📄 democertreqservlet.java
字号:
String classid = "clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1\" CODEBASE=\"/CertControl/xenroll.cab#Version=5,131,3659,0"; if(request.getParameter("classid")!=null && !request.getParameter("classid").equals("")) classid= request.getParameter("classid"); String includeEmail = request.getParameter("includeemail"); log.debug("includeEmail="+includeEmail); UserAdminData newuser = new UserAdminData(); newuser.setUsername(username); newuser.setDN(dn); newuser.setTokenType(SecConst.TOKEN_SOFT_BROWSERGEN); newuser.setAdministrator(false); newuser.setKeyRecoverable(false); newuser.setSendNotification(false); String email = request.getParameter("email"); if (email == null) email = CertTools.getPartFromDN(dn, "EMAILADDRESS"); if ((email != null) && (email.length() > 0)) { newuser.setEmail(email); if (includeEmail != null) { newuser.setSubjectAltName("RFC822NAME="+email); } } String tmp = null; int eProfileId = SecConst.EMPTY_ENDENTITYPROFILE; if ((tmp=request.getParameter("entityprofile")) != null) { eProfileId = raadminsession.getEndEntityProfileId(admin, request.getParameter("entityprofile")); if (eProfileId == 0) { throw new ServletException("No such end entity profile: " + tmp); } } newuser.setEndEntityProfileId(eProfileId); int cProfileId = SecConst.CERTPROFILE_FIXED_ENDUSER; if ((tmp=request.getParameter("certificateprofile")) != null) { cProfileId = storesession.getCertificateProfileId(admin, request.getParameter("certificateprofile")); if (cProfileId == 0) { throw new ServletException("No such certificate profile: " + tmp); } } newuser.setCertificateProfileId(cProfileId); int caid = DEFAULT_DEMOCAID; if ((tmp=request.getParameter("ca")) != null) { // TODO: get requested CA to sign with } newuser.setCAId(caid); String password = request.getParameter("password"); if (password == null) password = "demo"; newuser.setPassword(password); try { useradminsession.addUser(admin, newuser.getUsername(), newuser.getPassword(), newuser.getDN(), newuser.getSubjectAltName() ,newuser.getEmail(), false, newuser.getEndEntityProfileId(), newuser.getCertificateProfileId(), newuser.getType(), newuser.getTokenType(), newuser.getHardTokenIssuerId(), newuser.getCAId()); } catch (Exception e) { throw new ServletException("Error adding user: ", e); } byte[] pkcs7; try { if (type == 1) { byte[] certs = helper.nsCertRequest(signsession, reqBytes, username, password); RequestHelper.sendNewCertToNSClient(certs, response); } if (type == 2) { byte[] b64cert=helper.pkcs10CertRequest(signsession, reqBytes, username, password, RequestHelper.ENCODED_PKCS7); debug.ieCertFix(b64cert); RequestHelper.sendNewCertToIEClient(b64cert, response.getOutputStream(), getServletContext(), getInitParameter("responseTemplate"), classid); } } catch (ObjectNotFoundException oe) { log.debug("Non existens username!"); debug.printMessage("Non existent username!"); debug.printMessage("To generate a certificate a valid username and password must be entered."); debug.printDebugInfo(); return; } catch (AuthStatusException ase) { log.debug("Wrong user status!"); debug.printMessage("Wrong user status!"); debug.printMessage("To generate a certificate for a user the user must have status new, failed or inprocess."); debug.printDebugInfo(); return; } catch (AuthLoginException ale) { log.debug("Wrong password for user!"); debug.printMessage("Wrong username or password!"); debug.printMessage("To generate a certificate a valid username and password must be entered."); debug.printDebugInfo(); return; } catch (SignRequestException re) { log.debug("Invalid request!"); debug.printMessage("Invalid request!"); debug.printMessage("Please supply a correct request."); debug.printDebugInfo(); return; } catch (SignRequestSignatureException se) { log.debug("Invalid signature on certificate request!"); debug.printMessage("Invalid signature on certificate request!"); debug.printMessage("Please supply a correctly signed request."); debug.printDebugInfo(); return; } catch (java.lang.ArrayIndexOutOfBoundsException ae) { log.debug("Empty or invalid request received."); debug.printMessage("Empty or invalid request!"); debug.printMessage("Please supply a correct request."); debug.printDebugInfo(); return; } catch (Exception e) { log.debug(e); debug.print("<h3>parameter name and values: </h3>"); Enumeration paramNames=request.getParameterNames(); while (paramNames.hasMoreElements()) { String name=paramNames.nextElement().toString(); String parameter=request.getParameter(name); debug.print("<h4>"+name+":</h4>"+parameter+"<br>"); } debug.takeCareOfException(e); debug.printDebugInfo(); return; } } public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { log.debug(">doGet()"); response.setHeader("Allow", "POST"); ServletDebug debug = new ServletDebug(request,response); debug.print("The certificate request servlet only handles POST method."); debug.printDebugInfo(); log.debug("<doGet()"); } // doGetprivate void sendNewCertToIEClient(byte[] b64cert, OutputStream out) throws Exception { PrintStream ps = new PrintStream(out); BufferedReader br = new BufferedReader(new InputStreamReader(getServletContext().getResourceAsStream(getInitParameter("responseTemplate")))); while ( true ) { String line=br.readLine(); if ( line==null ) break; if ( line.indexOf("cert =")<0 ) ps.println(line); else RequestHelper.ieCertFormat(b64cert, ps); } ps.close(); log.info("Sent reply to IE client"); log.debug(new String(b64cert));}private void sendNewB64Cert(byte[] b64cert, HttpServletResponse out) throws IOException { out.setContentType("application/octet-stream"); out.setHeader("Content-disposition", " attachment; filename=cert.crt"); out.setContentLength(b64cert.length +BEGIN_CERT_LENGTH + END_CERT_LENGTH + (3 *NL_LENGTH)); ServletOutputStream os = out.getOutputStream(); os.write(BEGIN_CERT); os.write(NL); os.write(b64cert); os.write(NL); os.write(END_CERT); os.write(NL); out.flushBuffer(); } /** * */ private final static byte[] pkcs10Bytes(String pkcs10) { if (pkcs10 == null) return null; byte[] reqBytes = pkcs10.getBytes(); byte[] bytes = null; try { // A real PKCS10 PEM request String beginKey = "-----BEGIN CERTIFICATE REQUEST-----"; String endKey = "-----END CERTIFICATE REQUEST-----"; bytes = FileTools.getBytesFromPEM(reqBytes, beginKey, endKey); } catch (IOException e) { try { // Keytool PKCS10 PEM request String beginKey = "-----BEGIN NEW CERTIFICATE REQUEST-----"; String endKey = "-----END NEW CERTIFICATE REQUEST-----"; bytes = FileTools.getBytesFromPEM(reqBytes, beginKey, endKey); } catch (IOException e2) { // IE PKCS10 Base64 coded request bytes = Base64.decode(reqBytes); } } return bytes; } /** * @return true if the username is ok (does not already exist), false otherwise */ private final boolean checkUsername(Admin admin, String username, IUserAdminSessionRemote adminsession) throws ServletException { if (username != null) username = username.trim(); if (username == null || username.length() == 0) { throw new ServletException("Username must not be empty."); } UserAdminData tmpuser = null; try { tmpuser = adminsession.findUser(admin, username); } catch (Exception e) { throw new ServletException("Error checking username '" + username +": ", e); } return (tmpuser==null) ? true:false; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -