ca.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package org.ejbca.core.model.ca.caadmin;

import java.io.Serializable;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;

import javax.ejb.EJBException;

import org.apache.log4j.Logger;
import org.bouncycastle.cms.CMSException;
import org.ejbca.core.model.UpgradeableDataHashMap;
import org.ejbca.core.model.ca.SignRequestSignatureException;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.CmsCAService;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.CmsCAServiceInfo;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.CmsCAServiceRequest;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAService;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceNotActiveException;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceRequest;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceRequestException;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceResponse;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.IllegalExtendedCAServiceRequestException;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.KeyRecoveryCAServiceRequest;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.KeyRecoveryCAServiceResponse;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAService;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceInfo;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.XKMSCAService;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.XKMSCAServiceInfo;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.XKMSCAServiceRequest;
import org.ejbca.core.model.ca.catoken.CAToken;
import org.ejbca.core.model.ca.catoken.CATokenInfo;
import org.ejbca.core.model.ca.catoken.HardCATokenContainer;
import org.ejbca.core.model.ca.catoken.HardCATokenManager;
import org.ejbca.core.model.ca.catoken.NullCAToken;
import org.ejbca.core.model.ca.catoken.SoftCAToken;
import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile;
import org.ejbca.core.model.ra.UserDataVO;
import org.ejbca.util.Base64;
import org.ejbca.util.CertTools;




/**
 * CA is a base class that should be inherited by all CA types
 *
 * @version $Id: CA.java,v 1.17 2007/01/16 11:43:26 anatom Exp $
 */
public abstract class CA extends UpgradeableDataHashMap implements Serializable {

    /** Log4j instance */
    private static Logger log = Logger.getLogger(CA.class);

	public static final String TRUE  = "true";
    public static final String FALSE = "false";
    
    // protected fields.
    public    static final String CATYPE                         = "catype";
    protected static final String SUBJECTDN                      = "subjectdn";
    protected static final String CAID                           = "caid";
    protected static final String NAME                           = "name";
    protected static final String STATUS                         = "status";
    protected static final String VALIDITY                       = "validity";
    protected static final String EXPIRETIME                     = "expiretime";
    protected static final String CERTIFICATECHAIN               = "certificatechain";
    protected static final String CATOKENDATA                    = "catoken";
    protected static final String SIGNEDBY                       = "signedby";
    protected static final String DESCRIPTION                    = "description";
    protected static final String REVOKATIONREASON               = "revokationreason";
	protected static final String REVOKATIONDATE                 = "revokationdate";
    protected static final String CERTIFICATEPROFILEID           = "certificateprofileid";
    protected static final String CRLPERIOD                      = "crlperiod";
    protected static final String CRLISSUEINTERVAL               = "crlIssueInterval";
    protected static final String CRLOVERLAPTIME                 = "crlOverlapTime";
    protected static final String CRLPUBLISHERS                  = "crlpublishers";
	protected static final String FINISHUSER                     = "finishuser";
	protected static final String REQUESTCERTCHAIN               = "requestcertchain";
	protected static final String EXTENDEDCASERVICES             = "extendedcaservices";
	protected static final String EXTENDEDCASERVICE              = "extendedcaservice";
	protected static final String APPROVALSETTINGS               = "approvalsettings";
	protected static final String NUMBEROFREQAPPROVALS           = "numberofreqapprovals";
    
    // Public Methods
    /** Creates a new instance of CA, this constuctor should be used when a new CA is created */
    public CA(CAInfo cainfo){
       data = new HashMap();
       
       this.cainfo = cainfo;
              
       data.put(VALIDITY, new Integer(cainfo.getValidity()));
       data.put(SIGNEDBY, new Integer(cainfo.getSignedBy()));
       data.put(DESCRIPTION, cainfo.getDescription());
       data.put(REVOKATIONREASON, new Integer(-1));
       data.put(CERTIFICATEPROFILEID, new Integer(cainfo.getCertificateProfileId()));
       setCRLPeriod(cainfo.getCRLPeriod());
       setCRLIssueInterval(cainfo.getCRLIssueInterval());
       setCRLOverlapTime(cainfo.getCRLOverlapTime());
       setCRLPublishers(cainfo.getCRLPublishers());
       setFinishUser(cainfo.getFinishUser());
       
	   
	   Iterator iter = cainfo.getExtendedCAServiceInfos().iterator();
	   ArrayList extendedservicetypes = new ArrayList(); 
	   while(iter.hasNext()){
	   	 ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next();
	   	 if(next instanceof OCSPCAServiceInfo){
	   	   setExtendedCAService(new OCSPCAService(next));
	   	   extendedservicetypes.add(new Integer(ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE));
	   	 }
	   	 if(next instanceof XKMSCAServiceInfo){
		   setExtendedCAService(new XKMSCAService(next));
		   extendedservicetypes.add(new Integer(ExtendedCAServiceInfo.TYPE_XKMSEXTENDEDSERVICE));
		 }
	   	 if(next instanceof CmsCAServiceInfo){
			   setExtendedCAService(new CmsCAService(next));
			   extendedservicetypes.add(new Integer(ExtendedCAServiceInfo.TYPE_CMSEXTENDEDSERVICE));
			 }
	   }
	   data.put(EXTENDEDCASERVICES, extendedservicetypes);
	   setApprovalSettings(cainfo.getApprovalSettings());
	   setNumOfRequiredApprovals(cainfo.getNumOfReqApprovals());
    }
    
    /** Constructor used when retrieving existing CA from database. */
    public CA(HashMap data){
      loadData(data);
      extendedcaservicemap = new HashMap();
    }
    public void setCAInfo(CAInfo cainfo) {
        this.cainfo = cainfo;    	
    }
    public CAInfo getCAInfo() {
        return this.cainfo;    	
    }

    // Public Methods.
    public String getSubjectDN(){
    	return cainfo.getSubjectDN();
    }
    public void setSubjectDN(String subjectdn){
    	cainfo.subjectdn = subjectdn;
    }
    
    public int getCAId(){
    	return cainfo.getCAId();
    }    
    public void setCAId(int caid){
    	cainfo.caid = caid;
    }    
    
    public String getName(){
    	return cainfo.getName();
    }
    public void setName(String caname){
    	cainfo.name = caname;
    }
    
    public int getStatus(){
    	return cainfo.getStatus();	
    }
    public void setStatus(int status){
    	cainfo.status = status;	
    }
    
    public int getCAType(){ return ((Integer)data.get(CATYPE)).intValue();}
    
    public int getValidity(){ return ((Integer) data.get(VALIDITY)).intValue();}
    public void setValidity(int validity){ data.put(VALIDITY,  new Integer(validity));}
    
    public Date getExpireTime(){return ((Date)data.get(EXPIRETIME));}
    public void setExpireTime(Date expiretime) { data.put(EXPIRETIME,expiretime);}    
   
    public int getSignedBy(){ return ((Integer) data.get(SIGNEDBY)).intValue();}
    
    public String getDescription(){return ((String)data.get(DESCRIPTION));}
    public void setDescription(String description) { data.put(DESCRIPTION,description);}  
    
    public int getRevokationReason(){return ((Integer) data.get(REVOKATIONREASON)).intValue();}
    public void setRevokationReason(int reason){ data.put(REVOKATIONREASON,new Integer(reason));}
        
	public Date getRevokationDate(){return (Date) data.get(REVOKATIONDATE);}
	public void setRevokationDate(Date date){ data.put(REVOKATIONDATE,date);}
                
    public int  getCRLPeriod(){return ((Integer)data.get(CRLPERIOD)).intValue();}
    public void setCRLPeriod(int crlperiod) {data.put(CRLPERIOD, new Integer(crlperiod));}
    
    public int  getCRLIssueInterval(){return ((Integer)data.get(CRLISSUEINTERVAL)).intValue();}
    public void setCRLIssueInterval(int crlIssueInterval) {data.put(CRLISSUEINTERVAL, new Integer(crlIssueInterval));}
    
    public int  getCRLOverlapTime(){return ((Integer)data.get(CRLOVERLAPTIME)).intValue();}
    public void setCRLOverlapTime(int crlOverlapTime) {data.put(CRLOVERLAPTIME, new Integer(crlOverlapTime));}

    public Collection  getCRLPublishers(){return ((Collection)data.get(CRLPUBLISHERS));}
    public void setCRLPublishers(Collection crlpublishers) {data.put(CRLPUBLISHERS, crlpublishers);}    
    
    
    public int getCertificateProfileId() {return ((Integer) data.get(CERTIFICATEPROFILEID)).intValue();}
    
    /** Returns the CAs token. The token is fetched from the token registry, or created and added to the token registry.
     * 
     * @return The CAs token, be it soft or hard.
     * @throws IllegalKeyStoreException If the token keystore is invalid (crypto error thrown by crypto provider), or the CA token type is undefined.
     */
    public CAToken getCAToken(int caid) throws IllegalKeyStoreException {
        CAToken ret = HardCATokenManager.instance().getCAToken(caid);
        if (ret == null) {
        	Integer tokentype = (Integer) ((HashMap)data.get(CATOKENDATA)).get(CAToken.CATOKENTYPE);
            switch(tokentype.intValue()) {
            case CATokenInfo.CATOKENTYPE_P12:
                ret = new SoftCAToken((HashMap)data.get(CATOKENDATA));
                break;
            case CATokenInfo.CATOKENTYPE_HSM:
                ret = new HardCATokenContainer((HashMap)data.get(CATOKENDATA)); 
                break;
            case CATokenInfo.CATOKENTYPE_NULL:
                ret = new NullCAToken();
                break;
            default:
                throw new IllegalKeyStoreException("No CA Token type defined: "+tokentype.intValue());
            }
            HardCATokenManager.instance().addCAToken(caid, ret);
        }            
      return ret;    	
    }
    /** Returns the CAs token. The token is fetched from the token registry, or created and added to the token registry.
     * 
     * @return The CAs token, be it soft or hard.
     * @throws IllegalKeyStoreException If the token keystore is invalid (crypto error thrown by crypto provider), or the CA token type is undefined.
     */
    public CAToken getCAToken() throws IllegalKeyStoreException {
    	return getCAToken(getCAId());
    }    
        
    /** Sets the CA token. Adds or updates the token in the token registry.
     * 
     * @param catoken The CAs token, be it soft or hard.
     */
    public void setCAToken(CAToken catoken){
       data.put(CATOKENDATA, catoken.saveData());        
       HardCATokenManager.instance().addCAToken(getCAId(), catoken);
    }
    
    public Collection getRequestCertificateChain(){
      if(requestcertchain == null){
        Collection storechain = (Collection) data.get(REQUESTCERTCHAIN);
        Iterator iter = storechain.iterator();
        this.requestcertchain = new ArrayList();
        while(iter.hasNext()){
          String b64Cert = (String) iter.next();
          try{
            this.requestcertchain.add(CertTools.getCertfromByteArray(Base64.decode(b64Cert.getBytes())));
          }catch(Exception e){
             throw new EJBException(e);   
          }
        }        
      }
        
      return requestcertchain; 
    }
    
    public void setRequestCertificateChain(Collection requestcertificatechain){
      Iterator iter = requestcertificatechain.iterator();
      ArrayList storechain = new ArrayList();
      while(iter.hasNext()){
        Certificate cert = (Certificate) iter.next();
        try{ 
          String b64Cert = new String(Base64.encode(cert.getEncoded()));
          storechain.add(b64Cert);
        }catch(Exception e){
          throw new EJBException(e);  
        }  
      }
      data.put(REQUESTCERTCHAIN,storechain);  
      
      this.requestcertchain = new ArrayList();
      this.requestcertchain.addAll(requestcertificatechain);
    }

    /* Returns a collection of CA-certificates, with this CAs cert i position 0, or null
     * if no CA-certificates exist.
     */