📄 certdistservlet.java
字号:
else pkcs7 = true; // CA is level 0, next over root level 1 etc etc, -1 returns chain as PKCS7 try { ISignSessionLocal ss = signhome.create(); Certificate[] chain = null; if(caid != 0) chain = (Certificate[]) ss.getCertificateChain(administrator, caid).toArray(new Certificate[0]); else chain = (Certificate[]) ss.getCertificateChain(administrator, issuerdn.hashCode()).toArray(new Certificate[0]); // chain.length-1 is last cert in chain (root CA) if (chain.length < level) { PrintStream ps = new PrintStream(res.getOutputStream()); ps.println("No CA certificate of level "+level+" exist."); log.debug("No CA certificate of level "+level+" exist."); return; } X509Certificate cacert = (X509Certificate)chain[level]; String filename=CertTools.getPartFromDN(CertTools.getSubjectDN(cacert), "CN"); if (filename == null) filename = "ca"; byte[] enccert = null; if (pkcs7) enccert = ss.createPKCS7(administrator, cacert); else enccert = cacert.getEncoded(); if (command.equalsIgnoreCase(COMMAND_NSCACERT)) { res.setContentType("application/x-x509-ca-cert"); res.setContentLength(enccert.length); res.getOutputStream().write(enccert); log.debug("Sent CA cert to NS client, len="+enccert.length+"."); } else if (command.equalsIgnoreCase(COMMAND_IECACERT)) { if (pkcs7) res.setHeader("Content-disposition", "attachment; filename="+filename+".p7c"); else res.setHeader("Content-disposition", "attachment; filename="+filename+".crt"); res.setContentType("application/octet-stream"); res.setContentLength(enccert.length); res.getOutputStream().write(enccert); log.debug("Sent CA cert to IE client, len="+enccert.length+"."); } else if (command.equalsIgnoreCase(COMMAND_CACERT)) { byte[] b64cert = Base64.encode(enccert); String out; if (pkcs7) out = "-----BEGIN PKCS7-----\n"; else out = "-----BEGIN CERTIFICATE-----\n"; out += new String(b64cert); if (pkcs7) out += "\n-----END PKCS7-----\n"; else out += "\n-----END CERTIFICATE-----\n"; res.setHeader("Content-disposition", "attachment; filename="+filename+".pem"); res.setContentType("application/octet-stream"); res.setContentLength(out.length()); res.getOutputStream().write(out.getBytes()); log.debug("Sent CA cert to client, len="+out.length()+"."); } else { res.setContentType("text/plain"); res.getOutputStream().println("Commands="+COMMAND_NSCACERT+" || "+COMMAND_IECACERT+" || "+COMMAND_CACERT); return; } } catch (Exception e) { PrintStream ps = new PrintStream(res.getOutputStream()); e.printStackTrace(ps); res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error getting CA certificates."); log.debug("Error getting CA certificates."); log.debug(e); return; } } else if ((command.equalsIgnoreCase(COMMAND_NSOCSPCERT) || command.equalsIgnoreCase(COMMAND_IEOCSPCERT) || command.equalsIgnoreCase(COMMAND_OCSPCERT)) && ( issuerdn != null || caid != 0)) { try { ICAAdminSessionLocal casession = cahome.create(); CAInfo cainfo = null; if(caid != 0) { cainfo = casession.getCAInfo(administrator, caid); } else { int id = issuerdn.hashCode(); cainfo = casession.getCAInfo(administrator, id); } X509Certificate ocspcert = (X509Certificate)null; Iterator iter = ((CAInfo) cainfo).getExtendedCAServiceInfos().iterator(); while(iter.hasNext()){ ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next(); if(next instanceof OCSPCAServiceInfo){ boolean active = (next.getStatus() == ExtendedCAServiceInfo.STATUS_ACTIVE); if(((OCSPCAServiceInfo) next).getOCSPSignerCertificatePath() != null) ocspcert = (X509Certificate) ((OCSPCAServiceInfo) next).getOCSPSignerCertificatePath().get(0); } } // If no cert, send back a NOT_FOUND response if (ocspcert == null) { res.sendError(HttpServletResponse.SC_NOT_FOUND, "No OCSP certificate found for CA."); return; } String filename=CertTools.getPartFromDN(CertTools.getSubjectDN(ocspcert), "CN"); if (filename == null) filename = "ocsp"; byte[] enccert = null; enccert = ocspcert.getEncoded(); if (command.equalsIgnoreCase(COMMAND_NSOCSPCERT)) { res.setContentType("application/x-x509-ca-cert"); res.setContentLength(enccert.length); res.getOutputStream().write(enccert); log.debug("Sent OCSP cert to NS client, len="+enccert.length+"."); } else if (command.equalsIgnoreCase(COMMAND_IEOCSPCERT)) { res.setHeader("Content-disposition", "attachment; filename="+filename+".crt"); res.setContentType("application/octet-stream"); res.setContentLength(enccert.length); res.getOutputStream().write(enccert); log.debug("Sent OCSP cert to IE client, len="+enccert.length+"."); } else if (command.equalsIgnoreCase(COMMAND_OCSPCERT)) { byte[] b64cert = Base64.encode(enccert); String out; out = "-----BEGIN CERTIFICATE-----\n"; out += new String(b64cert); out += "\n-----END CERTIFICATE-----\n"; res.setHeader("Content-disposition", "attachment; filename="+filename+".pem"); res.setContentType("application/octet-stream"); res.setContentLength(out.length()); res.getOutputStream().write(out.getBytes()); log.debug("Sent OCSP cert to client, len="+out.length()+"."); } else { res.setContentType("text/plain"); res.getOutputStream().println("Commands="+COMMAND_NSCACERT+" || "+COMMAND_IECACERT+" || "+COMMAND_CACERT); return; } } catch (Exception e) { PrintStream ps = new PrintStream(res.getOutputStream()); e.printStackTrace(ps); res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error getting OCSP certificate for CA."); log.debug("Error getting OCSP certificate for CA."); log.debug(e); return; } } else if (command.equalsIgnoreCase(COMMAND_REVOKED)) { String dn = req.getParameter(ISSUER_PROPERTY); if (dn == null) { res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Usage command=revoked?issuer=<issuerdn>&serno=<serialnumber>."); log.debug("Bad request, no 'issuer' arg to 'revoked' command."); return; } String serno = req.getParameter(SERNO_PROPERTY); if (serno == null) { res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Usage command=revoked?issuer=<issuerdn>&serno=<serialnumber>."); log.debug("Bad request, no 'serno' arg to 'revoked' command."); return; } log.debug("Looking for certificate for '"+dn+"' and serno='"+serno+"'."); try { ICertificateStoreSessionLocal store = storehome.create(); RevokedCertInfo revinfo = store.isRevoked(administrator, dn, new BigInteger(serno)); PrintWriter pout = new PrintWriter(res.getOutputStream()); res.setContentType("text/html"); printHtmlHeader("Check revocation", pout); if (revinfo != null) { if (revinfo.getReason() == RevokedCertInfo.NOT_REVOKED) { pout.println("<h1>NOT REVOKED</h1>"); pout.println("Certificate with issuer '"+dn+"' and serial number '"+serno+"' is NOT revoked."); } else { pout.println("<h1>REVOKED</h1>"); pout.println("Certificate with issuer '"+dn+"' and serial number '"+serno+"' is revoked."); pout.println("RevocationDate is '"+revinfo.getRevocationDate()+"' and reason '"+revinfo.getReason()+"'."); } } else { pout.println("<h1>CERTIFICATE DOES NOT EXIST</h1>"); pout.println("Certificate with issuer '"+dn+"' and serial number '"+serno+"' does not exist."); } printHtmlFooter(pout); pout.close(); } catch (Exception e) { PrintStream ps = new PrintStream(res.getOutputStream()); e.printStackTrace(ps); res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error checking revocation."); log.debug("Error checking revocation for '"+dn+"' with serno '"+serno+"'."); log.debug(e); return; } } else { res.setContentType("text/plain"); res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Commands=cacert | lastcert | listcerts | crl | revoked && issuer=<issuerdn>"); return; } } // doGet private void printHtmlHeader(String title, PrintWriter pout) { pout.println("<html><head>"); pout.println("<title>"+title+"</title>"); pout.println("<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">"); pout.println("<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">"); pout.println("</head>"); pout.println("<body><p>"); } private void printHtmlFooter(PrintWriter pout) { pout.println("</body>"); pout.println("<head>"); pout.println("<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">"); pout.println("<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">"); pout.println("</head>"); pout.println("</html>"); } /** * Prints debug info back to browser client **/ private class Debug { final private ByteArrayOutputStream buffer; final private PrintStream printer; Debug( ){ buffer=new ByteArrayOutputStream(); printer=new PrintStream(buffer); print("<html>"); print("<body>"); print("<head>"); String title = "Certificate/CRL distribution servlet"; print("<title>" + title + "</title>"); print("</head>"); print("<body bgcolor=\"white\">"); print("<h2>" + title + "</h2>"); } void printDebugInfo(OutputStream out) throws IOException { print("</body>"); print("</html>"); out.write(buffer.toByteArray()); } void print(Object o) { printer.println(o); } void printInsertLineBreaks( byte[] bA ) throws Exception { BufferedReader br=new BufferedReader( new InputStreamReader(new ByteArrayInputStream(bA)) ); while ( true ){ String line=br.readLine(); if (line==null) break; print(line.toString()+"<br>"); } } void takeCareOfException(Throwable t ) { ByteArrayOutputStream baos = new ByteArrayOutputStream(); t.printStackTrace(new PrintStream(baos)); print("<h4>Exception:</h4>"); try { printInsertLineBreaks( baos.toByteArray() ); } catch (Exception e) { e.printStackTrace(printer); } } }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -