📄 verifycertificate.java
字号:
/*
Name: VerifyCertificate.java
Licensing: LGPL
API: Sun (http://java.sun.com) JCE 1.2.2 API (cleanroom implementation by Bouncy Castle)
Provider: Bouncy Castle (http://www.bouncycastle.org)
Disclaimer:
COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE
IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE
RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE
PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR)
ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY
CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED
HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
*/
package net.sourceforge.jcetaglib.taglib.x509;
import net.sourceforge.jcetaglib.lib.CertTools;
import net.sourceforge.jcetaglib.lib.Clean;
import net.sourceforge.jcetaglib.lib.X509Cert;
import net.sourceforge.jcetaglib.tools.FileTools;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.tagext.TagSupport;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.Security;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
/**
* JSP tag for verifying X.509 certificates
*
* @jsp.tag
* name="verifycertificate"
* display-name="VerifyCertificate"
* body-content="empty"
* example="<jce:verifycertificate
* 	scope=\"page\"
* 	verifyinfo=\"stat\"
* 	crlfile=\"C:/keystores/crl.der\"
* 	storefile=\"C:/keystores/bob.p12\"
* 	storeentry=\"user\"
* 	storepassword=\"<%= new StringBuffer(\"password\") %>\"
* 	castorefile=\"C:/keystores/ca.p12\"
* 	castoreentry=\"ca\"
* 	castorepassword=\"<%= new StringBuffer(\"password\") %>\"/>"
*
* description="JSP tag for verifying X.509 certificates"
*
* @author Gert Van Ham
* @author hamgert@users.sourceforge.net
* @author http://jcetaglib.sourceforge.net
* @version $Id: VerifyCertificate.java,v 1.5 2004/04/15 07:28:36 hamgert Exp $
*/
public class VerifyCertificate extends TagSupport {
private static final String PAGE = "page";
private static final String REQUEST = "request";
private static final String SESSION = "session";
private static final String APPLICATION = "application";
private String crlfile;
// return info
private int scope = PageContext.PAGE_SCOPE;
private String verifyinfo;
/* Attributes for X.509 keystore */
// P12 keystore...
private String storefile; // tag attribute
private String storeentry; // tag attribute
private StringBuffer storepassword; // tag attribute
// ... OR PEM string
private String pemstring; // tag attribute
// ... OR PEM file
private String pemfile; // tag attribute
/* Attributes for X.509 CA keystore */
// P12 keystore...
private String castorefile; // tag attribute
private String castoreentry; // tag attribute
private StringBuffer castorepassword; // tag attribute
// ... OR PEM string
private String capemstring; // tag attribute
// ... OR PEM file
private String capemfile; // tag attribute
public static int getScope(String scope) {
int ret = PageContext.PAGE_SCOPE; // default
if (REQUEST.equalsIgnoreCase(scope))
ret = PageContext.REQUEST_SCOPE;
else if (SESSION.equalsIgnoreCase(scope))
ret = PageContext.SESSION_SCOPE;
else if (APPLICATION.equalsIgnoreCase(scope))
ret = PageContext.APPLICATION_SCOPE;
else if (PAGE.equalsIgnoreCase(scope))
ret = PageContext.PAGE_SCOPE;
return ret;
} //getScope()
public int doEndTag() throws JspException {
// Add Bouncy Castle provider
Security.addProvider(new BouncyCastleProvider());
X509Certificate cert = null;
X509Certificate cacert = null;
X509CRL x509crl = null;
InputStream pemstream = null;
try {
// Retrieve the certificate from one of the three possible keystores
if (storefile == null || storefile == "") {
if (pemfile == null || pemfile == "") {
// use PEM string
pemstream = new ByteArrayInputStream(pemstring.getBytes());
cert = CertTools.getCertfromPEM(pemstream);
} else {
// use PEM store
cert = CertTools.getCertfromPEM(pemfile);
}
} else {
// use PKCS #12 keystore
cert = X509Cert.getCertificateFromP12(storefile, storeentry, storepassword);
}
// Retrieve the signing certificate from one of the three possible keystores
