1 13 14 package org.ejbca.ui.web.admin.cainterface; 15 16 import java.io.IOException ; 17 import java.io.PrintStream ; 18 import java.security.cert.Certificate ; 19 import java.security.cert.X509Certificate ; 20 21 import javax.ejb.EJBException ; 22 import javax.servlet.ServletConfig ; 23 import javax.servlet.ServletException ; 24 import javax.servlet.http.HttpServlet ; 25 import javax.servlet.http.HttpServletRequest ; 26 import javax.servlet.http.HttpServletResponse ; 27 28 import org.apache.log4j.Logger; 29 import org.ejbca.core.ejb.ServiceLocator; 30 import org.ejbca.core.ejb.ca.sign.ISignSessionLocal; 31 import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome; 32 import org.ejbca.core.model.log.Admin; 33 import org.ejbca.ui.web.RequestHelper; 34 import org.ejbca.ui.web.admin.configuration.EjbcaWebBean; 35 import org.ejbca.ui.web.pub.ServletUtils; 36 import org.ejbca.util.Base64; 37 38 211 public class CACertServlet extends HttpServlet { 212 213 private static final Logger log = Logger.getLogger(CACertServlet.class); 214 215 private static final String COMMAND_PROPERTY_NAME = "cmd"; 216 private static final String COMMAND_NSCACERT = "nscacert"; 217 private static final String COMMAND_IECACERT = "iecacert"; 218 private static final String COMMAND_CACERT = "cacert"; 219 220 private static final String LEVEL_PROPERTY = "level"; 221 private static final String ISSUER_PROPERTY = "issuer"; 222 223 private ISignSessionLocal signsession = null; 224 225 private synchronized ISignSessionLocal getSignSession(){ 226 if(signsession == null){ 227 try { 228 ISignSessionLocalHome signhome = (ISignSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ISignSessionLocalHome.COMP_NAME); 229 signsession = signhome.create(); 230 }catch(Exception e){ 231 throw new EJBException (e); 232 } 233 } 234 return signsession; 235 } 236 237 public void init(ServletConfig config) throws ServletException { 238 super.init(config); 239 } 240 241 public void doPost(HttpServletRequest req, HttpServletResponse res) 242 throws IOException , ServletException { 243 log.debug(">doPost()"); 244 doGet(req, res); 245 log.debug("<doPost()"); 246 } 248 public void doGet(HttpServletRequest req, HttpServletResponse res) throws java.io.IOException , ServletException { 249 log.debug(">doGet()"); 250 EjbcaWebBean ejbcawebbean= (org.ejbca.ui.web.admin.configuration.EjbcaWebBean) 252 req.getSession().getAttribute("ejbcawebbean"); 253 if ( ejbcawebbean == null ){ 254 try { 255 ejbcawebbean = (org.ejbca.ui.web.admin.configuration.EjbcaWebBean) java.beans.Beans.instantiate(this.getClass().getClassLoader(), "org.ejbca.ui.web.admin.configuration.EjbcaWebBean"); 256 } catch (ClassNotFoundException exc) { 257 throw new ServletException (exc.getMessage()); 258 }catch (Exception exc) { 259 throw new ServletException (" Cannot create bean of class "+"org.ejbca.ui.web.admin.configuration.EjbcaWebBean", exc); 260 } 261 req.getSession().setAttribute("ejbcawebbean", ejbcawebbean); 262 } 263 264 try{ 265 ejbcawebbean.initialize(req,"/ca_functionality/basic_functions"); 266 } catch(Exception e){ 267 throw new java.io.IOException ("Authorization Denied"); 268 } 269 270 RequestHelper.setDefaultCharacterEncoding(req); 271 272 String issuerdn = req.getParameter(ISSUER_PROPERTY); 273 274 String command; 275 log.debug("Got request from "+req.getRemoteAddr()); 277 command = req.getParameter(COMMAND_PROPERTY_NAME); 278 if (command == null) 279 command = ""; 280 if ((command.equalsIgnoreCase(COMMAND_NSCACERT) || command.equalsIgnoreCase(COMMAND_IECACERT) || command.equalsIgnoreCase(COMMAND_CACERT)) && issuerdn != null ) { 281 String lev = req.getParameter(LEVEL_PROPERTY); 282 int level = 0; 283 if (lev != null) 284 level = Integer.parseInt(lev); 285 try { 287 ISignSessionLocal ss = getSignSession(); 288 Admin admin = new Admin(((X509Certificate []) req.getAttribute( "javax.servlet.request.X509Certificate" ))[0]); 289 Certificate [] chain = (Certificate []) ss.getCertificateChain(admin, issuerdn.hashCode()).toArray(new Certificate [0]); 290 291 if ( (chain.length-1-level) < 0 ) { 293 PrintStream ps = new PrintStream (res.getOutputStream()); 294 ps.println("No CA certificate of level "+level+"exist."); 295 log.error("No CA certificate of level "+level+"exist."); 296 return; 297 } 298 X509Certificate cacert = (X509Certificate )chain[level]; 299 byte[] enccert = cacert.getEncoded(); 300 ServletUtils.removeCacheHeaders(res); 302 if (command.equalsIgnoreCase(COMMAND_NSCACERT)) { 303 res.setContentType("application/x-x509-ca-cert"); 304 res.setContentLength(enccert.length); 305 res.getOutputStream().write(enccert); 306 log.debug("Sent CA cert to NS client, len="+enccert.length+"."); 307 } else if (command.equalsIgnoreCase(COMMAND_IECACERT)) { 308 res.setHeader("Content-disposition", "attachment; filename=ca.crt"); 309 res.setContentType("application/octet-stream"); 310 res.setContentLength(enccert.length); 311 res.getOutputStream().write(enccert); 312 log.debug("Sent CA cert to IE client, len="+enccert.length+"."); 313 } else if (command.equalsIgnoreCase(COMMAND_CACERT)) { 314 byte[] b64cert = Base64.encode(enccert); 315 String out = RequestHelper.BEGIN_CERTIFICATE_WITH_NL; 316 out += new String (b64cert); 317 out += RequestHelper.END_CERTIFICATE_WITH_NL; 318 res.setHeader("Content-disposition", "attachment; filename=ca.pem"); 319 res.setContentType("application/octet-stream"); 320 res.setContentLength(out.length()); 321 res.getOutputStream().write(out.getBytes()); 322 log.debug("Sent CA cert to client, len="+out.length()+"."); 323 } else { 324 res.setContentType("text/plain"); 325 res.getOutputStream().println("Commands="+COMMAND_NSCACERT+" || "+COMMAND_IECACERT+" || "+COMMAND_CACERT); 326 return; 327 } 328 } catch (Exception e) { 329 log.error("Error getting CA certificates: ", e); 330 res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error getting CA certificates."); 331 return; 332 } 333 } 334 else { 335 res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Bad Request format"); 336 return; 337 } 338 339 } 341 } 342 | Popular Tags |