From e45526ac07f1ddbd76ef0318d23ae24a97c956e7 Mon Sep 17 00:00:00 2001
From: Owen Malone <owenm8@mit.edu>
Date: Wed, 11 Jun 2025 16:38:33 -0400
Subject: [PATCH] add Maven configuration, increase cert validity period,
 remove crl

---
 pom.xml                                       |  8 +++++
 src/main/java/com/opencsi/jscepcli/App.java   | 32 -------------------
 .../java/com/opencsi/jscepcli/CertUtil.java   |  3 +-
 3 files changed, 10 insertions(+), 33 deletions(-)

diff --git a/pom.xml b/pom.xml
index b0c6963..6ebfca8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -50,6 +50,14 @@
                     </execution>
                 </executions>
             </plugin>
+<plugin>
+            <groupId>org.codehaus.mojo</groupId>
+            <artifactId>exec-maven-plugin</artifactId>
+            <version>1.2.1</version>
+            <configuration>
+                <mainClass>com.opencsi.jscepcli.App</mainClass>
+            </configuration>
+        </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
diff --git a/src/main/java/com/opencsi/jscepcli/App.java b/src/main/java/com/opencsi/jscepcli/App.java
index 90ab1df..f074dae 100644
--- a/src/main/java/com/opencsi/jscepcli/App.java
+++ b/src/main/java/com/opencsi/jscepcli/App.java
@@ -194,38 +194,6 @@ public void scepCLI() throws Exception {
                 }
                 System.out.println("Certificate issued for subject DN: " + clientCertificate.getSubjectDN().getName());
 
-                if(params.getText() || params.getCrlFile() != null)
-                {
-                    X509CRL crl;
-
-                    try {
-                        crl = client.getRevocationList(clientCertificate,
-                                                       kp.getPrivate(),
-                                                       clientCertificate.getIssuerX500Principal(),
-                                                       clientCertificate.getSerialNumber(),
-                                                       params.getCaIdentifier());
-
-                        saveToPEM(params.getCrlFile(), crl);
-
-                        if(params.getText() && crl != null) {
-                            printPEM("Certificate Revocation List", crl);
-                        }
-
-                    }
-                    catch(OperationFailureException ofe)
-                    {
-                        System.err.println("Could not retrieve CRL.");
-                        if(params.getVerbose()) {
-                            ofe.printStackTrace();
-                        }
-                    }
-                }
-                else
-                {
-                    if(params.getVerbose()) {
-                        System.err.println("Skipping CRL output (neither a file nor --text was specified)");
-                    }
-                }
 
             } else {
                 System.err.println("Failure response: " + response.getFailInfo());
diff --git a/src/main/java/com/opencsi/jscepcli/CertUtil.java b/src/main/java/com/opencsi/jscepcli/CertUtil.java
index 36d63ed..e5564b5 100644
--- a/src/main/java/com/opencsi/jscepcli/CertUtil.java
+++ b/src/main/java/com/opencsi/jscepcli/CertUtil.java
@@ -6,6 +6,7 @@
 
 import java.io.ByteArrayInputStream;
 import java.math.BigInteger;
+import java.time.temporal.ChronoUnit;
 import java.security.KeyPair;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -40,7 +41,7 @@ public X509Certificate createSelfSignedCertificate(KeyPair kp, String dn) throws
 
         X500Name principal = new X500Name(dn);
         SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded());
-        final X509v3CertificateBuilder certbuilder = new X509v3CertificateBuilder(principal, serial, now, now, principal, spki);
+        final X509v3CertificateBuilder certbuilder = new X509v3CertificateBuilder(principal, serial, now, Date.from(now.toInstant    ().plus(1, ChronoUnit.DAYS)), principal, spki);
         final ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA").setProvider(new BouncyCastleProvider()).build(kp.getPrivate());
         final X509CertificateHolder certHolder = certbuilder.build(signer);
         return (X509Certificate) CertificateFactory.getInstance("X.509", new BouncyCastleProvider()).generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));