if (castorefile == null || castorefile == "") {
if (capemfile == null || capemfile == "") {
// use PEM string
pemstream = new ByteArrayInputStream(capemstring.getBytes());
cacert = CertTools.getCertfromPEM(pemstream);
} else {
// use PEM store
cacert = CertTools.getCertfromPEM(capemfile);
}
} else {
// use PKCS #12 keystore
cacert = X509Cert.getCACertificateFromP12(castorefile, castoreentry, castorepassword);
}
// get CRL
byte[] crl = FileTools.readFiletoBuffer(crlfile);
x509crl = CertTools.getCRLfromByteArray(crl);
pageContext.setAttribute(verifyinfo, X509Cert.verifyCertificate(cert, cacert, x509crl), scope);
} catch (Exception e) {
throw new JspException("JCE Exception: Could not verify certificate: " + e.toString(), e);
}
return EVAL_PAGE;
} //doEndTag()
public void release() {
// Cleanup all sensitive information
Clean.blank(storepassword);
Clean.blank(castorepassword);
super.release();
} //release()
/**
* @jsp.attribute
* description="Scope of the return variables. Can be 'page', 'session', 'request' or 'application'. Default is 'page'"
* type="java.lang.String"
* required="false"
* rtexprvalue="false"
*/
public void setScope(String scope) {
this.scope = getScope(scope);
}
/**
* @jsp.attribute
* description="The CRL filename"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setCrlfile(String crlfile) {
this.crlfile = crlfile;
}
/**
* @jsp.attribute
* description="The PKCS#12 (P12) keystore where the certificate is stored"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setStorefile(String storefile) {
this.storefile = storefile;
}
/**
* @jsp.attribute
* description="The PKCS#12 (P12) keystore entry name for this certificate"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setStoreentry(String storeentry) {
this.storeentry = storeentry;
}
/**
* @jsp.attribute
* description="The PKCS#12 (P12) keystore password"
* type="java.lang.StringBuffer"
* required="false"
* rtexprvalue="true"
*/
public void setStorepassword(StringBuffer storepassword) {
this.storepassword = storepassword;
}
/**
* @jsp.attribute
* description="The certificate as a PEM formatted file"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setPemfile(String pemfile) {
this.pemfile = pemfile;
}
/**
* @jsp.attribute
* description="The certificate as a PEM formatted string"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setPemstring(String pemstring) {
this.pemstring = pemstring;
}
/**
* @jsp.attribute
* description="The PKCS#12 (P12) keystore where the CA certificate is stored"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setCastorefile(String castorefile) {
this.castorefile = castorefile;
}
/**
* @jsp.attribute
* description="The PKCS#12 (P12) CA keystore entry name for this certificate"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setCastoreentry(String castoreentry) {
this.castoreentry = castoreentry;
}
/**
* @jsp.attribute
* description="The PKCS#12 (P12) CA keystore password"
* type="java.lang.StringBuffer"
* required="false"
* rtexprvalue="true"
*/
public void setCastorepassword(StringBuffer castorepassword) {
this.castorepassword = castorepassword;
}
/**
* @jsp.attribute
* description="The CA certificate as a PEM formatted file"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setCapemfile(String capemfile) {
this.capemfile = capemfile;
}
/**
* @jsp.attribute
* description="The CA certificate as a PEM formatted string"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setCapemstring(String capemstring) {
this.capemstring = capemstring;
}
/**
* @jsp.attribute
* description="Return variable to store the certificate info:
* 'REVOKED': this certificate has been revoked
* 'EXPIRED': this certificate has expired
* 'INVALID': this certificate is not valid or not signed by the correct CA
* 'VERIFIED': this certificate is OK"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setVerifyinfo(String verifyinfo) {
this.verifyinfo = verifyinfo;
}
public String getVerifyinfo() {
return verifyinfo;
}
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -