KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > ui > web > pub > CertDistServlet


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13  
14 package org.ejbca.ui.web.pub;
15
16 import java.io.IOException JavaDoc;
17 import java.io.PrintStream JavaDoc;
18 import java.io.PrintWriter JavaDoc;
19 import java.math.BigInteger JavaDoc;
20 import java.net.URLEncoder JavaDoc;
21 import java.security.cert.Certificate JavaDoc;
22 import java.security.cert.X509CRL JavaDoc;
23 import java.security.cert.X509Certificate JavaDoc;
24 import java.util.Collection JavaDoc;
25 import java.util.Date JavaDoc;
26 import java.util.Iterator JavaDoc;
27
28 import javax.ejb.EJBException JavaDoc;
29 import javax.servlet.ServletConfig JavaDoc;
30 import javax.servlet.ServletException JavaDoc;
31 import javax.servlet.http.HttpServlet JavaDoc;
32 import javax.servlet.http.HttpServletRequest JavaDoc;
33 import javax.servlet.http.HttpServletResponse JavaDoc;
34
35 import org.apache.commons.lang.StringUtils;
36 import org.apache.log4j.Logger;
37 import org.ejbca.core.ejb.ServiceLocator;
38 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal;
39 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome;
40 import org.ejbca.core.ejb.ca.sign.ISignSessionLocal;
41 import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome;
42 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal;
43 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome;
44 import org.ejbca.core.model.ca.caadmin.CAInfo;
45 import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo;
46 import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceInfo;
47 import org.ejbca.core.model.ca.crl.RevokedCertInfo;
48 import org.ejbca.core.model.log.Admin;
49 import org.ejbca.ui.web.RequestHelper;
50 import org.ejbca.util.Base64;
51 import org.ejbca.util.CertTools;
52
53 /**
54  * Servlet used to distribute certificates and CRLs.<br>
55  *
56  * The servlet is called with method GET or POST and syntax
57  * <code>command=&lt;command&gt;</code>.
58  * <p>The follwing commands are supported:<br>
59  * <ul>
60  * <li>crl - gets the latest CRL.
61  * <li>lastcert - gets latest certificate of a user, takes argument 'subject=<subjectDN>'.
62  * <li>listcerts - lists all certificates of a user, takes argument 'subject=<subjectDN>'.
63  * <li>revoked - checks if a certificate is revoked, takes arguments 'subject=<subjectDN>&serno=<serial number>'.
64  * <li>cacert - returns ca certificate in PEM-format, takes argument 'issuer=<issuerDN>&level=<ca-level, 0=root>'
65  * <li>nscacert - returns ca certificate for Netscape/Mozilla, same args as above
66  * <li>iecacert - returns ca certificate for Internet Explorer, same args as above
67  * </ul>
68  * cacert, nscacert and iecacert also takes optional parameter level=<int 1,2,...>, where the level is
69  * which ca certificate in a hierachy should be returned. 0=root (default), 1=sub to root etc.
70  *
71  * @version $Id: CertDistServlet.java,v 1.7.2.2 2007/04/02 08:22:53 jeklund Exp $
72  */

73 public class CertDistServlet extends HttpServlet JavaDoc {
74
75     private static Logger log = Logger.getLogger(CertDistServlet.class);
76
77     private static final String JavaDoc COMMAND_PROPERTY_NAME = "cmd";
78     private static final String JavaDoc COMMAND_CRL = "crl";
79     private static final String JavaDoc COMMAND_REVOKED = "revoked";
80     private static final String JavaDoc COMMAND_CERT = "lastcert";
81     private static final String JavaDoc COMMAND_LISTCERT = "listcerts";
82     private static final String JavaDoc COMMAND_NSCACERT = "nscacert";
83     private static final String JavaDoc COMMAND_IECACERT = "iecacert";
84     private static final String JavaDoc COMMAND_CACERT = "cacert";
85     private static final String JavaDoc COMMAND_NSOCSPCERT = "nsocspcert";
86     private static final String JavaDoc COMMAND_IEOCSPCERT = "ieocspcert";
87     private static final String JavaDoc COMMAND_OCSPCERT = "ocspcert";
88     
89     private static final String JavaDoc SUBJECT_PROPERTY = "subject";
90     private static final String JavaDoc CAID_PROPERTY = "caid";
91     private static final String JavaDoc ISSUER_PROPERTY = "issuer";
92     private static final String JavaDoc SERNO_PROPERTY = "serno";
93     private static final String JavaDoc LEVEL_PROPERTY = "level";
94     private static final String JavaDoc MOZILLA_PROPERTY = "moz";
95     private static final String JavaDoc FORMAT_PROPERTY = "format";
96
97     private ICertificateStoreSessionLocal storesession = null;
98     private ISignSessionLocal signsession = null;
99     private ICAAdminSessionLocal casession = null;
100
101     private synchronized ISignSessionLocal getSignSession(){
102         if(signsession == null){
103             try {
104                 ISignSessionLocalHome signhome = (ISignSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ISignSessionLocalHome.COMP_NAME);
105                 signsession = signhome.create();
106             }catch(Exception JavaDoc e){
107                 throw new EJBException JavaDoc(e);
108             }
109         }
110         return signsession;
111     }
112     private synchronized ICertificateStoreSessionLocal getStoreSession(){
113         if(storesession == null){
114             try {
115                 ICertificateStoreSessionLocalHome storehome = (ICertificateStoreSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME);
116                 storesession = storehome.create();
117             }catch(Exception JavaDoc e){
118                 throw new EJBException JavaDoc(e);
119             }
120         }
121         return storesession;
122     }
123     private synchronized ICAAdminSessionLocal getCASession(){
124         if(casession == null){
125             try {
126                 ICAAdminSessionLocalHome cahome = (ICAAdminSessionLocalHome)ServiceLocator.getInstance().getLocalHome(ICAAdminSessionLocalHome.COMP_NAME);
127                 casession = cahome.create();
128             }catch(Exception JavaDoc e){
129                 throw new EJBException JavaDoc(e);
130             }
131         }
132         return casession;
133     }
134     /**
135      * init servlet
136      *
137      * @param config servlet configuration
138      *
139      * @throws ServletException error
140      */

141     public void init(ServletConfig JavaDoc config) throws ServletException JavaDoc {
142         super.init(config);
143     }
144
145     /**
146      * handles http post
147      *
148      * @param req servlet request
149      * @param res servlet response
150      *
151      * @throws IOException input/output error
152      * @throws ServletException error
153      */

154     public void doPost(HttpServletRequest JavaDoc req, HttpServletResponse JavaDoc res)
155         throws IOException JavaDoc, ServletException JavaDoc {
156         log.debug(">doPost()");
157         doGet(req, res);
158         log.debug("<doPost()");
159     } //doPost
160

161     /**
162      * handles http get
163      *
164      * @param req servlet request
165      * @param res servlet response
166      *
167      * @throws IOException input/output error
168      * @throws ServletException error
169      */

170     public void doGet(HttpServletRequest JavaDoc req, HttpServletResponse JavaDoc res) throws java.io.IOException JavaDoc, ServletException JavaDoc {
171         log.debug(">doGet()");
172
173         String JavaDoc command;
174         // Keep this for logging.
175
String JavaDoc remoteAddr = req.getRemoteAddr();
176         Admin administrator = new Admin(Admin.TYPE_PUBLIC_WEB_USER, remoteAddr);
177
178         RequestHelper.setDefaultCharacterEncoding(req);
179         String JavaDoc issuerdn = null;
180         if(req.getParameter(ISSUER_PROPERTY) != null){
181           issuerdn = java.net.URLDecoder.decode(req.getParameter(ISSUER_PROPERTY),"UTF-8");
182           issuerdn = CertTools.stringToBCDNString(issuerdn);
183         }
184         
185         int caid = 0;
186         if(req.getParameter(CAID_PROPERTY) != null){
187           caid = Integer.parseInt(req.getParameter(CAID_PROPERTY));
188         }
189         // See if the client wants the response cert or CRL in PEM format (default is DER)
190
String JavaDoc format = req.getParameter(FORMAT_PROPERTY);
191         command = req.getParameter(COMMAND_PROPERTY_NAME);
192         if (command == null)
193             command = "";
194         if (command.equalsIgnoreCase(COMMAND_CRL) && issuerdn != null) {
195             try {
196                 ICertificateStoreSessionLocal store = getStoreSession();
197                 byte[] crl = store.getLastCRL(administrator, issuerdn);
198                 X509CRL JavaDoc x509crl = CertTools.getCRLfromByteArray(crl);
199                 String JavaDoc dn = CertTools.getIssuerDN(x509crl);
200                 // We must remove cache headers for IE
201
ServletUtils.removeCacheHeaders(res);
202                 String JavaDoc moz = req.getParameter(MOZILLA_PROPERTY);
203                 String JavaDoc filename = CertTools.getPartFromDN(dn,"CN")+".crl";
204                 if ((moz == null) || !moz.equalsIgnoreCase("y")) {
205                     res.setHeader("Content-disposition", "attachment; filename=\"" + filename+"\"");
206                 }
207                 res.setContentType("application/x-x509-crl");
208                 if (StringUtils.equals(format, "PEM")) {
209                     RequestHelper.sendNewB64File(Base64.encode(crl, true), res, filename, RequestHelper.BEGIN_CRL_WITH_NL, RequestHelper.END_CRL_WITH_NL);
210                 } else {
211                     res.setContentLength(crl.length);
212                     res.getOutputStream().write(crl);
213                 }
214                 log.debug("Sent latest CRL to client at " + remoteAddr);
215             } catch (Exception JavaDoc e) {
216                 log.debug("Error sending latest CRL to " + remoteAddr+": ", e);
217                 res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error getting latest CRL.");
218                 return;
219             }
220         } else if (command.equalsIgnoreCase(COMMAND_CERT) || command.equalsIgnoreCase(COMMAND_LISTCERT)) {
221             String JavaDoc dn = java.net.URLDecoder.decode(req.getParameter(SUBJECT_PROPERTY),"UTF-8");
222             if (dn == null) {
223                 log.debug("Bad request, no 'subject' arg to 'lastcert' or 'listcert' command.");
224                 res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Usage command=lastcert/listcert?subject=<subjectdn>.");
225                 return;
226             }
227             try {
228                 log.debug("Looking for certificates for '"+dn+"'.");
229                 ICertificateStoreSessionLocal store = getStoreSession();
230                 Collection JavaDoc certcoll = store.findCertificatesBySubject(administrator, dn);
231                 Object JavaDoc[] certs = certcoll.toArray();
232                 int latestcertno = -1;
233                 if (command.equalsIgnoreCase(COMMAND_CERT)) {
234                     long maxdate = 0;
235                     for (int i=0;i<certs.length;i++) {
236                         if (i == 0) {
237                             maxdate = ((X509Certificate JavaDoc)certs[i]).getNotBefore().getTime();
238                             latestcertno = 0;
239                         }
240                         else if ( ((X509Certificate JavaDoc)certs[i]).getNotBefore().getTime() > maxdate ) {
241                             maxdate = ((X509Certificate JavaDoc)certs[i]).getNotBefore().getTime();
242                             latestcertno = i;
243                         }
244                     }
245                     if (latestcertno > -1) {
246                         byte[] cert = ((X509Certificate JavaDoc)certs[latestcertno]).getEncoded();
247                         String JavaDoc filename = CertTools.getPartFromDN(dn,"CN")+".cer";
248                         // We must remove cache headers for IE
249
ServletUtils.removeCacheHeaders(res);
250                         res.setHeader("Content-disposition", "attachment; filename=\"" + filename+"\"");
251                         res.setContentType("application/octet-stream");
252                         if (StringUtils.equals(format, "PEM")) {
253                             RequestHelper.sendNewB64File(Base64.encode(cert, true), res, filename, RequestHelper.BEGIN_CERTIFICATE_WITH_NL, RequestHelper.END_CERTIFICATE_WITH_NL);
254                         } else {
255                             res.setContentLength(cert.length);
256                             res.getOutputStream().write(cert);
257                         }
258                         log.debug("Sent latest certificate for '"+dn+"' to client at " + remoteAddr);
259
260                     } else {
261                         log.debug("No certificate found for '"+dn+"'.");
262                         res.sendError(HttpServletResponse.SC_NOT_FOUND, "No certificate found for requested subject '"+dn+"'.");
263                     }
264                 }
265                 if (command.equalsIgnoreCase(COMMAND_LISTCERT)) {
266                     res.setContentType("text/html");
267                     PrintWriter JavaDoc pout = new PrintWriter JavaDoc(res.getOutputStream());
268                     printHtmlHeader("Certificates for "+dn, pout);
269                     for (int i=0;i<certs.length;i++) {
270                         Date JavaDoc notBefore = ((X509Certificate JavaDoc)certs[i]).getNotBefore();
271                         Date JavaDoc notAfter = ((X509Certificate JavaDoc)certs[i]).getNotAfter();
272                         String JavaDoc subject = CertTools.getSubjectDN((X509Certificate JavaDoc)certs[i]);
273                         String JavaDoc issuer = CertTools.getIssuerDN((X509Certificate JavaDoc)certs[i]);
274                         BigInteger JavaDoc serno = ((X509Certificate JavaDoc)certs[i]).getSerialNumber();
275                         pout.println("<pre>Subject:"+subject);
276                         pout.println("Issuer:"+issuer);
277                         pout.println("NotBefore:"+notBefore.toString());
278                         pout.println("NotAfter:"+notAfter.toString());
279                         pout.println("Serial number:"+serno.toString());
280                         pout.println("</pre>");
281                         pout.println("<a HREF=\"certdist?cmd=revoked&issuer="+URLEncoder.encode(issuer, "UTF-8")+"&serno="+serno.toString()+"\">Check if certificate is revoked</a>");
282                         pout.println("<hr>");
283
284                     }
285                     if (certs.length == 0) {
286                         pout.println("No certificates exists for '"+dn+"'.");
287                     }
288                     printHtmlFooter(pout);
289                     pout.close();
290                 }
291             } catch (Exception JavaDoc e) {
292                 log.debug("Error getting certificates for '"+dn+"' for "+remoteAddr+": ", e);
293                 res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error getting certificates.");
294                 return;
295             }
296         } else if ((command.equalsIgnoreCase(COMMAND_NSCACERT) || command.equalsIgnoreCase(COMMAND_IECACERT) || command.equalsIgnoreCase(COMMAND_CACERT)) && ( issuerdn != null || caid != 0)) {
297             String JavaDoc lev = req.getParameter(LEVEL_PROPERTY);
298             int level = 0;
299             boolean pkcs7 = false;
300             if (lev != null)
301                 level = Integer.parseInt(lev);
302             else
303                 pkcs7 = true;
304             // CA is level 0, next over root level 1 etc etc, -1 returns chain as PKCS7
305
try {
306                 ISignSessionLocal ss = getSignSession();
307                 Certificate JavaDoc[] chain = null;
308                 if(caid != 0) {
309                     chain = (Certificate JavaDoc[]) ss.getCertificateChain(administrator, caid).toArray(new Certificate JavaDoc[0]);
310                 }
311                 else {
312                     chain = (Certificate JavaDoc[]) ss.getCertificateChain(administrator, issuerdn.hashCode()).toArray(new Certificate JavaDoc[0]);
313                 }
314                 // chain.length-1 is last cert in chain (root CA)
315
if (chain.length < level) {
316                     PrintStream JavaDoc ps = new PrintStream JavaDoc(res.getOutputStream());
317                     ps.println("No CA certificate of level "+level+" exist.");
318                     log.debug("No CA certificate of level "+level+" exist.");
319                     return;
320                 }
321                 X509Certificate JavaDoc cacert = (X509Certificate JavaDoc)chain[level];
322                 String JavaDoc filename=CertTools.getPartFromDN(CertTools.getSubjectDN(cacert), "CN");
323                 if (filename == null)
324                     filename = "ca";
325                 byte[] enccert = null;
326                 if (pkcs7)
327                     enccert = ss.createPKCS7(administrator, cacert, true);
328                 else
329                     enccert = cacert.getEncoded();
330                 if (command.equalsIgnoreCase(COMMAND_NSCACERT)) {
331                     res.setContentType("application/x-x509-ca-cert");
332                     res.setContentLength(enccert.length);
333                     res.getOutputStream().write(enccert);
334                     log.debug("Sent CA cert to NS client, len="+enccert.length+".");
335                 } else if (command.equalsIgnoreCase(COMMAND_IECACERT)) {
336                     // We must remove cache headers for IE
337
ServletUtils.removeCacheHeaders(res);
338                     if (pkcs7)
339                         res.setHeader("Content-disposition", "attachment; filename=\""+filename+".p7c\"");
340                     else
341                         res.setHeader("Content-disposition", "attachment; filename=\""+filename+".crt\"");
342                     res.setContentType("application/octet-stream");
343                     res.setContentLength(enccert.length);
344                     res.getOutputStream().write(enccert);
345                     log.debug("Sent CA cert to IE client, len="+enccert.length+".");
346                 } else if (command.equalsIgnoreCase(COMMAND_CACERT)) {
347                     byte[] b64cert = Base64.encode(enccert);
348                     String JavaDoc out;
349                     if (pkcs7)
350                         out = "-----BEGIN PKCS7-----\n";
351                     else
352                         out = "-----BEGIN CERTIFICATE-----\n";
353                     out += new String JavaDoc(b64cert);
354                     if (pkcs7)
355                         out += "\n-----END PKCS7-----\n";
356                     else
357                         out += "\n-----END CERTIFICATE-----\n";
358                     // We must remove cache headers for IE
359
ServletUtils.removeCacheHeaders(res);
360                     res.setHeader("Content-disposition", "attachment; filename=\""+filename+".pem\"");
361                     res.setContentType("application/octet-stream");
362                     res.setContentLength(out.length());
363                     res.getOutputStream().write(out.getBytes());
364                     log.debug("Sent CA cert to client, len="+out.length()+".");
365                 } else {
366                     res.setContentType("text/plain");
367                     res.getOutputStream().println("Commands="+COMMAND_NSCACERT+" || "+COMMAND_IECACERT+" || "+COMMAND_CACERT);
368                     return;
369                 }
370             } catch (Exception JavaDoc e) {
371                 log.debug("Error getting CA certificates: ", e);
372                 res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error getting CA certificates.");
373                 return;
374             }
375         } else if ((command.equalsIgnoreCase(COMMAND_NSOCSPCERT) || command.equalsIgnoreCase(COMMAND_IEOCSPCERT) || command.equalsIgnoreCase(COMMAND_OCSPCERT)) && ( issuerdn != null || caid != 0)) {
376             try {
377                 ICAAdminSessionLocal casession = getCASession();
378                 CAInfo cainfo = null;
379                 if(caid != 0) {
380                     cainfo = casession.getCAInfo(administrator, caid);
381                 } else {
382                     int id = issuerdn.hashCode();
383                     cainfo = casession.getCAInfo(administrator, id);
384                 }
385                 X509Certificate JavaDoc ocspcert = null;
386                 Iterator JavaDoc iter = cainfo.getExtendedCAServiceInfos().iterator();
387                 while(iter.hasNext()){
388                   ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next();
389                   if(next instanceof OCSPCAServiceInfo){
390                     if(((OCSPCAServiceInfo) next).getOCSPSignerCertificatePath() != null)
391                       ocspcert = (X509Certificate JavaDoc) ((OCSPCAServiceInfo) next).getOCSPSignerCertificatePath().get(0);
392                   }
393                 }
394                 // If no cert, send back a NOT_FOUND response
395
if (ocspcert == null) {
396                     res.sendError(HttpServletResponse.SC_NOT_FOUND, "No OCSP certificate found for CA.");
397                     return;
398                 }
399                 String JavaDoc filename=CertTools.getPartFromDN(CertTools.getSubjectDN(ocspcert), "CN");
400                 if (filename == null)
401                     filename = "ocsp";
402                 byte[] enccert = null;
403                 enccert = ocspcert.getEncoded();
404                 if (command.equalsIgnoreCase(COMMAND_NSOCSPCERT)) {
405                     res.setContentType("application/x-x509-ca-cert");
406                     res.setContentLength(enccert.length);
407                     res.getOutputStream().write(enccert);
408                     log.debug("Sent OCSP cert to NS client, len="+enccert.length+".");
409                 } else if (command.equalsIgnoreCase(COMMAND_IEOCSPCERT)) {
410                     // We must remove cache headers for IE
411
ServletUtils.removeCacheHeaders(res);
412                     res.setHeader("Content-disposition", "attachment; filename=\""+filename+".crt\"");
413                     res.setContentType("application/octet-stream");
414                     res.setContentLength(enccert.length);
415                     res.getOutputStream().write(enccert);
416                     log.debug("Sent OCSP cert to IE client, len="+enccert.length+".");
417                 } else if (command.equalsIgnoreCase(COMMAND_OCSPCERT)) {
418                     byte[] b64cert = Base64.encode(enccert);
419                     String JavaDoc out;
420                     out = "-----BEGIN CERTIFICATE-----\n";
421                     out += new String JavaDoc(b64cert);
422                     out += "\n-----END CERTIFICATE-----\n";
423                     // We must remove cache headers for IE
424
ServletUtils.removeCacheHeaders(res);
425                     res.setHeader("Content-disposition", "attachment; filename=\""+filename+".pem\"");
426                     res.setContentType("application/octet-stream");
427                     res.setContentLength(out.length());
428                     res.getOutputStream().write(out.getBytes());
429                     log.debug("Sent OCSP cert to client, len="+out.length()+".");
430             } else {
431                 res.setContentType("text/plain");
432                 res.getOutputStream().println("Commands="+COMMAND_NSCACERT+" || "+COMMAND_IECACERT+" || "+COMMAND_CACERT);
433                 return;
434             }
435             } catch (Exception JavaDoc e) {
436                 log.debug("Error getting OCSP certificate for CA: ", e);
437                 res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error getting OCSP certificate for CA.");
438                 return;
439             }
440         } else if (command.equalsIgnoreCase(COMMAND_REVOKED)) {
441             String JavaDoc dn = req.getParameter(ISSUER_PROPERTY);
442             if (dn == null) {
443                 log.debug("Bad request, no 'issuer' arg to 'revoked' command.");
444                 res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Usage command=revoked?issuer=<issuerdn>&serno=<serialnumber>.");
445                 return;
446             }
447             String JavaDoc serno = req.getParameter(SERNO_PROPERTY);
448             if (serno == null) {
449                 log.debug("Bad request, no 'serno' arg to 'revoked' command.");
450                 res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Usage command=revoked?issuer=<issuerdn>&serno=<serialnumber>.");
451                 return;
452             }
453             log.debug("Looking for certificate for '"+dn+"' and serno='"+serno+"'.");
454             try {
455                 ICertificateStoreSessionLocal store = getStoreSession();
456                 RevokedCertInfo revinfo = store.isRevoked(administrator, dn, new BigInteger JavaDoc(serno));
457                 PrintWriter JavaDoc pout = new PrintWriter JavaDoc(res.getOutputStream());
458                 res.setContentType("text/html");
459                 printHtmlHeader("Check revocation", pout);
460                 if (revinfo != null) {
461                     if (revinfo.getReason() == RevokedCertInfo.NOT_REVOKED) {
462                         pout.println("<h1>NOT REVOKED</h1>");
463                         pout.println("Certificate with issuer '"+dn+"' and serial number '"+serno+"' is NOT revoked.");
464                     } else {
465                         pout.println("<h1>REVOKED</h1>");
466                         pout.println("Certificate with issuer '"+dn+"' and serial number '"+serno+"' is revoked.");
467                         pout.println("RevocationDate is '"+revinfo.getRevocationDate()+"' and reason '"+revinfo.getReason()+"'.");
468                     }
469                 } else {
470                     pout.println("<h1>CERTIFICATE DOES NOT EXIST</h1>");
471                     pout.println("Certificate with issuer '"+dn+"' and serial number '"+serno+"' does not exist.");
472                 }
473                 printHtmlFooter(pout);
474                 pout.close();
475             } catch (Exception JavaDoc e) {
476                 log.debug("Error checking revocation for '"+dn+"' with serno '"+serno+"': ", e);
477                 res.sendError(HttpServletResponse.SC_NOT_FOUND, "Error checking revocation.");
478                 return;
479             }
480         } else {
481             res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Commands=cacert | lastcert | listcerts | crl | revoked && issuer=<issuerdn>");
482             return;
483         }
484
485     } // doGet
486

487     private void printHtmlHeader(String JavaDoc title, PrintWriter JavaDoc pout) {
488                 pout.println("<html><head>");
489                 pout.println("<title>"+title+"</title>");
490                 pout.println("<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">");
491                 pout.println("<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">");
492                 pout.println("</head>");
493                 pout.println("<body><p>");
494     }
495     private void printHtmlFooter(PrintWriter JavaDoc pout) {
496                 pout.println("</body>");
497                 pout.println("<head>");
498                 pout.println("<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">");
499                 pout.println("<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">");
500                 pout.println("</head>");
501                 pout.println("</html>");
502     }
503
504 }
505
Popular Tags