001 /**
002 *
003 * Licensed to the Apache Software Foundation (ASF) under one or more
004 * contributor license agreements. See the NOTICE file distributed with
005 * this work for additional information regarding copyright ownership.
006 * The ASF licenses this file to You under the Apache License, Version 2.0
007 * (the "License"); you may not use this file except in compliance with
008 * the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018 package org.apache.geronimo.ca.helper;
019
020 import java.io.IOException;
021 import java.io.OutputStream;
022 import java.math.BigInteger;
023 import java.security.cert.Certificate;
024
025 import javax.servlet.ServletException;
026 import javax.servlet.http.HttpServletRequest;
027 import javax.servlet.http.HttpServletResponse;
028
029 import org.apache.geronimo.ca.helper.util.CAHelperUtils;
030 import org.apache.geronimo.management.geronimo.CertificateRequestStore;
031 import org.apache.geronimo.management.geronimo.CertificateStore;
032
033 /**
034 * Servlet implementation class for Servlet: DownloadCertificateServlet
035 *
036 * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $
037 */
038 public class DownloadCertificateServlet extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet {
039 /* (non-Java-doc)
040 * @see javax.servlet.http.HttpServlet#HttpServlet()
041 */
042 public DownloadCertificateServlet() {
043 super();
044 }
045
046 /* (non-Java-doc)
047 * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
048 */
049 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
050 doPost(request, response);
051 }
052
053 /* (non-Java-doc)
054 * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
055 */
056 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
057 String type = request.getParameter("type");
058 String csrId = request.getParameter("csrId");
059 try {
060 if(type != null && type.equals("ca")){
061 // Request is to download CA's certificate
062 // Retrieve CA's certificate from the CertificateStore
063 CertificateStore certStore = CAHelperUtils.getCertificateStore();
064 Certificate cert = certStore.getCACertificate();
065 byte[] data = cert.getEncoded();
066 // Upload the certificate with mime-header for CA certificates
067 response.setContentType("application/x-x509-ca-cert");
068 response.setContentLength(data.length);
069 response.getOutputStream().write(data);
070 } else if(csrId != null){
071 // Request is to download user's own certificate
072 // Get the serial number of the certificate based on the csrId
073 CertificateRequestStore certReqStore = CAHelperUtils.getCertificateRequestStore();
074 BigInteger sNo = certReqStore.getSerialNumberForRequest(csrId);
075 if(sNo == null) {
076 // Either the CSR is yet to be fulfilled or the csrId is invalid.
077 throw new Exception("Either the CSR is yet to be fulfilled or the csrId is invalid. csrId = "+csrId);
078 }
079 CertificateStore certStore = CAHelperUtils.getCertificateStore();
080 Certificate cert = certStore.getCertificate(sNo);
081 byte[] data = cert.getEncoded();
082
083 // Create a link for "verify certificate" page.
084 String host = request.getServerName();
085 int port = CAHelperUtils.getHttpsClientAuthPort();
086 String contextPath = request.getContextPath();
087 String link = "https://"+host+":"+port+""+contextPath+"/verifyCertificate.jsp?csrId="+request.getParameter("csrId");
088
089 // Create a multi-part mime message with user's certificate and an information page.
090 response.setContentType("multipart/mixed; boundary=\"BOUNDARY\"");
091 OutputStream out = response.getOutputStream();
092 out.write("This is a multi-part message in MIME format.\n".getBytes());
093
094 // Upload the certificate with mime-header for user certificates.
095 out.write("--BOUNDARY\n".getBytes());
096 out.write(("Content-type: application/x-x509-user-cert\n\n").getBytes());
097 out.write(data);
098
099 // A web page showing "verify certificate" link if an HTTPS client-authentication connector is configured.
100 out.write("--BOUNDARY\n".getBytes());
101 out.write("Content-type: text/html\n\n".getBytes());
102 out.write("<html><body>".getBytes());
103 out.write("<p>Certificate is downloaded successfully. ".getBytes());
104 if(port != -1)
105 out.write(("Access <a href="+link+">this link</a> to verify.</p>\n").getBytes());
106 else
107 out.write("No HTTPS client-authentication port is configured to verify.</p>\n".getBytes());
108
109 out.write(("<a href=\""+contextPath+"\"> Back to CA Helper home</a>").getBytes());
110 out.write("</body></html>".getBytes());
111
112 out.write("--BOUNDARY--\n".getBytes());
113 out.flush();
114 } else {
115 // Request is for downloading neither CA's certificate nor user's certificate.
116 throw new Exception("Invalid certificate download request.");
117 }
118 } catch (Exception e) {
119 throw new ServletException("Exception while uploading certificate.", e);
120 }
121 }
122 }