1 13 14 package org.ejbca.ui.web.protocol; 15 16 import java.io.ByteArrayOutputStream ; 17 import java.io.IOException ; 18 import java.security.cert.X509Certificate ; 19 import java.util.Collection ; 20 import java.util.Iterator ; 21 22 import javax.ejb.EJBException ; 23 import javax.servlet.ServletConfig ; 24 import javax.servlet.ServletException ; 25 import javax.servlet.ServletInputStream ; 26 import javax.servlet.http.HttpServlet ; 27 import javax.servlet.http.HttpServletRequest ; 28 import javax.servlet.http.HttpServletResponse ; 29 30 import org.apache.commons.lang.StringUtils; 31 import org.apache.log4j.Logger; 32 import org.ejbca.core.ejb.ServiceLocator; 33 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal; 34 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome; 35 import org.ejbca.core.ejb.ca.sign.ISignSessionLocal; 36 import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome; 37 import org.ejbca.core.model.InternalResources; 38 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 39 import org.ejbca.core.model.ca.AuthLoginException; 40 import org.ejbca.core.model.ca.AuthStatusException; 41 import org.ejbca.core.model.ca.caadmin.CADoesntExistsException; 42 import org.ejbca.core.model.ca.caadmin.CAInfo; 43 import org.ejbca.core.model.log.Admin; 44 import org.ejbca.ui.web.RequestHelper; 45 import org.ejbca.util.Base64; 46 import org.ejbca.util.CertTools; 47 48 49 69 public class ScepServlet extends HttpServlet { 70 private static final Logger log = Logger.getLogger(ScepServlet.class); 71 72 private static final InternalResources intres = InternalResources.getInstance(); 73 74 private ISignSessionLocal signsession = null; 75 private ICAAdminSessionLocal casession = null; 76 77 private synchronized ISignSessionLocal getSignSession(){ 78 if(signsession == null){ 79 try { 80 ISignSessionLocalHome signhome = (ISignSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ISignSessionLocalHome.COMP_NAME); 81 signsession = signhome.create(); 82 }catch(Exception e){ 83 throw new EJBException (e); 84 } 85 } 86 return signsession; 87 } 88 private synchronized ICAAdminSessionLocal getCASession(){ 89 if(casession == null){ 90 try { 91 ICAAdminSessionLocalHome cahome = (ICAAdminSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ICAAdminSessionLocalHome.COMP_NAME); 92 casession = cahome.create(); 93 }catch(Exception e){ 94 throw new EJBException (e); 95 } 96 } 97 return casession; 98 } 99 106 public void init(ServletConfig config) throws ServletException { 107 super.init(config); 108 try { 109 CertTools.installBCProvider(); 111 } catch (Exception e) { 112 throw new ServletException (e); 113 } 114 } 115 116 125 public void doPost(HttpServletRequest request, HttpServletResponse response) 126 throws IOException , ServletException { 127 log.debug(">doPost()"); 128 138 String operation = "PKIOperation"; 139 ServletInputStream sin = request.getInputStream(); 140 ByteArrayOutputStream output = new ByteArrayOutputStream (); 142 byte[] buf = new byte[1024]; 143 int n = 0; 144 while (-1 != (n = sin.read(buf))) { 145 output.write(buf, 0, n); 146 } 147 String message = new String (Base64.encode(output.toByteArray())); 148 service(operation, message, request.getRemoteAddr(), response); 149 log.debug("<doPost()"); 150 } 152 161 public void doGet(HttpServletRequest request, HttpServletResponse response) 162 throws java.io.IOException , ServletException { 163 log.debug(">doGet()"); 164 165 log.debug("query string=" + request.getQueryString()); 166 167 172 String operation = request.getParameter("operation"); 173 String message = request.getParameter("message"); 174 175 service(operation, message, request.getRemoteAddr(), response); 176 177 log.debug("<doGet()"); 178 } 180 private void service(String operation, String message, String remoteAddr, HttpServletResponse response) throws IOException { 181 try { 182 if ((operation == null) || (message == null)) { 183 String errMsg = intres.getLocalizedMessage("scep.errormissingparam", remoteAddr); 184 log.error(errMsg); 185 response.sendError(HttpServletResponse.SC_BAD_REQUEST,errMsg); 186 return; 187 } 188 189 Admin administrator = new Admin(Admin.TYPE_PUBLIC_WEB_USER, remoteAddr); 190 log.debug("Got request '" + operation + "'"); 191 log.debug("Message: " + message); 192 String iMsg = intres.getLocalizedMessage("scep.receivedmsg", remoteAddr); 193 log.info(iMsg); 194 if (operation.equals("PKIOperation")) { 195 byte[] scepmsg = Base64.decode(message.getBytes()); 196 ISignSessionLocal signsession = getSignSession(); 197 ScepPkiOpHelper helper = new ScepPkiOpHelper(administrator, signsession); 198 199 boolean includeCACert = true; 201 if (StringUtils.equals("0", getInitParameter("includeCACert"))) { 202 includeCACert = false; 203 } 204 byte[] reply = helper.scepCertRequest(scepmsg, includeCACert); 205 if (reply == null) { 206 response.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, "Can not handle request"); 208 return; 209 } 210 RequestHelper.sendBinaryBytes(reply, response, "application/x-pki-message", null); 212 iMsg = intres.getLocalizedMessage("scep.sentresponsemsg", "PKIOperation", remoteAddr); 213 log.info(iMsg); 214 } else if (operation.equals("GetCACert")) { 215 219 log.debug("Got SCEP cert request for CA '" + message + "'"); 221 Collection certs = null; 222 ICAAdminSessionLocal caadminsession = getCASession(); 223 CAInfo cainfo = caadminsession.getCAInfo(administrator, message); 224 if (cainfo != null) { 225 certs = cainfo.getCertificateChain(); 226 } 227 if ((certs != null) && (certs.size() > 0)) { 228 Iterator iter = certs.iterator(); 230 X509Certificate cert = (X509Certificate ) iter.next(); 231 log.debug("Sent certificate for CA '" + message + "' to SCEP client."); 232 RequestHelper.sendNewX509CaCert(cert.getEncoded(), response); 233 iMsg = intres.getLocalizedMessage("scep.sentresponsemsg", "GetCACert", remoteAddr); 234 log.info(iMsg); 235 } else { 236 String errMsg = intres.getLocalizedMessage("scep.errorunknownca", "cert"); 237 log.error(errMsg); 238 response.sendError(HttpServletResponse.SC_NOT_FOUND, "No CA certificates found."); 239 } 240 } else if (operation.equals("GetCACertChain")) { 241 245 log.debug("Got SCEP pkcs7 request for CA '" + message + "'"); 247 ICAAdminSessionLocal caadminsession = getCASession(); 248 CAInfo cainfo = caadminsession.getCAInfo(administrator, message); 249 ISignSessionLocal signsession = getSignSession(); 250 byte[] pkcs7 = signsession.createPKCS7(administrator, cainfo.getCAId(), true); 251 if ((pkcs7 != null) && (pkcs7.length > 0)) { 252 log.debug("Sent PKCS7 for CA '" + message + "' to SCEP client."); 253 RequestHelper.sendBinaryBytes(pkcs7, response, "application/x-x509-ca-ra-cert-chain", null); 254 iMsg = intres.getLocalizedMessage("scep.sentresponsemsg", "GetCACertChain", remoteAddr); 255 log.info(iMsg); 256 } else { 257 String errMsg = intres.getLocalizedMessage("scep.errorunknownca", "pkcs7"); 258 log.error(errMsg); 259 response.sendError(HttpServletResponse.SC_NOT_FOUND,"No CA certificates found."); 260 } 261 } else if (operation.equals("GetCACaps")) { 262 264 275 log.debug("Got SCEP CACaps request for CA '" + message + "'"); 276 response.setContentType("text/plain"); 277 response.getOutputStream().print("POSTPKIOperation\nSHA-1"); 278 } else { 279 log.error("Invalid parameter '" + operation); 280 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid parameter: " + operation); 282 } 283 } catch (CADoesntExistsException cae) { 284 String errMsg = intres.getLocalizedMessage("scep.errorunknownca", "cert"); 285 log.error(errMsg, cae); 286 response.sendError(HttpServletResponse.SC_NOT_FOUND, cae.getMessage()); 288 } catch (java.lang.ArrayIndexOutOfBoundsException ae) { 289 String errMsg = intres.getLocalizedMessage("scep.errorinvalidreq"); 290 log.error(errMsg, ae); 291 response.sendError(HttpServletResponse.SC_BAD_REQUEST, ae.getMessage()); 293 } catch (AuthorizationDeniedException ae) { 294 String errMsg = intres.getLocalizedMessage("scep.errorauth"); 295 log.error(errMsg, ae); 296 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, ae.getMessage()); 298 } catch (AuthLoginException ae) { 299 String errMsg = intres.getLocalizedMessage("scep.errorauth"); 300 log.error(errMsg, ae); 301 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, ae.getMessage()); 303 } catch (AuthStatusException ae) { 304 String errMsg = intres.getLocalizedMessage("scep.errorclientstatus"); 305 log.error(errMsg, ae); 306 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, ae.getMessage()); 308 } catch (Exception e) { 309 String errMsg = intres.getLocalizedMessage("scep.errorgeneral"); 310 log.error(errMsg, e); 311 response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); 313 } 314 } 315 316 } | Popular Tags |