EndEntityCertServlet


1   /*************************************************************************
2    *                                                                       *
3    *  EJBCA: The OpenSource Certificate Authority                          *
4    *                                                                       *
5    *  This software is free software; you can redistribute it and/or       *
6    *  modify it under the terms of the GNU Lesser General Public           *
7    *  License as published by the Free Software Foundation; either         *
8    *  version 2.1 of the License, or any later version.                    *
9    *                                                                       *
10   *  See terms of license at gnu.org.                                     *
11   *                                                                       *
12   *************************************************************************/
13   
14  package org.ejbca.ui.web.admin.cainterface;
15  
16  import java.io.IOException  ;
17  import java.math.BigInteger  ;
18  import java.security.cert.X509Certificate  ;
19  
20  import javax.servlet.ServletConfig  ;
21  import javax.servlet.ServletException  ;
22  import javax.servlet.http.HttpServlet  ;
23  import javax.servlet.http.HttpServletRequest  ;
24  import javax.servlet.http.HttpServletResponse  ;
25  
26  import org.apache.log4j.Logger;
27  import org.ejbca.core.model.authorization.AvailableAccessRules;
28  import org.ejbca.ui.web.RequestHelper;
29  import org.ejbca.ui.web.admin.configuration.EjbcaWebBean;
30  import org.ejbca.ui.web.admin.rainterface.CertificateView;
31  import org.ejbca.ui.web.admin.rainterface.RAInterfaceBean;
32  import org.ejbca.ui.web.pub.ServletUtils;
33  import org.ejbca.util.Base64;
34  
35  
36  /**
37   * Servlet used to distribute End Entity certificates through the "View Certificate" jsp page.
38   * Checks that the administrator is authorized to view the user before sending the certificate<br>
39   *
40   * cert - returns certificate in PEM-format
41   * nscert - returns certificate for Netscape/Mozilla
42   * iecert - returns certificate for Internet Explorer
43   *
44   * cert, nscert and iecert also takes  parameters issuer and certificatesn were issuer is the DN of issuer and certificate serienumber 
45   * is in hex format.
46   *
47   * @version $Id: EndEntityCertServlet.java,v 1.3 2006/02/09 10:05:38 anatom Exp $
48   *
49   * @web.servlet name = "EndEntityCert"
50   *              display-name = "EndEntityCertServlet"
51   *              description="Returns the specified end entity certificate"
52   *              load-on-startup = "99"
53   *
54   * @web.servlet-mapping url-pattern = "/ca/endentitycert"
55   *
56   */
57  public class EndEntityCertServlet extends HttpServlet   {
58  
59      private static final Logger log = Logger.getLogger(EndEntityCertServlet.class);
60  
61      private static final String   COMMAND_PROPERTY_NAME = "cmd";
62      private static final String   COMMAND_NSCERT = "nscert";
63      private static final String   COMMAND_IECERT = "iecert";
64      private static final String   COMMAND_CERT = "cert";
65     
66      private static final String   ISSUER_PROPERTY = "issuer";
67      private static final String   CERTIFICATEDN_PROPERTY = "certificatesn";
68  
69      public void init(ServletConfig   config) throws ServletException   {
70          super.init(config);
71      }
72      
73      public void doPost(HttpServletRequest   req, HttpServletResponse   res)
74          throws IOException  , ServletException   {
75          log.debug(">doPost()");
76          doGet(req, res);
77          log.debug("<doPost()");
78      } //doPost
79  
80      public void doGet(HttpServletRequest   req,  HttpServletResponse   res) throws java.io.IOException  , ServletException   {
81          log.debug(">doGet()");
82          // Check if authorized
83          EjbcaWebBean ejbcawebbean= (org.ejbca.ui.web.admin.configuration.EjbcaWebBean)
84                                     req.getSession().getAttribute("ejbcawebbean");
85          
86          RAInterfaceBean rabean =  (org.ejbca.ui.web.admin.rainterface.RAInterfaceBean)
87                                     req.getSession().getAttribute("rabean");
88          if ( ejbcawebbean == null ){
89            try {
90              ejbcawebbean = (org.ejbca.ui.web.admin.configuration.EjbcaWebBean) java.beans.Beans.instantiate(this.getClass().getClassLoader(), "org.ejbca.ui.web.admin.configuration.EjbcaWebBean");
91             } catch (ClassNotFoundException   exc) {
92                 throw new ServletException  (exc.getMessage());
93             }catch (Exception   exc) {
94                 throw new ServletException   (" Cannot create bean of class "+"org.ejbca.ui.web.admin.configuration.EjbcaWebBean", exc);
95             }
96             req.getSession().setAttribute("ejbcawebbean", ejbcawebbean);
97          }
98          
99          if ( rabean == null ){
100             try {
101               rabean = (org.ejbca.ui.web.admin.rainterface.RAInterfaceBean) java.beans.Beans.instantiate(this.getClass().getClassLoader(), "org.ejbca.ui.web.admin.rainterface.RAInterfaceBean");
102              } catch (ClassNotFoundException   exc) {
103                  throw new ServletException  (exc.getMessage());
104              }catch (Exception   exc) {
105                  throw new ServletException   (" Cannot create bean of class "+"org.ejbca.ui.web.admin.rainterface.RAInterfaceBean", exc);
106              }
107              req.getSession().setAttribute("rabean", ejbcawebbean);
108           }
109 
110         try{
111           ejbcawebbean.initialize(req,AvailableAccessRules.REGULAR_VIEWCERTIFICATE);
112           rabean.initialize(req,ejbcawebbean);                    
113         } catch(Exception   e){
114            throw new java.io.IOException  ("Authorization Denied");
115         }
116         
117         RequestHelper.setDefaultCharacterEncoding(req);
118         String   issuerdn = req.getParameter(ISSUER_PROPERTY);        
119         String   certificatesn = req.getParameter(CERTIFICATEDN_PROPERTY);
120 
121         String   command;
122         // Keep this for logging.
123         log.debug("Got request from "+req.getRemoteAddr());
124         command = req.getParameter(COMMAND_PROPERTY_NAME);
125         if (command == null)
126             command = "";
127         if ((command.equalsIgnoreCase(COMMAND_NSCERT) || command.equalsIgnoreCase(COMMAND_IECERT) || command.equalsIgnoreCase(COMMAND_CERT)) 
128              && issuerdn != null && certificatesn != null) {
129             
130             BigInteger   certsn = new BigInteger  (certificatesn,16);
131                                 
132             // Fetch the certificate and at the samt time check that the user is authorized to it.
133             
134             try {
135                 rabean.loadCertificates(certsn, issuerdn);
136 
137                 CertificateView certview = rabean.getCertificate(0);
138                 
139                 X509Certificate   cert = certview.getCertificate();
140                 byte[] enccert = cert.getEncoded();
141                 // We must remove cache headers for IE
142                 ServletUtils.removeCacheHeaders(res);
143                 if (command.equalsIgnoreCase(COMMAND_NSCERT)) {
144                     res.setContentType("application/x-x509-ca-cert");
145                     res.setContentLength(enccert.length);
146                     res.getOutputStream().write(enccert);
147                     log.debug("Sent CA cert to NS client, len="+enccert.length+".");
148                 } else if (command.equalsIgnoreCase(COMMAND_IECERT)) {
149                     res.setHeader("Content-disposition", "attachment; filename=" + certview.getUsername() + ".crt");
150                     res.setContentType("application/octet-stream");
151                     res.setContentLength(enccert.length);
152                     res.getOutputStream().write(enccert);
153                     log.debug("Sent CA cert to IE client, len="+enccert.length+".");
154                 } else if (command.equalsIgnoreCase(COMMAND_CERT)) {
155                     byte[] b64cert = Base64.encode(enccert);
156                     String   out = RequestHelper.BEGIN_CERTIFICATE_WITH_NL;                   
157                     out += new String  (b64cert);
158                     out += RequestHelper.END_CERTIFICATE_WITH_NL;
159                     res.setHeader("Content-disposition", "attachment; filename=" + certview.getUsername() + ".pem");
160                     res.setContentType("application/octet-stream");
161                     res.setContentLength(out.length());
162                     res.getOutputStream().write(out.getBytes());
163                     log.debug("Sent CA cert to client, len="+out.length()+".");
164                 } else {
165                     res.setContentType("text/plain");
166                     res.getOutputStream().println("Commands="+COMMAND_NSCERT+" || "+COMMAND_IECERT+" || "+COMMAND_CERT);
167                     return;
168                 }
169             } catch (Exception   e) {
170                 log.error("Error getting certificates: ", e);
171                 res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error getting certificates.");
172                 return;
173             }
174         }
175         else {
176             res.setContentType("text/plain");
177             res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Bad Request format");
178             return;
179         }
180 
181     } // doGet
182 
183 }
184
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags