/************************************************************************* *                                                                       * *  EJBCA: The OpenSource Certificate Authority                          * *                                                                       * *  This software is free software; you can redistribute it and/or       * *  modify it under the terms of the GNU Lesser General Public           * *  License as published by the Free Software Foundation; either         * *  version 2.1 of the License, or any later version.                    * *                                                                       * *  See terms of license at gnu.org.                                     * *                                                                       * *************************************************************************/ package se.anatom.ejbca.apply;import java.io.BufferedReader;import java.io.IOException;import java.io.InputStreamReader;import java.io.OutputStream;import java.io.PrintStream;import java.util.Date;import java.util.Enumeration;import javax.ejb.CreateException;import javax.ejb.ObjectNotFoundException;import javax.naming.InitialContext;import javax.rmi.PortableRemoteObject;import javax.servlet.ServletConfig;import javax.servlet.ServletException;import javax.servlet.ServletOutputStream;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.log4j.Logger;import se.anatom.ejbca.SecConst;import se.anatom.ejbca.ra.*;import se.anatom.ejbca.ra.raadmin.IRaAdminSessionHome;import se.anatom.ejbca.ra.raadmin.IRaAdminSessionRemote;import se.anatom.ejbca.ca.exception.AuthLoginException;import se.anatom.ejbca.ca.exception.AuthStatusException;import se.anatom.ejbca.ca.exception.SignRequestException;import se.anatom.ejbca.ca.exception.SignRequestSignatureException;import se.anatom.ejbca.ca.sign.ISignSessionHome;import se.anatom.ejbca.ca.sign.ISignSessionRemote;import se.anatom.ejbca.ca.store.ICertificateStoreSessionHome;import se.anatom.ejbca.ca.store.ICertificateStoreSessionRemote;import se.anatom.ejbca.log.Admin;import se.anatom.ejbca.util.Base64;import se.anatom.ejbca.util.CertTools;import se.anatom.ejbca.util.FileTools;import se.anatom.ejbca.util.StringTools;import se.anatom.ejbca.ra.UserAdminData;/** * This is a servlet that is used for creating a user into EJBCA and * retrieving her certificate.  Supports only POST. * <p> *   The CGI parameters for requests are the following. * </p> * <dl> * <dt>pkcs10req</dt> * <dd> *   A PKCS#10 request, mandatory. * </dd> * <dt>username</dt> * <dd> *   The username (for EJBCA use only).  Optional, defaults to the CN in *   the PKCS#10 request. * </dd> * <dt>password</dt> * <dd> *   Password for the user (for EJBCA internal use only).  Optional, *   defaults to an empty string. Used for authorization of the certificate request. * </dd> * <dt>email</dt> * <dd> *   Email of the user for inclusion in subject alternative names.  Optional, *   defaults to none. * </dd> * <dt>entityprofile</dt> * <dd> *   The name of the EJBCA end entity profile for the user.  Optional, *   defaults to an empty end entity profile. * </dd> * <dt>certificateprofile</dt> * <dd> *   The name of the EJBCA certificate profile to use.  Optional, *   defaults to the fixed end user profile. * </dd> * </dl> * * @version $Id: DemoCertReqServlet.java,v 1.34 2004/04/18 16:01:55 anatom Exp $ */public class DemoCertReqServlet extends HttpServlet {  private final static Logger log = Logger.getLogger(DemoCertReqServlet.class);  private ISignSessionHome signsessionhome = null;  private IUserAdminSessionHome useradminsessionhome = null;  private IRaAdminSessionHome raadminsessionhome = null;  private ICertificateStoreSessionHome storesessionhome = null;  // Edit this constant to the id of your preferable ca used to sign certificate.  private final static int DEFAULT_DEMOCAID = 0;    private final static byte[] BEGIN_CERT =    "-----BEGIN CERTIFICATE-----".getBytes();  private final static int BEGIN_CERT_LENGTH = BEGIN_CERT.length;  private final static byte[] END_CERT =    "-----END CERTIFICATE-----".getBytes();  private final static int END_CERT_LENGTH = END_CERT.length;  private final static byte[] NL = "\n".getBytes();  private final static int NL_LENGTH = NL.length;  public void init(ServletConfig config) throws ServletException  {    super.init(config);    try {      // Install BouncyCastle provider      CertTools.installBCProvider();      // Get EJB context and home interfaces      InitialContext ctx = new InitialContext();      signsessionhome = (ISignSessionHome) PortableRemoteObject.narrow(ctx.lookup("RSASignSession"), ISignSessionHome.class);      useradminsessionhome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(ctx.lookup("UserAdminSession"), IUserAdminSessionHome.class);      raadminsessionhome = (IRaAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(ctx.lookup("RaAdminSession"), IRaAdminSessionHome.class);      storesessionhome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(ctx.lookup("CertificateStoreSession"), ICertificateStoreSessionHome.class);    } catch (Exception e) {      throw new ServletException(e);    }  }  /**   * Handles PKCS10 certificate request, these are constructed as:   * <pre><code>   * CertificationRequest ::= SEQUENCE {   * certificationRequestInfo  CertificationRequestInfo,   * signatureAlgorithm          AlgorithmIdentifier{{ SignatureAlgorithms }},   * signature                       BIT STRING   * }   * CertificationRequestInfo ::= SEQUENCE {   * version             INTEGER { v1(0) } (v1,...),   * subject             Name,   * subjectPKInfo   SubjectPublicKeyInfo{{ PKInfoAlgorithms }},   * attributes          [0] Attributes{{ CRIAttributes }}   * }   * SubjectPublicKeyInfo { ALGORITHM : IOSet} ::= SEQUENCE {   * algorithm           AlgorithmIdentifier {{IOSet}},   * subjectPublicKey    BIT STRING   * }   * </pre>   *   * PublicKey's encoded-format has to be RSA X.509.   */  public void doPost(HttpServletRequest request, HttpServletResponse response)    throws IOException, ServletException  {    ServletDebug debug = new ServletDebug(request, response);    ISignSessionRemote signsession = null;    ICertificateStoreSessionRemote storesession = null;    IUserAdminSessionRemote useradminsession = null;    IRaAdminSessionRemote raadminsession = null;    try {        useradminsession = useradminsessionhome.create();        raadminsession = raadminsessionhome.create();        signsession = signsessionhome.create();        storesession = storesessionhome.create();    } catch (CreateException e) {      throw new ServletException(e);    }     Admin admin = new Admin(Admin.TYPE_PUBLIC_WEB_USER, request.getRemoteAddr());     RequestHelper helper = new RequestHelper(admin, debug);      String dn = null;      dn = request.getParameter("user");      byte[] reqBytes = null;      int type = 0;      if (request.getParameter("keygen") != null) {          reqBytes=request.getParameter("keygen").getBytes();          log.debug("Received NS request:"+new String(reqBytes));          if (reqBytes != null) {              type = 1;          }      } else if (request.getParameter("pkcs10req") != null) {          // if not netscape, check if it's IE          reqBytes=request.getParameter("pkcs10req").getBytes();          log.debug("Received IE request:"+new String(reqBytes));          if (reqBytes != null) {              type = 2;          }      }    if (reqBytes == null) {      // abort here, no request received      throw new ServletException("A certification request must be provided!");    }    String username = request.getParameter("username");    if (username == null || username.trim().length() == 0) {        username = CertTools.getPartFromDN(dn, "CN");    }    username = username + "("+(new Date()).toString()+")";    // Strip dangerous chars    username = StringTools.strip(username);    // need null check here?    // Before doing anything else, check if the user name is unique and ok.    boolean check = checkUsername(admin,username, useradminsession);    if (check == false) {        String msg = "User '"+username+"' already exist.";        log.error(msg);        debug.printMessage(msg);        debug.printDebugInfo();        return;    }    // Functionality to determine the class id of ie page.