Commit bbd08e80 authored by pgouvas's avatar pgouvas
Browse files

first commit

parents
[Dolphin]
Timestamp=2019,12,4,12,23,17
Version=4
ViewMode=1
target
mnt
URL: http://127.0.0.1/ejbca/enrol/keystore.jsp
Username: superadmin Password: LPOqrkHPt+NOt311kmuzrGfS
keytool -importkeystore -srckeystore superadmin.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype jks -deststorepass changeit
keytool -list -v keystore.jks
keytool -keypasswd -new changeit -keystore keystore.jks -storepass changeit -alias superadmin -keypass LPOqrkHPt+NOt311kmuzrGfS
version: '3'
services:
db:
image: "postgres"
environment:
- POSTGRES_USER=user
- POSTGRES_PASSWORD=pwd01
- POSTGRES_DB=ejbca-2
ports:
- "5432:5432"
volumes:
- ./mnt/ejbcapostgres:/var/lib/postgresql/data
ejbca:
image: primekey/ejbca-ce:6.15.2
ports:
- '443:8443'
- '80:8080'
environment:
DATABASE_PASSWORD: pwd01
DATABASE_USER: user
DATABASE_JDBC_URL: jdbc:postgresql://db:5432/ejbca-2
restart: always
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>eu.ubitech.ejbca</groupId>
<artifactId>ejbca</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<cxf.version>3.3.2</cxf.version>
<java.version>1.8</java.version>
</properties>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.1.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.64</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.ejbca.cesecore</groupId>
<artifactId>cesecore-common</artifactId>
<version>7.0.0.1</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>${java.version}</source>
<target>${java.version}</target>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<executable>true</executable>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-codegen-plugin</artifactId>
<version>${cxf.version}</version>
<executions>
<execution>
<id>generate-sources</id>
<phase>generate-sources</phase>
<configuration>
<sourceRoot>${basedir}/src/main/java</sourceRoot>
<wsdlOptions>
<wsdlOption>
<wsdl>${basedir}/src/main/resources/wsdl/ejbcaws.wsdl</wsdl>
</wsdlOption>
</wsdlOptions>
</configuration>
<goals>
<goal>wsdl2java</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
\ No newline at end of file
[Dolphin]
Timestamp=2019,12,4,15,49,3
Version=4
ViewMode=1
package eu.ubitech.ejbca;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.context.annotation.ComponentScan;
/**
*
* @author Panagiotis Gouvas (pgouvas@ubitech.eu)
*/
@ComponentScan({
"eu.ubitech.ejbca" ,
"eu.ubitech.ejbca.client",
"eu.ubitech.ejbca.rest"
})
@SpringBootApplication()
@EnableCaching
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
package eu.ubitech.ejbca.client;
import java.util.HashMap;
import java.util.Map;
import org.ejbca.core.protocol.ws.UserDataVOWS;
/**
*
* @author Panagiotis Gouvas (pgouvas@ubitech.eu)
*/
public final class EjbcaUser {
private final Map<Enum, String> entityMap = new HashMap<Enum, String>();
public enum Token {
USERGENERATED, P12, JKS, PEM
};
public enum Arguments {
USERNAME,
PASSWORD,
CLEARPWD,
SUBJECTDN,
SUBJECTALTNAME,
EMAIL,
CA,
TYPE,
TOKEN,
STATUS,
ENDENTITYPROFILE,
CERTIFICATEPROFILE,
ISSUERALIAS,
PKCS10,
ENCODING,
HARDTOKENSN,
OUTPUTPATH,
KEYLENGTH,
ENCRYPTION_ALGORYTHM
};
public EjbcaUser() {
this.setDefaultValues();
}
public void setDefaultValues() {
setEntityArgument(Arguments.ISSUERALIAS, "NONE");
setEntityArgument(Arguments.SUBJECTALTNAME, "NULL");
setEntityArgument(Arguments.HARDTOKENSN, "NULL");
setEntityArgument(Arguments.ENCODING, "PEM");
setEntityArgument(Arguments.OUTPUTPATH, "");
setEntityArgument(Arguments.STATUS, "0"); //Integer.toString(UserDataVOWS.STATUS_NEW)
setEntityArgument(Arguments.CLEARPWD, "FALSE");
setEntityArgument(Arguments.EMAIL, "NULL");
setEntityArgument(Arguments.TOKEN, "JKS"); //UserDataVOWS.TOKEN_TYPE_JKS
setEntityArgument(Arguments.KEYLENGTH,"2048");
setEntityArgument(Arguments.ENCRYPTION_ALGORYTHM,"RSA");
}
public void setEntityArgument(Enum key, String value) {
if (Arguments.valueOf(key.toString()) != null) {
this.entityMap.put(key, value);
}
}
public String getEntityArgument(Enum key) {
return (Arguments.valueOf(key.toString()) != null ? this.entityMap.get(key) : "");
}
}
package eu.ubitech.ejbca.client;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.xml.namespace.QName;
import org.cesecore.util.CryptoProviderTools;
import org.ejbca.core.protocol.ws.EjbcaWS;
import org.ejbca.core.protocol.ws.EjbcaWSService;
import org.ejbca.core.protocol.ws.RevokeStatus;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
/**
* Base class inherited by all EJBCA RA WS cli commands. Checks the property
* file and creates a webservice connection.
*
* @author Panagiotis Gouvas (pgouvas@ubitech.eu)
*/
@Component
public class EjbcaWSClient {
private static final Logger logger = Logger.getLogger(EjbcaWSClient.class.getName());
private EjbcaWS ejbcaraws = null;
private URL webServiceURL = null;
EjbcaWSClient(
@Value("${truststore.path}") String trustStorePath,
@Value("${truststore.password}") String truststorePassword,
@Value("${keystore.path}") String keyStorePath,
@Value("${keystore.password}") String keystorePassword,
@Value("${ejbcaws.url}") String ejbcawsurl
) throws MalformedURLException {
TrustManagerFactory trustManagerFactory = null;
KeyManagerFactory keyManagerFactory = null;
KeyStore trustStore = null;
KeyStore identitystore = null;
try {
CryptoProviderTools.installBCProvider();
//Set Keystore file path and certificate password
if (keyStorePath != null) {
FileExists(keyStorePath);
identitystore = KeyStore.getInstance(KeyStore.getDefaultType());
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
InputStream keystoreStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(keyStorePath);
identitystore.load(keystoreStream, keystorePassword.toCharArray());
keyManagerFactory.init(identitystore, keystorePassword.toCharArray());
}
//Set Trustore file path and certificate password
if (trustStorePath != null) {
logger.info("Checking Truststore");
FileExists(trustStorePath);
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
InputStream truststoreStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(trustStorePath);
trustStore.load(truststoreStream, truststorePassword.toCharArray());
trustManagerFactory.init(trustStore);
}
//alternative accept all
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(keyManagerFactory.getKeyManagers(), trustAllCerts, null); //trustManagerFactory.getTrustManagers()
SSLContext.setDefault(sc); //Alternative Use: HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
//Temporarily Accept all validation
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
webServiceURL = new URL(ejbcawsurl + "?wsdl"); //props.getProperty("ejbcaws.url", "https://localhost:8443/ejbca/ejbcaws/ejbcaws")
} catch (Exception e) {
e.printStackTrace();
}
}
private void FileExists(String fileName) throws Exception {
if (Thread.currentThread().getContextClassLoader().getResourceAsStream(fileName) == null) {
logger.info("File '" + fileName + "' does not exist");
} else {
logger.info("Filename " + fileName + "exists");
}
}//EoM
/**
* Method creating a connection to the webservice using the information
* stored in the property files. If a connection already is established this
* connection will be used
*
* @throws ServiceException
* @throws IOException
* @throws FileNotFoundException
*/
public EjbcaWS getEjbcaRAWS() {
try {
return getEjbcaRAWS(false);
} catch (Exception ex) {
Logger.getLogger(EjbcaWSClient.class.getName()).log(Level.SEVERE, null, ex);
}
return null;
}
private EjbcaWS getEjbcaRAWS(boolean bForceNewReference) throws Exception {
if (this.ejbcaraws == null || bForceNewReference) {
final QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService");
final EjbcaWSService service = new EjbcaWSService(this.webServiceURL, qname);
if (bForceNewReference) {
return service.getEjbcaWSPort();
}
this.ejbcaraws = service.getEjbcaWSPort();
}
return this.ejbcaraws;
}
public int getRevokeReason(String reason) {
for (int i = 0; i < REASON_TEXTS.length; i++) {
if (REASON_TEXTS[i].equalsIgnoreCase(reason)) {
return REASON_VALUES[i];
}
}
return 0;
}
public String getRevokeReason(int reason) {
for (int i = 0; i < REASON_VALUES.length; i++) {
if (REASON_VALUES[i] == reason) {
return REASON_TEXTS[i];
}
}
return null;
}
private static final String[] REASON_TEXTS = {
"NOT REVOKED",
"REV_UNSPECIFIED",
"REV_KEYCOMPROMISE",
"REV_CACOMPROMISE",
"REV_AFFILIATIONCHANGED",
"REV_SUPERSEDED",
"REV_CESSATIONOFOPERATION",
"REV_CERTIFICATEHOLD",
"REV_REMOVEFROMCRL",
"REV_PRIVILEGEWITHDRAWN",
"REV_AACOMPROMISE"
};
public static final int NOT_REVOKED = 0; // RevokeStatus.NOT_REVOKED;
public static final int REVOKATION_REASON_UNSPECIFIED = 1; // RevokeStatus.REVOKATION_REASON_UNSPECIFIED;
public static final int REVOKATION_REASON_KEYCOMPROMISE = 2; // RevokeStatus.REVOKATION_REASON_KEYCOMPROMISE;
public static final int REVOKATION_REASON_CACOMPROMISE = 3; // RevokeStatus.REVOKATION_REASON_CACOMPROMISE;
public static final int REVOKATION_REASON_AFFILIATIONCHANGED = 4; // RevokeStatus.REVOKATION_REASON_AFFILIATIONCHANGED;
public static final int REVOKATION_REASON_SUPERSEDED = 5; // RevokeStatus.REVOKATION_REASON_SUPERSEDED;
public static final int REVOKATION_REASON_CESSATIONOFOPERATION = 6; // RevokeStatus.REVOKATION_REASON_CESSATIONOFOPERATION;
public static final int REVOKATION_REASON_CERTIFICATEHOLD = 7; // RevokeStatus.REVOKATION_REASON_CERTIFICATEHOLD;
public static final int REVOKATION_REASON_REMOVEFROMCRL = 8; // RevokeStatus.REVOKATION_REASON_REMOVEFROMCRL;
public static final int REVOKATION_REASON_PRIVILEGESWITHDRAWN = 9; // RevokeStatus.REVOKATION_REASON_PRIVILEGESWITHDRAWN;
public static final int REVOKATION_REASON_AACOMPROMISE = 10; // RevokeStatus.REVOKATION_REASON_AACOMPROMISE;
private static final int[] REASON_VALUES = {
NOT_REVOKED,
REVOKATION_REASON_UNSPECIFIED,
REVOKATION_REASON_KEYCOMPROMISE,
REVOKATION_REASON_CACOMPROMISE,
REVOKATION_REASON_AFFILIATIONCHANGED,
REVOKATION_REASON_SUPERSEDED,
REVOKATION_REASON_CESSATIONOFOPERATION,
REVOKATION_REASON_CERTIFICATEHOLD,
REVOKATION_REASON_REMOVEFROMCRL,
REVOKATION_REASON_PRIVILEGESWITHDRAWN,
REVOKATION_REASON_AACOMPROMISE
};
}
package eu.ubitech.ejbca.rest;
import eu.ubitech.ejbca.client.EjbcaUser;
import eu.ubitech.ejbca.client.EjbcaWSClientImpl;
import java.util.List;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import org.ejbca.core.protocol.ws.Certificate;
import org.ejbca.core.protocol.ws.NameAndId;
import org.ejbca.core.protocol.ws.RevokeStatus;
import org.ejbca.core.protocol.ws.UserDataVOWS;
import org.ejbca.core.protocol.ws.UserMatch;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
/**
*
* @author Panagiotis Gouvas (pgouvas@ubitech.eu)
*/
@RestController
@RequestMapping("/test")
public class TestController {
private static final Logger logger = Logger.getLogger(TestController.class.getName());
@Autowired
EjbcaWSClientImpl ca;
@RequestMapping(path = "/0", method = RequestMethod.GET)
public void test0(HttpServletRequest request) {
List<NameAndId> availableCAs = ca.getAvailableCAs();
logger.info("availableCAs: "+availableCAs.size());
availableCAs.forEach(ca->{
logger.info(ca.getName()+" "+ca.getId());
});
}//EoM
@RequestMapping(path = "/1", method = RequestMethod.GET)
public void test1(HttpServletRequest request) {
List<Certificate> certs = ca.getCACert("ManagementCA");
logger.info("Existing CAs: "+certs.size());
// certs.forEach(cert->{logger.info(new String(cert.getCertificateData()));});
}//EoM
@RequestMapping(path = "/2", method = RequestMethod.GET)
public void test2(HttpServletRequest request) {
RevokeStatus revokestatus = ca.checkCertificateRevokeStatus("CN=ManagementCA", "-628002118");
logger.info("RevokeStatus: "+revokestatus);
}//EoM
@RequestMapping(path = "/3", method = RequestMethod.GET)
public void test3(HttpServletRequest request) {
String username = "user1";
String password = "pass1";
String dn = "CN=RO1"; //
String caname = "ManagementCA";
String eeprofilename = "DOCTORS";
String cerprofilename = "ENDUSER";
//------------
EjbcaUser ejbcaUser = new EjbcaUser();
ejbcaUser.setEntityArgument(EjbcaUser.Arguments.USERNAME, username);
ejbcaUser.setEntityArgument(EjbcaUser.Arguments.PASSWORD, password);
ejbcaUser.setEntityArgument(EjbcaUser.Arguments.CA, caname);
ejbcaUser.setEntityArgument(EjbcaUser.Arguments.SUBJECTDN, dn);
ejbcaUser.setEntityArgument(EjbcaUser.Arguments.ENDENTITYPROFILE, eeprofilename);
ejbcaUser.setEntityArgument(EjbcaUser.Arguments.CERTIFICATEPROFILE, cerprofilename);
ejbcaUser.setEntityArgument(EjbcaUser.Arguments.EMAIL, "pgouvas@gmail.com");
ejbcaUser.setEntityArgument(EjbcaUser.Arguments.TOKEN, "P12");
boolean status = ca.editUser(ejbcaUser);
logger.info("Add user: "+status);
}//EoM
@RequestMapping(path = "/4", method = RequestMethod.GET)
public void test4(HttpServletRequest request) {
UserMatch usermatch = new UserMatch();
usermatch.setMatchtype(1); //contains
usermatch.setMatchvalue("01");
usermatch.setMatchwith(4);
List<UserDataVOWS> findUserList = ca.findUser(usermatch);
findUserList.forEach(u->logger.info(u.toString()));
}//EoM
@RequestMapping(path = "/5", method = RequestMethod.GET)
public void test5(HttpServletRequest request) {
ca.getCertificate("123", "CN=ManagementCA");
}//EoM
}//EoC
package org.ejbca.core.protocol.ws;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for addSubjectToRole complex type.
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
* <pre>
* &lt;complexType name="addSubjectToRole"&gt;
* &lt;complexContent&gt;
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType"&gt;
* &lt;sequence&gt;
* &lt;element name="arg0" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/&gt;
* &lt;element name="arg1" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/&gt;
* &lt;element name="arg2" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/&gt;
* &lt;element name="arg3" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/&gt;
* &lt;element name="arg4" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/&gt;
* &lt;/sequence&gt;
* &lt;/restriction&gt;
* &lt;/complexContent&gt;
* &lt;/complexType&gt;
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "addSubjectToRole", propOrder = {
"arg0",
"arg1",
"arg2",
"arg3",
"arg4"
})
public class AddSubjectToRole {
protected String arg0;
protected String arg1;
protected String arg2;
protected String arg3;
protected String arg4;
/**
* Gets the value of the arg0 property.