?? certreqservlet.java
字號:
debug.printMessage("Invalid request!"); debug.printMessage("Please supply a correct request."); debug.printDebugInfo(); return; } catch (SignRequestSignatureException se) { log.debug("Invalid signature on certificate request!"); debug.printMessage("Invalid signature on certificate request!"); debug.printMessage("Please supply a correctly signed request."); debug.printDebugInfo(); return; } catch (java.lang.ArrayIndexOutOfBoundsException ae) { log.debug("Empty or invalid request received."); debug.printMessage("Empty or invalid request!"); debug.printMessage("Please supply a correct request."); debug.printDebugInfo(); return; } catch (Exception e) { log.debug(e); debug.print("<h3>parameter name and values: </h3>"); Enumeration paramNames = request.getParameterNames(); while (paramNames.hasMoreElements()) { String name = paramNames.nextElement().toString(); String parameter = request.getParameter(name); debug.print("<h4>" + name + ":</h4>" + parameter + "<br>"); } debug.takeCareOfException(e); debug.printDebugInfo(); } } //doPost /** * Handles HTTP GET * * @param request servlet request * @param response servlet response * * @throws IOException input/output error * @throws ServletException on error */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { log.debug(">doGet()"); response.setHeader("Allow", "POST"); ServletDebug debug = new ServletDebug(request, response); debug.print("The certificate request servlet only handles POST method."); debug.printDebugInfo(); log.debug("<doGet()"); } // doGet private void sendP12Token(KeyStore ks, String username, String kspassword, HttpServletResponse out) throws Exception { ByteArrayOutputStream buffer = new ByteArrayOutputStream(); ks.store(buffer, kspassword.toCharArray()); out.setContentType("application/x-pkcs12"); out.setHeader("Content-disposition", "filename=" + username + ".p12"); out.setContentLength(buffer.size()); buffer.writeTo(out.getOutputStream()); out.flushBuffer(); buffer.close(); } private void sendJKSToken(KeyStore ks, String username, String kspassword, HttpServletResponse out) throws Exception { ByteArrayOutputStream buffer = new ByteArrayOutputStream(); ks.store(buffer, kspassword.toCharArray()); out.setContentType("application/octet-stream"); out.setHeader("Content-disposition", "filename=" + username + ".jks"); out.setContentLength(buffer.size()); buffer.writeTo(out.getOutputStream()); out.flushBuffer(); buffer.close(); } private void sendPEMTokens(KeyStore ks, String username, String kspassword, HttpServletResponse out) throws Exception { ByteArrayOutputStream buffer = new ByteArrayOutputStream(); String alias = ""; // Find the key private key entry in the keystore Enumeration e = ks.aliases(); Object o = null; PrivateKey serverPrivKey = null; while (e.hasMoreElements()) { o = e.nextElement(); if (o instanceof String) { if ((ks.isKeyEntry((String) o)) && ((serverPrivKey = (PrivateKey) ks.getKey((String) o, kspassword.toCharArray())) != null)) { alias = (String) o; break; } } } byte[] privKeyEncoded = "".getBytes(); if (serverPrivKey != null) { privKeyEncoded = serverPrivKey.getEncoded(); } //Certificate chain[] = ks.getCertificateChain((String) o); Certificate[] chain = KeyTools.getCertChain(ks, (String) o); X509Certificate userX509Certificate = (X509Certificate) chain[0]; byte[] output = userX509Certificate.getEncoded(); String sn = CertTools.getSubjectDN(userX509Certificate); String subjectdnpem = sn.replace(',', '/'); String issuerdnpem = CertTools.getIssuerDN(userX509Certificate).replace(',', '/'); buffer.write(bagattributes); buffer.write(friendlyname); buffer.write(alias.getBytes()); buffer.write(NL); buffer.write(beginPrivateKey); buffer.write(NL); byte[] privKey = Base64.encode(privKeyEncoded); buffer.write(privKey); buffer.write(NL); buffer.write(endPrivateKey); buffer.write(NL); buffer.write(bagattributes); buffer.write(friendlyname); buffer.write(alias.getBytes()); buffer.write(NL); buffer.write(subject); buffer.write(subjectdnpem.getBytes()); buffer.write(NL); buffer.write(issuer); buffer.write(issuerdnpem.getBytes()); buffer.write(NL); buffer.write(beginCertificate); buffer.write(NL); byte[] userCertB64 = Base64.encode(output); buffer.write(userCertB64); buffer.write(NL); buffer.write(endCertificate); buffer.write(NL); if (CertTools.isSelfSigned(userX509Certificate)) { } else { for (int num = 1; num < chain.length; num++) { X509Certificate tmpX509Cert = (X509Certificate) chain[num]; sn = CertTools.getSubjectDN(tmpX509Cert); String cn = CertTools.getPartFromDN(sn, "CN"); subjectdnpem = sn.replace(',', '/'); issuerdnpem = CertTools.getIssuerDN(tmpX509Cert).replace(',', '/'); buffer.write(bagattributes); buffer.write(friendlyname); buffer.write(cn.getBytes()); buffer.write(NL); buffer.write(subject); buffer.write(subjectdnpem.getBytes()); buffer.write(NL); buffer.write(issuer); buffer.write(issuerdnpem.getBytes()); buffer.write(NL); byte[] tmpOutput = tmpX509Cert.getEncoded(); buffer.write(beginCertificate); buffer.write(NL); byte[] tmpCACertB64 = Base64.encode(tmpOutput); buffer.write(tmpCACertB64); buffer.write(NL); buffer.write(endCertificate); buffer.write(NL); } } out.setContentType("application/octet-stream"); out.setHeader("Content-disposition", " attachment; filename=" + username + ".pem"); buffer.writeTo(out.getOutputStream()); out.flushBuffer(); buffer.close(); } private KeyStore generateToken(Admin administrator, String username, String password, int caid, int keylength, boolean createJKS, boolean loadkeys, boolean savekeys) throws Exception{ KeyPair rsaKeys = null; if(loadkeys){ // used saved keys. IKeyRecoverySessionRemote keyrecoverysession = keyrecoveryhome.create(); rsaKeys = ((KeyRecoveryData) keyrecoverysession.keyRecovery(administrator, username)).getKeyPair(); } else{ // generate new keys. rsaKeys = KeyTools.genKeys(keylength); } ISignSessionRemote signsession = signsessionhome.create(); X509Certificate cert = (X509Certificate)signsession.createCertificate(administrator, username, password, rsaKeys.getPublic()); // Make a certificate chain from the certificate and the CA-certificate CertificateFactory cf = CertTools.getCertificateFactory(); Certificate[] cachain = (Certificate[]) signsession.getCertificateChain(administrator, caid).toArray(new Certificate[0]); // Verify CA-certificate if (CertTools.isSelfSigned((X509Certificate) cachain[cachain.length - 1])) { try { cachain[cachain.length - 1].verify(cachain[cachain.length - 1].getPublicKey()); } catch (GeneralSecurityException se) { throw new Exception("RootCA certificate does not verify"); } } else { throw new Exception("RootCA certificate not self-signed"); } // Verify that the user-certificate is signed by our CA try { cert.verify(cachain[0].getPublicKey()); } catch (GeneralSecurityException se) { throw new Exception("Generated certificate does not verify using CA-certificate."); } if (savekeys) { // Save generated keys to database. IKeyRecoverySessionRemote keyrecoverysession = keyrecoveryhome.create(); keyrecoverysession.addKeyRecoveryData(administrator, cert, username, rsaKeys); } // Use CN if as alias in the keystore, if CN is not present use username String alias = CertTools.getPartFromDN(CertTools.getSubjectDN(cert), "CN"); if (alias == null) alias = username; // Store keys and certificates in keystore. KeyStore ks = null; if (createJKS) { ks = KeyTools.createJKS(alias, rsaKeys.getPrivate(), password, cert, cachain); } else { ks = KeyTools.createP12(alias, rsaKeys.getPrivate(), cert, cachain); } return ks; }}// CertReqServlet?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -