1 13 14 package org.ejbca.ui.web.admin.rainterface; 15 16 17 import java.io.IOException ; 18 import java.math.BigInteger ; 19 import java.security.cert.CertificateEncodingException ; 20 import java.security.cert.CertificateExpiredException ; 21 import java.security.cert.CertificateNotYetValidException ; 22 import java.security.cert.CertificateParsingException ; 23 import java.security.cert.X509Certificate ; 24 import java.security.interfaces.RSAPublicKey ; 25 import java.util.Date ; 26 import java.util.HashMap ; 27 import java.util.Iterator ; 28 import java.util.List ; 29 30 import org.bouncycastle.util.encoders.Hex; 31 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile; 32 import org.ejbca.ui.web.admin.configuration.EjbcaWebBean; 33 import org.ejbca.util.CertTools; 34 import org.ejbca.util.cert.QCStatementExtension; 35 import org.ejbca.util.cert.SubjectDirAttrExtension; 36 import org.ejbca.util.dn.DNFieldExtractor; 37 38 39 40 47 public class CertificateView implements java.io.Serializable { 48 49 public static final int DIGITALSIGNATURE = CertificateProfile.DIGITALSIGNATURE; 50 public static final int NONREPUDIATION = CertificateProfile.NONREPUDIATION; 51 public static final int KEYENCIPHERMENT = CertificateProfile.KEYENCIPHERMENT; 52 public static final int DATAENCIPHERMENT = CertificateProfile.DATAENCIPHERMENT; 53 public static final int KEYAGREEMENT = CertificateProfile.KEYAGREEMENT; 54 public static final int KEYCERTSIGN = CertificateProfile.KEYCERTSIGN; 55 public static final int CRLSIGN = CertificateProfile.CRLSIGN; 56 public static final int ENCIPHERONLY = CertificateProfile.ENCIPHERONLY; 57 public static final int DECIPHERONLY = CertificateProfile.DECIPHERONLY; 58 59 public static final String [] KEYUSAGETEXTS = {"DIGITALSIGNATURE","NONREPUDIATION", "KEYENCIPHERMENT", "DATAENCIPHERMENT", "KEYAGREEMENT", "KEYCERTSIGN", "CRLSIGN", "ENCIPHERONLY", "DECIPHERONLY" }; 60 61 public static final String [] EXTENDEDKEYUSAGETEXTS = {"ANYEXTENDEDKEYUSAGE","SERVERAUTH", "CLIENTAUTH", 62 "CODESIGNING", "EMAILPROTECTION", "IPSECENDSYSTEM", 63 "IPSECTUNNEL", "IPSECUSER", "TIMESTAMPING", "SMARTCARDLOGON", 64 "OCSPSIGNER"}; 65 66 67 private static final int SUBALTNAME_OTHERNAME = 0; 68 private static final int SUBALTNAME_RFC822NAME = 1; 69 private static final int SUBALTNAME_DNSNAME = 2; 70 private static final int SUBALTNAME_X400ADDRESS = 3; 71 private static final int SUBALTNAME_DIRECTORYNAME = 4; 72 private static final int SUBALTNAME_EDIPARTYNAME = 5; 73 private static final int SUBALTNAME_URI = 6; 74 private static final int SUBALTNAME_IPADDRESS = 7; 75 private static final int SUBALTNAME_REGISTREDID = 8; 76 77 78 public CertificateView(X509Certificate certificate, RevokedInfoView revokedinfo, String username) { 79 this.certificate=certificate; 80 this.revokedinfo= revokedinfo; 81 this.username=username; 82 83 subjectdnfieldextractor = new DNFieldExtractor(CertTools.getSubjectDN(certificate), DNFieldExtractor.TYPE_SUBJECTDN); 84 issuerdnfieldextractor = new DNFieldExtractor(CertTools.getIssuerDN(certificate), DNFieldExtractor.TYPE_SUBJECTDN); 85 86 if(extendedkeyusageoidtotextmap == null){ 88 extendedkeyusageoidtotextmap = new HashMap (); 89 for(int i=0; i < EXTENDEDKEYUSAGETEXTS.length; i++){ 90 extendedkeyusageoidtotextmap.put(CertificateProfile.EXTENDEDKEYUSAGEOIDSTRINGS[i], EXTENDEDKEYUSAGETEXTS[i]); 91 } 92 } 93 94 } 95 96 97 99 public String getVersion() { 100 return Integer.toString(certificate.getVersion()); 101 } 102 103 public String getType() { 104 return "X509"; 105 } 106 107 public String getSerialNumber() { 108 return certificate.getSerialNumber().toString(16).toUpperCase(); 109 } 110 111 public BigInteger getSerialNumberBigInt() { 112 return certificate.getSerialNumber(); 113 } 114 115 public String getIssuerDN() { 116 return CertTools.getIssuerDN(certificate); 117 } 118 119 public String getIssuerDNField(int field, int number) { 120 return issuerdnfieldextractor.getField(field, number); 121 } 122 123 public String getSubjectDN() { 124 return CertTools.getSubjectDN(certificate); 125 } 126 127 public String getSubjectDNField(int field, int number) { 128 return subjectdnfieldextractor.getField(field, number); 129 } 130 131 public Date getValidFrom() { 132 return certificate.getNotBefore(); 133 } 134 135 public Date getValidTo() { 136 return certificate.getNotAfter(); 137 } 138 139 public boolean checkValidity(){ 140 boolean valid = true; 141 try{ 142 certificate.checkValidity(); 143 } 144 catch( CertificateExpiredException e){ 145 valid=false; 146 } 147 catch(CertificateNotYetValidException e){ 148 valid=false; 149 } 150 151 return valid; 152 } 153 154 public boolean checkValidity(Date date) { 155 boolean valid = true; 156 try{ 157 certificate.checkValidity(date); 158 } 159 catch( CertificateExpiredException e){ 160 valid=false; 161 } 162 catch(CertificateNotYetValidException e){ 163 valid=false; 164 } 165 166 return valid; 167 } 168 169 public String getPublicKeyAlgorithm(){ 170 return certificate.getPublicKey().getAlgorithm(); 171 } 172 173 public String getPublicKeyLength(){ 174 String keylength = null; 175 if( certificate.getPublicKey() instanceof RSAPublicKey ){ 176 keylength = "" + ((RSAPublicKey )certificate.getPublicKey()).getModulus().bitLength(); 177 } 178 return keylength; 179 } 180 181 public String getSignatureAlgoritm() { 182 return certificate.getSigAlgName(); 183 } 184 185 186 public boolean getKeyUsage(int usage) { 187 boolean returnval = false; 188 if(certificate.getKeyUsage() != null) 189 returnval= certificate.getKeyUsage()[usage]; 190 191 return returnval; 192 } 193 194 public boolean[] getAllKeyUsage(){ 195 return certificate.getKeyUsage(); 196 } 197 198 public String [] getExtendedKeyUsageAsTexts(){ 199 java.util.List extendedkeyusage = null; 200 try{ 201 extendedkeyusage = certificate.getExtendedKeyUsage(); 202 }catch(java.security.cert.CertificateParsingException e){} 203 if(extendedkeyusage == null) 204 extendedkeyusage = new java.util.ArrayList (); 205 206 String [] returnval = new String [extendedkeyusage.size()]; 207 for(int i=0; i < extendedkeyusage.size(); i++){ 208 returnval[i] = (String ) extendedkeyusageoidtotextmap.get(extendedkeyusage.get(i)); 209 } 210 211 return returnval; 212 } 213 214 public String getBasicConstraints(EjbcaWebBean ejbcawebbean) { 215 String retval = ejbcawebbean.getText("ENDENTITY"); 216 if(certificate.getBasicConstraints() != -1){ 217 if(certificate.getBasicConstraints() == Integer.MAX_VALUE){ 218 retval = ejbcawebbean.getText("CANOLIMIT"); 219 }else{ 220 retval = ejbcawebbean.getText("CAPATHLENGTH") + " : " + certificate.getBasicConstraints(); 221 } 222 } 223 224 return retval; 225 } 226 227 public String getSignature() { 228 return (new java.math.BigInteger (certificate.getSignature())).toString(16); 229 } 230 231 public String getSHA1Fingerprint(){ 232 String returnval = ""; 233 try { 234 byte[] res = CertTools.generateSHA1Fingerprint(certificate.getEncoded()); 235 String ret = new String (Hex.encode(res)); 236 returnval = ret.toUpperCase(); 237 } catch (CertificateEncodingException cee) { 238 } 239 return returnval; 240 } 241 242 public String getMD5Fingerprint(){ 243 String returnval = ""; 244 try { 245 byte[] res = CertTools.generateMD5Fingerprint(certificate.getEncoded()); 246 String ret = new String (Hex.encode(res)); 247 returnval = ret.toUpperCase(); 248 } catch (CertificateEncodingException cee) { 249 } 250 return returnval; 251 } 252 253 254 255 public boolean isRevoked(){ 256 return revokedinfo != null && revokedinfo.isRevoked(); 257 } 258 259 public String [] getRevokationReasons(){ 260 String [] returnval = null; 261 if(revokedinfo != null) 262 returnval = revokedinfo.getRevokationReasons(); 263 return returnval; 264 } 265 266 public Date getRevokationDate(){ 267 Date returnval = null; 268 if(revokedinfo != null) 269 returnval = revokedinfo.getRevocationDate(); 270 return returnval; 271 } 272 273 public String getUsername(){ 274 return this.username; 275 } 276 277 public X509Certificate getCertificate(){ 278 return certificate; 279 } 280 281 public String getSubjectDirAttr() { 282 if(subjectdirattrstring == null) { 283 try { 284 subjectdirattrstring = SubjectDirAttrExtension.getSubjectDirectoryAttributes(certificate); 285 } catch (Exception e) { 286 subjectdirattrstring = e.getMessage(); 287 } 288 } 289 return subjectdirattrstring; 290 } 291 292 public String getSubjectAltName() { 293 if(subjectaltnamestring == null){ 294 try { 295 if(certificate.getSubjectAlternativeNames() != null){ 296 subjectaltnamestring = ""; 297 298 String separator = ""; 299 String guid = null; 300 try{ 301 guid = CertTools.getGuidAltName(certificate); 302 }catch(IOException e){ 303 subjectaltnamestring = e.getMessage(); 304 } 305 if(guid != null){ 306 subjectaltnamestring += separator + "GUID=" + guid; 307 separator = ", "; 308 } 309 String upn = null; 310 try{ 311 upn = CertTools.getUPNAltName(certificate); 312 }catch(IOException e){ 313 subjectaltnamestring = e.getMessage(); 314 } 315 if(upn != null){ 316 subjectaltnamestring += separator + "UPN=" + upn; 317 separator = ", "; 318 } 319 320 Iterator iter = certificate.getSubjectAlternativeNames().iterator(); 321 while(iter.hasNext()){ 322 List next = (List ) iter.next(); 323 int OID = ((Integer ) next.get(0)).intValue(); 324 325 switch(OID){ 326 case SUBALTNAME_OTHERNAME: 327 break; 329 case SUBALTNAME_RFC822NAME: 330 subjectaltnamestring += separator + "RFC822NAME=" + (String ) next.get(1); 331 separator = ", "; 332 break; 333 case SUBALTNAME_DNSNAME: 334 subjectaltnamestring += separator + "DNSNAME=" + (String ) next.get(1); 335 separator = ", "; 336 break; 337 case SUBALTNAME_X400ADDRESS: 338 break; 340 case SUBALTNAME_EDIPARTYNAME: 341 break; 343 case SUBALTNAME_DIRECTORYNAME: 344 break; 346 case SUBALTNAME_URI: 347 if(!subjectaltnamestring.equals("")) 348 subjectaltnamestring += ", "; 349 subjectaltnamestring += separator + "URI=" + (String ) next.get(1); 350 separator = ", "; 351 break; 352 case SUBALTNAME_IPADDRESS: 353 subjectaltnamestring += separator + "IPADDRESS=" + (String ) next.get(1); 354 separator = ", "; 355 break; 356 case SUBALTNAME_REGISTREDID: 357 break; 359 } 360 361 } 362 } 363 } catch (CertificateParsingException e) { 364 subjectaltnamestring = e.getMessage(); 365 } 366 } 367 368 return subjectaltnamestring; 369 } 370 371 public boolean hasQcStatement() { 372 boolean ret = false; 373 try { 374 ret = QCStatementExtension.hasQcStatement(certificate); 375 } catch (IOException e) { 376 ret = false; 377 } 378 return ret; 379 } 380 private X509Certificate certificate; 382 private DNFieldExtractor subjectdnfieldextractor, issuerdnfieldextractor; 383 private RevokedInfoView revokedinfo; 384 private String username; 385 private String subjectaltnamestring; 386 private String subjectdirattrstring; 387 private static HashMap extendedkeyusageoidtotextmap; 388 } 389 | Popular Tags |