001: /**
002: *
003: * Licensed to the Apache Software Foundation (ASF) under one or more
004: * contributor license agreements. See the NOTICE file distributed with
005: * this work for additional information regarding copyright ownership.
006: * The ASF licenses this file to You under the Apache License, Version 2.0
007: * (the "License"); you may not use this file except in compliance with
008: * the License. You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing, software
013: * distributed under the License is distributed on an "AS IS" BASIS,
014: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015: * See the License for the specific language governing permissions and
016: * limitations under the License.
017: */package org.apache.geronimo.console.ca;
018:
019: import java.io.ByteArrayInputStream;
020: import java.io.IOException;
021: import java.math.BigInteger;
022: import java.security.PublicKey;
023: import java.text.DateFormat;
024: import java.text.SimpleDateFormat;
025: import java.util.Date;
026: import java.util.Map;
027: import java.util.Properties;
028:
029: import javax.portlet.ActionRequest;
030: import javax.portlet.ActionResponse;
031: import javax.portlet.PortletException;
032: import javax.portlet.RenderRequest;
033: import javax.portlet.RenderResponse;
034: import javax.security.auth.x500.X500Principal;
035:
036: import org.apache.commons.logging.Log;
037: import org.apache.commons.logging.LogFactory;
038: import org.apache.geronimo.console.MultiPageModel;
039: import org.apache.geronimo.management.geronimo.CertificationAuthority;
040: import org.apache.geronimo.crypto.CaUtils;
041: import org.apache.geronimo.crypto.asn1.x509.X509Name;
042:
043: /**
044: * Handler for Confirm Client Certificate Issue screen.
045: *
046: * @version $Rev: 617588 $ $Date: 2008-02-01 10:20:07 -0800 (Fri, 01 Feb 2008) $
047: */
048: public class ConfirmClientCertHandler extends BaseCAHandler {
049: private final static Log log = LogFactory
050: .getLog(ConfirmClientCertHandler.class);
051:
052: public ConfirmClientCertHandler() {
053: super (CONFIRM_CLIENT_CERT_MODE,
054: "/WEB-INF/view/ca/confirmClientCert.jsp");
055: }
056:
057: public String actionBeforeView(ActionRequest request,
058: ActionResponse response, MultiPageModel model)
059: throws PortletException, IOException {
060: String[] params = { ERROR_MSG, INFO_MSG, "subject",
061: "publickey", "algorithm", "validFrom", "validTo",
062: "sNo", "pkcs10certreq", "requestId" };
063: for (int i = 0; i < params.length; ++i) {
064: String value = request.getParameter(params[i]);
065: if (value != null)
066: response.setRenderParameter(params[i], value);
067: }
068: return getMode();
069: }
070:
071: public void renderView(RenderRequest request,
072: RenderResponse response, MultiPageModel model)
073: throws PortletException, IOException {
074: String[] params = { ERROR_MSG, INFO_MSG, "subject",
075: "publickey", "algorithm", "validFrom", "validTo",
076: "sNo", "pkcs10certreq", "requestId" };
077: for (int i = 0; i < params.length; ++i) {
078: String value = request.getParameter(params[i]);
079: if (value != null)
080: request.setAttribute(params[i], value);
081: }
082: }
083:
084: public String actionAfterView(ActionRequest request,
085: ActionResponse response, MultiPageModel model)
086: throws PortletException, IOException {
087: String errorMsg = null;
088: try {
089: CertificationAuthority ca = getCertificationAuthority(request);
090: if (ca == null) {
091: throw new Exception(
092: "CA is not running. CA may not have been initialized!!");
093: }
094: BigInteger sNo = new BigInteger(request.getParameter("sNo"));
095: if (ca.isCertificateIssued(sNo)) {
096: // A certificate with the serial number has already been issued.
097: // This may happen if the user clicks on "Issue Certificate" button a second time
098: log
099: .warn("Second request to issue certificate with serial number'"
100: + sNo
101: + "'. A certificate has already been issued.");
102: response.setRenderParameter("sNo", sNo.toString());
103: response
104: .setRenderParameter(
105: INFO_MSG,
106: "A certificate with the serial number '"
107: + sNo
108: + "' has already been issued. "
109: + "You may be seeing this message since you have clicked on 'Issue Certificate' button a second time.");
110: return VIEW_CERT_MODE;
111: }
112:
113: X509Name subject = null;
114: PublicKey publickey = null;
115: // Process the CSR text to get subject details
116: String pkcs10certreq = null, certreq = null;
117: String challenge = null;
118: String requestId = request.getParameter("requestId");
119: if (requestId != null && !requestId.equals("")) {
120: // Certificate request is being processed using a previously stored request in CertificateRequestStore
121: String certreqText = getCertificateRequestStore(request)
122: .getRequest(requestId);
123: if (certreqText.startsWith(CaUtils.CERT_REQ_HEADER)) {
124: // A PKCS 10 Certificate Request
125: pkcs10certreq = certreqText;
126: } else {
127: // Possibly a CSR received through web browser
128: certreq = certreqText;
129: }
130: } else {
131: // No request id is found. Get the PKCS10 request submitted through form input
132: pkcs10certreq = request.getParameter("pkcs10certreq");
133: }
134:
135: if (pkcs10certreq != null && !"".equals(pkcs10certreq)) {
136: // Process PKCS 10 Certificate Request text to get Subject name and public-key
137: Map certReqMap = CaUtils
138: .processPKCS10Request(pkcs10certreq);
139: subject = (X509Name) certReqMap
140: .get(CaUtils.CERT_REQ_SUBJECT);
141: publickey = (PublicKey) certReqMap
142: .get(CaUtils.CERT_REQ_PUBLICKEY_OBJ);
143: } else {
144: // This is a custom request containing SPKAC and X509Name attributes received through web browser
145: Properties csrProps = new Properties();
146: csrProps.load(new ByteArrayInputStream(certreq
147: .getBytes()));
148: String spkac = csrProps.getProperty("SPKAC");
149: String cn = csrProps.getProperty("CN");
150: String ou = csrProps.getProperty("OU");
151: String o = csrProps.getProperty("O");
152: String l = csrProps.getProperty("L");
153: String st = csrProps.getProperty("ST");
154: String c = csrProps.getProperty("C");
155: subject = CaUtils.getX509Name(cn, ou, o, l, st, c);
156: Map certReqMap = CaUtils.processSPKAC(spkac);
157: publickey = (PublicKey) certReqMap
158: .get(CaUtils.CERT_REQ_PUBLICKEY_OBJ);
159: challenge = (String) certReqMap
160: .get(CaUtils.PKAC_CHALLENGE);
161: }
162:
163: // Dates have already been validated in the previous screen
164: String validFrom = request.getParameter("validFrom");
165: String validTo = request.getParameter("validTo");
166: DateFormat df = new SimpleDateFormat("MM/dd/yyyy");
167: Date validFromDate = df.parse(validFrom);
168: Date validToDate = df.parse(validTo);
169: String algorithm = request.getParameter("algorithm");
170: // Issue certificate
171: ca.issueCertificate(
172: new X500Principal(subject.getEncoded()), publickey,
173: sNo, validFromDate, validToDate, algorithm);
174: // Store the challenge phrase against the issued certificate serial number
175: if (challenge != null && !challenge.equals("")) {
176: getCertificateStore(request).setCertificateChallenge(
177: sNo, challenge);
178: }
179:
180: if (requestId != null && !requestId.equals("")) {
181: // This request was processed using a requestId from CertificateRequestStore. Delete the fulfilled request.
182: getCertificateRequestStore(request)
183: .setRequestFulfilled(requestId, sNo);
184: // The confirmation page will show a link to the "Requests to be fulfilled" page.
185: response.setRenderParameter("linkToListRequests",
186: "true");
187: }
188:
189: // Set the serial number and forward to view certificate page
190: response.setRenderParameter("sNo", sNo.toString());
191: response
192: .setRenderParameter(
193: INFO_MSG,
194: "Certificate Issued successfully. This Certificate details can also be viewed using the serial number '"
195: + sNo
196: + "' with the 'View Issued Certificate' link provided in the CA home screen.");
197: log.info("Certificate with serial number '" + sNo
198: + "' issued to " + subject);
199: return VIEW_CERT_MODE;
200: } catch (Exception e) {
201: errorMsg = e.toString();
202: log.error("Errors in issuing certificate.", e);
203: }
204: // An error occurred. Go back to previous screen to let the user correct the errors.
205: response.setRenderParameter(ERROR_MSG, errorMsg);
206: return CERT_REQ_DETAILS_MODE + BEFORE_ACTION;
207: }
208: }
|