Java > Open Source Codes > net > sourceforge > jcetaglib > taglib > x509 > VerifyCertificate


1 /*
2   Name: VerifyCertificate.java
3   Licensing: LGPL
4
5   API: Sun (http://java.sun.com) JCE 1.2.2 API (cleanroom implementation by Bouncy Castle)
6   Provider: Bouncy Castle (http://www.bouncycastle.org)
7
8   Disclaimer:
9
10   COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND,
11   EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE
12   IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE
13   RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE
14   PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR)
15   ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY
16   CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED
17   HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
18 */
19
20 package net.sourceforge.jcetaglib.taglib.x509;
21
22 import net.sourceforge.jcetaglib.lib.CertTools;
23 import net.sourceforge.jcetaglib.lib.Clean;
24 import net.sourceforge.jcetaglib.lib.X509Cert;
25 import net.sourceforge.jcetaglib.tools.FileTools;
26 import org.bouncycastle.jce.provider.BouncyCastleProvider;
27
28 import javax.servlet.jsp.JspException ;
29 import javax.servlet.jsp.PageContext ;
30 import javax.servlet.jsp.tagext.TagSupport ;
31 import java.io.ByteArrayInputStream ;
32 import java.io.InputStream ;
33 import java.security.Security ;
34 import java.security.cert.X509CRL ;
35 import java.security.cert.X509Certificate ;
36
37 /**
38  * JSP tag for verifying X.509 certificates
39  *
40  * @jsp.tag
41  * name="verifycertificate"
42  * display-name="VerifyCertificate"
43  * body-content="empty"
44  * example="<jce:verifycertificate

45  * 	scope=\"page\"

46  * 	verifyinfo=\"stat\"

47  * 	crlfile=\"C:/keystores/crl.der\"

48  * 	storefile=\"C:/keystores/bob.p12\"

49  * 	storeentry=\"user\"

50  * 	storepassword=\"<%= new StringBuffer(\"password\") %>\"

51  * 	castorefile=\"C:/keystores/ca.p12\"

52  * 	castoreentry=\"ca\"

53  * 	castorepassword=\"<%= new StringBuffer(\"password\") %>\"/>"
54  *
55  * description="JSP tag for verifying X.509 certificates"
56  *
57  * @author Gert Van Ham
58  * @author hamgert@users.sourceforge.net
59  * @author http://jcetaglib.sourceforge.net
60  * @version $Id: VerifyCertificate.java,v 1.5 2004/04/15 07:28:36 hamgert Exp $
61  */
62
63 public class VerifyCertificate extends TagSupport {
64     private static final String PAGE = "page";
65     private static final String REQUEST = "request";
66     private static final String SESSION = "session";
67     private static final String APPLICATION = "application";
68
69     private String crlfile;
70
71     // return info
72 private int scope = PageContext.PAGE_SCOPE;
73     private String verifyinfo;
74
75     /* Attributes for X.509 keystore */
76
77     // P12 keystore...
78 private String storefile; // tag attribute
79 private String storeentry; // tag attribute
80 private StringBuffer storepassword; // tag attribute
81
82     // ... OR PEM string
83 private String pemstring; // tag attribute
84
85     // ... OR PEM file
86 private String pemfile; // tag attribute
87
88     /* Attributes for X.509 CA keystore */
89
90     // P12 keystore...
91 private String castorefile; // tag attribute
92 private String castoreentry; // tag attribute
93 private StringBuffer castorepassword; // tag attribute
94
95     // ... OR PEM string
96 private String capemstring; // tag attribute
97
98     // ... OR PEM file
99 private String capemfile; // tag attribute
100
101     public static int getScope(String scope) {
102         int ret = PageContext.PAGE_SCOPE; // default
103
104         if (REQUEST.equalsIgnoreCase(scope))
105             ret = PageContext.REQUEST_SCOPE;
106         else if (SESSION.equalsIgnoreCase(scope))
107             ret = PageContext.SESSION_SCOPE;
108         else if (APPLICATION.equalsIgnoreCase(scope))
109             ret = PageContext.APPLICATION_SCOPE;
110         else if (PAGE.equalsIgnoreCase(scope))
111             ret = PageContext.PAGE_SCOPE;
112
113         return ret;
114     } //getScope()
115
116     public int doEndTag() throws JspException {
117         // Add Bouncy Castle provider
118 Security.addProvider(new BouncyCastleProvider());
119
120         X509Certificate cert = null;
121         X509Certificate cacert = null;
122         X509CRL x509crl = null;
123
124         InputStream pemstream = null;
125
126         try {
127             // Retrieve the certificate from one of the three possible keystores
128 if (storefile == null || storefile == "") {
129                 if (pemfile == null || pemfile == "") {
130                     // use PEM string
131 pemstream = new ByteArrayInputStream (pemstring.getBytes());
132                     cert = CertTools.getCertfromPEM(pemstream);
133                 } else {
134                     // use PEM store
135 cert = CertTools.getCertfromPEM(pemfile);
136                 }
137             } else {
138                 // use PKCS #12 keystore
139 cert = X509Cert.getCertificateFromP12(storefile, storeentry, storepassword);
140             }
141
142             // Retrieve the signing certificate from one of the three possible keystores
143 if (castorefile == null || castorefile == "") {
144                 if (capemfile == null || capemfile == "") {
145                     // use PEM string
146 pemstream = new ByteArrayInputStream (capemstring.getBytes());
147                     cacert = CertTools.getCertfromPEM(pemstream);
148                 } else {
149                     // use PEM store
150 cacert = CertTools.getCertfromPEM(capemfile);
151                 }
152             } else {
153                 // use PKCS #12 keystore
154 cacert = X509Cert.getCACertificateFromP12(castorefile, castoreentry, castorepassword);
155             }
156
157             // get CRL
158 byte[] crl = FileTools.readFiletoBuffer(crlfile);
159             x509crl = CertTools.getCRLfromByteArray(crl);
160
161             pageContext.setAttribute(verifyinfo, X509Cert.verifyCertificate(cert, cacert, x509crl), scope);
162         } catch (Exception e) {
163             throw new JspException ("JCE Exception: Could not verify certificate: " + e.toString(), e);
164         }
165
166         return EVAL_PAGE;
167     } //doEndTag()
168
169     public void release() {
170         // Cleanup all sensitive information
171 Clean.blank(storepassword);
172         Clean.blank(castorepassword);
173
174         super.release();
175     } //release()
176
177     /**
178      * @jsp.attribute
179      * description="Scope of the return variables. Can be 'page', 'session', 'request' or 'application'. Default is 'page'"
180      * type="java.lang.String"
181      * required="false"
182      * rtexprvalue="false"
183      */
184     public void setScope(String scope) {
185         this.scope = getScope(scope);
186     }
187
188     /**
189      * @jsp.attribute
190      * description="The CRL filename"
191      * type="java.lang.String"
192      * required="false"
193      * rtexprvalue="true"
194      */
195     public void setCrlfile(String crlfile) {
196         this.crlfile = crlfile;
197     }
198
199     /**
200      * @jsp.attribute
201      * description="The PKCS#12 (P12) keystore where the certificate is stored"
202      * type="java.lang.String"
203      * required="false"
204      * rtexprvalue="true"
205      */
206     public void setStorefile(String storefile) {
207         this.storefile = storefile;
208     }
209
210     /**
211      * @jsp.attribute
212      * description="The PKCS#12 (P12) keystore entry name for this certificate"
213      * type="java.lang.String"
214      * required="false"
215      * rtexprvalue="true"
216      */
217     public void setStoreentry(String storeentry) {
218         this.storeentry = storeentry;
219     }
220
221     /**
222      * @jsp.attribute
223      * description="The PKCS#12 (P12) keystore password"
224      * type="java.lang.StringBuffer"
225      * required="false"
226      * rtexprvalue="true"
227      */
228     public void setStorepassword(StringBuffer storepassword) {
229         this.storepassword = storepassword;
230     }
231
232     /**
233      * @jsp.attribute
234      * description="The certificate as a PEM formatted file"
235      * type="java.lang.String"
236      * required="false"
237      * rtexprvalue="true"
238      */
239     public void setPemfile(String pemfile) {
240         this.pemfile = pemfile;
241     }
242
243     /**
244      * @jsp.attribute
245      * description="The certificate as a PEM formatted string"
246      * type="java.lang.String"
247      * required="false"
248      * rtexprvalue="true"
249      */
250     public void setPemstring(String pemstring) {
251         this.pemstring = pemstring;
252     }
253
254     /**
255      * @jsp.attribute
256      * description="The PKCS#12 (P12) keystore where the CA certificate is stored"
257      * type="java.lang.String"
258      * required="false"
259      * rtexprvalue="true"
260      */
261     public void setCastorefile(String castorefile) {
262         this.castorefile = castorefile;
263     }
264
265     /**
266      * @jsp.attribute
267      * description="The PKCS#12 (P12) CA keystore entry name for this certificate"
268      * type="java.lang.String"
269      * required="false"
270      * rtexprvalue="true"
271      */
272     public void setCastoreentry(String castoreentry) {
273         this.castoreentry = castoreentry;
274     }
275
276     /**
277      * @jsp.attribute
278      * description="The PKCS#12 (P12) CA keystore password"
279      * type="java.lang.StringBuffer"
280      * required="false"
281      * rtexprvalue="true"
282      */
283     public void setCastorepassword(StringBuffer castorepassword) {
284         this.castorepassword = castorepassword;
285     }
286
287     /**
288      * @jsp.attribute
289      * description="The CA certificate as a PEM formatted file"
290      * type="java.lang.String"
291      * required="false"
292      * rtexprvalue="true"
293      */
294     public void setCapemfile(String capemfile) {
295         this.capemfile = capemfile;
296     }
297
298     /**
299      * @jsp.attribute
300      * description="The CA certificate as a PEM formatted string"
301      * type="java.lang.String"
302      * required="false"
303      * rtexprvalue="true"
304      */
305     public void setCapemstring(String capemstring) {
306         this.capemstring = capemstring;
307     }
308
309     /**
310      * @jsp.attribute
311      * description="Return variable to store the certificate info:


312      * 'REVOKED': this certificate has been revoked

313      * 'EXPIRED': this certificate has expired

314      * 'INVALID': this certificate is not valid or not signed by the correct CA

315      * 'VERIFIED': this certificate is OK"
316      * type="java.lang.String"
317      * required="false"
318      * rtexprvalue="true"
319      */
320     public void setVerifyinfo(String verifyinfo) {
321         this.verifyinfo = verifyinfo;
322     }
323
324     public String getVerifyinfo() {
325         return verifyinfo;
326     }
327 }

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags