keyalg = keyalgstring;
}
Admin administrator = new Admin(Admin.TYPE_PUBLIC_WEB_USER, request.getRemoteAddr());
RequestHelper helper = new RequestHelper(administrator, debug);
log.info(intres.getLocalizedMessage("certreq.receivedcertreq", username, request.getRemoteAddr()));
debug.print("Username: " + username);
// Check user
int tokentype = SecConst.TOKEN_SOFT_BROWSERGEN;
usekeyrecovery = globalConfigurationSession.getCachedGlobalConfiguration(administrator).getEnableKeyRecovery();
UserDataVO data = userAdminSession.findUser(administrator, username);
if (data == null) {
throw new ObjectNotFoundException();
}
boolean savekeys = data.getKeyRecoverable() && usekeyrecovery && (data.getStatus() != UserDataConstants.STATUS_KEYRECOVERY);
boolean loadkeys = (data.getStatus() == UserDataConstants.STATUS_KEYRECOVERY) && usekeyrecovery;
int endEntityProfileId = data.getEndEntityProfileId();
int certificateProfileId = data.getCertificateProfileId();
EndEntityProfile endEntityProfile = endEntityProfileSession.getEndEntityProfile(administrator, endEntityProfileId);
boolean reusecertificate = endEntityProfile.getReUseKeyRecoveredCertificate();
// Set a new certificate profile, if we have requested one specific
if (StringUtils.isNotEmpty(certprofile)) {
boolean clearpwd = StringUtils.isNotEmpty(data.getPassword());
int id = certificateProfileSession.getCertificateProfileId(administrator, certprofile);
// Change the value if there exists a certprofile with the requested name, and it is not the same as
// the one already registered to be used by default
if ( (id > 0) ) {
if (id != certificateProfileId) {
// Check if it is in allowed profiles in the entity profile
Collection c = endEntityProfile.getAvailableCertificateProfileIds();
if (c.contains(String.valueOf(id))) {
data.setCertificateProfileId(id);
// This admin can be the public web user, which may not be allowed to change status,
// this is a bit ugly, but what can a man do...
Admin tempadmin = Admin.getInternalAdmin();
userAdminSession.changeUser(tempadmin, data, clearpwd);
} else {
String defaultCertificateProfileName = certificateProfileSession.getCertificateProfileName(administrator, certificateProfileId);
log.info(intres.getLocalizedMessage("certreq.badcertprofile", certprofile, defaultCertificateProfileName));
}
}
} else {
String defaultCertificateProfileName = certificateProfileSession.getCertificateProfileName(administrator, certificateProfileId);
log.info(intres.getLocalizedMessage("certreq.nosuchcertprofile", certprofile, defaultCertificateProfileName));
}
}
// get users Token Type.
tokentype = data.getTokenType();
GenerateToken tgen = new GenerateToken(authenticationSession, userAdminSession, caAdminSession, keyRecoverySession, signSession);
if(tokentype == SecConst.TOKEN_SOFT_P12){
KeyStore ks = tgen.generateOrKeyRecoverToken(administrator, username, password, data.getCAId(), keylength, keyalg, false, loadkeys, savekeys, reusecertificate, endEntityProfileId);
if (StringUtils.equals(openvpn, "on")) {
sendOpenVPNToken(ks, username, password, response);
} else {
sendP12Token(ks, username, password, response);
}
}
if(tokentype == SecConst.TOKEN_SOFT_JKS){
KeyStore ks = tgen.generateOrKeyRecoverToken(administrator, username, password, data.getCAId(), keylength, keyalg, true, loadkeys, savekeys, reusecertificate, endEntityProfileId);
sendJKSToken(ks, username, password, response);
}
if(tokentype == SecConst.TOKEN_SOFT_PEM){
KeyStore ks = tgen.generateOrKeyRecoverToken(administrator, username, password, data.getCAId(), keylength, keyalg, false, loadkeys, savekeys, reusecertificate, endEntityProfileId);
sendPEMTokens(ks, username, password, response);
}
if(tokentype == SecConst.TOKEN_SOFT_BROWSERGEN){
// first check if it is a Firefox request,
if (getParameter("keygen") != null) {
byte[] reqBytes=getParameter("keygen").getBytes();
if ((reqBytes != null) && (reqBytes.length>0)) {
log.debug("Received NS request: "+new String(reqBytes));
byte[] certs = helper.nsCertRequest(signSession, reqBytes, username, password);
RequestHelper.sendNewCertToNSClient(certs, response);
} else {
throw new SignRequestException("No request bytes received.");
}
} else if ( getParameter("iidPkcs10") != null && !getParameter("iidPkcs10").equals("")) {
// NetID iid?
byte[] reqBytes = getParameter("iidPkcs10").getBytes();
if ((reqBytes != null) && (reqBytes.length>0)) {
log.debug("Received iidPkcs10 request: "+new String(reqBytes));
byte[] b64cert=helper.pkcs10CertRequest(signSession, reqBytes, username, password, RequestHelper.ENCODED_CERTIFICATE, false);
response.setContentType("text/html");
RequestHelper.sendNewCertToIidClient(b64cert, request, response.getOutputStream(), servletContext, servletConfig.getInitParameter("responseIidTemplate"),classid);
} else {
throw new SignRequestException("No request bytes received.");
}
} else if ( (getParameter("pkcs10") != null) || (getParameter("PKCS10") != null) ) {
// if not firefox, check if it's IE
byte[] reqBytes = getParameter("pkcs10").getBytes();
if (reqBytes == null) {
reqBytes=getParameter("PKCS10").getBytes();
}
if ((reqBytes != null) && (reqBytes.length>0)) {
log.debug("Received IE request: "+new String(reqBytes));
byte[] b64cert=helper.pkcs10CertRequest(signSession, reqBytes, username, password, RequestHelper.ENCODED_PKCS7);
debug.ieCertFix(b64cert);
RequestHelper.sendNewCertToIEClient(b64cert, response.getOutputStream(), servletContext, servletConfig.getInitParameter("responseTemplate"),classid);
} else {
throw new SignRequestException("No request bytes received.");
}
} else if ( ((getParameter("pkcs10req") != null) || (getParameter("pkcs10file") != null)) && resulttype != 0) {
byte[] reqBytes = null;
String pkcs10req = getParameter("pkcs10req");
if (StringUtils.isEmpty(pkcs10req)) {
// did we upload a file instead?
log.debug("No pasted request received, checking for uploaded file.");
pkcs10req = getParameter("pkcs10file");
if (StringUtils.isNotEmpty(pkcs10req)) {
// The uploaded file has been converted to a base64 encoded string
reqBytes = Base64.decode(pkcs10req.getBytes());
}
} else {
reqBytes=pkcs10req.getBytes(); // The pasted request
}
if ((reqBytes != null) && (reqBytes.length>0)) {
pkcs10Req(response, username, password, resulttype, signSession, helper, reqBytes);
} else {
throw new SignRequestException("No request bytes received.");
}
} else if ( ((getParameter("cvcreq") != null) || (getParameter("cvcreqfile") != null)) && resulttype != 0) {
// It's a CVC certificate request (EAC ePassports)
byte[] reqBytes = null;
String req = getParameter("cvcreq");
if (StringUtils.isEmpty(req)) {
// did we upload a file instead?
log.debug("No pasted request received, checking for uploaded file.");
req = getParameter("cvcreqfile");
if (StringUtils.isNotEmpty(req)) {
// The uploaded file has been converted to a base64 encoded string
reqBytes = Base64.decode(req.getBytes());
}
} else {
reqBytes=req.getBytes(); // The pasted request
}
if ((reqBytes != null) && (reqBytes.length>0)) {
log.debug("Received CVC request: "+new String(reqBytes));
byte[] b64cert=helper.cvcCertRequest(signSession, reqBytes, username, password);
CVCertificate cvccert = (CVCertificate) CertificateParser.parseCVCObject(Base64.decode(b64cert));
String filename = "";
CAReferenceField carf = cvccert.getCertificateBody().getAuthorityReference();
if (carf != null) {
String car = carf.getConcatenated();