certreqservlet.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package org.ejbca.ui.web.pub;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

import javax.ejb.EJBException;
import javax.ejb.ObjectNotFoundException;
import javax.naming.InitialContext;
import javax.rmi.PortableRemoteObject;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.ejbca.core.ejb.ServiceLocator;
import org.ejbca.core.ejb.ca.auth.IAuthenticationSessionHome;
import org.ejbca.core.ejb.ca.auth.IAuthenticationSessionRemote;
import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal;
import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome;
import org.ejbca.core.ejb.ca.sign.ISignSessionLocal;
import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome;
import org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionHome;
import org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionRemote;
import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionHome;
import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionRemote;
import org.ejbca.core.model.InternalResources;
import org.ejbca.core.model.SecConst;
import org.ejbca.core.model.ca.AuthLoginException;
import org.ejbca.core.model.ca.AuthStatusException;
import org.ejbca.core.model.ca.SignRequestException;
import org.ejbca.core.model.ca.SignRequestSignatureException;
import org.ejbca.core.model.ca.catoken.CATokenConstants;
import org.ejbca.core.model.keyrecovery.KeyRecoveryData;
import org.ejbca.core.model.log.Admin;
import org.ejbca.core.model.ra.UserDataConstants;
import org.ejbca.core.model.ra.UserDataVO;
import org.ejbca.core.model.ra.raadmin.EndEntityProfile;
import org.ejbca.ui.web.RequestHelper;
import org.ejbca.util.Base64;
import org.ejbca.util.CertTools;
import org.ejbca.util.KeyTools;




/**
 * Servlet used to install a private key with a corresponding certificate in a browser. A new
 * certificate is installed in the browser in following steps:<br>
 * 1. The key pair is generated by the browser. <br>
 * 2. The public part is sent to the servlet in a POST together with user info ("pkcs10|keygen",
 * "inst", "user", "password"). For internet explorer the public key is sent as a PKCS10
 * certificate request. <br>
 * 3. The new certificate is created by calling the RSASignSession session bean. <br>
 * 4. A page containing the new certificate and a script that installs it is returned to the
 * browser. <br>
 * 
 * <p></p>
 * 
 * <p>
 * The following initiation parameters are needed by this servlet: <br>
 * "responseTemplate" file that defines the response to the user (IE). It should have one line
 * with the text "cert =". This line is replaced with the new certificate. "keyStorePass".
 * Password needed to load the key-store. If this parameter is none existing it is assumed that no
 * password is needed. The path could be absolute or relative.<br>
 * </p>
 *
 * @author Original code by Lars Silv?n
 * @version $Id: CertReqServlet.java,v 1.15.2.1 2007/04/17 08:33:38 jeklund Exp $
 */
public class CertReqServlet extends HttpServlet {
    private static final Logger log = Logger.getLogger(CertReqServlet.class);
    /** Internal localization of logs and errors */
    private static final InternalResources intres = InternalResources.getInstance();

    private byte[] bagattributes = "Bag Attributes\n".getBytes();
    private byte[] friendlyname = "    friendlyName: ".getBytes();
    private byte[] subject = "subject=/".getBytes();
    private byte[] issuer = "issuer=/".getBytes();
    private byte[] beginCertificate = "-----BEGIN CERTIFICATE-----".getBytes();
    private byte[] endCertificate = "-----END CERTIFICATE-----".getBytes();
    private byte[] beginPrivateKey = "-----BEGIN PRIVATE KEY-----".getBytes();
    private byte[] endPrivateKey = "-----END PRIVATE KEY-----".getBytes();
    private byte[] NL = "\n".getBytes();

    private IUserAdminSessionHome useradminhome = null;
    private IRaAdminSessionHome raadminhome = null;
    private IKeyRecoverySessionHome keyrecoveryhome = null;
	private IAuthenticationSessionHome authhome = null;

    private ISignSessionLocal signsession = null;
    private ICAAdminSessionLocal casession = null;

    private synchronized ISignSessionLocal getSignSession(){
    	if(signsession == null){	
    		try {
    			ISignSessionLocalHome signhome = (ISignSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ISignSessionLocalHome.COMP_NAME);
    			signsession = signhome.create();
    		}catch(Exception e){
    			throw new EJBException(e);      	  	    	  	
    		}
    	}
    	return signsession;
    }
    private synchronized ICAAdminSessionLocal getCASession(){
    	if(casession == null){	
    		try {
    			ICAAdminSessionLocalHome cahome = (ICAAdminSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ICAAdminSessionLocalHome.COMP_NAME);
    			casession = cahome.create();
    		}catch(Exception e){
    			throw new EJBException(e);      	  	    	  	
    		}
    	}
    	return casession;
    }
    /**
     * Servlet init
     *
     * @param config servlet configuration
     *
     * @throws ServletException on error
     */
    public void init(ServletConfig config) throws ServletException {
        super.init(config);

        try {
            // Install BouncyCastle provider
            CertTools.installBCProvider();

            // Get EJB context and home interfaces
            InitialContext ctx = new InitialContext();
            useradminhome = (IUserAdminSessionHome) PortableRemoteObject.narrow(
                             ctx.lookup("UserAdminSession"), IUserAdminSessionHome.class );
            raadminhome   = (IRaAdminSessionHome) PortableRemoteObject.narrow(
                             ctx.lookup("RaAdminSession"), IRaAdminSessionHome.class );            
            keyrecoveryhome = (IKeyRecoverySessionHome) PortableRemoteObject.narrow(
                             ctx.lookup("KeyRecoverySession"), IKeyRecoverySessionHome.class );
            
            authhome = (IAuthenticationSessionHome) javax.rmi.PortableRemoteObject.narrow(ctx.lookup("AuthenticationSession"), IAuthenticationSessionHome.class);
        } catch( Exception e ) {
            throw new ServletException(e);
        }
    }

    /**
     * Handles HTTP POST
     *
     * @param request servlet request
     * @param response servlet response
     *
     * @throws IOException input/output error
     * @throws ServletException on error
     */
    public void doPost(HttpServletRequest request, HttpServletResponse response)
        throws IOException, ServletException {
        ServletDebug debug = new ServletDebug(request, response);
        boolean usekeyrecovery = false;

        RequestHelper.setDefaultCharacterEncoding(request);
        try {
            String username = request.getParameter("user");
            String password = request.getParameter("password");
            String keylengthstring = request.getParameter("keylength");
            String keyalgstring = request.getParameter("keyalg");
            String openvpn = request.getParameter("openvpn");
			String keylength = "1024";
			String keyalg = CATokenConstants.KEYALGORITHM_RSA;
			
            int resulttype = 0;
            if(request.getParameter("resulttype") != null)
              resulttype = Integer.parseInt(request.getParameter("resulttype")); // Indicates if certificate or PKCS7 should be returned on manual PKCS10 request.
            

            String classid = "clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1\" CODEBASE=\"/CertControl/xenroll.cab#Version=5,131,3659,0";

            if ((request.getParameter("classid") != null) &&
                    !request.getParameter("classid").equals("")) {
                classid = request.getParameter("classid");
            }

            if (keylengthstring != null) {
                keylength = keylengthstring;
            }
            if (keyalgstring != null) {
                keyalg = keyalgstring;
            }

            Admin administrator = new Admin(Admin.TYPE_PUBLIC_WEB_USER, request.getRemoteAddr());

            IUserAdminSessionRemote adminsession = useradminhome.create();
            IRaAdminSessionRemote raadminsession = raadminhome.create();            
            ISignSessionLocal signsession = getSignSession();
            RequestHelper helper = new RequestHelper(administrator, debug);

    		String iMsg = intres.getLocalizedMessage("certreq.receivedcertreq", username, request.getRemoteAddr());
            log.info(iMsg);
            debug.print("<h3>username: " + username + "</h3>");

            // Check user
            int tokentype = SecConst.TOKEN_SOFT_BROWSERGEN;

            usekeyrecovery = (raadminsession.loadGlobalConfiguration(administrator)).getEnableKeyRecovery();

            UserDataVO data = adminsession.findUser(administrator, username);

            if (data == null) {
                throw new ObjectNotFoundException();