xkmsinvoker.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/

package org.ejbca.core.protocol.xkms.client;

import gnu.inet.encoding.StringprepException;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Key;
import java.security.PrivateKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.PropertyException;
import javax.xml.bind.Unmarshaller;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Source;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamSource;
import javax.xml.ws.Dispatch;
import javax.xml.ws.Service;

import org.apache.log4j.Logger;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.TransformationException;
import org.ejbca.core.protocol.xkms.XKMSService;
import org.ejbca.core.protocol.xkms.common.XKMSConstants;
import org.ejbca.core.protocol.xkms.common.XKMSNamespacePrefixMapper;
import org.ejbca.core.protocol.xkms.common.XKMSUtil;
import org.ejbca.util.CertTools;
import org.w3._2002._03.xkms_.LocateRequestType;
import org.w3._2002._03.xkms_.LocateResultType;
import org.w3._2002._03.xkms_.ObjectFactory;
import org.w3._2002._03.xkms_.RecoverRequestType;
import org.w3._2002._03.xkms_.RecoverResultType;
import org.w3._2002._03.xkms_.RegisterRequestType;
import org.w3._2002._03.xkms_.RegisterResultType;
import org.w3._2002._03.xkms_.ReissueRequestType;
import org.w3._2002._03.xkms_.ReissueResultType;
import org.w3._2002._03.xkms_.RequestAbstractType;
import org.w3._2002._03.xkms_.RevokeRequestType;
import org.w3._2002._03.xkms_.RevokeResultType;
import org.w3._2002._03.xkms_.ValidateRequestType;
import org.w3._2002._03.xkms_.ValidateResultType;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;

/**
 * Helper class that performs the prefix replacements
 * and does the dispatch invokation. 
 * 
 * 
 * @author Philip Vendil 2006 dec 19
 *
 * @version $Id: XKMSInvoker.java,v 1.2 2007/01/05 05:32:54 herrvendil Exp $
 */

public class XKMSInvoker {

	private static Logger log = Logger.getLogger(XKMSInvoker.class);

	private static JAXBContext jAXBContext = null;
	private static Marshaller marshaller = null;
	private static Unmarshaller unmarshaller = null;
	private static DocumentBuilderFactory dbf = null;
	
	private Collection cacerts = null;

	private static Dispatch<Source> sourceDispatch = null; 
	private ObjectFactory xKMSObjectFactory = new ObjectFactory();	

	static{    	
		try {
			org.apache.xml.security.Init.init();
			CertTools.installBCProvider();				        

			jAXBContext = JAXBContext.newInstance("org.w3._2002._03.xkms_:org.w3._2001._04.xmlenc_:org.w3._2000._09.xmldsig_");    		
			marshaller = jAXBContext.createMarshaller();
			try {
				marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper",new XKMSNamespacePrefixMapper());
			} catch( PropertyException e ) {
				log.error("Error registering namespace mapper property",e);
			}
			dbf = DocumentBuilderFactory.newInstance();
			dbf.setNamespaceAware(true);
			unmarshaller = jAXBContext.createUnmarshaller();

		} catch (JAXBException e) {
			log.error("Error initializing RequestAbstractTypeResponseGenerator",e);
		}

	}
	    
	/**
	 * Creates an invoker to the web service at the specified URL
	 * 
	 * @param serviceURL the url to the web service.
	 * @param cacerts a collection of trusted CA signing responses. Use null if signed responeses isn't required.
	 */
	public XKMSInvoker(String serviceURL, Collection cacerts){
		XKMSService xkmsService;
		try {
			xkmsService = new XKMSService(new URL(serviceURL + ".wsdl"),new QName("http://www.w3.org/2002/03/xkms#wsdl", "XKMSService"));
			sourceDispatch = xkmsService.createDispatch(new QName("http://www.w3.org/2002/03/xkms#wsdl", "XKMSPort"), Source.class, Service.Mode.PAYLOAD);
		} catch (MalformedURLException e) {
		  log.error("Error creating XKMS Service instance",e);
		}   
		
		this.cacerts = cacerts;
		if(cacerts==null){
			cacerts = new ArrayList();
		}
	}

	/**
	 * Creates a locate call to the web service
	 * 
	 * @param locateRequestType the request
	 * @param signCert the certificate that should sign the request, or null of no signing should be performed
	 * @param privateKey the key doing the signing, or null of no signing should be performed
	 * @return a LocateResultType
	 * @throws XKMSResponseSignatureException if the response signature didn't verify
	 */
	public LocateResultType locate(LocateRequestType locateRequestType, X509Certificate signCert, Key privateKey) throws XKMSResponseSignatureException{				
		JAXBElement<LocateRequestType> locateRequest = xKMSObjectFactory.createLocateRequest(locateRequestType);
		DOMSource domSource = performSigning(locateRequest, locateRequestType.getId(), signCert, privateKey);
		JAXBElement<LocateResultType> response = invoke(domSource);
				
		return response.getValue();
	}
	
	/**
	 * Creates a validate call to the web service
	 * 
	 * @param validateRequestType the request
	 * @param signCert the certificate that should sign the request, or null of no signing should be performed
	 * @param privateKey the key doing the signing, or null of no signing should be performed
	 * @return a ValidateResultType
	 * @throws XKMSResponseSignatureException if the response signature didn't verify
	 */
	public ValidateResultType validate(ValidateRequestType validateRequestType, X509Certificate signCert, Key privateKey) throws XKMSResponseSignatureException{				
		JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory.createValidateRequest(validateRequestType);
		DOMSource domSource = performSigning(validateRequest, validateRequestType.getId(), signCert, privateKey);
		JAXBElement<ValidateResultType> response = invoke(domSource);		
		
		return response.getValue();
	}
	
	/**
	 * Creates a register call to the web service
	 * 
	 * @param registerRequestType the request
	 * @param signCert the certificate that should sign the request, or null of no signing should be performed
	 * @param privateKey the key doing the signing, or null of no signing should be performed
	 * @param authenticationPassphrase the authenticationkeybinding passphrase, use null if it shouldn't be used.
	 * @param pOPPrivateKey private key to sign POP Element, use null to not append POPElement
	 * @param prototypeKeyBindingId is of the PrototypeKeyBinding tag.
	 * @return a RegisterResultType
	 * @throws XKMSResponseSignatureException if the response signature didn't verify
	 * @throws StringprepException if the passphrase doesn't fullfull the SASLPrep profile
	 */
	public RegisterResultType register(RegisterRequestType registerRequestType, X509Certificate signCert, Key privateKey, String authenticationPassphrase, PrivateKey pOPPrivateKey, String prototypeKeyBindingId) throws XKMSResponseSignatureException, StringprepException{				
		JAXBElement<RegisterRequestType> registerRequest = xKMSObjectFactory.createRegisterRequest(registerRequestType);
		DOMSource domSource = performSigning(registerRequest, registerRequestType.getId(), signCert, privateKey, authenticationPassphrase, pOPPrivateKey, prototypeKeyBindingId);
		JAXBElement<RegisterResultType> response = invoke(domSource);		
		
		return response.getValue();
	}
	
	/**
	 * Creates a reissue call to the web service
	 * 
	 * @param reissueRequestType the request
	 * @param signCert the certificate that should sign the request, or null of no signing should be performed
	 * @param privateKey the key doing the signing, or null of no signing should be performed
	 * @param authenticationPassphrase the authenticationkeybinding passphrase, use null if it shouldn't be used.
	 * @param pOPPrivateKey private key to sign POP Element, use null to not append POPElement
	 * @param reissueKeyBindingId is of the PrototypeKeyBinding tag.
	 * @return a ReissueResultType
	 * @throws XKMSResponseSignatureException if the response signature didn't verify
	 * @throws StringprepException if the passphrase doesn't fullfull the SASLPrep profile
	 */
	public ReissueResultType reissue(ReissueRequestType reissueRequestType, X509Certificate signCert, Key privateKey, String authenticationPassphrase, PrivateKey pOPPrivateKey, String reissueKeyBindingId) throws XKMSResponseSignatureException, StringprepException{				
		JAXBElement<ReissueRequestType> reissueRequest = xKMSObjectFactory.createReissueRequest(reissueRequestType);
		DOMSource domSource = performSigning(reissueRequest, reissueRequestType.getId(), signCert, privateKey, authenticationPassphrase, pOPPrivateKey, reissueKeyBindingId);
		JAXBElement<ReissueResultType> response = invoke(domSource);		
		
		return response.getValue();
	}
	
	/**
	 * Creates a recover call to the web service
	 * 
	 * @param recoverRequestType the request
	 * @param signCert the certificate that should sign the request, or null of no signing should be performed
	 * @param privateKey the key doing the signing, or null of no signing should be performed