xkmsprovider.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/

package org.ejbca.core.protocol.xkms;

import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

import javax.annotation.Resource;
import javax.ejb.CreateException;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.http.HttpServletRequest;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.PropertyException;
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.dom.DOMSource;
import javax.xml.ws.Provider;
import javax.xml.ws.Service;
import javax.xml.ws.ServiceMode;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.WebServiceProvider;
import javax.xml.ws.handler.MessageContext;

import org.apache.log4j.Logger;
import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal;
import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome;
import org.ejbca.core.ejb.ca.sign.ISignSessionLocal;
import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome;
import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal;
import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome;
import org.ejbca.core.model.InternalResources;
import org.ejbca.core.model.ca.caadmin.CAInfo;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.XKMSCAServiceRequest;
import org.ejbca.core.model.ca.caadmin.extendedcaservices.XKMSCAServiceResponse;
import org.ejbca.core.model.ca.crl.RevokedCertInfo;
import org.ejbca.core.model.log.Admin;
import org.ejbca.core.protocol.xkms.common.XKMSConstants;
import org.ejbca.core.protocol.xkms.common.XKMSNamespacePrefixMapper;
import org.ejbca.core.protocol.xkms.generators.LocateResponseGenerator;
import org.ejbca.core.protocol.xkms.generators.RecoverResponseGenerator;
import org.ejbca.core.protocol.xkms.generators.RegisterResponseGenerator;
import org.ejbca.core.protocol.xkms.generators.ReissueResponseGenerator;
import org.ejbca.core.protocol.xkms.generators.RevokeResponseGenerator;
import org.ejbca.core.protocol.xkms.generators.ValidateResponseGenerator;
import org.ejbca.core.protocol.xkms.generators.XKMSConfig;
import org.ejbca.util.CertTools;
import org.w3._2002._03.xkms_.LocateRequestType;
import org.w3._2002._03.xkms_.LocateResultType;
import org.w3._2002._03.xkms_.MessageAbstractType;
import org.w3._2002._03.xkms_.ObjectFactory;
import org.w3._2002._03.xkms_.RecoverRequestType;
import org.w3._2002._03.xkms_.RecoverResultType;
import org.w3._2002._03.xkms_.RegisterRequestType;
import org.w3._2002._03.xkms_.RegisterResultType;
import org.w3._2002._03.xkms_.ReissueRequestType;
import org.w3._2002._03.xkms_.ReissueResultType;
import org.w3._2002._03.xkms_.RequestAbstractType;
import org.w3._2002._03.xkms_.RevokeRequestType;
import org.w3._2002._03.xkms_.RevokeResultType;
import org.w3._2002._03.xkms_.ValidateRequestType;
import org.w3._2002._03.xkms_.ValidateResultType;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/**
 * The XKMS Web Service in provider form
 * 
 * This is used as a workaround for the namespace prefix handling
 * in the JAX-WS
 * 
 * 
 * @author Philip Vendil 2006 dec 18
 *
 * @version $Id: XKMSProvider.java,v 1.3.2.1 2007/02/02 08:59:00 anatom Exp $
 */

@ServiceMode(value=Service.Mode.PAYLOAD)
@WebServiceProvider(serviceName="XKMSService", targetNamespace = "http://www.w3.org/2002/03/xkms#wsdl", portName="XKMSPort")
public class XKMSProvider implements Provider<Source> {
	@Resource
	private WebServiceContext wsContext;
	
	private static Logger log = Logger.getLogger(XKMSPortType.class);
	
	private static final InternalResources intres = InternalResources.getInstance();
	
	protected Admin intAdmin = new Admin(Admin.TYPE_INTERNALUSER);
	
	private ObjectFactory xKMSObjectFactory = new ObjectFactory();
	
    private static JAXBContext jAXBContext = null;
    private static Marshaller marshaller = null;
    private static Unmarshaller unmarshaller = null;
    private static DocumentBuilderFactory dbf = null;
    
    static{    	
    	try {
    		org.apache.xml.security.Init.init();
    		jAXBContext = JAXBContext.newInstance("org.w3._2002._03.xkms_:org.w3._2001._04.xmlenc_:org.w3._2000._09.xmldsig_");    		
			marshaller = jAXBContext.createMarshaller();
	        try {
	            marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper",new XKMSNamespacePrefixMapper());
	        } catch( PropertyException e ) {
	           log.error(intres.getLocalizedMessage("xkms.errorregisteringnamespace"),e);
	        }
	    	dbf = DocumentBuilderFactory.newInstance();
	    	dbf.setNamespaceAware(true);
	    	unmarshaller = jAXBContext.createUnmarshaller();

		} catch (JAXBException e) {
			log.error(intres.getLocalizedMessage("xkms.errorinitializinggenerator"),e);
		}
	
    }
	
	/**
	 * The main method performing the actual calls
	 */
	public Source invoke(Source request) {
		Source response = null;
		
		MessageContext msgContext = wsContext.getMessageContext();		
		HttpServletRequest httpreq = (HttpServletRequest) msgContext.get(MessageContext.SERVLET_REQUEST);
		String remoteIP = httpreq.getRemoteAddr();
		
		Document requestDoc = null;
		try{
			DOMResult dom = new DOMResult();
			Transformer trans = TransformerFactory.newInstance().newTransformer();
			trans.transform(request, dom);
			requestDoc = (Document) dom.getNode();
		} catch (TransformerConfigurationException e) {
			log.error(intres.getLocalizedMessage("xkms.errorparsingdomreq"),e);
		} catch (TransformerFactoryConfigurationError e) {
			log.error(intres.getLocalizedMessage("xkms.errorparsingdomreq"),e);
		} catch (TransformerException e) {
			log.error(intres.getLocalizedMessage("xkms.errorparsingdomreq"),e);
		}
		
		boolean respMecSign = false;
		try {
			JAXBElement jAXBRequest = (JAXBElement) unmarshaller.unmarshal(request);
			
			JAXBElement jAXBResult = null;
			if(jAXBRequest.getValue() instanceof RequestAbstractType){
				respMecSign = ((RequestAbstractType)jAXBRequest.getValue()).getResponseMechanism().contains(XKMSConstants.RESPONSMEC_REQUESTSIGNATUREVALUE);
			}				
			if(jAXBRequest.getValue() instanceof ValidateRequestType ){
				boolean requestVerifies = verifyRequest(requestDoc);
				jAXBResult = validate(remoteIP, (ValidateRequestType) jAXBRequest.getValue(), requestVerifies);
			}	
			if(jAXBRequest.getValue() instanceof LocateRequestType ){
				boolean requestVerifies = verifyRequest(requestDoc);
				jAXBResult = locate(remoteIP, (LocateRequestType) jAXBRequest.getValue(), requestVerifies);
			}	
			if(jAXBRequest.getValue() instanceof RegisterRequestType ){
				boolean requestVerifies = verifyRequest(requestDoc);
				jAXBResult = register(remoteIP, (RegisterRequestType) jAXBRequest.getValue(), requestVerifies, requestDoc);
			}	
			if(jAXBRequest.getValue() instanceof ReissueRequestType ){
				boolean requestVerifies = verifyRequest(requestDoc);
				jAXBResult = reissue(remoteIP, (ReissueRequestType) jAXBRequest.getValue(), requestVerifies, requestDoc);
			}
			if(jAXBRequest.getValue() instanceof RecoverRequestType ){
				boolean requestVerifies = verifyRequest(requestDoc);
				jAXBResult = recover(remoteIP, (RecoverRequestType) jAXBRequest.getValue(), requestVerifies, requestDoc);
			}
			
			if(jAXBRequest.getValue() instanceof RevokeRequestType ){
				boolean requestVerifies = verifyRequest(requestDoc);
				jAXBResult = revoke(remoteIP, (RevokeRequestType) jAXBRequest.getValue(), requestVerifies, requestDoc);
			}
			
			
			String responseId = ((MessageAbstractType) jAXBResult.getValue()).getId();			
			
			Document doc = dbf.newDocumentBuilder().newDocument();
			marshaller.marshal( jAXBResult, doc );
			doc = signResponseIfNeeded(doc, responseId, respMecSign, intAdmin);

		    		    
		    response = new DOMSource(doc);