KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > net > sourceforge > jcetaglib > taglib > x509 > CertificateFromRequest


1 /*
2   Name: CertificateFromRequest.java
3   Licensing: LGPL
4
5   API: Sun (http://java.sun.com) JCE 1.2.2 API (cleanroom implementation by Bouncy Castle)
6   Provider: Bouncy Castle (http://www.bouncycastle.org)
7
8   Disclaimer:
9
10   COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND,
11   EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE
12   IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE
13   RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE
14   PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR)
15   ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY
16   CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED
17   HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
18 */

19
20 package net.sourceforge.jcetaglib.taglib.x509;
21
22 import net.sourceforge.jcetaglib.lib.CertTools;
23 import net.sourceforge.jcetaglib.lib.Clean;
24 import net.sourceforge.jcetaglib.lib.X509Cert;
25 import org.bouncycastle.jce.PKCS10CertificationRequest;
26 import org.bouncycastle.jce.netscape.NetscapeCertRequest;
27 import org.bouncycastle.jce.provider.BouncyCastleProvider;
28 import org.bouncycastle.util.encoders.Base64;
29
30 import javax.servlet.jsp.JspException JavaDoc;
31 import javax.servlet.jsp.PageContext JavaDoc;
32 import javax.servlet.jsp.tagext.BodyTagSupport JavaDoc;
33 import java.security.PrivateKey JavaDoc;
34 import java.security.PublicKey JavaDoc;
35 import java.security.Security JavaDoc;
36 import java.security.cert.X509Certificate JavaDoc;
37
38 /**
39  * JSP tag for generating X.509 certificates from PKCS#10 or Netscape requests
40  *
41  * @jsp.tag
42  * name="certificatefromrequest"
43  * display-name="CertificateFromRequest"
44  * body-content="JSP"
45  * example="<jce:certificatefromrequest

46  * 	certrequest=\"<%= request.getParameter(\"pkcs10\") %>\"

47  * 	subjectdn=\"C=BE, O=NET, OU=Home, CN=Bob, EmailAddress=bob@somewhere.org\"

48  * 	signfile=\"C:/keystores/bob.p12\"

49  * 	signentry=\"ca\"

50  * 	signpassword=\"password\"

51  * 	fingerprint=\"fp\"

52  * 	serialnumber=\"sn\"

53  * 	certificate=\"c\"/>"
54  *
55  * description="JSP tag for generating X.509 certificates from PKCS#10 or Netscape requests"
56  *
57  * @author Gert Van Ham
58  * @author hamgert@users.sourceforge.net
59  * @author http://jcetaglib.sourceforge.net
60  * @version $Id: CertificateFromRequest.java,v 1.6 2004/04/15 07:28:36 hamgert Exp $
61  */

62
63 public class CertificateFromRequest extends BodyTagSupport JavaDoc {
64     private static final String JavaDoc PAGE = "page";
65     private static final String JavaDoc REQUEST = "request";
66     private static final String JavaDoc SESSION = "session";
67     private static final String JavaDoc APPLICATION = "application";
68
69     private String JavaDoc signaturealgorithm = "MD5WithRSAEncryption"; // tag attribute
70

71     private String JavaDoc subjectdn;
72     private long validity = 365;
73     private boolean isca = false;
74
75     private String JavaDoc crldisturi;
76
77     private String JavaDoc netscapeextensions;
78
79     private String JavaDoc signfile; // tag attribute
80
private String JavaDoc signentry; // tag attribute
81
private StringBuffer JavaDoc signpassword; // tag attribute
82

83     protected String JavaDoc certrequest; // tag attribute
84
private String JavaDoc requesttype = "PKCS10"; /* PKCS10 or NS (Netscape/Mozilla)*/
85
86     private int scope = PageContext.PAGE_SCOPE;
87
88     // return certificates...
89
// variables
90
private String JavaDoc serialnumber;
91     private String JavaDoc fingerprint;
92     private String JavaDoc certificate;
93
94     public static int getScope(String JavaDoc scope) {
95         int ret = PageContext.PAGE_SCOPE; // default
96

97         if (REQUEST.equalsIgnoreCase(scope))
98             ret = PageContext.REQUEST_SCOPE;
99         else if (SESSION.equalsIgnoreCase(scope))
100             ret = PageContext.SESSION_SCOPE;
101         else if (APPLICATION.equalsIgnoreCase(scope))
102             ret = PageContext.APPLICATION_SCOPE;
103         else if (PAGE.equalsIgnoreCase(scope))
104             ret = PageContext.PAGE_SCOPE;
105
106         return ret;
107     } //getScope()
108

