caadminsessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

                    ca.setRequestCertificateChain(createCertChain(cachain));
                    
                    // generate PKCS10CertificateRequest
                    // TODO implement PKCS10 Certificate Request attributes.
                    ASN1Set attributes = null;
                    
                    /* We don't use these uneccesary attributes
                     DERConstructedSequence kName = new DERConstructedSequence();
                     DERConstructedSet  kSeq = new DERConstructedSet();
                     kName.addObject(PKCSObjectIdentifiers.pkcs_9_at_emailAddress);
                     kSeq.addObject(new DERIA5String("foo@bar.se"));
                     kName.addObject(kSeq);
                     req.setAttributes(kName);
                     */
                    
                    PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA",
                            CertTools.stringToBcX509Name(ca.getSubjectDN()), ca.getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN), attributes, ca.getCAToken().getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN), ca.getCAToken().getProvider());
                    
                    // create PKCS10RequestMessage
                    returnval = new PKCS10RequestMessage(req);
                    // Set statuses.
                    if(setstatustowaiting){
                        cadata.setStatus(SecConst.CA_WAITING_CERTIFICATE_RESPONSE);
                        ca.setStatus(SecConst.CA_WAITING_CERTIFICATE_RESPONSE);
                    }
                    
                    cadata.setCA(ca);
                }else{
                    // Cannot create certificate request for internal CA
            		String msg = intres.getLocalizedMessage("caadmin.errorcertreqinternalca", new Integer(caid));            	
                    getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg);
                    throw new EJBException(new EjbcaException(msg));
                }
            }catch(CATokenOfflineException e) {                
        		String msg = intres.getLocalizedMessage("caadmin.errorcertreq", new Integer(caid));            	
                getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg,e);
                throw e;
            }
        }catch(CertPathValidatorException e) {
    		String msg = intres.getLocalizedMessage("caadmin.errorcertreq", new Integer(caid));            	
            getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg,e);
            throw e;
        }catch(Exception e){
    		String msg = intres.getLocalizedMessage("caadmin.errorcertreq", new Integer(caid));            	
            getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg,e);
            throw new EJBException(e);
        }
        
		String msg = intres.getLocalizedMessage("caadmin.certreqcreated", new Integer(caid));            	
        getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_INFO_CAEDITED,msg);
        
        return returnval;
    } // makeRequest

    /**
     *  Receives a certificate response from an external CA and sets the newly created CAs status to active.
     * @throws EjbcaException 
     *  
     * @ejb.interface-method
     */
    public void receiveResponse(Admin admin, int caid, IResponseMessage responsemessage) throws AuthorizationDeniedException, CertPathValidatorException, EjbcaException{
    	// check authorization
    	Certificate cacert = null;
    	// Check authorization
    	try{
    		getAuthorizationSession().isAuthorizedNoLog(admin,"/super_administrator");
    	}catch(AuthorizationDeniedException e){
    		String msg = intres.getLocalizedMessage("caadmin.notauthorizedtocertresp", new Integer(caid));            	
    		getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE,msg,e);
    		throw new AuthorizationDeniedException(msg);
    	}

    	// Get CA info.
    	CADataLocal cadata = null;
    	try{
    		cadata = this.cadatahome.findByPrimaryKey(new Integer(caid));
    		CA ca = cadata.getCA();

    		try{
    			if(responsemessage instanceof X509ResponseMessage){
    				cacert = ((X509ResponseMessage) responsemessage).getCertificate();
    			}else{
    	    		String msg = intres.getLocalizedMessage("caadmin.errorcertrespillegalmsg");            	
    				getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util. Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg);
    				throw new EjbcaException(msg);
    			}

    			// if issuer is insystem CA or selfsigned, then generate new certificate.
    			if(ca.getSignedBy() == CAInfo.SIGNEDBYEXTERNALCA){
    				// check the validity of the certificate chain.

    				// Check that DN is the equals the request.
    				if(!CertTools.getSubjectDN((X509Certificate) cacert).equals(CertTools.stringToBCDNString(ca.getSubjectDN()))){
        	    		String msg = intres.getLocalizedMessage("caadmin.errorcertrespwrongdn", CertTools.getSubjectDN((X509Certificate) cacert), ca.getSubjectDN());            	
    					getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg);
    					throw new EjbcaException(msg);
    				}

    				ArrayList cachain = new ArrayList();
    				cachain.add(cacert);
    				cachain.addAll(ca.getRequestCertificateChain());

    				ca.setCertificateChain(createCertChain(cachain));
    				// Set statuses.
    				cadata.setStatus(SecConst.CA_ACTIVE);

    				// Publish CA Cert
    		        ArrayList cacertcol = new ArrayList();
    		        cacertcol.add(cacert);
    				getSignSession().publishCACertificate(admin, cacertcol, ca.getCRLPublishers());

    				if(ca instanceof X509CA){
    					cadata.setExpireTime(((X509Certificate) cacert).getNotAfter().getTime());
    				}

    				// activate External CA Services
    				Iterator iter = ca.getExternalCAServiceTypes().iterator();
    				while(iter.hasNext()){
    				    int type = ((Integer) iter.next()).intValue();
    				    try{
    				        ca.initExternalService(type, ca);
    				        ArrayList extcacertificate = new ArrayList();
    				        if(type == ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE){
    				        	extcacertificate.add(((OCSPCAServiceInfo) ca.getExtendedCAServiceInfo(ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE)).getOCSPSignerCertificatePath().get(0));
    				        }
    				        if(type == ExtendedCAServiceInfo.TYPE_XKMSEXTENDEDSERVICE){
    				        	extcacertificate.add(((XKMSCAServiceInfo) ca.getExtendedCAServiceInfo(ExtendedCAServiceInfo.TYPE_XKMSEXTENDEDSERVICE)).getXKMSSignerCertificatePath().get(0));
    				        }
    				        if(type == ExtendedCAServiceInfo.TYPE_CMSEXTENDEDSERVICE){
    				        	extcacertificate.add(((CmsCAServiceInfo) ca.getExtendedCAServiceInfo(ExtendedCAServiceInfo.TYPE_CMSEXTENDEDSERVICE)).getCertificatePath().get(0));
    				        }
    				        getSignSession().publishCACertificate(admin, extcacertificate, ca.getCRLPublishers());
    				    }catch(CATokenOfflineException e){
            	    		String msg = intres.getLocalizedMessage("caadmin.errorcreatecaservice", new Integer(caid));            	
    				        getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED,msg,e);
    				        throw e;
    				    }catch(Exception fe){
            	    		String msg = intres.getLocalizedMessage("caadmin.errorcreatecaservice", new Integer(caid));            	
    				        getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED,msg,fe);
    				        throw new EJBException(fe);
    				    }
    				}
                    // Save CA
    				cadata.setCA(ca);
                    //  create initial CRL
                    this.getCRLCreateSession().run(admin,ca.getSubjectDN());
    			}else{
    	    		String msg = intres.getLocalizedMessage("caadmin.errorcreatecaservice", new Integer(caid));            	
    				// Cannot create certificate request for internal CA
    				getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg);
    				throw new EjbcaException(msg);
    			}

    		}catch(CATokenOfflineException e){
	    		String msg = intres.getLocalizedMessage("caadmin.errorcertresp", new Integer(caid));            	
    			getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg, e);
    			throw e;
    		} catch (CertificateEncodingException e) {
	    		String msg = intres.getLocalizedMessage("caadmin.errorcertresp", new Integer(caid));            	
        		getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg, e);
        		throw new EjbcaException(e.getMessage());
			} catch (CertificateException e) {
	    		String msg = intres.getLocalizedMessage("caadmin.errorcertresp", new Integer(caid));            	
	    		getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg, e);
	    		throw new EjbcaException(e.getMessage());
			} catch (IOException e) {
	    		String msg = intres.getLocalizedMessage("caadmin.errorcertresp", new Integer(caid));            	
	    		getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg, e);
	    		throw new EjbcaException(e.getMessage());
			}
    	}catch(FinderException e){
    		String msg = intres.getLocalizedMessage("caadmin.errorcertresp", new Integer(caid));            	
    		getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg, e);
    		throw new EjbcaException(e.getMessage());
    	} catch (UnsupportedEncodingException e) {
    		String msg = intres.getLocalizedMessage("caadmin.errorcertresp", new Integer(caid));            	
    		getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg, e);
    		throw new EjbcaException(e.getMessage());
		}

		String msg = intres.getLocalizedMessage("caadmin.certrespreceived", new Integer(caid));            	
    	getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_INFO_CAEDITED,msg);
    } // recieveResponse

    /**
     *  Processes a Certificate Request from an external CA.
     *   
     * @ejb.interface-method
     */
    public IResponseMessage processRequest(Admin admin, CAInfo cainfo, IRequestMessage requestmessage)
    throws CAExistsException, CADoesntExistsException, AuthorizationDeniedException, CATokenOfflineException {
    	CA ca = null;
    	Collection certchain = null;
    	IResponseMessage returnval = null;
    	// check authorization
    	try{
    		getAuthorizationSession().isAuthorizedNoLog(admin,"/super_administrator");
    	}catch(AuthorizationDeniedException e){
    		String msg = intres.getLocalizedMessage("caadmin.notauthorizedtocertresp", cainfo.getName());            	
    		getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE,msg,e);
    		throw new AuthorizationDeniedException(msg);
    	}

    	// Check that CA doesn't already exists
    	try{
    		int caid = cainfo.getCAId();
    		if(caid >=0 && caid <= CAInfo.SPECIALCAIDBORDER){
        		String msg = intres.getLocalizedMessage("caadmin.errorcaexists", cainfo.getName());            	
    			getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg);
    			throw new CAExistsException(msg);
    		}
    		cadatahome.findByPrimaryKey(new Integer(caid));
    		String msg = intres.getLocalizedMessage("caadmin.errorcaexists", cainfo.getName());            	
    		getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg);
    		throw new CAExistsException(msg);
    	}catch(javax.ejb.FinderException fe) {}

    	try{
    		cadatahome.findByName(cainfo.getName());
    		String msg = intres.getLocalizedMessage("caadmin.errorcaexists", cainfo.getName());            	
    		getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg);
    		throw new CAExistsException(msg);
    	}catch(javax.ejb.FinderException fe) {}

    	//get signing CA
    	if(cainfo.getSignedBy() > CAInfo.SPECIALCAIDBORDER || cainfo.getSignedBy() < 0){
    		try{
    			CADataLocal signcadata = cadatahome.findByPrimaryKey(new Integer(cainfo.getSignedBy()));
    			CA signca = signcadata.getCA();
    			try{
    				//Check that the signer is valid
    				checkSignerValidity(admin, signcadata);

    				// Get public key from request
    				PublicKey publickey = requestmessage.getRequestPublicKey();

    				// Create cacertificate
    				Certificate cacertificate = null;
    				if(cainfo instanceof X509CAInfo){    					
    					UserDataVO cadata = new UserDataVO("nobody", cainfo.getSubjectDN(), cainfo.getSubjectDN().hashCode(), ((X509CAInfo) cainfo).getSubjectAltName(), null,
    							0, 0, 0,  cainfo.getCertificateProfileId(), null, null, 0, 0, null);
    					if(requestmessage instanceof PKCS10RequestMessage){
    					  ExtendedInformation extInfo = new ExtendedInformation();
    					  PKCS10CertificationRequest pkcs10 = ((PKCS10RequestMessage) requestmessage).getCertificationRequest();
    					  extInfo.setCustomData("PKCS10", new String(Base64.encode(pkcs10.getEncoded()))); 
    					  cadata.setExtendedinformation(extInfo);
    					}
    					CertificateProfile certprofile = getCertificateStoreSession().getCertificateProfile(admin, cainfo.getCertificateProfileId());
    					cacertificate = signca.generateCertificate(cadata, publickey, -1, cainfo.getValidity(), certprofile);
    					returnval = new X509ResponseMessage();
    					returnval.setCertificate(cacertificate);
    				}
    				// Build Certificate Chain
    				Collection rootcachain = signca.getCertificateChain();
    				certchain = new ArrayList();
    				certchain.add(cacertificate);
    				certchain.addAll(rootcachain);

    				if(cainfo instanceof X509CAInfo){
    					// Create X509CA
    					ca = new X509CA((X509CAInfo) cainfo);
    					ca.setCertificateChain(certchain);
    					ca.setCAToken(new NullCAToken());
    				}