📄 democertreqservlet.java
字号:
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/ package se.anatom.ejbca.apply;import java.io.BufferedReader;import java.io.IOException;import java.io.InputStreamReader;import java.io.OutputStream;import java.io.PrintStream;import java.util.Date;import java.util.Enumeration;import javax.ejb.CreateException;import javax.ejb.ObjectNotFoundException;import javax.naming.InitialContext;import javax.rmi.PortableRemoteObject;import javax.servlet.ServletConfig;import javax.servlet.ServletException;import javax.servlet.ServletOutputStream;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.log4j.Logger;import se.anatom.ejbca.SecConst;import se.anatom.ejbca.ra.*;import se.anatom.ejbca.ra.raadmin.IRaAdminSessionHome;import se.anatom.ejbca.ra.raadmin.IRaAdminSessionRemote;import se.anatom.ejbca.ca.exception.AuthLoginException;import se.anatom.ejbca.ca.exception.AuthStatusException;import se.anatom.ejbca.ca.exception.SignRequestException;import se.anatom.ejbca.ca.exception.SignRequestSignatureException;import se.anatom.ejbca.ca.sign.ISignSessionHome;import se.anatom.ejbca.ca.sign.ISignSessionRemote;import se.anatom.ejbca.ca.store.ICertificateStoreSessionHome;import se.anatom.ejbca.ca.store.ICertificateStoreSessionRemote;import se.anatom.ejbca.log.Admin;import se.anatom.ejbca.util.Base64;import se.anatom.ejbca.util.CertTools;import se.anatom.ejbca.util.FileTools;import se.anatom.ejbca.util.StringTools;import se.anatom.ejbca.ra.UserAdminData;/** * This is a servlet that is used for creating a user into EJBCA and * retrieving her certificate. Supports only POST. * <p> * The CGI parameters for requests are the following. * </p> * <dl> * <dt>pkcs10req</dt> * <dd> * A PKCS#10 request, mandatory. * </dd> * <dt>username</dt> * <dd> * The username (for EJBCA use only). Optional, defaults to the CN in * the PKCS#10 request. * </dd> * <dt>password</dt> * <dd> * Password for the user (for EJBCA internal use only). Optional, * defaults to an empty string. Used for authorization of the certificate request. * </dd> * <dt>email</dt> * <dd> * Email of the user for inclusion in subject alternative names. Optional, * defaults to none. * </dd> * <dt>entityprofile</dt> * <dd> * The name of the EJBCA end entity profile for the user. Optional, * defaults to an empty end entity profile. * </dd> * <dt>certificateprofile</dt> * <dd> * The name of the EJBCA certificate profile to use. Optional, * defaults to the fixed end user profile. * </dd> * </dl> * * @version $Id: DemoCertReqServlet.java,v 1.34 2004/04/18 16:01:55 anatom Exp $ */public class DemoCertReqServlet extends HttpServlet { private final static Logger log = Logger.getLogger(DemoCertReqServlet.class); private ISignSessionHome signsessionhome = null; private IUserAdminSessionHome useradminsessionhome = null; private IRaAdminSessionHome raadminsessionhome = null; private ICertificateStoreSessionHome storesessionhome = null; // Edit this constant to the id of your preferable ca used to sign certificate. private final static int DEFAULT_DEMOCAID = 0; private final static byte[] BEGIN_CERT = "-----BEGIN CERTIFICATE-----".getBytes(); private final static int BEGIN_CERT_LENGTH = BEGIN_CERT.length; private final static byte[] END_CERT = "-----END CERTIFICATE-----".getBytes(); private final static int END_CERT_LENGTH = END_CERT.length; private final static byte[] NL = "\n".getBytes(); private final static int NL_LENGTH = NL.length; public void init(ServletConfig config) throws ServletException { super.init(config); try { // Install BouncyCastle provider CertTools.installBCProvider(); // Get EJB context and home interfaces InitialContext ctx = new InitialContext(); signsessionhome = (ISignSessionHome) PortableRemoteObject.narrow(ctx.lookup("RSASignSession"), ISignSessionHome.class); useradminsessionhome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(ctx.lookup("UserAdminSession"), IUserAdminSessionHome.class); raadminsessionhome = (IRaAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(ctx.lookup("RaAdminSession"), IRaAdminSessionHome.class); storesessionhome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(ctx.lookup("CertificateStoreSession"), ICertificateStoreSessionHome.class); } catch (Exception e) { throw new ServletException(e); } } /** * Handles PKCS10 certificate request, these are constructed as: * <pre><code> * CertificationRequest ::= SEQUENCE { * certificationRequestInfo CertificationRequestInfo, * signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, * signature BIT STRING * } * CertificationRequestInfo ::= SEQUENCE { * version INTEGER { v1(0) } (v1,...), * subject Name, * subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, * attributes [0] Attributes{{ CRIAttributes }} * } * SubjectPublicKeyInfo { ALGORITHM : IOSet} ::= SEQUENCE { * algorithm AlgorithmIdentifier {{IOSet}}, * subjectPublicKey BIT STRING * } * </pre> * * PublicKey's encoded-format has to be RSA X.509. */ public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { ServletDebug debug = new ServletDebug(request, response); ISignSessionRemote signsession = null; ICertificateStoreSessionRemote storesession = null; IUserAdminSessionRemote useradminsession = null; IRaAdminSessionRemote raadminsession = null; try { useradminsession = useradminsessionhome.create(); raadminsession = raadminsessionhome.create(); signsession = signsessionhome.create(); storesession = storesessionhome.create(); } catch (CreateException e) { throw new ServletException(e); } Admin admin = new Admin(Admin.TYPE_PUBLIC_WEB_USER, request.getRemoteAddr()); RequestHelper helper = new RequestHelper(admin, debug); String dn = null; dn = request.getParameter("user"); byte[] reqBytes = null; int type = 0; if (request.getParameter("keygen") != null) { reqBytes=request.getParameter("keygen").getBytes(); log.debug("Received NS request:"+new String(reqBytes)); if (reqBytes != null) { type = 1; } } else if (request.getParameter("pkcs10req") != null) { // if not netscape, check if it's IE reqBytes=request.getParameter("pkcs10req").getBytes(); log.debug("Received IE request:"+new String(reqBytes)); if (reqBytes != null) { type = 2; } } if (reqBytes == null) { // abort here, no request received throw new ServletException("A certification request must be provided!"); } String username = request.getParameter("username"); if (username == null || username.trim().length() == 0) { username = CertTools.getPartFromDN(dn, "CN"); } username = username + "("+(new Date()).toString()+")"; // Strip dangerous chars username = StringTools.strip(username); // need null check here? // Before doing anything else, check if the user name is unique and ok. boolean check = checkUsername(admin,username, useradminsession); if (check == false) { String msg = "User '"+username+"' already exist."; log.error(msg); debug.printMessage(msg); debug.printDebugInfo(); return; } // Functionality to determine the class id of ie page.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -