001: /**
002: *
003: * Licensed to the Apache Software Foundation (ASF) under one or more
004: * contributor license agreements. See the NOTICE file distributed with
005: * this work for additional information regarding copyright ownership.
006: * The ASF licenses this file to You under the Apache License, Version 2.0
007: * (the "License"); you may not use this file except in compliance with
008: * the License. You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing, software
013: * distributed under the License is distributed on an "AS IS" BASIS,
014: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015: * See the License for the specific language governing permissions and
016: * limitations under the License.
017: */package org.apache.geronimo.ca.helper;
018:
019: import java.io.IOException;
020: import java.io.OutputStream;
021: import java.math.BigInteger;
022: import java.security.cert.Certificate;
023:
024: import javax.servlet.ServletException;
025: import javax.servlet.http.HttpServletRequest;
026: import javax.servlet.http.HttpServletResponse;
027:
028: import org.apache.geronimo.ca.helper.util.CAHelperUtils;
029: import org.apache.geronimo.management.geronimo.CertificateRequestStore;
030: import org.apache.geronimo.management.geronimo.CertificateStore;
031:
032: /**
033: * Servlet implementation class for Servlet: DownloadCertificateServlet
034: *
035: * @version $Rev: 514091 $ $Date: 2007-03-02 22:26:39 -0800 (Fri, 02 Mar 2007) $
036: */
037: public class DownloadCertificateServlet extends
038: javax.servlet.http.HttpServlet implements javax.servlet.Servlet {
039: /* (non-Java-doc)
040: * @see javax.servlet.http.HttpServlet#HttpServlet()
041: */
042: public DownloadCertificateServlet() {
043: super ();
044: }
045:
046: /* (non-Java-doc)
047: * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
048: */
049: protected void doGet(HttpServletRequest request,
050: HttpServletResponse response) throws ServletException,
051: IOException {
052: doPost(request, response);
053: }
054:
055: /* (non-Java-doc)
056: * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
057: */
058: protected void doPost(HttpServletRequest request,
059: HttpServletResponse response) throws ServletException,
060: IOException {
061: String type = request.getParameter("type");
062: String csrId = request.getParameter("csrId");
063: try {
064: if (type != null && type.equals("ca")) {
065: // Request is to download CA's certificate
066: // Retrieve CA's certificate from the CertificateStore
067: CertificateStore certStore = CAHelperUtils
068: .getCertificateStore();
069: Certificate cert = certStore.getCACertificate();
070: byte[] data = cert.getEncoded();
071: // Upload the certificate with mime-header for CA certificates
072: response.setContentType("application/x-x509-ca-cert");
073: response.setContentLength(data.length);
074: response.getOutputStream().write(data);
075: } else if (csrId != null) {
076: // Request is to download user's own certificate
077: // Get the serial number of the certificate based on the csrId
078: CertificateRequestStore certReqStore = CAHelperUtils
079: .getCertificateRequestStore();
080: BigInteger sNo = certReqStore
081: .getSerialNumberForRequest(csrId);
082: if (sNo == null) {
083: // Either the CSR is yet to be fulfilled or the csrId is invalid.
084: throw new Exception(
085: "Either the CSR is yet to be fulfilled or the csrId is invalid. csrId = "
086: + csrId);
087: }
088: CertificateStore certStore = CAHelperUtils
089: .getCertificateStore();
090: Certificate cert = certStore.getCertificate(sNo);
091: byte[] data = cert.getEncoded();
092:
093: // Create a link for "verify certificate" page.
094: String host = request.getServerName();
095: int port = CAHelperUtils.getHttpsClientAuthPort();
096: String contextPath = request.getContextPath();
097: String link = "https://" + host + ":" + port + ""
098: + contextPath + "/verifyCertificate.jsp?csrId="
099: + request.getParameter("csrId");
100:
101: // Create a multi-part mime message with user's certificate and an information page.
102: response
103: .setContentType("multipart/mixed; boundary=\"BOUNDARY\"");
104: OutputStream out = response.getOutputStream();
105: out
106: .write("This is a multi-part message in MIME format.\n"
107: .getBytes());
108:
109: // Upload the certificate with mime-header for user certificates.
110: out.write("--BOUNDARY\n".getBytes());
111: out
112: .write(("Content-type: application/x-x509-user-cert\n\n")
113: .getBytes());
114: out.write(data);
115:
116: // A web page showing "verify certificate" link if an HTTPS client-authentication connector is configured.
117: out.write("--BOUNDARY\n".getBytes());
118: out.write("Content-type: text/html\n\n".getBytes());
119: out.write("<html><body>".getBytes());
120: out.write("<p>Certificate is downloaded successfully. "
121: .getBytes());
122: if (port != -1)
123: out
124: .write(("Access <a href=" + link + ">this link</a> to verify.</p>\n")
125: .getBytes());
126: else
127: out
128: .write("No HTTPS client-authentication port is configured to verify.</p>\n"
129: .getBytes());
130:
131: out
132: .write(("<a href=\"" + contextPath + "\"> Back to CA Helper home</a>")
133: .getBytes());
134: out.write("</body></html>".getBytes());
135:
136: out.write("--BOUNDARY--\n".getBytes());
137: out.flush();
138: } else {
139: // Request is for downloading neither CA's certificate nor user's certificate.
140: throw new Exception(
141: "Invalid certificate download request.");
142: }
143: } catch (Exception e) {
144: throw new ServletException(
145: "Exception while uploading certificate.", e);
146: }
147: }
148: }
|