📄 certreqservlet.java
字号:
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/ package se.anatom.ejbca.apply;import java.io.*;import java.security.GeneralSecurityException;import java.security.KeyPair;import java.security.KeyStore;import java.security.PrivateKey;import java.security.cert.*;import java.util.*;import javax.ejb.*;import javax.naming.InitialContext;import javax.rmi.PortableRemoteObject;import javax.servlet.*;import javax.servlet.http.*;import org.apache.log4j.Logger;import se.anatom.ejbca.SecConst;import se.anatom.ejbca.ca.exception.AuthLoginException;import se.anatom.ejbca.ca.exception.AuthStatusException;import se.anatom.ejbca.ca.exception.SignRequestException;import se.anatom.ejbca.ca.exception.SignRequestSignatureException;import se.anatom.ejbca.ca.sign.ISignSessionHome;import se.anatom.ejbca.ca.sign.ISignSessionRemote;import se.anatom.ejbca.keyrecovery.IKeyRecoverySessionHome;import se.anatom.ejbca.keyrecovery.IKeyRecoverySessionRemote;import se.anatom.ejbca.keyrecovery.KeyRecoveryData;import se.anatom.ejbca.ra.raadmin.IRaAdminSessionRemote;import se.anatom.ejbca.ra.raadmin.IRaAdminSessionHome;import se.anatom.ejbca.log.Admin;import se.anatom.ejbca.ra.IUserAdminSessionHome;import se.anatom.ejbca.ra.IUserAdminSessionRemote;import se.anatom.ejbca.ra.UserAdminData;import se.anatom.ejbca.ra.UserDataRemote;import se.anatom.ejbca.util.Base64;import se.anatom.ejbca.util.CertTools;import se.anatom.ejbca.util.KeyTools;/** * Servlet used to install a private key with a corresponding certificate in a browser. A new * certificate is installed in the browser in following steps:<br> * 1. The key pair is generated by the browser. <br> * 2. The public part is sent to the servlet in a POST together with user info ("pkcs10|keygen", * "inst", "user", "password"). For internet explorer the public key is sent as a PKCS10 * certificate request. <br> * 3. The new certificate is created by calling the RSASignSession session bean. <br> * 4. A page containing the new certificate and a script that installs it is returned to the * browser. <br> * * <p></p> * * <p> * The following initiation parameters are needed by this servlet: <br> * "responseTemplate" file that defines the response to the user (IE). It should have one line * with the text "cert =". This line is replaced with the new certificate. "keyStorePass". * Password needed to load the key-store. If this parameter is none existing it is assumed that no * password is needed. The path could be absolute or relative.<br> * </p> * * @author Original code by Lars Silv?n * @version $Id: CertReqServlet.java,v 1.45.2.1 2004/06/22 11:04:12 herrvendil Exp $ */public class CertReqServlet extends HttpServlet { private static Logger log = Logger.getLogger(CertReqServlet.class); private ISignSessionHome signsessionhome = null; private IUserAdminSessionHome useradminhome = null; private IRaAdminSessionHome raadminhome = null; private IKeyRecoverySessionHome keyrecoveryhome = null; private byte[] bagattributes = "Bag Attributes\n".getBytes(); private byte[] friendlyname = " friendlyName: ".getBytes(); private byte[] subject = "subject=/".getBytes(); private byte[] issuer = "issuer=/".getBytes(); private byte[] beginCertificate = "-----BEGIN CERTIFICATE-----".getBytes(); private byte[] endCertificate = "-----END CERTIFICATE-----".getBytes(); private byte[] beginPrivateKey = "-----BEGIN PRIVATE KEY-----".getBytes(); private byte[] endPrivateKey = "-----END PRIVATE KEY-----".getBytes(); private byte[] NL = "\n".getBytes(); /** * Servlet init * * @param config servlet configuration * * @throws ServletException on error */ public void init(ServletConfig config) throws ServletException { super.init(config); try { // Install BouncyCastle provider CertTools.installBCProvider(); // Get EJB context and home interfaces InitialContext ctx = new InitialContext(); signsessionhome = (ISignSessionHome) PortableRemoteObject.narrow( ctx.lookup("RSASignSession"), ISignSessionHome.class ); useradminhome = (IUserAdminSessionHome) PortableRemoteObject.narrow( ctx.lookup("UserAdminSession"), IUserAdminSessionHome.class ); raadminhome = (IRaAdminSessionHome) PortableRemoteObject.narrow( ctx.lookup("RaAdminSession"), IRaAdminSessionHome.class ); keyrecoveryhome = (IKeyRecoverySessionHome) PortableRemoteObject.narrow( ctx.lookup("KeyRecoverySession"), IKeyRecoverySessionHome.class ); } catch( Exception e ) { throw new ServletException(e); } } /** * Handles HTTP POST * * @param request servlet request * @param response servlet response * * @throws IOException input/output error * @throws ServletException on error */ public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { ServletDebug debug = new ServletDebug(request, response); boolean usekeyrecovery = false; try { String username = request.getParameter("user"); String password = request.getParameter("password"); String keylengthstring = request.getParameter("keylength"); int keylength = 1024; int resulttype = 0; if(request.getParameter("resulttype") != null) resulttype = Integer.parseInt(request.getParameter("resulttype")); // Indicates if certificate or PKCS7 should be returned on manual PKCS10 request. String classid = "clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1\" CODEBASE=\"/CertControl/xenroll.cab#Version=5,131,3659,0"; if ((request.getParameter("classid") != null) && !request.getParameter("classid").equals("")) { classid = request.getParameter("classid"); } if (keylengthstring != null) { keylength = Integer.parseInt(keylengthstring); } Admin administrator = new Admin(Admin.TYPE_PUBLIC_WEB_USER, request.getRemoteAddr()); IUserAdminSessionRemote adminsession = useradminhome.create(); IRaAdminSessionRemote raadminsession = raadminhome.create(); ISignSessionRemote signsession = signsessionhome.create(); RequestHelper helper = new RequestHelper(administrator, debug); log.debug("Got request for " + username + "/" + password); debug.print("<h3>username: " + username + "</h3>"); // Check user int tokentype = SecConst.TOKEN_SOFT_BROWSERGEN; usekeyrecovery = (raadminsession.loadGlobalConfiguration(administrator)).getEnableKeyRecovery(); UserAdminData data = adminsession.findUser(administrator, username); if (data == null) { throw new ObjectNotFoundException(); } boolean savekeys = data.getKeyRecoverable() && usekeyrecovery; boolean loadkeys = (data.getStatus() == UserDataRemote.STATUS_KEYRECOVERY) && usekeyrecovery; // get users Token Type. tokentype = data.getTokenType(); if(tokentype == SecConst.TOKEN_SOFT_P12){ KeyStore ks = generateToken(administrator, username, password, data.getCAId(), keylength, false, loadkeys, savekeys); sendP12Token(ks, username, password, response); } if(tokentype == SecConst.TOKEN_SOFT_JKS){ KeyStore ks = generateToken(administrator, username, password, data.getCAId(), keylength, true, loadkeys, savekeys); sendJKSToken(ks, username, password, response); } if(tokentype == SecConst.TOKEN_SOFT_PEM){ KeyStore ks = generateToken(administrator, username, password, data.getCAId(), keylength, false, loadkeys, savekeys); sendPEMTokens(ks, username, password, response); } if(tokentype == SecConst.TOKEN_SOFT_BROWSERGEN){ // first check if it is a netscape request, if (request.getParameter("keygen") != null) { byte[] reqBytes=request.getParameter("keygen").getBytes(); log.debug("Received NS request:"+new String(reqBytes)); if (reqBytes != null) { byte[] certs = helper.nsCertRequest(signsession, reqBytes, username, password); RequestHelper.sendNewCertToNSClient(certs, response); } } else if ( (request.getParameter("pkcs10") != null) || (request.getParameter("PKCS10") != null) ) { // if not netscape, check if it's IE byte[] reqBytes=request.getParameter("pkcs10").getBytes(); if (reqBytes == null) reqBytes=request.getParameter("PKCS10").getBytes(); log.debug("Received IE request:"+new String(reqBytes)); if (reqBytes != null) { byte[] b64cert=helper.pkcs10CertRequest(signsession, reqBytes, username, password, RequestHelper.ENCODED_PKCS7); debug.ieCertFix(b64cert); RequestHelper.sendNewCertToIEClient(b64cert, response.getOutputStream(), getServletContext(), getInitParameter("responseTemplate"),classid); } } else if (request.getParameter("pkcs10req") != null && resulttype != 0) { // if not IE, check if it's manual request byte[] reqBytes=request.getParameter("pkcs10req").getBytes(); if (reqBytes != null) { byte[] b64cert=helper.pkcs10CertRequest(signsession, reqBytes, username, password, resulttype); if(resulttype == RequestHelper.ENCODED_PKCS7) RequestHelper.sendNewB64Cert(b64cert, response, RequestHelper.BEGIN_PKCS7_WITH_NL, RequestHelper.END_PKCS7_WITH_NL); if(resulttype == RequestHelper.ENCODED_CERTIFICATE) RequestHelper.sendNewB64Cert(b64cert, response, RequestHelper.BEGIN_CERTIFICATE_WITH_NL, RequestHelper.END_CERTIFICATE_WITH_NL); } } } } catch (ObjectNotFoundException oe) { log.debug("Non existent username!"); debug.printMessage("Non existent username!"); debug.printMessage( "To generate a certificate a valid username and password must be entered."); debug.printDebugInfo(); return; } catch (AuthStatusException ase) { log.debug("Wrong user status!"); debug.printMessage("Wrong user status!"); if (usekeyrecovery) { debug.printMessage( "To generate a certificate for a user the user must have status new, failed or inprocess."); } else { debug.printMessage( "To generate a certificate for a user the user must have status new, failed or inprocess."); } debug.printDebugInfo(); return; } catch (AuthLoginException ale) { log.debug("Wrong password for user!"); debug.printMessage("Wrong username or password!"); debug.printMessage( "To generate a certificate a valid username and password must be entered."); debug.printDebugInfo(); return; } catch (SignRequestException re) { log.debug("Invalid request!");⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -