Commit bbd08e80 authored by pgouvas's avatar pgouvas
Browse files

first commit

parents
[Dolphin]
Timestamp=2019,12,4,12,23,17
Version=4
ViewMode=1
target
mnt
URL: http://127.0.0.1/ejbca/enrol/keystore.jsp
Username: superadmin Password: LPOqrkHPt+NOt311kmuzrGfS
keytool -importkeystore -srckeystore superadmin.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype jks -deststorepass changeit
keytool -list -v keystore.jks
keytool -keypasswd -new changeit -keystore keystore.jks -storepass changeit -alias superadmin -keypass LPOqrkHPt+NOt311kmuzrGfS
version: '3'
services:
db:
image: "postgres"
environment:
- POSTGRES_USER=user
- POSTGRES_PASSWORD=pwd01
- POSTGRES_DB=ejbca-2
ports:
- "5432:5432"
volumes:
- ./mnt/ejbcapostgres:/var/lib/postgresql/data
ejbca:
image: primekey/ejbca-ce:6.15.2
ports:
- '443:8443'
- '80:8080'
environment:
DATABASE_PASSWORD: pwd01
DATABASE_USER: user
DATABASE_JDBC_URL: jdbc:postgresql://db:5432/ejbca-2
restart: always
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>eu.ubitech.ejbca</groupId>
<artifactId>ejbca</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<cxf.version>3.3.2</cxf.version>
<java.version>1.8</java.version>
</properties>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.1.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.64</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.ejbca.cesecore</groupId>
<artifactId>cesecore-common</artifactId>
<version>7.0.0.1</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>${java.version}</source>
<target>${java.version}</target>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<executable>true</executable>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-codegen-plugin</artifactId>
<version>${cxf.version}</version>
<executions>
<execution>
<id>generate-sources</id>
<phase>generate-sources</phase>
<configuration>
<sourceRoot>${basedir}/src/main/java</sourceRoot>
<wsdlOptions>
<wsdlOption>
<wsdl>${basedir}/src/main/resources/wsdl/ejbcaws.wsdl</wsdl>
</wsdlOption>
</wsdlOptions>
</configuration>
<goals>
<goal>wsdl2java</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
\ No newline at end of file
[Dolphin]
Timestamp=2019,12,4,15,49,3
Version=4
ViewMode=1
package eu.ubitech.ejbca;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.context.annotation.ComponentScan;
/**
*
* @author Panagiotis Gouvas (pgouvas@ubitech.eu)
*/
@ComponentScan({
"eu.ubitech.ejbca" ,
"eu.ubitech.ejbca.client",
"eu.ubitech.ejbca.rest"
})
@SpringBootApplication()
@EnableCaching
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
package eu.ubitech.ejbca.client;
import java.util.HashMap;
import java.util.Map;
import org.ejbca.core.protocol.ws.UserDataVOWS;
/**
*
* @author Panagiotis Gouvas (pgouvas@ubitech.eu)
*/
public final class EjbcaUser {
private final Map<Enum, String> entityMap = new HashMap<Enum, String>();
public enum Token {
USERGENERATED, P12, JKS, PEM
};
public enum Arguments {
USERNAME,
PASSWORD,
CLEARPWD,
SUBJECTDN,
SUBJECTALTNAME,
EMAIL,
CA,
TYPE,
TOKEN,
STATUS,
ENDENTITYPROFILE,
CERTIFICATEPROFILE,
ISSUERALIAS,
PKCS10,
ENCODING,
HARDTOKENSN,
OUTPUTPATH,
KEYLENGTH,
ENCRYPTION_ALGORYTHM
};
public EjbcaUser() {
this.setDefaultValues();
}
public void setDefaultValues() {
setEntityArgument(Arguments.ISSUERALIAS, "NONE");
setEntityArgument(Arguments.SUBJECTALTNAME, "NULL");
setEntityArgument(Arguments.HARDTOKENSN, "NULL");
setEntityArgument(Arguments.ENCODING, "PEM");
setEntityArgument(Arguments.OUTPUTPATH, "");
setEntityArgument(Arguments.STATUS, "0"); //Integer.toString(UserDataVOWS.STATUS_NEW)
setEntityArgument(Arguments.CLEARPWD, "FALSE");
