Home » geronimo-2.2-source-release » org.apache.geronimo.ca.helper » [javadoc | source]

    1   /**
    2    *
    3    *  Licensed to the Apache Software Foundation (ASF) under one or more
    4    *  contributor license agreements.  See the NOTICE file distributed with
    5    *  this work for additional information regarding copyright ownership.
    6    *  The ASF licenses this file to You under the Apache License, Version 2.0
    7    *  (the "License"); you may not use this file except in compliance with
    8    *  the License.  You may obtain a copy of the License at
    9    *
   10    *     http://www.apache.org/licenses/LICENSE-2.0
   11    *
   12    *  Unless required by applicable law or agreed to in writing, software
   13    *  distributed under the License is distributed on an "AS IS" BASIS,
   14    *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   15    *  See the License for the specific language governing permissions and
   16    *  limitations under the License.
   17    */
   18   package org.apache.geronimo.ca.helper;
   19   
   20   import java.io.IOException;
   21   import java.io.OutputStream;
   22   import java.math.BigInteger;
   23   import java.security.cert.Certificate;
   24   
   25   import javax.servlet.ServletException;
   26   import javax.servlet.http.HttpServletRequest;
   27   import javax.servlet.http.HttpServletResponse;
   28   
   29   import org.apache.geronimo.ca.helper.util.CAHelperUtils;
   30   import org.apache.geronimo.management.geronimo.CertificateRequestStore;
   31   import org.apache.geronimo.management.geronimo.CertificateStore;
   32   
   33   /**
   34    * Servlet implementation class for Servlet: DownloadCertificateServlet
   35    *
   36    * @version $Rev: 514091 $ $Date: 2007-03-02 22:26:39 -0800 (Fri, 02 Mar 2007) $
   37    */
   38    public class DownloadCertificateServlet extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet {
   39       /* (non-Java-doc)
   40        * @see javax.servlet.http.HttpServlet#HttpServlet()
   41        */
   42       public DownloadCertificateServlet() {
   43           super();
   44       }       
   45   
   46       /* (non-Java-doc)
   47        * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
   48        */
   49       protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
   50           doPost(request, response);
   51       }      
   52   
   53       /* (non-Java-doc)
   54        * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
   55        */
   56       protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
   57           String type = request.getParameter("type");
   58           String csrId = request.getParameter("csrId");
   59           try {
   60               if(type != null && type.equals("ca")){
   61                   // Request is to download CA's certificate
   62                   // Retrieve CA's certificate from the CertificateStore
   63                   CertificateStore certStore = CAHelperUtils.getCertificateStore();
   64                   Certificate cert = certStore.getCACertificate();
   65                   byte[] data = cert.getEncoded();
   66                   // Upload the certificate with mime-header for CA certificates
   67                   response.setContentType("application/x-x509-ca-cert");
   68                   response.setContentLength(data.length);
   69                   response.getOutputStream().write(data);
   70               } else if(csrId != null){
   71                   // Request is to download user's own certificate
   72                   // Get the serial number of the certificate based on the csrId
   73                   CertificateRequestStore certReqStore = CAHelperUtils.getCertificateRequestStore();
   74                   BigInteger sNo = certReqStore.getSerialNumberForRequest(csrId);
   75                   if(sNo == null) {
   76                       // Either the CSR is yet to be fulfilled or the csrId is invalid.
   77                       throw new Exception("Either the CSR is yet to be fulfilled or the csrId is invalid. csrId = "+csrId);
   78                   }
   79                   CertificateStore certStore = CAHelperUtils.getCertificateStore();
   80                   Certificate cert = certStore.getCertificate(sNo);
   81                   byte[] data = cert.getEncoded();
   82                   
   83                   // Create a link for "verify certificate" page.
   84                   String host = request.getServerName();
   85                   int port = CAHelperUtils.getHttpsClientAuthPort();
   86                   String contextPath = request.getContextPath();
   87                   String link = "https://"+host+":"+port+""+contextPath+"/verifyCertificate.jsp?csrId="+request.getParameter("csrId");
   88   
   89                   // Create a multi-part mime message with user's certificate and an information page.
   90                   response.setContentType("multipart/mixed; boundary=\"BOUNDARY\"");
   91                   OutputStream out = response.getOutputStream();
   92                   out.write("This is a multi-part message in MIME format.\n".getBytes());
   93   
   94                   // Upload the certificate with mime-header for user certificates.
   95                   out.write("--BOUNDARY\n".getBytes());
   96                   out.write(("Content-type: application/x-x509-user-cert\n\n").getBytes());
   97                   out.write(data);
   98   
   99                   // A web page showing "verify certificate" link if an HTTPS client-authentication connector is configured.
  100                   out.write("--BOUNDARY\n".getBytes());
  101                   out.write("Content-type: text/html\n\n".getBytes());
  102                   out.write("<html><body>".getBytes());
  103                   out.write("<p>Certificate is downloaded successfully. ".getBytes());
  104                   if(port != -1)
  105                       out.write(("Access <a href="+link+">this link</a> to verify.</p>\n").getBytes());
  106                   else
  107                       out.write("No HTTPS client-authentication port is configured to verify.</p>\n".getBytes());
  108   
  109                   out.write(("<a href=\""+contextPath+"\"> Back to CA Helper home</a>").getBytes());
  110                   out.write("</body></html>".getBytes());
  111   
  112                   out.write("--BOUNDARY--\n".getBytes());
  113                   out.flush();
  114               } else {
  115                   // Request is for downloading neither CA's certificate nor user's certificate.
  116                   throw new Exception("Invalid certificate download request.");
  117               }
  118           } catch (Exception e) {
  119               throw new ServletException("Exception while uploading certificate.", e);
  120           }
  121       }
  122   }

Home » geronimo-2.2-source-release » org.apache.geronimo.ca.helper » [javadoc | source]