1 13 14 package org.ejbca.ui.web.admin.cainterface; 15 16 import java.beans.Beans ; 17 import java.io.IOException ; 18 import java.security.cert.CertificateEncodingException ; 19 import java.security.cert.CertificateException ; 20 import java.security.cert.X509Certificate ; 21 22 import javax.ejb.EJBException ; 23 import javax.servlet.ServletConfig ; 24 import javax.servlet.ServletException ; 25 import javax.servlet.ServletOutputStream ; 26 import javax.servlet.http.HttpServlet ; 27 import javax.servlet.http.HttpServletRequest ; 28 import javax.servlet.http.HttpServletResponse ; 29 import javax.servlet.http.HttpSession ; 30 31 import org.apache.log4j.Logger; 32 import org.ejbca.core.ejb.ServiceLocator; 33 import org.ejbca.core.ejb.ca.sign.ISignSessionLocal; 34 import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome; 35 import org.ejbca.core.model.SecConst; 36 import org.ejbca.core.model.ca.AuthLoginException; 37 import org.ejbca.core.model.ca.AuthStatusException; 38 import org.ejbca.core.model.ca.IllegalKeyException; 39 import org.ejbca.core.model.ca.SignRequestException; 40 import org.ejbca.core.model.ca.SignRequestSignatureException; 41 import org.ejbca.core.model.ca.caadmin.CADoesntExistsException; 42 import org.ejbca.core.model.log.Admin; 43 import org.ejbca.core.model.ra.NotFoundException; 44 import org.ejbca.core.protocol.IResponseMessage; 45 import org.ejbca.core.protocol.PKCS10RequestMessage; 46 import org.ejbca.ui.web.RequestHelper; 47 import org.ejbca.ui.web.admin.configuration.EjbcaWebBean; 48 import org.ejbca.ui.web.admin.rainterface.RAInterfaceBean; 49 import org.ejbca.ui.web.admin.rainterface.UserView; 50 import org.ejbca.util.Base64; 51 import org.ejbca.util.CertTools; 52 import org.ejbca.util.FileTools; 53 import org.ejbca.util.StringTools; 54 55 56 122 public class AdminCertReqServlet extends HttpServlet { 123 private final static Logger log = Logger.getLogger(AdminCertReqServlet.class); 124 125 private final static byte[] BEGIN_CERT = 126 "-----BEGIN CERTIFICATE-----".getBytes(); 127 private final static int BEGIN_CERT_LENGTH = BEGIN_CERT.length; 128 129 private final static byte[] END_CERT = 130 "-----END CERTIFICATE-----".getBytes(); 131 private final static int END_CERT_LENGTH = END_CERT.length; 132 133 private final static byte[] NL = "\n".getBytes(); 134 private final static int NL_LENGTH = NL.length; 135 136 private ISignSessionLocal signsession = null; 137 138 private synchronized ISignSessionLocal getSignSession(){ 139 if(signsession == null){ 140 try { 141 ISignSessionLocalHome signhome = (ISignSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ISignSessionLocalHome.COMP_NAME); 142 signsession = signhome.create(); 143 }catch(Exception e){ 144 throw new EJBException (e); 145 } 146 } 147 return signsession; 148 } 149 150 public void init(ServletConfig config) 151 throws ServletException 152 { 153 super.init(config); 154 try { 155 CertTools.installBCProvider(); 157 } catch (Exception e) { 158 throw new ServletException (e); 159 } 160 } 161 162 163 185 public void doPost(HttpServletRequest request, HttpServletResponse response) 186 throws IOException , ServletException 187 { 188 EjbcaWebBean ejbcawebbean= getEjbcaWebBean(request); 190 try{ 191 ejbcawebbean.initialize(request, "/ra_functionallity/create_end_entity"); 192 } catch(Exception e){ 193 throw new java.io.IOException ("Authorization Denied"); 194 } 195 196 X509Certificate [] certs = (X509Certificate []) request.getAttribute("javax.servlet.request.X509Certificate"); 197 if (certs == null) { 198 throw new ServletException ("This servlet requires certificate authentication!"); 199 } 200 201 Admin admin = new Admin(certs[0]); 202 203 RequestHelper.setDefaultCharacterEncoding(request); 204 205 byte[] buffer = pkcs10Bytes(request.getParameter("pkcs10req")); 206 if (buffer == null) { 207 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid request, missing 'pkcs10req'!"); 208 return; 209 } 210 211 RAInterfaceBean rabean = getRaBean(request); 212 213 PKCS10RequestMessage p10 = new PKCS10RequestMessage(buffer); 215 String dn = p10.getCertificationRequest().getCertificationRequestInfo().getSubject().toString(); 216 217 String username = request.getParameter("username"); 218 if (username == null || username.trim().length() == 0) { 219 username = dn; 220 } 221 username = StringTools.strip(username); 223 username = checkUsername(rabean, username); 226 227 UserView newuser = new UserView(); 228 newuser.setUsername(username); 229 230 newuser.setSubjectDN(dn); 231 newuser.setTokenType(SecConst.TOKEN_SOFT_BROWSERGEN); 232 newuser.setAdministrator(false); 233 newuser.setKeyRecoverable(false); 234 235 String email = CertTools.getPartFromDN(dn, "E"); if (email == null) email = CertTools.getPartFromDN(dn, "EMAILADDRESS"); 237 if (email != null) { 238 newuser.setEmail(email); 239 } 240 241 String tmp = null; 242 int eProfileId = SecConst.EMPTY_ENDENTITYPROFILE; 243 if ((tmp = request.getParameter("entityprofile")) != null) { 244 int reqId = rabean.getEndEntityProfileId(tmp); 245 if (reqId == 0) { 246 throw new ServletException ("No such end entity profile: " + tmp); 247 } 248 eProfileId = reqId; 249 } 250 newuser.setEndEntityProfileId(eProfileId); 251 252 int cProfileId = SecConst.CERTPROFILE_FIXED_ENDUSER; 253 if ((tmp = request.getParameter("certificateprofile")) != null) { 254 CAInterfaceBean cabean = getCaBean(request); 255 int reqId = cabean.getCertificateProfileId(tmp); 256 if (reqId == 0) { 257 throw new ServletException ("No such certificate profile: " + tmp); 258 } 259 cProfileId = reqId; 260 } 261 newuser.setCertificateProfileId(cProfileId); 262 263 int caid = 0; 264 if ((tmp = request.getParameter("ca")) != null) { 265 } 267 newuser.setCAId(caid); 268 269 270 String password = request.getParameter("password"); 271 if (password == null) password = ""; 272 newuser.setPassword(password); 273 newuser.setClearTextPassword(false); 274 275 try { 276 rabean.addUser(newuser); 277 } catch (Exception e) { 278 throw new ServletException ("Error adding user: " + e.toString(), e); 279 } 280 281 byte[] pkcs7; 282 try { 283 p10.setUsername(username); 284 p10.setPassword(password); 285 ISignSessionLocal ss = getSignSession(); 286 IResponseMessage resp = ss.createCertificate(admin, p10, Class.forName("org.ejbca.core.protocol.X509ResponseMessage")); 287 X509Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage()); 288 pkcs7 = ss.createPKCS7(admin, cert, true); 289 } catch (ClassNotFoundException e) { 290 throw new ServletException (e); 292 } catch (CertificateEncodingException e) { 293 throw new ServletException (e); 295 } catch (CertificateException e) { 296 throw new ServletException (e); 298 } catch (NotFoundException e) { 299 throw new ServletException (e); 301 } catch (AuthStatusException e) { 302 throw new ServletException (e); 305 } catch (AuthLoginException e) { 306 throw new ServletException (e); 309 } catch (IllegalKeyException e) { 310 throw new ServletException (e); 312 } catch (SignRequestException e) { 313 throw new ServletException (e); 315 } catch (SignRequestSignatureException e) { 316 throw new ServletException (e); 318 } catch (CADoesntExistsException e) { 319 throw new ServletException (e); 321 } 322 323 log.debug("Created certificate (PKCS7) for " + username); 324 325 sendNewB64Cert(Base64.encode(pkcs7), response); 326 327 } 328 329 330 public void doGet(HttpServletRequest request, HttpServletResponse response) 331 throws IOException , ServletException 332 { 333 log.debug(">doGet()"); 334 response.setHeader("Allow", "POST"); 335 response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "The certificate request servlet only handles the POST method."); 336 log.debug("<doGet()"); 337 } 339 340 private void sendNewB64Cert(byte[] b64cert, HttpServletResponse out) 341 throws IOException 342 { 343 out.setContentType("application/octet-stream"); 344 out.setHeader("Content-Disposition", "filename=cert.pem"); 345 out.setContentLength(b64cert.length + 346 BEGIN_CERT_LENGTH + END_CERT_LENGTH + (3 *NL_LENGTH)); 347 348 ServletOutputStream os = out.getOutputStream(); 349 os.write(BEGIN_CERT); 350 os.write(NL); 351 os.write(b64cert); 352 os.write(NL); 353 os.write(END_CERT); 354 os.write(NL); 355 out.flushBuffer(); 356 } 357 358 359 362 private final static byte[] pkcs10Bytes(String pkcs10) 363 { 364 if (pkcs10 == null) return null; 365 byte[] reqBytes = pkcs10.getBytes(); 366 byte[] bytes = null; 367 try { 368 String beginKey = "-----BEGIN CERTIFICATE REQUEST-----"; 370 String endKey = "-----END CERTIFICATE REQUEST-----"; 371 bytes = FileTools.getBytesFromPEM(reqBytes, beginKey, endKey); 372 } catch (IOException e) { 373 try { 374 String beginKey = "-----BEGIN NEW CERTIFICATE REQUEST-----"; 376 String endKey = "-----END NEW CERTIFICATE REQUEST-----"; 377 bytes = FileTools.getBytesFromPEM(reqBytes, beginKey, endKey); 378 } catch (IOException e2) { 379 bytes = Base64.decode(reqBytes); 381 } 382 } 383 return bytes; 384 } 385 386 387 390 private final RAInterfaceBean getRaBean(HttpServletRequest req) 391 throws ServletException 392 { 393 HttpSession session = req.getSession(); 394 RAInterfaceBean rabean = (RAInterfaceBean) session.getAttribute("rabean"); 395 if (rabean == null) { 396 try { 397 rabean = (RAInterfaceBean) Beans.instantiate(this.getClass().getClassLoader(), "org.ejbca.ui.web.admin.rainterface.RAInterfaceBean"); 398 } catch (ClassNotFoundException e) { 399 throw new ServletException (e); 400 } catch (Exception e) { 401 throw new ServletException ("Unable to instantiate RAInterfaceBean", e); 402 } 403 try { 404 rabean.initialize(req, getEjbcaWebBean(req)); 405 } catch (Exception e) { 406 throw new ServletException ("Cannot initialize RAInterfaceBean", e); 407 } 408 session.setAttribute("rabean", rabean); 409 } 410 return rabean; 411 } 412 413 414 417 private final EjbcaWebBean getEjbcaWebBean(HttpServletRequest req) 418 throws ServletException 419 { 420 HttpSession session = req.getSession(); 421 EjbcaWebBean ejbcawebbean= (EjbcaWebBean)session.getAttribute("ejbcawebbean"); 422 if ( ejbcawebbean == null ){ 423 try { 424 ejbcawebbean = (EjbcaWebBean) java.beans.Beans.instantiate(this.getClass().getClassLoader(), "org.ejbca.ui.web.admin.configuration.EjbcaWebBean"); 425 } catch (ClassNotFoundException exc) { 426 throw new ServletException (exc.getMessage()); 427 }catch (Exception exc) { 428 throw new ServletException (" Cannot create bean of class "+"org.ejbca.ui.web.admin.configuration.EjbcaWebBean", exc); 429 } 430 session.setAttribute("ejbcawebbean", ejbcawebbean); 431 } 432 return ejbcawebbean; 433 } 434 437 private final CAInterfaceBean getCaBean(HttpServletRequest req) 438 throws ServletException 439 { 440 HttpSession session = req.getSession(); 441 CAInterfaceBean cabean = (CAInterfaceBean) session.getAttribute("cabean"); 442 if (cabean == null) { 443 try { 444 cabean = (CAInterfaceBean) Beans.instantiate(this.getClass().getClassLoader(), "org.ejbca.ui.web.admin.cainterface.CAInterfaceBean"); 445 } catch (ClassNotFoundException e) { 446 throw new ServletException (e); 447 } catch (Exception e) { 448 throw new ServletException ("Unable to instantiate CAInterfaceBean", e); 449 } 450 try { 451 cabean.initialize(req, getEjbcaWebBean(req)); 452 } catch (Exception e) { 453 throw new ServletException ("Cannot initialize CAInterfaceBean", e); 454 } 455 session.setAttribute("cabean", cabean); 456 } 457 return cabean; 458 } 459 460 461 464 private final String checkUsername(RAInterfaceBean rabean, String username) 465 throws ServletException 466 { 467 if (username != null) username = username.trim(); 468 if (username == null || username.length() == 0) { 469 throw new ServletException ("Username must not be empty."); 470 } 471 472 String msg = null; 473 try { 474 if (rabean.userExist(username)) { 475 msg = "User '" + username + "' already exists."; 476 } 477 } catch (Exception e) { 478 throw new ServletException ("Error checking username '" + username + 479 ": " + e.toString(), e); 480 } 481 if (msg != null) { 482 throw new ServletException (msg); 483 } 484 485 return username; 486 } 487 488 } 489 | Popular Tags |