admincertreqservlet.java

JAVA做的J2EE下CA认证系统 基于EJB开发

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/

package se.anatom.ejbca.webdist.cainterface;

import java.beans.Beans;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.ejb.CreateException;
import javax.ejb.ObjectNotFoundException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

import se.anatom.ejbca.SecConst;
import se.anatom.ejbca.ca.exception.AuthLoginException;
import se.anatom.ejbca.ca.exception.AuthStatusException;
import se.anatom.ejbca.ca.exception.CADoesntExistsException;
import se.anatom.ejbca.ca.exception.IllegalKeyException;
import se.anatom.ejbca.ca.exception.SignRequestException;
import se.anatom.ejbca.ca.exception.SignRequestSignatureException;
import se.anatom.ejbca.ca.sign.ISignSessionLocal;
import se.anatom.ejbca.ca.sign.ISignSessionLocalHome;
import se.anatom.ejbca.log.Admin;
import se.anatom.ejbca.protocol.IResponseMessage;
import se.anatom.ejbca.protocol.PKCS10RequestMessage;
import se.anatom.ejbca.util.Base64;
import se.anatom.ejbca.util.CertTools;
import se.anatom.ejbca.util.FileTools;
import se.anatom.ejbca.util.ServiceLocator;
import se.anatom.ejbca.util.StringTools;
import se.anatom.ejbca.webdist.rainterface.RAInterfaceBean;
import se.anatom.ejbca.webdist.rainterface.UserView;
import se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean;


/**
 * This is a servlet that is used for creating a user into EJBCA and retrieving her certificate.
 * This servlet requires authentication of the administrator, specifically it requires that the
 * client certificate has the privilege "/ra_functionallity/create_end_entity", as defined in the
 * admin-GUI.
 * 
 * <p>
 * This implementation handles only the POST method.
 * </p>
 * 
 * <p>
 * The CGI parameters for requests are the following.
 * </p>
 * 
 * <dl>
 * <dt>
 * pkcs10req
 * </dt>
 * <dd>
 * A PKCS#10 request, mandatory.
 * </dd>
 * <dt>
 * username
 * </dt>
 * <dd>
 * The username (for EJBCA use only).  Optional, defaults to the DN in the PKCS#10 request.
 * </dd>
 * <dt>
 * password
 * </dt>
 * <dd>
 * Password for the user (for EJBCA internal use only).  Optional, defaults to an empty string.
 * Used for authorization af certificate request.
 * </dd>
 * <dt>
 * entityprofile
 * </dt>
 * <dd>
 * The name of the EJBCA end entity profile for the user.  Optional, defaults to the built-in EMPTY
 * end entity profile.
 * </dd>
 * <dt>
 * certificateprofile
 * </dt>
 * <dd>
 * The name of the EJBCA certificate profile to use.  Optional, defaults to the built-in ENDUSER
 * certificate profile.
 * </dd>
 * <dt>ca</dt>
 * <dd>
 *   The name of the ca to use.  Required,
 * </dd>
 * </dl>
 * 
 *
 * @author Ville Skytt