001    /**
002     *
003     *  Licensed to the Apache Software Foundation (ASF) under one or more
004     *  contributor license agreements.  See the NOTICE file distributed with
005     *  this work for additional information regarding copyright ownership.
006     *  The ASF licenses this file to You under the Apache License, Version 2.0
007     *  (the "License"); you may not use this file except in compliance with
008     *  the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     *  Unless required by applicable law or agreed to in writing, software
013     *  distributed under the License is distributed on an "AS IS" BASIS,
014     *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015     *  See the License for the specific language governing permissions and
016     *  limitations under the License.
017     */
018    package org.apache.geronimo.ca.helper;
019    
020    import java.io.IOException;
021    import java.io.OutputStream;
022    import java.math.BigInteger;
023    import java.security.cert.Certificate;
024    
025    import javax.servlet.ServletException;
026    import javax.servlet.http.HttpServletRequest;
027    import javax.servlet.http.HttpServletResponse;
028    
029    import org.apache.geronimo.ca.helper.util.CAHelperUtils;
030    import org.apache.geronimo.management.geronimo.CertificateRequestStore;
031    import org.apache.geronimo.management.geronimo.CertificateStore;
032    
033    /**
034     * Servlet implementation class for Servlet: DownloadCertificateServlet
035     *
036     * @version $Rev: 514091 $ $Date: 2007-03-03 01:26:39 -0500 (Sat, 03 Mar 2007) $
037     */
038     public class DownloadCertificateServlet extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet {
039        /* (non-Java-doc)
040         * @see javax.servlet.http.HttpServlet#HttpServlet()
041         */
042        public DownloadCertificateServlet() {
043            super();
044        }       
045    
046        /* (non-Java-doc)
047         * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
048         */
049        protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
050            doPost(request, response);
051        }      
052    
053        /* (non-Java-doc)
054         * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
055         */
056        protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
057            String type = request.getParameter("type");
058            String csrId = request.getParameter("csrId");
059            try {
060                if(type != null && type.equals("ca")){
061                    // Request is to download CA's certificate
062                    // Retrieve CA's certificate from the CertificateStore
063                    CertificateStore certStore = CAHelperUtils.getCertificateStore();
064                    Certificate cert = certStore.getCACertificate();
065                    byte[] data = cert.getEncoded();
066                    // Upload the certificate with mime-header for CA certificates
067                    response.setContentType("application/x-x509-ca-cert");
068                    response.setContentLength(data.length);
069                    response.getOutputStream().write(data);
070                } else if(csrId != null){
071                    // Request is to download user's own certificate
072                    // Get the serial number of the certificate based on the csrId
073                    CertificateRequestStore certReqStore = CAHelperUtils.getCertificateRequestStore();
074                    BigInteger sNo = certReqStore.getSerialNumberForRequest(csrId);
075                    if(sNo == null) {
076                        // Either the CSR is yet to be fulfilled or the csrId is invalid.
077                        throw new Exception("Either the CSR is yet to be fulfilled or the csrId is invalid. csrId = "+csrId);
078                    }
079                    CertificateStore certStore = CAHelperUtils.getCertificateStore();
080                    Certificate cert = certStore.getCertificate(sNo);
081                    byte[] data = cert.getEncoded();
082                    
083                    // Create a link for "verify certificate" page.
084                    String host = request.getServerName();
085                    int port = CAHelperUtils.getHttpsClientAuthPort();
086                    String contextPath = request.getContextPath();
087                    String link = "https://"+host+":"+port+""+contextPath+"/verifyCertificate.jsp?csrId="+request.getParameter("csrId");
088    
089                    // Create a multi-part mime message with user's certificate and an information page.
090                    response.setContentType("multipart/mixed; boundary=\"BOUNDARY\"");
091                    OutputStream out = response.getOutputStream();
092                    out.write("This is a multi-part message in MIME format.\n".getBytes());
093    
094                    // Upload the certificate with mime-header for user certificates.
095                    out.write("--BOUNDARY\n".getBytes());
096                    out.write(("Content-type: application/x-x509-user-cert\n\n").getBytes());
097                    out.write(data);
098    
099                    // A web page showing "verify certificate" link if an HTTPS client-authentication connector is configured.
100                    out.write("--BOUNDARY\n".getBytes());
101                    out.write("Content-type: text/html\n\n".getBytes());
102                    out.write("<html><body>".getBytes());
103                    out.write("<p>Certificate is downloaded successfully. ".getBytes());
104                    if(port != -1)
105                        out.write(("Access <a href="+link+">this link</a> to verify.</p>\n").getBytes());
106                    else
107                        out.write("No HTTPS client-authentication port is configured to verify.</p>\n".getBytes());
108    
109                    out.write(("<a href=\""+contextPath+"\"> Back to CA Helper home</a>").getBytes());
110                    out.write("</body></html>".getBytes());
111    
112                    out.write("--BOUNDARY--\n".getBytes());
113                    out.flush();
114                } else {
115                    // Request is for downloading neither CA's certificate nor user's certificate.
116                    throw new Exception("Invalid certificate download request.");
117                }
118            } catch (Exception e) {
119                throw new ServletException("Exception while uploading certificate.", e);
120            }
121        }
122    }