109     public int doEndTag() throws JspException JavaDoc {
110         String JavaDoc input;
111
112         // determine the value by...
113
if (certrequest != null) {
114             // ... reading our attribute
115
input = certrequest;
116         } else {
117             // ... retrieving and trimming our body
118
if (bodyContent == null || bodyContent.getString() == null) {
119                 input = "";
120             } else {
121                 input = bodyContent.getString().trim();
122             }
123         }
124
125         Security.addProvider(new BouncyCastleProvider());
126         PublicKey JavaDoc pubKey;
127
128         try {
129             // read CA certificate & private key
130
PrivateKey JavaDoc CAprivateKey = X509Cert.getPrivateFromP12(signfile, signentry, signpassword);
131             X509Certificate JavaDoc caCert = X509Cert.getCertificateFromP12(signfile, signentry, signpassword);
132
133             // read request
134
if (requesttype.equals("PKCS10")) {
135                 // PKCS10 Request type
136
PKCS10CertificationRequest pkcs10 = X509Cert.getPKCS10Request(input);
137
138                 if (pkcs10.verify() == false) {
139                     throw new JspException JavaDoc("JCE Exception: Unable to generate certificate: Not a valid PKCS10 request");
140                 }
141
142                 pubKey = pkcs10.getPublicKey();
143
144             } else {
145                 // Netscape request type
146
NetscapeCertRequest nscr = X509Cert.getNetscapeRequest(input);
147
148                 nscr.setChallenge("challenge");
149                 if (nscr.verify("challenge") == false) {
150                     throw new JspException JavaDoc("JCE Exception: Unable to generate certificate: Not a valid Netscape request");
151                 }
152
153                 pubKey = nscr.getPublicKey();
154             }
155
156             // generate certificate
157
X509Certificate JavaDoc cert = X509Cert.sign(pubKey
158                     , CAprivateKey
159                     , caCert
160                     , signaturealgorithm
161                     , Integer.parseInt(Long.toString(validity))
162                     , subjectdn
163                     , isca
164                     , crldisturi
165                     , netscapeextensions);
166
167             // return serialnumber and fingerprint
168
pageContext.setAttribute(serialnumber, cert.getSerialNumber().toString(), scope);
169             pageContext.setAttribute(fingerprint, CertTools.getFingerprintAsString(cert), scope);
170
171             // Return certificate as string
172
byte output[] = cert.getEncoded();
173             byte certB64[] = Base64.encode(output);
174
175             pageContext.setAttribute(certificate, "-----BEGIN CERTIFICATE-----\n" + new String JavaDoc(certB64) + "\n-----END CERTIFICATE-----", scope);
176
177         } catch (Exception JavaDoc e) {
178             throw new JspException JavaDoc("JCE Exception: Unable to generate certificate: "
179                     + e.getMessage(), e);
180         }
181
182         return EVAL_PAGE;
183     } //doEndTag()
184

185     public void release() {
186         // Cleanup all sensitive information
187
Clean.blank(signpassword);
188
189         super.release();
190     } //release()
191

192     /**
193      * @jsp.attribute
194      * description="Optional attribute, the certificate request. The body of the tag will be taken if omitted."
195      * type="java.lang.String"
196      * required="false"
197      * rtexprvalue="true"
198      */

199     public void setCertrequest(String JavaDoc certrequest) {
200         this.certrequest = certrequest;
201     }
202
203     public String JavaDoc getCertrequest() {
204         return certrequest;
205     }
206
207     /**
208      * @jsp.attribute
209      * description="The request type. 'PKCS10' for PKCS#10 type request, 'NS' for Netscape type requests. Default is 'PKCS10'"
210      * type="java.lang.String"
211      * required="false"
212      * rtexprvalue="true"
213      */

214     public void setRequesttype(String JavaDoc requesttype) {
215         this.requesttype = requesttype;
216     }
217
218     /**
219      * @jsp.attribute
220      * description="Signature algorithm. Default is 'MD5WithRSAEncryption'"
221      * type="java.lang.String"
222      * required="false"
223      * rtexprvalue="true"
224      */

225     public void setSignaturealgorithm(String JavaDoc signaturealgorithm) {
226         this.signaturealgorithm = signaturealgorithm;
227     }
228
229     /**
230      * @jsp.attribute
231      * description="The subject DN string. e.g. 'C=BE, O=NET, OU=Sourceforge, CN=CertAuthority, E=info@certauthority.org' Important: if you want to use the certificate for SSL server purposes you must specify the full server & domain name as the 'CN' entry (e.g. '... CN=www.oracle.com ...')"
232      * type="java.lang.String"
233      * required="true"
234      * rtexprvalue="true"
235      */

236     public void setSubjectdn(String JavaDoc subjectdn) {
237         this.subjectdn = subjectdn;
238     }
239
240     /**
241      * @jsp.attribute
242      * description="The validity of the certificate in days. Default is 365"
243      * type="java.lang.Long"
244      * required="false"
245      * rtexprvalue="true"
246      */

247     public void setValidity(long validity) {
248         this.validity = validity;
249     }
250
251     /**
252      * @jsp.attribute
253      * description="Defines this certificate as a CA (Certificate Authority). Default is false. If you want to use this certificate as intermediate certificate, you have to set this parameter to true"
254      * type="java.lang.Boolean"
255      * required="false"
256      * rtexprvalue="true"
257      */

258     public void setIsca(boolean isca) {
259         this.isca = isca;
260     }
261
262     /**
263      * @jsp.attribute
264      * description="CRL (Certificate Revocation List) distribution URI extension. Default is none"
265      * type="java.lang.String"
266      * required="false"
267      * rtexprvalue="true"
268      */

269     public void setCrldisturi(String JavaDoc crldisturi) {
270         this.crldisturi = crldisturi;
271     }
272
273     /**
274      * @jsp.attribute
275      * description="Adds Netscape certificate extensions to the certificate. If this certificate must work with Netscape products (or Mozilla), you have to specify one of the following parameters:&#10&#10
276      * 'CA': this certificate can be used as SSL Certificate Authority, Email Signer and Object Signer&#10
277      * 'SERVER': this certificate can be used as SSL Server.&#10
278      * 'CLIENT': this certificate can be used as SSL Client, Email Recipient and Object Signer&#10
279      * 'ALL': this certificate can be used for all above purposes."
280      * type="java.lang.String"
281      * required="false"
282      * rtexprvalue="true"
283      */

284     public void setNetscapeextensions(String JavaDoc netscapeextensions) {
285         this.netscapeextensions = netscapeextensions;
286     }
287
288     /**
289      * @jsp.attribute
290      * description="The PKCS#12 (P12) keystore where the CA signing certificate is stored"
291      * type="java.lang.String"
292      * required="true"
293      * rtexprvalue="true"
294      */

295     public void setSignfile(String JavaDoc signfile) {
296         this.signfile = signfile;
297     }
298
299     /**
300      * @jsp.attribute
301      * description="The PKCS#12 (P12) keystore entry name for the CA signing certificate"
302      * type="java.lang.String"
303      * required="true"
304      * rtexprvalue="true"
305      */

306     public void setSignentry(String JavaDoc signentry) {
307         this.signentry = signentry;
308     }
309
310     /**
311      * @jsp.attribute
312      * description="The PKCS#12 (P12) keystore signing password"
313      * type="java.lang.StringBuffer"
314      * required="true"
315      * rtexprvalue="true"
316      */

317     public void setSignpassword(StringBuffer JavaDoc signpassword) {
318         this.signpassword = signpassword;
319     }
320
321     /**
322      * @jsp.attribute
323      * description="Scope of the return variables. Can be 'page', 'session', 'request' or 'application'. Default is 'page'"
324      * type="java.lang.String"
325      * required="false"
326      * rtexprvalue="false"
327      */

328     public void setScope(String JavaDoc scope) {
329         this.scope = getScope(scope);
330     }
331
332     /**
333      * @jsp.attribute
334      * description="Variable to store the certificate serial number"
335      * type="java.lang.String"
336      * required="true"
337      * rtexprvalue="true"
338      */

339     public void setSerialnumber(String JavaDoc serialnumber) {
340         this.serialnumber = serialnumber;
341     }
342
343     public String JavaDoc getSerialnumber() {
344         return serialnumber;
345     }
346
347     /**
348      * @jsp.attribute
349      * description="Variable to store the certificate fingerprint (SHA-1)"
350      * type="java.lang.String"
351      * required="true"
352      * rtexprvalue="true"
353      */

354     public void setFingerprint(String JavaDoc fingerprint) {
355         this.fingerprint = fingerprint;
356     }
357
358     public String JavaDoc getFingerprint() {
359         return fingerprint;
360     }
361
362     /**
363      * @jsp.attribute
364      * description="Variable to store the certificate as a PEM formatted string"
365      * type="java.lang.String"
366      * required="true"
367      * rtexprvalue="true"
368      */

369     public void setCertificate(String JavaDoc certificate) {
370         this.certificate = certificate;
371     }
372
373     public String JavaDoc getCertificate() {
374         return certificate;
375     }
376 }
Popular Tags