Enhancement to the CLI: CaImportCertDirCommand.java

[Stueypoo]

• Added an option to use an alternate CA certificate.

When importing certificates into a newly migrated CA, the code performs a certificate verification based upon the CA's certificate that is stored in the DB. A problem with this is when the certificates being imported had been issued from the CA's previous certificate. An example CA that is impacted by this is a CSCA used for ePassports. These CA are renewed often, and the end-entity certificate have a long validity.

To remedy this, I added a "--cacert" option that allows the Operator to provide an alternate CA certificate that will then be used to verify the certificate being imported.

• Added an option to get the revocation details from the filename.

When importing revoked certificates, the Operator should supply the revocation REASON and INVALIDITY_TIME. If you have a lot of revoked certificates to import, then a better option is required.

One idea is to have the REASON and TIME value encoded within the filename of each certificate, and the code then extracts these revocation details. The filename format being: CertName_REASON_TIME

REASON is the reason code value or the name. eg., For suspended certs, use either "6" or "CERTIFICATEHOLD"
TIME format is YYYY.MM.DD-hh:mm

Checklist before requesting a review

• [X ] I have performed a self-review of my code
• [X ] I have kept the patch limited to only change the parts related to the patch
• This change requires a documentation update

[primetomas]

Awesome, thank you. There is a system test for this command in modules/systemtests/src-test/org/ejbca/ui/cli/ca/CaImportCertCommandSystemTest.java

Can you add some testing of the new parameters there?

You can easily run the test with

ant test:runone -Dtest.runone=CaImportCertCommandSystemTest