001 /** 002 * 003 * Licensed to the Apache Software Foundation (ASF) under one or more 004 * contributor license agreements. See the NOTICE file distributed with 005 * this work for additional information regarding copyright ownership. 006 * The ASF licenses this file to You under the Apache License, Version 2.0 007 * (the "License"); you may not use this file except in compliance with 008 * the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 package org.apache.geronimo.ca.helper; 019 020 import java.io.IOException; 021 import java.io.OutputStream; 022 import java.math.BigInteger; 023 import java.security.cert.Certificate; 024 025 import javax.servlet.ServletException; 026 import javax.servlet.http.HttpServletRequest; 027 import javax.servlet.http.HttpServletResponse; 028 029 import org.apache.geronimo.ca.helper.util.CAHelperUtils; 030 import org.apache.geronimo.management.geronimo.CertificateRequestStore; 031 import org.apache.geronimo.management.geronimo.CertificateStore; 032 033 /** 034 * Servlet implementation class for Servlet: DownloadCertificateServlet 035 * 036 * @version $Rev: 514091 $ $Date: 2007-03-03 01:26:39 -0500 (Sat, 03 Mar 2007) $ 037 */ 038 public class DownloadCertificateServlet extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet { 039 /* (non-Java-doc) 040 * @see javax.servlet.http.HttpServlet#HttpServlet() 041 */ 042 public DownloadCertificateServlet() { 043 super(); 044 } 045 046 /* (non-Java-doc) 047 * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) 048 */ 049 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 050 doPost(request, response); 051 } 052 053 /* (non-Java-doc) 054 * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) 055 */ 056 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 057 String type = request.getParameter("type"); 058 String csrId = request.getParameter("csrId"); 059 try { 060 if(type != null && type.equals("ca")){ 061 // Request is to download CA's certificate 062 // Retrieve CA's certificate from the CertificateStore 063 CertificateStore certStore = CAHelperUtils.getCertificateStore(); 064 Certificate cert = certStore.getCACertificate(); 065 byte[] data = cert.getEncoded(); 066 // Upload the certificate with mime-header for CA certificates 067 response.setContentType("application/x-x509-ca-cert"); 068 response.setContentLength(data.length); 069 response.getOutputStream().write(data); 070 } else if(csrId != null){ 071 // Request is to download user's own certificate 072 // Get the serial number of the certificate based on the csrId 073 CertificateRequestStore certReqStore = CAHelperUtils.getCertificateRequestStore(); 074 BigInteger sNo = certReqStore.getSerialNumberForRequest(csrId); 075 if(sNo == null) { 076 // Either the CSR is yet to be fulfilled or the csrId is invalid. 077 throw new Exception("Either the CSR is yet to be fulfilled or the csrId is invalid. csrId = "+csrId); 078 } 079 CertificateStore certStore = CAHelperUtils.getCertificateStore(); 080 Certificate cert = certStore.getCertificate(sNo); 081 byte[] data = cert.getEncoded(); 082 083 // Create a link for "verify certificate" page. 084 String host = request.getServerName(); 085 int port = CAHelperUtils.getHttpsClientAuthPort(); 086 String contextPath = request.getContextPath(); 087 String link = "https://"+host+":"+port+""+contextPath+"/verifyCertificate.jsp?csrId="+request.getParameter("csrId"); 088 089 // Create a multi-part mime message with user's certificate and an information page. 090 response.setContentType("multipart/mixed; boundary=\"BOUNDARY\""); 091 OutputStream out = response.getOutputStream(); 092 out.write("This is a multi-part message in MIME format.\n".getBytes()); 093 094 // Upload the certificate with mime-header for user certificates. 095 out.write("--BOUNDARY\n".getBytes()); 096 out.write(("Content-type: application/x-x509-user-cert\n\n").getBytes()); 097 out.write(data); 098 099 // A web page showing "verify certificate" link if an HTTPS client-authentication connector is configured. 100 out.write("--BOUNDARY\n".getBytes()); 101 out.write("Content-type: text/html\n\n".getBytes()); 102 out.write("<html><body>".getBytes()); 103 out.write("<p>Certificate is downloaded successfully. ".getBytes()); 104 if(port != -1) 105 out.write(("Access <a href="+link+">this link</a> to verify.</p>\n").getBytes()); 106 else 107 out.write("No HTTPS client-authentication port is configured to verify.</p>\n".getBytes()); 108 109 out.write(("<a href=\""+contextPath+"\"> Back to CA Helper home</a>").getBytes()); 110 out.write("</body></html>".getBytes()); 111 112 out.write("--BOUNDARY--\n".getBytes()); 113 out.flush(); 114 } else { 115 // Request is for downloading neither CA's certificate nor user's certificate. 116 throw new Exception("Invalid certificate download request."); 117 } 118 } catch (Exception e) { 119 throw new ServletException("Exception while uploading certificate.", e); 120 } 121 } 122 }