1 19 20 package net.sourceforge.jcetaglib.taglib.x509; 21 22 import net.sourceforge.jcetaglib.lib.CertTools; 23 import net.sourceforge.jcetaglib.lib.Clean; 24 import net.sourceforge.jcetaglib.lib.X509Cert; 25 import org.bouncycastle.jce.PKCS10CertificationRequest; 26 import org.bouncycastle.jce.netscape.NetscapeCertRequest; 27 import org.bouncycastle.jce.provider.BouncyCastleProvider; 28 import org.bouncycastle.util.encoders.Base64; 29 30 import javax.servlet.jsp.JspException ; 31 import javax.servlet.jsp.PageContext ; 32 import javax.servlet.jsp.tagext.BodyTagSupport ; 33 import java.security.PrivateKey ; 34 import java.security.PublicKey ; 35 import java.security.Security ; 36 import java.security.cert.X509Certificate ; 37 38 62 63 public class CertificateFromRequest extends BodyTagSupport { 64 private static final String PAGE = "page"; 65 private static final String REQUEST = "request"; 66 private static final String SESSION = "session"; 67 private static final String APPLICATION = "application"; 68 69 private String signaturealgorithm = "MD5WithRSAEncryption"; 71 private String subjectdn; 72 private long validity = 365; 73 private boolean isca = false; 74 75 private String crldisturi; 76 77 private String netscapeextensions; 78 79 private String signfile; private String signentry; private StringBuffer signpassword; 83 protected String certrequest; private String requesttype = "PKCS10"; 85 86 private int scope = PageContext.PAGE_SCOPE; 87 88 private String serialnumber; 91 private String fingerprint; 92 private String certificate; 93 94 public static int getScope(String scope) { 95 int ret = PageContext.PAGE_SCOPE; 97 if (REQUEST.equalsIgnoreCase(scope)) 98 ret = PageContext.REQUEST_SCOPE; 99 else if (SESSION.equalsIgnoreCase(scope)) 100 ret = PageContext.SESSION_SCOPE; 101 else if (APPLICATION.equalsIgnoreCase(scope)) 102 ret = PageContext.APPLICATION_SCOPE; 103 else if (PAGE.equalsIgnoreCase(scope)) 104 ret = PageContext.PAGE_SCOPE; 105 106 return ret; 107 } 109 public int doEndTag() throws JspException { 110 String input; 111 112 if (certrequest != null) { 114 input = certrequest; 116 } else { 117 if (bodyContent == null || bodyContent.getString() == null) { 119 input = ""; 120 } else { 121 input = bodyContent.getString().trim(); 122 } 123 } 124 125 Security.addProvider(new BouncyCastleProvider()); 126 PublicKey pubKey; 127 128 try { 129 PrivateKey CAprivateKey = X509Cert.getPrivateFromP12(signfile, signentry, signpassword); 131 X509Certificate caCert = X509Cert.getCertificateFromP12(signfile, signentry, signpassword); 132 133 if (requesttype.equals("PKCS10")) { 135 PKCS10CertificationRequest pkcs10 = X509Cert.getPKCS10Request(input); 137 138 if (pkcs10.verify() == false) { 139 throw new JspException ("JCE Exception: Unable to generate certificate: Not a valid PKCS10 request"); 140 } 141 142 pubKey = pkcs10.getPublicKey(); 143 144 } else { 145 NetscapeCertRequest nscr = X509Cert.getNetscapeRequest(input); 147 148 nscr.setChallenge("challenge"); 149 if (nscr.verify("challenge") == false) { 150 throw new JspException ("JCE Exception: Unable to generate certificate: Not a valid Netscape request"); 151 } 152 153 pubKey = nscr.getPublicKey(); 154 } 155 156 X509Certificate cert = X509Cert.sign(pubKey 158 , CAprivateKey 159 , caCert 160 , signaturealgorithm 161 , Integer.parseInt(Long.toString(validity)) 162 , subjectdn 163 , isca 164 , crldisturi 165 , netscapeextensions); 166 167 pageContext.setAttribute(serialnumber, cert.getSerialNumber().toString(), scope); 169 pageContext.setAttribute(fingerprint, CertTools.getFingerprintAsString(cert), scope); 170 171 byte output[] = cert.getEncoded(); 173 byte certB64[] = Base64.encode(output); 174 175 pageContext.setAttribute(certificate, "-----BEGIN CERTIFICATE-----\n" + new String (certB64) + "\n-----END CERTIFICATE-----", scope); 176 177 } catch (Exception e) { 178 throw new JspException ("JCE Exception: Unable to generate certificate: " 179 + e.getMessage(), e); 180 } 181 182 return EVAL_PAGE; 183 } 185 public void release() { 186 Clean.blank(signpassword); 188 189 super.release(); 190 } 192 199 public void setCertrequest(String certrequest) { 200 this.certrequest = certrequest; 201 } 202 203 public String getCertrequest() { 204 return certrequest; 205 } 206 207 214 public void setRequesttype(String requesttype) { 215 this.requesttype = requesttype; 216 } 217 218 225 public void setSignaturealgorithm(String signaturealgorithm) { 226 this.signaturealgorithm = signaturealgorithm; 227 } 228 229 236 public void setSubjectdn(String subjectdn) { 237 this.subjectdn = subjectdn; 238 } 239 240 247 public void setValidity(long validity) { 248 this.validity = validity; 249 } 250 251 258 public void setIsca(boolean isca) { 259 this.isca = isca; 260 } 261 262 269 public void setCrldisturi(String crldisturi) { 270 this.crldisturi = crldisturi; 271 } 272 273 284 public void setNetscapeextensions(String netscapeextensions) { 285 this.netscapeextensions = netscapeextensions; 286 } 287 288 295 public void setSignfile(String signfile) { 296 this.signfile = signfile; 297 } 298 299 306 public void setSignentry(String signentry) { 307 this.signentry = signentry; 308 } 309 310 317 public void setSignpassword(StringBuffer signpassword) { 318 this.signpassword = signpassword; 319 } 320 321 328 public void setScope(String scope) { 329 this.scope = getScope(scope); 330 } 331 332 339 public void setSerialnumber(String serialnumber) { 340 this.serialnumber = serialnumber; 341 } 342 343 public String getSerialnumber() { 344 return serialnumber; 345 } 346 347 354 public void setFingerprint(String fingerprint) { 355 this.fingerprint = fingerprint; 356 } 357 358 public String getFingerprint() { 359 return fingerprint; 360 } 361 362 369 public void setCertificate(String certificate) { 370 this.certificate = certificate; 371 } 372 373 public String getCertificate() { 374 return certificate; 375 } 376 } | Popular Tags |