📄 certdistservlet.java
字号:
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/ package org.ejbca.ui.web.pub;import java.io.IOException;import java.io.PrintStream;import java.io.PrintWriter;import java.math.BigInteger;import java.net.URLEncoder;import java.security.cert.Certificate;import java.security.cert.X509CRL;import java.security.cert.X509Certificate;import java.util.Collection;import java.util.Date;import java.util.Iterator;import javax.ejb.EJBException;import javax.servlet.ServletConfig;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.commons.lang.StringUtils;import org.apache.log4j.Logger;import org.ejbca.core.ejb.ServiceLocator;import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal;import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome;import org.ejbca.core.ejb.ca.sign.ISignSessionLocal;import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome;import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal;import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome;import org.ejbca.core.model.ca.caadmin.CAInfo;import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo;import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceInfo;import org.ejbca.core.model.ca.crl.RevokedCertInfo;import org.ejbca.core.model.log.Admin;import org.ejbca.ui.web.RequestHelper;import org.ejbca.util.Base64;import org.ejbca.util.CertTools;/** * Servlet used to distribute certificates and CRLs.<br> * * The servlet is called with method GET or POST and syntax * <code>command=<command></code>. * <p>The follwing commands are supported:<br> * <ul> * <li>crl - gets the latest CRL. * <li>lastcert - gets latest certificate of a user, takes argument 'subject=<subjectDN>'. * <li>listcerts - lists all certificates of a user, takes argument 'subject=<subjectDN>'. * <li>revoked - checks if a certificate is revoked, takes arguments 'subject=<subjectDN>&serno=<serial number>'. * <li>cacert - returns ca certificate in PEM-format, takes argument 'issuer=<issuerDN>&level=<ca-level, 0=root>' * <li>nscacert - returns ca certificate for Netscape/Mozilla, same args as above * <li>iecacert - returns ca certificate for Internet Explorer, same args as above * </ul> * cacert, nscacert and iecacert also takes optional parameter level=<int 1,2,...>, where the level is * which ca certificate in a hierachy should be returned. 0=root (default), 1=sub to root etc. * * @version $Id: CertDistServlet.java,v 1.7.2.2 2007/04/02 08:22:53 jeklund Exp $ */public class CertDistServlet extends HttpServlet { private static Logger log = Logger.getLogger(CertDistServlet.class); private static final String COMMAND_PROPERTY_NAME = "cmd"; private static final String COMMAND_CRL = "crl"; private static final String COMMAND_REVOKED = "revoked"; private static final String COMMAND_CERT = "lastcert"; private static final String COMMAND_LISTCERT = "listcerts"; private static final String COMMAND_NSCACERT = "nscacert"; private static final String COMMAND_IECACERT = "iecacert"; private static final String COMMAND_CACERT = "cacert"; private static final String COMMAND_NSOCSPCERT = "nsocspcert"; private static final String COMMAND_IEOCSPCERT = "ieocspcert"; private static final String COMMAND_OCSPCERT = "ocspcert"; private static final String SUBJECT_PROPERTY = "subject"; private static final String CAID_PROPERTY = "caid"; private static final String ISSUER_PROPERTY = "issuer"; private static final String SERNO_PROPERTY = "serno"; private static final String LEVEL_PROPERTY = "level"; private static final String MOZILLA_PROPERTY = "moz"; private static final String FORMAT_PROPERTY = "format"; private ICertificateStoreSessionLocal storesession = null; private ISignSessionLocal signsession = null; private ICAAdminSessionLocal casession = null; private synchronized ISignSessionLocal getSignSession(){ if(signsession == null){ try { ISignSessionLocalHome signhome = (ISignSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ISignSessionLocalHome.COMP_NAME); signsession = signhome.create(); }catch(Exception e){ throw new EJBException(e); } } return signsession; } private synchronized ICertificateStoreSessionLocal getStoreSession(){ if(storesession == null){ try { ICertificateStoreSessionLocalHome storehome = (ICertificateStoreSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME); storesession = storehome.create(); }catch(Exception e){ throw new EJBException(e); } } return storesession; } private synchronized ICAAdminSessionLocal getCASession(){ if(casession == null){ try { ICAAdminSessionLocalHome cahome = (ICAAdminSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ICAAdminSessionLocalHome.COMP_NAME); casession = cahome.create(); }catch(Exception e){ throw new EJBException(e); } } return casession; } /** * init servlet * * @param config servlet configuration * * @throws ServletException error */ public void init(ServletConfig config) throws ServletException { super.init(config); } /** * handles http post * * @param req servlet request * @param res servlet response * * @throws IOException input/output error * @throws ServletException error */ public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { log.debug(">doPost()"); doGet(req, res); log.debug("<doPost()"); } //doPost /** * handles http get * * @param req servlet request * @param res servlet response * * @throws IOException input/output error * @throws ServletException error */ public void doGet(HttpServletRequest req, HttpServletResponse res) throws java.io.IOException, ServletException { log.debug(">doGet()"); String command; // Keep this for logging. String remoteAddr = req.getRemoteAddr(); Admin administrator = new Admin(Admin.TYPE_PUBLIC_WEB_USER, remoteAddr); RequestHelper.setDefaultCharacterEncoding(req); String issuerdn = null; if(req.getParameter(ISSUER_PROPERTY) != null){ issuerdn = java.net.URLDecoder.decode(req.getParameter(ISSUER_PROPERTY),"UTF-8"); issuerdn = CertTools.stringToBCDNString(issuerdn); } int caid = 0; if(req.getParameter(CAID_PROPERTY) != null){ caid = Integer.parseInt(req.getParameter(CAID_PROPERTY)); } // See if the client wants the response cert or CRL in PEM format (default is DER) String format = req.getParameter(FORMAT_PROPERTY); command = req.getParameter(COMMAND_PROPERTY_NAME); if (command == null) command = ""; if (command.equalsIgnoreCase(COMMAND_CRL) && issuerdn != null) { try { ICertificateStoreSessionLocal store = getStoreSession(); byte[] crl = store.getLastCRL(administrator, issuerdn); X509CRL x509crl = CertTools.getCRLfromByteArray(crl); String dn = CertTools.getIssuerDN(x509crl); // We must remove cache headers for IE ServletUtils.removeCacheHeaders(res); String moz = req.getParameter(MOZILLA_PROPERTY); String filename = CertTools.getPartFromDN(dn,"CN")+".crl"; if ((moz == null) || !moz.equalsIgnoreCase("y")) { res.setHeader("Content-disposition", "attachment; filename=\"" + filename+"\""); } res.setContentType("application/x-x509-crl"); if (StringUtils.equals(format, "PEM")) { RequestHelper.sendNewB64File(Base64.encode(crl, true), res, filename, RequestHelper.BEGIN_CRL_WITH_NL, RequestHelper.END_CRL_WITH_NL); } else { res.setContentLength(crl.length); res.getOutputStream().write(crl); } log.debug("Sent latest CRL to client at " + remoteAddr); } catch (Exception e) { log.debug("Error sending latest CRL to " + remoteAddr+": ", e); res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error getting latest CRL."); return; } } else if (command.equalsIgnoreCase(COMMAND_CERT) || command.equalsIgnoreCase(COMMAND_LISTCERT)) { String dn = java.net.URLDecoder.decode(req.getParameter(SUBJECT_PROPERTY),"UTF-8"); if (dn == null) { log.debug("Bad request, no 'subject' arg to 'lastcert' or 'listcert' command."); res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Usage command=lastcert/listcert?subject=<subjectdn>."); return; } try { log.debug("Looking for certificates for '"+dn+"'."); ICertificateStoreSessionLocal store = getStoreSession(); Collection certcoll = store.findCertificatesBySubject(administrator, dn); Object[] certs = certcoll.toArray(); int latestcertno = -1; if (command.equalsIgnoreCase(COMMAND_CERT)) { long maxdate = 0; for (int i=0;i<certs.length;i++) { if (i == 0) { maxdate = ((X509Certificate)certs[i]).getNotBefore().getTime(); latestcertno = 0; } else if ( ((X509Certificate)certs[i]).getNotBefore().getTime() > maxdate ) { maxdate = ((X509Certificate)certs[i]).getNotBefore().getTime(); latestcertno = i; } } if (latestcertno > -1) { byte[] cert = ((X509Certificate)certs[latestcertno]).getEncoded(); String filename = CertTools.getPartFromDN(dn,"CN")+".cer"; // We must remove cache headers for IE ServletUtils.removeCacheHeaders(res); res.setHeader("Content-disposition", "attachment; filename=\"" + filename+"\""); res.setContentType("application/octet-stream"); if (StringUtils.equals(format, "PEM")) { RequestHelper.sendNewB64File(Base64.encode(cert, true), res, filename, RequestHelper.BEGIN_CERTIFICATE_WITH_NL, RequestHelper.END_CERTIFICATE_WITH_NL);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -