001: /*************************************************************************
002: * *
003: * EJBCA: The OpenSource Certificate Authority *
004: * *
005: * This software is free software; you can redistribute it and/or *
006: * modify it under the terms of the GNU Lesser General Public *
007: * License as published by the Free Software Foundation; either *
008: * version 2.1 of the License, or any later version. *
009: * *
010: * See terms of license at gnu.org. *
011: * *
012: *************************************************************************/package org.ejbca.ui.web.admin.cainterface;
013:
014: import java.io.ByteArrayOutputStream;
015: import java.io.IOException;
016: import java.security.cert.Certificate;
017:
018: import javax.ejb.EJBException;
019: import javax.servlet.ServletConfig;
020: import javax.servlet.ServletException;
021: import javax.servlet.http.HttpServlet;
022: import javax.servlet.http.HttpServletRequest;
023: import javax.servlet.http.HttpServletResponse;
024:
025: import org.apache.log4j.Logger;
026: import org.bouncycastle.asn1.DEROutputStream;
027: import org.bouncycastle.jce.PKCS10CertificationRequest;
028: import org.ejbca.core.ejb.ServiceLocator;
029: import org.ejbca.core.ejb.ca.sign.ISignSessionLocal;
030: import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome;
031: import org.ejbca.core.model.InternalResources;
032: import org.ejbca.ui.web.RequestHelper;
033: import org.ejbca.ui.web.admin.configuration.EjbcaWebBean;
034: import org.ejbca.ui.web.pub.ServletUtils;
035:
036: /**
037: * Servlet used to distribute CRLs.<br>
038: *
039: * The servlet is called with method GET or POST and syntax
040: * <code>command=<command></code>.
041: * <p>The follwing commands are supported:<br>
042: * <ul>
043: * <li>crl - gets the latest CRL.
044: *
045: * @version $Id: CACertReqServlet.java,v 1.7 2006/12/13 10:35:30 anatom Exp $
046: *
047: * @web.servlet name = "CACertReq"
048: * display-name = "CACertReqServlet"
049: * description="Used to retrive CA certificate request and Processed CA Certificates from AdminWeb GUI"
050: * load-on-startup = "99"
051: *
052: * @web.servlet-mapping url-pattern = "/ca/editcas/cacertreq"
053: *
054: */
055: public class CACertReqServlet extends HttpServlet {
056:
057: private static final Logger log = Logger
058: .getLogger(CACertReqServlet.class);
059: /** Internal localization of logs and errors */
060: private static final InternalResources intres = InternalResources
061: .getInstance();
062:
063: private static final String COMMAND_PROPERTY_NAME = "cmd";
064: private static final String COMMAND_CERTREQ = "certreq";
065: private static final String COMMAND_CERT = "cert";
066: private static final String COMMAND_CERTPKCS7 = "certpkcs7";
067:
068: private ISignSessionLocal signsession = null;
069:
070: private synchronized ISignSessionLocal getSignSession() {
071: if (signsession == null) {
072: try {
073: ISignSessionLocalHome signhome = (ISignSessionLocalHome) ServiceLocator
074: .getInstance().getLocalHome(
075: ISignSessionLocalHome.COMP_NAME);
076: signsession = signhome.create();
077: } catch (Exception e) {
078: throw new EJBException(e);
079: }
080: }
081: return signsession;
082: }
083:
084: public void init(ServletConfig config) throws ServletException {
085: super .init(config);
086: }
087:
088: public void doPost(HttpServletRequest req, HttpServletResponse res)
089: throws IOException, ServletException {
090: log.debug(">doPost()");
091: doGet(req, res);
092: log.debug("<doPost()");
093: } //doPost
094:
095: public void doGet(HttpServletRequest req, HttpServletResponse res)
096: throws java.io.IOException, ServletException {
097: log.debug(">doGet()");
098:
099: // Check if authorized
100: EjbcaWebBean ejbcawebbean = (org.ejbca.ui.web.admin.configuration.EjbcaWebBean) req
101: .getSession().getAttribute("ejbcawebbean");
102: if (ejbcawebbean == null) {
103: try {
104: ejbcawebbean = (org.ejbca.ui.web.admin.configuration.EjbcaWebBean) java.beans.Beans
105: .instantiate(this .getClass().getClassLoader(),
106: "org.ejbca.ui.web.admin.configuration.EjbcaWebBean");
107: } catch (ClassNotFoundException exc) {
108: throw new ServletException(exc.getMessage());
109: } catch (Exception exc) {
110: throw new ServletException(
111: " Cannot create bean of class "
112: + "org.ejbca.ui.web.admin.configuration.EjbcaWebBean",
113: exc);
114: }
115: req.getSession().setAttribute("ejbcawebbean", ejbcawebbean);
116: }
117:
118: // Check if authorized
119: CAInterfaceBean cabean = (org.ejbca.ui.web.admin.cainterface.CAInterfaceBean) req
120: .getSession().getAttribute("cabean");
121: if (cabean == null) {
122: try {
123: cabean = (org.ejbca.ui.web.admin.cainterface.CAInterfaceBean) java.beans.Beans
124: .instantiate(this .getClass().getClassLoader(),
125: "org.ejbca.ui.web.admin.cainterface.CAInterfaceBean");
126: } catch (ClassNotFoundException exc) {
127: throw new ServletException(exc.getMessage());
128: } catch (Exception exc) {
129: throw new ServletException(
130: " Cannot create bean of class "
131: + "org.ejbca.ui.web.admin.cainterface.CAInterfaceBean",
132: exc);
133: }
134: req.getSession().setAttribute("cabean", cabean);
135: }
136:
137: try {
138: ejbcawebbean.initialize(req, "/super_administrator");
139: } catch (Exception e) {
140: throw new java.io.IOException("Authorization Denied");
141: }
142:
143: try {
144: cabean.initialize(req, ejbcawebbean);
145: } catch (Exception e) {
146: throw new java.io.IOException(
147: "Error initializing CACertReqServlet");
148: }
149:
150: String command;
151: // Keep this for logging.
152: String remoteAddr = req.getRemoteAddr();
153: RequestHelper.setDefaultCharacterEncoding(req);
154: command = req.getParameter(COMMAND_PROPERTY_NAME);
155: if (command == null)
156: command = "";
157: if (command.equalsIgnoreCase(COMMAND_CERTREQ)) {
158: try {
159:
160: PKCS10CertificationRequest pkcs10request = cabean
161: .getPKCS10RequestData();
162: ByteArrayOutputStream bOut = new ByteArrayOutputStream();
163: DEROutputStream dOut = new DEROutputStream(bOut);
164: dOut.writeObject(pkcs10request);
165: dOut.close();
166: byte[] b64certreq = org.ejbca.util.Base64.encode(bOut
167: .toByteArray());
168: String out = "-----BEGIN CERTIFICATE REQUEST-----\n";
169: out += new String(b64certreq);
170: out += "\n-----END CERTIFICATE REQUEST-----\n";
171: // We must remove cache headers for IE
172: ServletUtils.removeCacheHeaders(res);
173: String filename = "pkcs10certificaterequest.pem";
174: res.setHeader("Content-disposition",
175: "attachment; filename=" + filename);
176: res.setContentType("application/octet-stream");
177: res.setContentLength(out.length());
178: res.getOutputStream().write(out.getBytes());
179: String iMsg = intres.getLocalizedMessage(
180: "certreq.sentlatestcertreq", remoteAddr);
181: log.info(iMsg);
182: } catch (Exception e) {
183: String errMsg = intres.getLocalizedMessage(
184: "certreq.errorsendlatestcertreq", remoteAddr);
185: log.error(errMsg, e);
186: res.sendError(HttpServletResponse.SC_NOT_FOUND, errMsg);
187: return;
188: }
189: }
190: if (command.equalsIgnoreCase(COMMAND_CERT)) {
191: try {
192: Certificate cert = cabean.getProcessedCertificate();
193: byte[] b64cert = org.ejbca.util.Base64.encode(cert
194: .getEncoded());
195: RequestHelper.sendNewB64Cert(b64cert, res,
196: RequestHelper.BEGIN_CERTIFICATE_WITH_NL,
197: RequestHelper.END_CERTIFICATE_WITH_NL);
198: } catch (Exception e) {
199: String errMsg = intres.getLocalizedMessage(
200: "certreq.errorsendcert", remoteAddr, e
201: .getMessage());
202: log.error(errMsg, e);
203: res.sendError(HttpServletResponse.SC_NOT_FOUND, errMsg);
204: return;
205: }
206: }
207: if (command.equalsIgnoreCase(COMMAND_CERTPKCS7)) {
208: try {
209: Certificate cert = cabean.getProcessedCertificate();
210: byte[] pkcs7 = getSignSession().createPKCS7(
211: ejbcawebbean.getAdminObject(), cert, true);
212: byte[] b64cert = org.ejbca.util.Base64.encode(pkcs7);
213: RequestHelper.sendNewB64Cert(b64cert, res,
214: RequestHelper.BEGIN_PKCS7_WITH_NL,
215: RequestHelper.END_PKCS7_WITH_NL);
216: } catch (Exception e) {
217: String errMsg = intres.getLocalizedMessage(
218: "certreq.errorsendcert", remoteAddr, e
219: .getMessage());
220: log.error(errMsg, e);
221: res.sendError(HttpServletResponse.SC_NOT_FOUND, errMsg);
222: return;
223: }
224: }
225:
226: } // doGet
227:
228: }
|