📄 ocspservletstandalone.java

📁 一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考
💻 JAVA
📖 第 1 页 / 共 2 页
字号:
12 下一页
/************************************************************************* *                                                                       * *  EJBCA: The OpenSource Certificate Authority                          * *                                                                       * *  This software is free software; you can redistribute it and/or       * *  modify it under the terms of the GNU Lesser General Public           * *  License as published by the Free Software Foundation; either         * *  version 2.1 of the License, or any later version.                    * *                                                                       * *  See terms of license at gnu.org.                                     * *                                                                       * *************************************************************************/package org.ejbca.ui.web.protocol;import java.io.BufferedInputStream;import java.io.File;import java.io.FileInputStream;import java.io.IOException;import java.io.PrintWriter;import java.io.StringWriter;import java.math.BigInteger;import java.security.KeyStore;import java.security.PrivateKey;import java.security.PublicKey;import java.security.cert.Certificate;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.security.interfaces.RSAPublicKey;import java.util.ArrayList;import java.util.Arrays;import java.util.Collection;import java.util.Enumeration;import java.util.HashMap;import java.util.Iterator;import java.util.List;import java.util.Map;import javax.ejb.EJBException;import javax.servlet.ServletConfig;import javax.servlet.ServletException;import org.apache.log4j.Logger;import org.bouncycastle.ocsp.BasicOCSPResp;import org.ejbca.core.ejb.ServiceLocator;import org.ejbca.core.ejb.ca.store.ICertificateStoreOnlyDataSessionLocal;import org.ejbca.core.ejb.ca.store.ICertificateStoreOnlyDataSessionLocalHome;import org.ejbca.core.model.InternalResources;import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceNotActiveException;import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceRequestException;import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest;import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceResponse;import org.ejbca.core.model.ca.crl.RevokedCertInfo;import org.ejbca.core.model.log.Admin;import org.ejbca.core.protocol.ocsp.OCSPUtil;import org.ejbca.ui.web.pub.cluster.ExtOCSPHealthCheck;/**  * Servlet implementing server side of the Online Certificate Status Protocol (OCSP) * For a detailed description of OCSP refer to RFC2560. *  * @web.servlet name = "OCSP" *              display-name = "OCSPServletStandAlone" *              description="Answers OCSP requests" *              load-on-startup = "99" * * @web.servlet-mapping url-pattern = "/ocsp" * * @web.servlet-init-param description="Directory name of the soft keystores. The signing keys will be fetched from all files in this directory. Valid formats of the files are JKS and PKCS12 (p12)." *   name="softKeyDirectoryName" *   value="${ocsp.keys.dir}" * * @web.servlet-init-param description="Signing key password. Must be same for all signing keys." *   name="keyPassword" *   value="${ocsp.keys.keyPassword}" * * @web.servlet-init-param description="Keystore password. Keystore password for all keystores in the keystore directory." *   name="storePassword" *   value="${ocsp.keys.storePassword}" * * @web.servlet-init-param description="Keystore password. Keystore password for all keystores in the keystore directory." *   name="cardPassword" *   value="${ocsp.keys.cardPassword}" * * @web.servlet-init-param description="Keystore password. Keystore password for all keystores in the keystore directory." *   name="hardTokenClassName" *   value="${ocsp.hardToken.className}" * * @web.resource-ref *  name="${datasource.jndi-name-prefix}${datasource.jndi-name}" *  type="javax.sql.DataSource" *  auth="Container" *   * @web.ejb-local-ref *  name="ejb/CertificateStoreOnlyDataSessionLocal" *  type="Session" *  link="CertificateStoreOnlyDataSession" *  home="org.ejbca.core.ejb.ca.store.ICertificateStoreOnlyDataSessionLocalHome" *  local="org.ejbca.core.ejb.ca.store.ICertificateStoreOnlyDataSessionLocal" * * @author Lars Silven PrimeKey * @version  $Id: OCSPServletStandAlone.java,v 1.35 2007/01/09 15:53:55 anatom Exp $ */public class OCSPServletStandAlone extends OCSPServletBase implements IHealtChecker {    static final private Logger m_log = Logger.getLogger(OCSPServletStandAlone.class);    /** Internal localization of logs and errors */    private static final InternalResources intres = InternalResources.getInstance();    private String mKeystoreDirectoryName;    private char mKeyPassword[];    private char mStorePassword[];    private CardKeys mHardTokenObject;	private final Map mSignEntity;    private ICertificateStoreOnlyDataSessionLocal m_certStore = null;    public OCSPServletStandAlone() {        super();        mSignEntity = new HashMap();    }    public void init(ServletConfig config) throws ServletException {        super.init(config);        try {            {                final String keyPassword = config.getInitParameter("keyPassword");                mKeyPassword = keyPassword!