
try
{
if (hasCertificateAlias(keystore, currentAlias))
{
existingCertificate = keystore.getCertificate(currentAlias);
existingCertificateChain = null;
existingPrivateKey = null;
}
else if (hasKeyAlias(keystore, currentAlias))
{
existingCertificateChain = keystore.getCertificateChain(currentAlias);
existingPrivateKey =
(PrivateKey) keystore.getKey(currentAlias, privateKeyPassword);
existingCertificate = null;
}
else
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_CHANGE_ALIAS_NO_SUCH_ALIAS.get(currentAlias));
return ResultCode.PARAM_ERROR;
}
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_CHANGE_ALIAS_CANNOT_GET_EXISTING_ENTRY.get(
currentAlias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Make sure that the keystore does not have an entry with the new alias.
if (hasCertificateAlias(keystore, newAlias) ||
hasKeyAlias(keystore, newAlias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_CHANGE_ALIAS_NEW_ALIAS_IN_USE.get(newAlias));
return ResultCode.PARAM_ERROR;
}
// Generate the keytool arguments to use to change the certificate alias.
final BooleanArgument displayKeytoolCommandArgument =
subCommandParser.getBooleanArgument("display-keytool-command");
if ((displayKeytoolCommandArgument != null) &&
displayKeytoolCommandArgument.isPresent())
{
final ArrayList keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-changealias");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(currentAlias);
keytoolArguments.add("-destalias");
keytoolArguments.add(newAlias);
displayKeytoolCommand(keytoolArguments);
}
// Update the keystore to remove the entry with the current alias and
// re-write it with the new alias.
try
{
keystore.deleteEntry(currentAlias);
if (existingCertificate != null)
{
keystore.setCertificateEntry(newAlias, existingCertificate);
}
else
{
keystore.setKeyEntry(newAlias, existingPrivateKey,
privateKeyPassword, existingCertificateChain);
}
writeKeystore(keystore, keystorePath, keystorePassword);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_CHANGE_ALIAS_CANNOT_UPDATE_KEYSTORE.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_CHANGE_ALIAS_SUCCESSFUL.get(currentAlias,
newAlias));
return ResultCode.SUCCESS;
}
/**
* Performs the necessary processing for the change-keystore-password
* subcommand.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doChangeKeystorePassword()
{
// Get the values of a number of configured arguments.
final String keystoreType;
final File keystorePath = getKeystorePath();
try
{
keystoreType = inferKeystoreType(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] currentKeystorePassword;
try
{
currentKeystorePassword = getKeystorePassword(keystorePath, "current");
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] newKeystorePassword;
try
{
newKeystorePassword = getKeystorePassword(keystorePath, "new");
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the keystore.
final KeyStore keystore;
try
{
keystore = getKeystore(keystoreType, keystorePath,
currentKeystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Generate the keytool arguments to use to change the keystore password.
final BooleanArgument displayKeytoolCommandArgument =
subCommandParser.getBooleanArgument("display-keytool-command");
if ((displayKeytoolCommandArgument != null) &&
displayKeytoolCommandArgument.isPresent())
{
final ArrayList keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-storepasswd");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-new");
keytoolArguments.add("*****REDACTED*****");
displayKeytoolCommand(keytoolArguments);
}
// Rewrite the keystore with the new password.
try
{
writeKeystore(keystore, keystorePath, newKeystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_CHANGE_KS_PW_SUCCESSFUL.get(
keystorePath.getAbsolutePath()));
return ResultCode.SUCCESS;
}
/**
* Performs the necessary processing for the change-private-key-password
* subcommand.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doChangePrivateKeyPassword()
{
// Get the values of a number of configured arguments.
final StringArgument aliasArgument =
subCommandParser.getStringArgument("alias");
final String alias = aliasArgument.getValue();
final String keystoreType;
final File keystorePath = getKeystorePath();
try
{
keystoreType = inferKeystoreType(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] keystorePassword;
try
{
keystorePassword = getKeystorePassword(keystorePath);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the keystore.
final KeyStore keystore;
try
{
keystore = getKeystore(keystoreType, keystorePath, keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Make sure that the keystore has a key entry with the specified alias.
if (hasCertificateAlias(keystore, alias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_CHANGE_PK_PW_ALIAS_IS_CERT.get(alias));
return ResultCode.PARAM_ERROR;
}
else if (! hasKeyAlias(keystore, alias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_CHANGE_PK_PW_NO_SUCH_ALIAS.get(alias));
return ResultCode.PARAM_ERROR;
}
// Get the current and new private key passwords.
final char[] currentPrivateKeyPassword;
try
{
currentPrivateKeyPassword =
getPrivateKeyPassword(keystore, alias, "current", keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] newPrivateKeyPassword;
try
{
newPrivateKeyPassword =
getPrivateKeyPassword(keystore, alias, "new", keystorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Generate the keytool arguments to use to change the private key.
final BooleanArgument displayKeytoolCommandArgument =
subCommandParser.getBooleanArgument("display-keytool-command");
if ((displayKeytoolCommandArgument != null) &&
displayKeytoolCommandArgument.isPresent())
{
final ArrayList keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-keypasswd");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(alias);
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-new");
keytoolArguments.add("*****REDACTED*****");
displayKeytoolCommand(keytoolArguments);
}
// Get the contents of the private key entry.
final Certificate[] chain;
final PrivateKey privateKey;
try
{
chain = keystore.getCertificateChain(alias);
privateKey =
(PrivateKey) keystore.getKey(alias, currentPrivateKeyPassword);
}
catch (final UnrecoverableKeyException e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_CHANGE_PK_PW_WRONG_PK_PW.get(alias));
return ResultCode.PARAM_ERROR;
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_CHANGE_PK_PW_CANNOT_GET_PK.get(alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Remove the existing key entry and re-add it with the new password.
try
{
keystore.deleteEntry(alias);
keystore.setKeyEntry(alias, privateKey, newPrivateKeyPassword, chain);
writeKeystore(keystore, keystorePath, keystorePassword);
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_CHANGE_PK_PW_CANNOT_UPDATE_KS.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_CHANGE_PK_PW_SUCCESSFUL.get(alias));
return ResultCode.SUCCESS;
}
/**
* Performs the necessary processing for the copy-keystore subcommand.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doCopyKeystore()
{
// Get the source key store.
final String sourceKeyStoreType;
final File sourceKeyStorePath = getKeystorePath("source-keystore");
try
{
sourceKeyStoreType = inferKeystoreType(sourceKeyStorePath, "source");
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] sourceKeyStorePassword;
try
{
sourceKeyStorePassword =
getKeystorePassword(sourceKeyStorePath, "source");
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final KeyStore sourceKeyStore;
try
{
sourceKeyStore = getKeystore(sourceKeyStoreType, sourceKeyStorePath,
sourceKeyStorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the destination key store.
final String destinationKeyStoreType;
final File destinationKeyStorePath =
getKeystorePath("destination-keystore");
try
{
destinationKeyStoreType = inferKeystoreType(destinationKeyStorePath,
"destination");
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final boolean destinationExists = destinationKeyStorePath.exists();
char[] destinationKeyStorePassword;
try
{
destinationKeyStorePassword =
getKeystorePassword(destinationKeyStorePath, "destination");
if (destinationKeyStorePassword == null)
{
destinationKeyStorePassword = sourceKeyStorePassword;
}
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final KeyStore destinationKeyStore;
try
{
destinationKeyStore = getKeystore(destinationKeyStoreType,
destinationKeyStorePath, destinationKeyStorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the value of the aliases argument, if it was provided.
final Set aliases = new LinkedHashSet<>();
try
{
final StringArgument aliasArg =
subCommandParser.getStringArgument("alias");
if ((aliasArg != null) && aliasArg.isPresent())
{
for (final String alias : aliasArg.getValues())
{
aliases.add(alias);
if (! sourceKeyStore.containsAlias(alias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_COPY_KS_NO_SUCH_SOURCE_ALIAS.get(
sourceKeyStorePath.getAbsolutePath(), alias));
return ResultCode.PARAM_ERROR;
}
}
}
else
{
final Enumeration sourceAliases = sourceKeyStore.aliases();
while (sourceAliases.hasMoreElements())
{
aliases.add(sourceAliases.nextElement());
}
}
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_COPY_KS_CANNOT_GET_SOURCE_ALIASES.get(
sourceKeyStorePath.getAbsolutePath(),
StaticUtils.getExceptionMessage(e)));
return ResultCode.LOCAL_ERROR;
}
// If the set of aliases is empty and the destination key store already
// exists, then exit without doing anything.
if (aliases.isEmpty() && destinationExists)
{
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_COPY_KS_NO_CERTS_COPIED_EXISTING_KS.get(
sourceKeyStorePath.getAbsolutePath(),
destinationKeyStorePath.getAbsolutePath()));
return ResultCode.SUCCESS;
}
// Make sure that none of the target aliases exist in the destination key
// store.
for (final String alias : aliases)
{
try
{
if (destinationKeyStore.containsAlias(alias))
{
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_COPY_KS_CONFLICTING_ALIAS.get(alias,
destinationKeyStorePath.getAbsolutePath(),
subCommandParser.getCommandName()));
return ResultCode.CONSTRAINT_VIOLATION;
}
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_COPY_KS_CANNOT_CHECK_DEST_ALIAS.get(alias,
destinationKeyStorePath.getAbsolutePath(),
StaticUtils.getExceptionMessage(e)));
return ResultCode.LOCAL_ERROR;
}
}
// Copy each of the targeted entries from the source key store into the
// destination key store.
char[] sourcePrivateKeyPassword = null;
char[] destinationPrivateKeyPassword = null;
for (final String alias : aliases)
{
try
{
if (sourceKeyStore.isCertificateEntry(alias))
{
final Certificate certificate = sourceKeyStore.getCertificate(alias);
destinationKeyStore.setCertificateEntry(alias, certificate);
}
else
{
if (sourcePrivateKeyPassword == null)
{
sourcePrivateKeyPassword = getPrivateKeyPassword(sourceKeyStore,
alias, "source", sourceKeyStorePassword);
}
if (destinationPrivateKeyPassword == null)
{
destinationPrivateKeyPassword = getPrivateKeyPassword(
destinationKeyStore, alias, "destination",
destinationKeyStorePassword);
}
final Certificate[] chain = sourceKeyStore.getCertificateChain(alias);
final Key key =
sourceKeyStore.getKey(alias, sourcePrivateKeyPassword);
destinationKeyStore.setKeyEntry(alias, key,
destinationPrivateKeyPassword, chain);
}
}
catch (final Exception e)
{
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN,
ERR_MANAGE_CERTS_COPY_KS_ERROR_COPYING_ENTRY.get(alias,
sourceKeyStorePath.getAbsolutePath(),
destinationKeyStorePath.getAbsolutePath(),
StaticUtils.getExceptionMessage(e)));
return ResultCode.LOCAL_ERROR;
}
}
// Rewrite the destination keystore.
try
{
writeKeystore(destinationKeyStore, destinationKeyStorePath,
destinationKeyStorePassword);
}
catch (final LDAPException le)
{
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
if (aliases.isEmpty())
{
// This should only happen if the alias argument was not provided, the
// source key store is empty, and the destination key store doesn't exist.
// In that case, the destination key store will have been created.
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_COPY_KS_NO_CERTS_COPIED_KS_CREATED.get(
sourceKeyStorePath.getAbsolutePath(),
destinationKeyStoreType,
destinationKeyStorePath.getAbsolutePath()));
}
else
{
// Write a message about the entries that were successfully copied.
wrapOut(0, WRAP_COLUMN,
INFO_MANAGE_CERTS_COPY_KS_CERTS_COPIED_HEADER.get(
sourceKeyStorePath.getAbsolutePath(),
destinationKeyStoreType,
destinationKeyStorePath.getAbsolutePath()));
for (final String alias : aliases)
{
out("* ", alias);
}
}
return ResultCode.SUCCESS;
}
/**
* Performs the necessary processing for the retrieve-server-certificate
* subcommand.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doRetrieveServerCertificate()
{
// Get the values of a number of configured arguments.
final StringArgument hostnameArgument =
subCommandParser.getStringArgument("hostname");
final String hostname = hostnameArgument.getValue();
final IntegerArgument portArgument =
subCommandParser.getIntegerArgument("port");
final int port = portArgument.getValue();
final BooleanArgument useLDAPStartTLSArgument =
subCommandParser.getBooleanArgument("use-ldap-start-tls");
final boolean useLDAPStartTLS =
((useLDAPStartTLSArgument != null) &&
useLDAPStartTLSArgument.isPresent());
final BooleanArgument onlyPeerArgument =
subCommandParser.getBooleanArgument("only-peer-certificate");
final boolean onlyPeer =
((onlyPeerArgument != null) && onlyPeerArgument.isPresent());
final BooleanArgument verboseArgument =
subCommandParser.getBooleanArgument("verbose");
final boolean verbose =
((verboseArgument != null) && verboseArgument.isPresent());
boolean outputPEM = true;
final StringArgument outputFormatArgument =
subCommandParser.getStringArgument("output-format");
if ((outputFormatArgument != null) && outputFormatArgument.isPresent())
{
final String format = outputFormatArgument.getValue().toLowerCase();
if (format.equals("der") || format.equals("binary") ||
format.equals("bin"))
{
outputPEM = false;
}
}
File outputFile = null;
final FileArgument outputFileArgument =
subCommandParser.getFileArgument("output-file");
if ((outputFileArgument != null) && outputFileArgument.isPresent())
{
outputFile = outputFileArgument.getValue();
}
// Spawn a background thread to establish a connection and get the
// certificate chain from the target server.
final LinkedBlockingQueue
