ca.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

	public Collection getCertificateChain(){
	  if(certificatechain == null){
		Collection storechain = (Collection) data.get(CERTIFICATECHAIN);
		if (storechain == null) {
			return null;
		}
		Iterator iter = storechain.iterator();
		this.certificatechain = new ArrayList();
		while(iter.hasNext()){
		  String b64Cert = (String) iter.next();
		  try{
			this.certificatechain.add(CertTools.getCertfromByteArray(Base64.decode(b64Cert.getBytes())));
		  }catch(Exception e){
			 throw new EJBException(e);   
		  }
		}        
	  }
	  return certificatechain; 
	}
    
	public void setCertificateChain(Collection certificatechain){
	  Iterator iter = certificatechain.iterator();
	  ArrayList storechain = new ArrayList();
	  while(iter.hasNext()){
		Certificate cert = (Certificate) iter.next();
		try{ 
		  String b64Cert = new String(Base64.encode(cert.getEncoded()));
		  storechain.add(b64Cert);
		}catch(Exception e){
		  throw new EJBException(e);  
		}  
	  }
	  data.put(CERTIFICATECHAIN,storechain);  
      
	  this.certificatechain = new ArrayList();
	  this.certificatechain.addAll(certificatechain);
	}

    
    /* Returns the CAs certificate, or null if no CA-certificates exist.
     */
    public Certificate getCACertificate(){       
       if(certificatechain == null) { 
    	   getCertificateChain();
    	   // if it's still null, return null
           if (certificatechain == null) {
        	   return null;
           }
       }
       return (Certificate) this.certificatechain.get(0);
    }
    
	public boolean  getFinishUser(){return ((Boolean)data.get(FINISHUSER)).booleanValue();}
	
	public void setFinishUser(boolean finishuser) {data.put(FINISHUSER, new Boolean(finishuser));}    
    
	/**
	 * Returns a collection of Integers (CAInfo.REQ_APPROVAL_ constants) of which
	 * action that requires approvals, default none 
	 * 
	 * Never null
	 * @return
	 */
	public Collection getApprovalSettings(){
		if(data.get(APPROVALSETTINGS) == null){
			return new ArrayList();
		}
		
		return (Collection) data.get(APPROVALSETTINGS);
	}
	
	/**
	 * Collection of Integers (CAInfo.REQ_APPROVAL_ constants) of which
	 * action that requires approvals
	 */
	public  void setApprovalSettings(Collection approvalSettings){
       data.put(APPROVALSETTINGS,approvalSettings);
	}
	
	/**
	 * Returns the number of different administrators that needs to approve
	 * an action, default 1.
	 */
	public int getNumOfRequiredApprovals(){
		if(data.get(NUMBEROFREQAPPROVALS) == null){
			return 1;
		}		
		return ((Integer) data.get(NUMBEROFREQAPPROVALS)).intValue();
	}
	
	/**
	 * The number of different administrators that needs to approve
	 */
    public void setNumOfRequiredApprovals(int numOfReqApprovals){
    	data.put(NUMBEROFREQAPPROVALS,new Integer(numOfReqApprovals));
    }
	
    public void updateCA(CAInfo cainfo) throws Exception{            
    	data.put(VALIDITY, new Integer(cainfo.getValidity()));                 
    	data.put(DESCRIPTION, cainfo.getDescription());      
    	data.put(CRLPERIOD, new Integer(cainfo.getCRLPeriod()));
    	data.put(CRLISSUEINTERVAL, new Integer(cainfo.getCRLIssueInterval()));
    	data.put(CRLOVERLAPTIME, new Integer(cainfo.getCRLOverlapTime()));
    	data.put(CRLPUBLISHERS, cainfo.getCRLPublishers());
    	data.put(APPROVALSETTINGS,cainfo.getApprovalSettings());
    	data.put(NUMBEROFREQAPPROVALS,new Integer(cainfo.getNumOfReqApprovals()));
    	CAToken token = getCAToken();
    	if (token != null) {
    		token.updateCATokenInfo(cainfo.getCATokenInfo());
    		setCAToken(token);
    	}
    	setFinishUser(cainfo.getFinishUser());
    	
    	Iterator iter = cainfo.getExtendedCAServiceInfos().iterator();
    	while(iter.hasNext()){
    		ExtendedCAServiceInfo info = (ExtendedCAServiceInfo) iter.next();
    		if(info instanceof OCSPCAServiceInfo){
    			this.getExtendedCAService(ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE).update(info, this);	
    		}
    		if(info instanceof XKMSCAServiceInfo){
    			this.getExtendedCAService(ExtendedCAServiceInfo.TYPE_XKMSEXTENDEDSERVICE).update(info, this);	
    		}
    		if(info instanceof CmsCAServiceInfo){
    			this.getExtendedCAService(ExtendedCAServiceInfo.TYPE_CMSEXTENDEDSERVICE).update(info, this);	
    		}
    	}
    	this.cainfo = cainfo;
    }
    
    
    public Certificate generateCertificate(UserDataVO subject, 
            PublicKey publicKey, 
            int keyusage, 
            long validity,
            CertificateProfile certProfile) throws Exception {
    	// Calculate the notAfter date
    	Date notAfter = null;
        if(validity != -1) {
            notAfter = new Date();
            notAfter.setTime(notAfter.getTime() + ( validity * 24 * 60 * 60 * 1000));        	
        }
        Date notBefore = new Date(); 
    	return generateCertificate(subject, publicKey, keyusage, notBefore, notAfter, certProfile); 
    }
    
    public abstract Certificate generateCertificate(UserDataVO subject, 
                                                    PublicKey publicKey, 
                                                    int keyusage,
                                                    Date notBefore,
                                                    Date notAfter,
                                                    CertificateProfile certProfile) throws Exception;
    
    public abstract CRL generateCRL(Vector certs, int crlnumber) throws Exception;
    
    public abstract byte[] createPKCS7(Certificate cert, boolean includeChain) throws SignRequestSignatureException;            
  
        
    public abstract byte[] encryptKeys(KeyPair keypair) throws Exception;
    
    public abstract KeyPair decryptKeys(byte[] data) throws Exception;

    
    // Methods used with extended services	
	/**
	 * Initializes the ExtendedCAService
	 * 
	 * @param info contains information used to activate the service.    
	 */
	public void initExternalService(int type,  CA ca) throws Exception{
		ExtendedCAService service = getExtendedCAService(type);
		if (service != null) {
			service.init(ca);
		}
	}
    	

	/** 
	 * Method used to retrieve information about the service.
	 */

	public ExtendedCAServiceInfo getExtendedCAServiceInfo(int type){
		ExtendedCAServiceInfo ret = null;
		ExtendedCAService service = getExtendedCAService(type);
		if (service != null) {
			ret = service.getExtendedCAServiceInfo();
		}
		return ret;		
	}

	/** 
	 * Method used to perform the service.
	 */
	public ExtendedCAServiceResponse extendedService(ExtendedCAServiceRequest request) 
	  throws ExtendedCAServiceRequestException, IllegalExtendedCAServiceRequestException, ExtendedCAServiceNotActiveException{
          ExtendedCAServiceResponse returnval = null; 
          if(request instanceof OCSPCAServiceRequest) {
              returnval = getExtendedCAService(ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE).extendedService(request);            
          }
          if(request instanceof XKMSCAServiceRequest) {
              returnval = getExtendedCAService(ExtendedCAServiceInfo.TYPE_XKMSEXTENDEDSERVICE).extendedService(request);            
          }
          if(request instanceof CmsCAServiceRequest) {
              returnval = getExtendedCAService(ExtendedCAServiceInfo.TYPE_CMSEXTENDEDSERVICE).extendedService(request);            
          }
          
          if(request instanceof KeyRecoveryCAServiceRequest){
          	KeyRecoveryCAServiceRequest keyrecoveryrequest =  (KeyRecoveryCAServiceRequest) request;
          	if(keyrecoveryrequest.getCommand() == KeyRecoveryCAServiceRequest.COMMAND_ENCRYPTKEYS){
          		try{	
          			returnval = new KeyRecoveryCAServiceResponse(KeyRecoveryCAServiceResponse.TYPE_ENCRYPTKEYSRESPONSE, 
          					encryptKeys(keyrecoveryrequest.getKeyPair()));	
          		}catch(CMSException e){
          			log.error("encrypt:", e.getUnderlyingException());
          			throw new IllegalExtendedCAServiceRequestException(e);
          		}catch(Exception e){
          			throw new IllegalExtendedCAServiceRequestException(e);
          		}
          	}else{
          		if(keyrecoveryrequest.getCommand() == KeyRecoveryCAServiceRequest.COMMAND_DECRYPTKEYS){
                  try{
                  	returnval = new KeyRecoveryCAServiceResponse(KeyRecoveryCAServiceResponse.TYPE_DECRYPTKEYSRESPONSE, 
          					this.decryptKeys(keyrecoveryrequest.getKeyData()));
          		  }catch(CMSException e){
          			 log.error("decrypt:", e.getUnderlyingException());
        		  	 throw new IllegalExtendedCAServiceRequestException(e);
         		  }catch(Exception e){
          		  	 throw new IllegalExtendedCAServiceRequestException(e);
          		  }
          		}else{
          		  throw new IllegalExtendedCAServiceRequestException("Illegal Command"); 
          		}
          	}          	
          }
          
          return returnval;
	}
    
    protected ExtendedCAService getExtendedCAService(int type){
      ExtendedCAService returnval = null;
	  try{
	    returnval = (ExtendedCAService) extendedcaservicemap.get(new Integer(type));	     		  
        if(returnval == null) {
        	switch(((Integer) ((HashMap)data.get(EXTENDEDCASERVICE+type)).get(ExtendedCAService.EXTENDEDCASERVICETYPE)).intValue()) {
	        	case ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE:
	        		returnval = new OCSPCAService((HashMap)data.get(EXTENDEDCASERVICE+type));
	        		break;	
	        	case ExtendedCAServiceInfo.TYPE_XKMSEXTENDEDSERVICE:
	        		returnval = new XKMSCAService((HashMap)data.get(EXTENDEDCASERVICE+type));
	        		break;	
	        	case ExtendedCAServiceInfo.TYPE_CMSEXTENDEDSERVICE:
	        		returnval = new CmsCAService((HashMap)data.get(EXTENDEDCASERVICE+type));
	        		break;	
        	}
		extendedcaservicemap.put(new Integer(type), returnval);
        }
	  }catch(Exception e){
	  	throw new EJBException(e);  
	  }
    
      return returnval;
    }
    
    protected void setExtendedCAService(ExtendedCAService extendedcaservice) {  
    	if(extendedcaservice instanceof OCSPCAService){		
    		data.put(EXTENDEDCASERVICE+ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE, extendedcaservice.saveData());    
    		extendedcaservicemap.put(new Integer(ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE), extendedcaservice);
    	} 
    	if(extendedcaservice instanceof XKMSCAService){		
    		data.put(EXTENDEDCASERVICE+ExtendedCAServiceInfo.TYPE_XKMSEXTENDEDSERVICE, extendedcaservice.saveData());    
    		extendedcaservicemap.put(new Integer(ExtendedCAServiceInfo.TYPE_XKMSEXTENDEDSERVICE), extendedcaservice);
    	} 
    	if(extendedcaservice instanceof CmsCAService){		
    		data.put(EXTENDEDCASERVICE+ExtendedCAServiceInfo.TYPE_CMSEXTENDEDSERVICE, extendedcaservice.saveData());    
    		extendedcaservicemap.put(new Integer(ExtendedCAServiceInfo.TYPE_CMSEXTENDEDSERVICE), extendedcaservice);
    	} 
    }
	/** 
	 * Returns a Collection of ExternalCAServices (int) added to this CA.
	 *
	 */
		
	public Collection getExternalCAServiceTypes(){
		if(data.get(EXTENDEDCASERVICES) == null)
		  return new ArrayList();
		  		
		return (Collection) data.get(EXTENDEDCASERVICES);	  	 
	}
    
    private HashMap extendedcaservicemap = new HashMap();
    
    private ArrayList certificatechain = null;
    private ArrayList requestcertchain = null;
    
    private CAInfo cainfo = null;

    /**
     * Method to upgrade new (or existing externacaservices)
     * This method needs to be called outside the regular upgrade
     * since the CA isn't instansiated in the regular upgrade.
     *
     */
	public abstract boolean upgradeExtendedCAServices() ;
}