/* * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template */ package ejbcagui; import java.io.FileInputStream; import java.io.InputStream; import java.security.KeyStore; import java.security.SecureRandom; import java.text.SimpleDateFormat; import java.util.Date; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.xml.namespace.QName; import org.ejbca.core.protocol.ws.CertificateResponse; import org.ejbca.core.protocol.ws.EjbcaWS; import org.ejbca.core.protocol.ws.EjbcaWSServiceLocator; import org.ejbca.core.protocol.ws.UserDataVOWS; /** * * @author DELL */ public class EJBCAInvocation { private EjbcaWS ejbcaWS; final public static SimpleDateFormat sdfReq = new SimpleDateFormat("dd-MM-yyyy HH:mm:ss"); final public static SimpleDateFormat sdfCoreCA = new SimpleDateFormat("yyyy-MM-dd HH:mm:ssXXX"); private String entityProfile; private String certProfile; private String caName; public EJBCAInvocation( String url, String keyStorePath, String keyStorePassword, String trustStorePath, String trustStorePassword, String entityProfile, String certProfile, String caName ) { try { KeyStore clientStore = KeyStore.getInstance("PKCS12"); try (InputStream ksIs = new FileInputStream(keyStorePath)) { clientStore.load(ksIs, keyStorePassword.toCharArray()); } KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(clientStore, keyStorePassword.toCharArray()); KeyManager[] kms = kmf.getKeyManagers(); KeyStore trustStore = KeyStore.getInstance("JKS"); try (InputStream tsIs = new FileInputStream(trustStorePath)) { trustStore.load(tsIs, trustStorePassword.toCharArray()); } TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); TrustManager[] tms = tmf.getTrustManagers(); SSLContext sslContext = null; sslContext = SSLContext.getInstance("TLS"); sslContext.init(kms, tms, new SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); SSLContext.setDefault(sslContext); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService"); EjbcaWSServiceLocator locator = new EjbcaWSServiceLocator(url, qname); locator.setEjbcaWSPortEndpointAddress(url); ejbcaWS = locator.getEjbcaWSPort(); this.entityProfile = entityProfile; this.certProfile = certProfile; this.caName = caName; } catch (Exception e) { e.printStackTrace(); } } public String getCert( String entityName, String subjectDN, String email, String validFrom, String validTo, String csr ) throws Exception { String startTime = validFrom; String endTime = validTo; Date dStartTime = sdfReq.parse(startTime); startTime = sdfCoreCA.format(dStartTime); Date dEndTime = sdfReq.parse(endTime); endTime = sdfCoreCA.format(dEndTime); UserDataVOWS userDataVOWS = new UserDataVOWS(); userDataVOWS.setUsername(entityName); UserDataVOWS user = cleanedUpUser(userDataVOWS, // UserDataVOWS "1", // Password subjectDN, // subjectDN "rfc822Name=" + Utils.preProcessEmailAddress(email), // subjectAltName Utils.preProcessEmailAddress(email), caName, EjbcaConstant.TOKEN_TYPE_USERGENERATED, entityProfile, certProfile, startTime, endTime ); ejbcaWS.editUser(user); CertificateResponse certenv = ejbcaWS.certificateRequest(user, csr, CertificateHelper.CERT_REQ_TYPE_PKCS10, null, CertificateHelper.RESPONSETYPE_CERTIFICATE); byte[] cert = certenv.getData(); String strCert = new String(cert); return strCert; } private UserDataVOWS cleanedUpUser( UserDataVOWS userDataVOWS, String password, String subjectDn, String subjectAltName, String email, String caName, String tokenType, String entityProfileName, String certificateProfileName, String startTime, String endTime) { UserDataVOWS userdata = new UserDataVOWS(); userdata.setUsername(userDataVOWS.getUsername()); userdata.setPassword(password); //userdata.setClearPwd(true); userdata.setSubjectDN(subjectDn); if (email != null) { userdata.setSubjectAltName(subjectAltName); userdata.setEmail(email); } userdata.setCaName(caName); userdata.setTokenType(tokenType); userdata.setStatus(EjbcaConstant.STATUS_NEW); userdata.setEndEntityProfileName(entityProfileName); userdata.setCertificateProfileName(certificateProfileName); //userdata.setSendNotification(userDataVOWS.isSendNotification()); //userdata.setKeyRecoverable(userDataVOWS.isKeyRecoverable()); userdata.setStartTime(startTime); userdata.setEndTime(endTime); return userdata; } }