=null ? keyPassword.toCharArray() : null;            }            if ( mKeyPassword==null || mKeyPassword.length==0 )                throw new ServletException("no keystore password given");            {                final String storePassword = config.getInitParameter("storePassword");                mStorePassword = storePassword!=null ? storePassword.toCharArray() : null;            }            if ( mHardTokenObject==null ) {                final String hardTokenClassName = config.getInitParameter("hardTokenClassName");                if ( hardTokenClassName!=null && hardTokenClassName.length()>0 ) {                    String sCardPassword = config.getInitParameter("cardPassword");                    sCardPassword = sCardPassword!=null ? sCardPassword.trim() : null;                    if ( sCardPassword!=null && sCardPassword.length()>0 ) {                        try {                            mHardTokenObject = (CardKeys)OCSPServletStandAlone.class.getClassLoader().loadClass(hardTokenClassName).newInstance();                            mHardTokenObject.autenticate(sCardPassword);                        } catch( ClassNotFoundException e) {                    		String iMsg = intres.getLocalizedMessage("ocsp.classnotfound", hardTokenClassName);                            m_log.info(iMsg);                        }                    } else {                		String iMsg = intres.getLocalizedMessage("ocsp.nocardpwd");                        m_log.info(iMsg);                    }                } else {            		String iMsg = intres.getLocalizedMessage("ocsp.nohwsigningclass");            		m_log.info(iMsg);                }            }            if ( mStorePassword==null || mStorePassword.length==0 )                mStorePassword = mKeyPassword;            mKeystoreDirectoryName = config.getInitParameter("softKeyDirectoryName");            if ( mKeystoreDirectoryName!=null && mKeystoreDirectoryName.length()>0 ) {                ExtOCSPHealthCheck.setHealtChecker(this);                return;            } else {        		String errMsg = intres.getLocalizedMessage("ocsp.errornovalidkeys");            	throw new ServletException(errMsg);            }        } catch( ServletException e ) {            throw e;        } catch (Exception e) {    		String errMsg = intres.getLocalizedMessage("ocsp.errorinitialize");            m_log.error(errMsg, e);            throw new ServletException(e);        }    }        /**     * Returns the certificate data only session bean     */    private synchronized ICertificateStoreOnlyDataSessionLocal getStoreSessionOnlyData(){    	if(m_certStore == null){	    		try {                ServiceLocator locator = ServiceLocator.getInstance();                ICertificateStoreOnlyDataSessionLocalHome castorehome =                    (ICertificateStoreOnlyDataSessionLocalHome)locator.getLocalHome(ICertificateStoreOnlyDataSessionLocalHome.COMP_NAME);                m_certStore = castorehome.create();    		}catch(Exception e){    			throw new EJBException(e);      	  	    	  	    		}    	}    	return m_certStore;    }    private X509Certificate[] getCertificateChain(X509Certificate cert, Admin adm) {        RevokedCertInfo revokedInfo = isRevoked(adm, cert.getIssuerDN().getName(),                cert.getSerialNumber());		String wMsg = intres.getLocalizedMessage("ocsp.signcertnotindb", cert.getSerialNumber(), cert.getIssuerDN());        if ( revokedInfo==null ) {            m_log.warn(wMsg);            return null;        }        if ( revokedInfo.getReason()!=RevokedCertInfo.NOT_REVOKED ) {    		wMsg = intres.getLocalizedMessage("ocsp.signcertrevoked", cert.getSerialNumber(), cert.getIssuerDN());            m_log.warn(wMsg);            return null;        }        X509Certificate chain[] = null;        final List list = new ArrayList();        X509Certificate current = cert;        while( true ) {        	list.add(current);        	if ( current.getIssuerX500Principal().equals(current.getSubjectX500Principal()) ) {        		chain = (X509Certificate[])list.toArray(new X509Certificate[0]);        		break;        	}        	Iterator j = m_cacerts.iterator();        	boolean isNotFound = true;        	while( isNotFound && j.hasNext() ) {        		X509Certificate target = (X509Certificate)j.next();        		if (m_log.isDebugEnabled()) {            		m_log.debug( "current issuer '" + current.getIssuerX500Principal() +            				"'. target subject: '" + target.getSubjectX500Principal() + "'.");        			        		}        		if ( current.getIssuerX500Principal().equals(target.getSubjectX500Principal()) ) {        			current = target;        			isNotFound = false;        		}        	}        	if ( isNotFound )        		break;
12 下一页
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -