Package org.ejbca.ui.web.admin.cainterface

Source Code of org.ejbca.ui.web.admin.cainterface.EndEntityCertServlet

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
/*************************************************************************
*                                                                       *
*  EJBCA: The OpenSource Certificate Authority                          *
*                                                                       *
*  This software is free software; you can redistribute it and/or       *
*  modify it under the terms of the GNU Lesser General Public           *
*  License as published by the Free Software Foundation; either         *
*  version 2.1 of the License, or any later version.                    *
*                                                                       *
*  See terms of license at gnu.org.                                     *
*                                                                       *
*************************************************************************/
package org.ejbca.ui.web.admin.cainterface;

import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.Certificate;

import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.ejbca.core.model.authorization.AccessRulesConstants;
import org.ejbca.ui.web.CertificateView;
import org.ejbca.ui.web.RequestHelper;
import org.ejbca.ui.web.admin.configuration.EjbcaWebBean;
import org.ejbca.ui.web.admin.rainterface.RAInterfaceBean;
import org.ejbca.ui.web.pub.ServletUtils;
import org.ejbca.util.Base64;


/**
* Servlet used to distribute End Entity certificates through the "View Certificate" jsp page.
* Checks that the administrator is authorized to view the user before sending the certificate<br>
*
* cert - returns certificate in PEM-format
* nscert - returns certificate for Firefox
* iecert - returns certificate for Internet Explorer
*
* cert, nscert and iecert also takes  parameters issuer and certificate sn were issuer is the DN of issuer and certificate serienumber
* is in hex format.
*
* @version $Id: EndEntityCertServlet.java 11405 2011-02-23 22:42:51Z jeklund $
*/
public class EndEntityCertServlet extends HttpServlet {

  private static final long serialVersionUID = 1L;
  private static final Logger log = Logger.getLogger(EndEntityCertServlet.class);

    private static final String COMMAND_PROPERTY_NAME = "cmd";
    private static final String COMMAND_NSCERT = "nscert";
    private static final String COMMAND_IECERT = "iecert";
    private static final String COMMAND_CERT = "cert";
  
    private static final String ISSUER_PROPERTY = "issuer";
    private static final String CERTIFICATEDN_PROPERTY = "certificatesn";

    public void init(ServletConfig config) throws ServletException {
        super.init(config);
    }
   
    public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
        log.trace(">doPost()");
        doGet(req, res);
        log.trace("<doPost()");
    }

    public void doGet(HttpServletRequest req,  HttpServletResponse res) throws IOException, ServletException {
        log.trace(">doGet()");
        // Check if authorized
        EjbcaWebBean ejbcawebbean= (org.ejbca.ui.web.admin.configuration.EjbcaWebBean)
                                   req.getSession().getAttribute("ejbcawebbean");
       
        RAInterfaceBean rabean =  (org.ejbca.ui.web.admin.rainterface.RAInterfaceBean)
                                   req.getSession().getAttribute("rabean");
        if ( ejbcawebbean == null ){
          try {
            ejbcawebbean = (org.ejbca.ui.web.admin.configuration.EjbcaWebBean) java.beans.Beans.instantiate(Thread.currentThread().getContextClassLoader(), org.ejbca.ui.web.admin.configuration.EjbcaWebBean.class.getName());
           } catch (ClassNotFoundException exc) {
               throw new ServletException(exc.getMessage());
           }catch (Exception exc) {
               throw new ServletException (" Cannot create bean of class "+ org.ejbca.ui.web.admin.configuration.EjbcaWebBean.class.getName(), exc);
           }
           req.getSession().setAttribute("ejbcawebbean", ejbcawebbean);
        }
       
        if ( rabean == null ){
            try {
              rabean = (org.ejbca.ui.web.admin.rainterface.RAInterfaceBean) java.beans.Beans.instantiate(Thread.currentThread().getContextClassLoader(), org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.class.getName());
             } catch (ClassNotFoundException exc) {
                 throw new ServletException(exc.getMessage());
             }catch (Exception exc) {
                 throw new ServletException (" Cannot create bean of class "+ org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.class.getName(), exc);
             }
             req.getSession().setAttribute("rabean", ejbcawebbean);
          }

        try{
          ejbcawebbean.initialize(req,AccessRulesConstants.REGULAR_VIEWCERTIFICATE);
          rabean.initialize(req,ejbcawebbean);                   
        } catch(Exception e){
           throw new java.io.IOException("Authorization Denied");
        }
       
        RequestHelper.setDefaultCharacterEncoding(req);
        String issuerdn = req.getParameter(ISSUER_PROPERTY);       
        String certificatesn = req.getParameter(CERTIFICATEDN_PROPERTY);

        String command;
        // Keep this for logging.
        log.debug("Got request from "+req.getRemoteAddr());
        command = req.getParameter(COMMAND_PROPERTY_NAME);
        if (command == null) {
            command = "";
        }
        if ((command.equalsIgnoreCase(COMMAND_NSCERT) || command.equalsIgnoreCase(COMMAND_IECERT) || command.equalsIgnoreCase(COMMAND_CERT))
           && issuerdn != null && certificatesn != null) {
         
          BigInteger certsn = new BigInteger(certificatesn,16);
                           
          // Fetch the certificate and at the same time check that the user is authorized to it.
         
          try {
        rabean.loadCertificates(certsn, issuerdn);

        CertificateView certview = rabean.getCertificate(0);
       
        Certificate cert = certview.getCertificate();
        byte[] enccert = cert.getEncoded();
                // We must remove cache headers for IE
                ServletUtils.removeCacheHeaders(res);
        if (command.equalsIgnoreCase(COMMAND_NSCERT)) {
          res.setContentType("application/x-x509-ca-cert");
          res.setContentLength(enccert.length);
          res.getOutputStream().write(enccert);
          log.debug("Sent CA cert to NS client, len="+enccert.length+".");
        } else if (command.equalsIgnoreCase(COMMAND_IECERT)) {
          res.setHeader("Content-disposition", "attachment; filename=" + certview.getUsername() + ".crt");
          res.setContentType("application/octet-stream");
          res.setContentLength(enccert.length);
          res.getOutputStream().write(enccert);
          log.debug("Sent CA cert to IE client, len="+enccert.length+".");
        } else if (command.equalsIgnoreCase(COMMAND_CERT)) {
          byte[] b64cert = Base64.encode(enccert);
          String out = RequestHelper.BEGIN_CERTIFICATE_WITH_NL;                  
          out += new String(b64cert);
          out += RequestHelper.END_CERTIFICATE_WITH_NL;
          res.setHeader("Content-disposition", "attachment; filename=" + certview.getUsername() + ".pem");
          res.setContentType("application/octet-stream");
          res.setContentLength(out.length());
          res.getOutputStream().write(out.getBytes());
          log.debug("Sent CA cert to client, len="+out.length()+".");
        } else {
          res.setContentType("text/plain");
          res.getOutputStream().println("Commands="+COMMAND_NSCERT+" || "+COMMAND_IECERT+" || "+COMMAND_CERT);
          return;
        }
            } catch (Exception e) {
                log.error("Error getting certificates: ", e);
                res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error getting certificates.");
                return;
            }
        }
        else {
            res.setContentType("text/plain");
            res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Bad Request format");
            return;
        }
    } // doGet
}
TOP

Related Classes of org.ejbca.ui.web.admin.cainterface.EndEntityCertServlet

  • org.ejbca.ui.web.admin.configuration.EjbcaWebBean
  • org.ejbca.ui.web.admin.rainterface.RAInterfaceBean
  • org.ejbca.ui.web.CertificateView
  • java.math.BigInteger
  • javax.servlet.ServletException
  • java.security.cert.Certificate
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.