ca.java

一套JAVA的CA证书签发系统.

        
      return (Collection) requestcertchain; 
    }
    
    public void setRequestCertificateChain(Collection requestcertificatechain){
      Iterator iter = requestcertificatechain.iterator();
      ArrayList storechain = new ArrayList();
      while(iter.hasNext()){
        Certificate cert = (Certificate) iter.next();
        try{ 
          String b64Cert = new String(Base64.encode(cert.getEncoded()));
          storechain.add(b64Cert);
        }catch(Exception e){
          throw new EJBException(e);  
        }  
      }
      data.put(REQUESTCERTCHAIN,storechain);  
      
      this.requestcertchain = new ArrayList();
      this.requestcertchain.addAll(requestcertificatechain);
    }

	public Collection getCertificateChain(){
	  if(certificatechain == null){
		Collection storechain = (Collection) data.get(CERTIFICATECHAIN);
		Iterator iter = storechain.iterator();
		this.certificatechain = new ArrayList();
		while(iter.hasNext()){
		  String b64Cert = (String) iter.next();
		  try{
			this.certificatechain.add(CertTools.getCertfromByteArray(Base64.decode(b64Cert.getBytes())));
		  }catch(Exception e){
			 throw new EJBException(e);   
		  }
		}        
	  }
        
	  return (Collection) certificatechain; 
	}
    
	public void setCertificateChain(Collection certificatechain){
	  Iterator iter = certificatechain.iterator();
	  ArrayList storechain = new ArrayList();
	  while(iter.hasNext()){
		Certificate cert = (Certificate) iter.next();
		try{ 
		  String b64Cert = new String(Base64.encode(cert.getEncoded()));
		  storechain.add(b64Cert);
		}catch(Exception e){
		  throw new EJBException(e);  
		}  
	  }
	  data.put(CERTIFICATECHAIN,storechain);  
      
	  this.certificatechain = new ArrayList();
	  this.certificatechain.addAll(certificatechain);
	}

    
    public Certificate getCACertificate(){       
       if(certificatechain == null){
         getCertificateChain();
       }
              
       return (Certificate) this.certificatechain.get(0);
    }
    
	public boolean  getFinishUser(){return ((Boolean)data.get(FINISHUSER)).booleanValue();}
	
	public void setFinishUser(boolean finishuser) {data.put(FINISHUSER, new Boolean(finishuser));}    
    
    public void updateCA(CAInfo cainfo) throws Exception{            
      data.put(VALIDITY, new Integer(cainfo.getValidity()));                 
      data.put(DESCRIPTION, cainfo.getDescription());      
      data.put(CRLPERIOD, new Integer(cainfo.getCRLPeriod()));
	  data.put(CRLPUBLISHERS, cainfo.getCRLPublishers());
	  getCAToken().updateCATokenInfo(cainfo.getCATokenInfo());
      setFinishUser(cainfo.getFinishUser());
      
      Iterator iter = cainfo.getExtendedCAServiceInfos().iterator();
      while(iter.hasNext()){
      	ExtendedCAServiceInfo info = (ExtendedCAServiceInfo) iter.next();
      	if(info instanceof OCSPCAServiceInfo){
      	  this.getExtendedCAService(OCSPCAService.TYPE).update(info, this);	
      	}
      }
    }
    
    public abstract CAInfo getCAInfo() throws Exception;
    
    public Certificate  generateCertificate(UserAuthData subject, 
                                            PublicKey publicKey, 
                                            int keyusage,                                             
                                            CertificateProfile certProfile) throws Exception{
      return generateCertificate(subject, publicKey, keyusage, -1, certProfile);                                            
    }
    
    
    public abstract Certificate generateCertificate(UserAuthData subject, 
                                                    PublicKey publicKey, 
                                                    int keyusage, 
                                                    long validity,
                                                    CertificateProfile certProfile) throws Exception;
    
    public abstract CRL generateCRL(Vector certs, int crlnumber) throws Exception;
    
    public abstract byte[] createPKCS7(Certificate cert) throws SignRequestSignatureException;            
  
        
    public abstract byte[] encryptKeys(KeyPair keypair) throws Exception;
    
    public abstract KeyPair decryptKeys(byte[] data) throws Exception;

    
    // Methods used with extended services	
	/**
	 * Initializes the ExtendedCAService
	 * 
	 * @param info contains information used to activate the service.    
	 */
	public void initExternalService(int type,  CA ca) throws Exception{
		getExtendedCAService(type).init(ca);	    
	}
    	

	/** 
	 * Method used to retrieve information about the service.
	 */

	public ExtendedCAServiceInfo getExtendedCAServiceInfo(int type){
		return getExtendedCAService(type).getExtendedCAServiceInfo();		
	}

	/** 
	 * Method used to perform the service.
	 */
	public ExtendedCAServiceResponse extendedService(ExtendedCAServiceRequest request) 
	  throws ExtendedCAServiceRequestException, IllegalExtendedCAServiceRequestException, ExtendedCAServiceNotActiveException{
          ExtendedCAServiceResponse returnval = null; 
          if(request instanceof OCSPCAServiceRequest) {
              returnval = getExtendedCAService(OCSPCAService.TYPE).extendedService(request);            
          }
          
          if(request instanceof KeyRecoveryCAServiceRequest){
          	KeyRecoveryCAServiceRequest keyrecoveryrequest =  (KeyRecoveryCAServiceRequest) request;
          	if(keyrecoveryrequest.getCommand() == KeyRecoveryCAServiceRequest.COMMAND_ENCRYPTKEYS){
          	  try{	
          	    returnval = new KeyRecoveryCAServiceResponse(KeyRecoveryCAServiceResponse.TYPE_ENCRYPTKEYSRESPONSE, 
          	  		                       encryptKeys(keyrecoveryrequest.getKeyPair()));	
          	  }catch(Exception e){
          	  	 throw new IllegalExtendedCAServiceRequestException(e.getClass().getName() + " : " + e.getMessage());
          	  }
          	}else{
          		if(keyrecoveryrequest.getCommand() == KeyRecoveryCAServiceRequest.COMMAND_DECRYPTKEYS){
                  try{
                  	returnval = new KeyRecoveryCAServiceResponse(KeyRecoveryCAServiceResponse.TYPE_DECRYPTKEYSRESPONSE, 
          					this.decryptKeys(keyrecoveryrequest.getKeyData()));
          		  }catch(Exception e){
          		  	 throw new IllegalExtendedCAServiceRequestException(e.getClass().getName() + " : " + e.getMessage());
          		  }
          		}else{
          		  throw new IllegalExtendedCAServiceRequestException("Illegal Command"); 
          		}
          	}          	
          }
          
          return returnval;
	}
    
    
    protected ExtendedCAService getExtendedCAService(int type){
      ExtendedCAService returnval = null;
	  try{
	    returnval = (ExtendedCAService) extendedcaservicemap.get(new Integer(type));	     		  
        if(returnval == null){
		switch(((Integer) ((HashMap)data.get(EXTENDEDCASERVICE+type)).get(ExtendedCAService.EXTENDEDCASERVICETYPE)).intValue()){
		  case ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE:
		    returnval = new OCSPCAService((HashMap)data.get(EXTENDEDCASERVICE+type));
		    break;		    
		}
		extendedcaservicemap.put(new Integer(type), returnval);
        }
	  }catch(Exception e){
	  	throw new EJBException(e);  
	  }
    
      return returnval;
    }
    
	protected void setExtendedCAService(ExtendedCAService extendedcaservice){  
      if(extendedcaservice instanceof OCSPCAService){		
	    data.put(EXTENDEDCASERVICE+OCSPCAService.TYPE, (HashMap) extendedcaservice.saveData());    
	    extendedcaservicemap.put(new Integer(OCSPCAService.TYPE), extendedcaservice);
      }   	
	}
	/** 
	 * Returns a Collection of ExternalCAServices (int) added to this CA.
	 *
	 */
		
	public Collection getExternalCAServiceTypes(){
		if(data.get(EXTENDEDCASERVICES) == null)
		  return new ArrayList();
		  		
		return (Collection) data.get(EXTENDEDCASERVICES);	  	 
	}
    
	public void setOwner(CADataBean owner){
	  this.owner = owner;	
	}
    
    private CAToken catoken = null;
    private HashMap extendedcaservicemap = null;
    private ArrayList certificatechain = null;
    private ArrayList requestcertchain = null;
    
    private CADataBean owner = null;
    private CAInfo cainfo = null;
}