1 /**
2 *
3 * Licensed to the Apache Software Foundation (ASF) under one or more
4 * contributor license agreements. See the NOTICE file distributed with
5 * this work for additional information regarding copyright ownership.
6 * The ASF licenses this file to You under the Apache License, Version 2.0
7 * (the "License"); you may not use this file except in compliance with
8 * the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18 package org.apache.geronimo.ca.helper;
19
20 import java.io.IOException;
21 import java.io.OutputStream;
22 import java.math.BigInteger;
23 import java.security.cert.Certificate;
24
25 import javax.servlet.ServletException;
26 import javax.servlet.http.HttpServletRequest;
27 import javax.servlet.http.HttpServletResponse;
28
29 import org.apache.geronimo.ca.helper.util.CAHelperUtils;
30 import org.apache.geronimo.management.geronimo.CertificateRequestStore;
31 import org.apache.geronimo.management.geronimo.CertificateStore;
32
33 /**
34 * Servlet implementation class for Servlet: DownloadCertificateServlet
35 *
36 * @version $Rev: 514091 $ $Date: 2007-03-02 22:26:39 -0800 (Fri, 02 Mar 2007) $
37 */
38 public class DownloadCertificateServlet extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet {
39 /* (non-Java-doc)
40 * @see javax.servlet.http.HttpServlet#HttpServlet()
41 */
42 public DownloadCertificateServlet() {
43 super();
44 }
45
46 /* (non-Java-doc)
47 * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
48 */
49 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
50 doPost(request, response);
51 }
52
53 /* (non-Java-doc)
54 * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
55 */
56 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
57 String type = request.getParameter("type");
58 String csrId = request.getParameter("csrId");
59 try {
60 if(type != null && type.equals("ca")){
61 // Request is to download CA's certificate
62 // Retrieve CA's certificate from the CertificateStore
63 CertificateStore certStore = CAHelperUtils.getCertificateStore();
64 Certificate cert = certStore.getCACertificate();
65 byte[] data = cert.getEncoded();
66 // Upload the certificate with mime-header for CA certificates
67 response.setContentType("application/x-x509-ca-cert");
68 response.setContentLength(data.length);
69 response.getOutputStream().write(data);
70 } else if(csrId != null){
71 // Request is to download user's own certificate
72 // Get the serial number of the certificate based on the csrId
73 CertificateRequestStore certReqStore = CAHelperUtils.getCertificateRequestStore();
74 BigInteger sNo = certReqStore.getSerialNumberForRequest(csrId);
75 if(sNo == null) {
76 // Either the CSR is yet to be fulfilled or the csrId is invalid.
77 throw new Exception("Either the CSR is yet to be fulfilled or the csrId is invalid. csrId = "+csrId);
78 }
79 CertificateStore certStore = CAHelperUtils.getCertificateStore();
80 Certificate cert = certStore.getCertificate(sNo);
81 byte[] data = cert.getEncoded();
82
83 // Create a link for "verify certificate" page.
84 String host = request.getServerName();
85 int port = CAHelperUtils.getHttpsClientAuthPort();
86 String contextPath = request.getContextPath();
87 String link = "https://"+host+":"+port+""+contextPath+"/verifyCertificate.jsp?csrId="+request.getParameter("csrId");
88
89 // Create a multi-part mime message with user's certificate and an information page.
90 response.setContentType("multipart/mixed; boundary=\"BOUNDARY\"");
91 OutputStream out = response.getOutputStream();
92 out.write("This is a multi-part message in MIME format.\n".getBytes());
93
94 // Upload the certificate with mime-header for user certificates.
95 out.write("--BOUNDARY\n".getBytes());
96 out.write(("Content-type: application/x-x509-user-cert\n\n").getBytes());
97 out.write(data);
98
99 // A web page showing "verify certificate" link if an HTTPS client-authentication connector is configured.
100 out.write("--BOUNDARY\n".getBytes());
101 out.write("Content-type: text/html\n\n".getBytes());
102 out.write("<html><body>".getBytes());
103 out.write("<p>Certificate is downloaded successfully. ".getBytes());
104 if(port != -1)
105 out.write(("Access <a href="+link+">this link</a> to verify.</p>\n").getBytes());
106 else
107 out.write("No HTTPS client-authentication port is configured to verify.</p>\n".getBytes());
108
109 out.write(("<a href=\""+contextPath+"\"> Back to CA Helper home</a>").getBytes());
110 out.write("</body></html>".getBytes());
111
112 out.write("--BOUNDARY--\n".getBytes());
113 out.flush();
114 } else {
115 // Request is for downloading neither CA's certificate nor user's certificate.
116 throw new Exception("Invalid certificate download request.");
117 }
118 } catch (Exception e) {
119 throw new ServletException("Exception while uploading certificate.", e);
120 }
121 }
122 }