setEntityArgument(Arguments.EMAIL, "NULL");
setEntityArgument(Arguments.TOKEN, "JKS"); //UserDataVOWS.TOKEN_TYPE_JKS
setEntityArgument(Arguments.KEYLENGTH,"2048");
setEntityArgument(Arguments.ENCRYPTION_ALGORYTHM,"RSA");
}
public void setEntityArgument(Enum key, String value) {
if (Arguments.valueOf(key.toString()) != null) {
this.entityMap.put(key, value);
}
}
public String getEntityArgument(Enum key) {
return (Arguments.valueOf(key.toString()) != null ? this.entityMap.get(key) : "");
}
}
package eu.ubitech.ejbca.client;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.xml.namespace.QName;
import org.cesecore.util.CryptoProviderTools;
import org.ejbca.core.protocol.ws.EjbcaWS;
import org.ejbca.core.protocol.ws.EjbcaWSService;
import org.ejbca.core.protocol.ws.RevokeStatus;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
/**
* Base class inherited by all EJBCA RA WS cli commands. Checks the property
* file and creates a webservice connection.
*
* @author Panagiotis Gouvas (pgouvas@ubitech.eu)
*/
@Component
public class EjbcaWSClient {
private static final Logger logger = Logger.getLogger(EjbcaWSClient.class.getName());
private EjbcaWS ejbcaraws = null;
private URL webServiceURL = null;
EjbcaWSClient(
@Value("${truststore.path}") String trustStorePath,
@Value("${truststore.password}") String truststorePassword,
@Value("${keystore.path}") String keyStorePath,
@Value("${keystore.password}") String keystorePassword,
@Value("${ejbcaws.url}") String ejbcawsurl
) throws MalformedURLException {
TrustManagerFactory trustManagerFactory = null;
KeyManagerFactory keyManagerFactory = null;
KeyStore trustStore = null;
KeyStore identitystore = null;
try {
CryptoProviderTools.installBCProvider();
//Set Keystore file path and certificate password
if (keyStorePath != null) {
FileExists(keyStorePath);
identitystore = KeyStore.getInstance(KeyStore.getDefaultType());
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
InputStream keystoreStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(keyStorePath);
identitystore.load(keystoreStream, keystorePassword.toCharArray());
keyManagerFactory.init(identitystore, keystorePassword.toCharArray());
}
//Set Trustore file path and certificate password
if (trustStorePath != null) {
logger.info("Checking Truststore");
FileExists(trustStorePath);
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
InputStream truststoreStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(trustStorePath);
trustStore.load(truststoreStream, truststorePassword.toCharArray());
trustManagerFactory.init(trustStore);
}
//alternative accept all
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(keyManagerFactory.getKeyManagers(), trustAllCerts, null); //trustManagerFactory.getTrustManagers()
SSLContext.setDefault(sc); //Alternative Use: HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
//Temporarily Accept all validation
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
webServiceURL = new URL(ejbcawsurl + "?wsdl"); //props.getProperty("ejbcaws.url", "https://localhost:8443/ejbca/ejbcaws/ejbcaws")
} catch (Exception e) {
e.printStackTrace();
}
}
private void FileExists(String fileName) throws Exception {
if (Thread.currentThread().getContextClassLoader().getResourceAsStream(fileName) == null) {
logger.info("File '" + fileName + "' does not exist");
} else {
logger.info("Filename " + fileName + "exists");
}
}//EoM
/**
* Method creating a connection to the webservice using the information
* stored in the property files. If a connection already is established this
* connection will be used
*
* @throws ServiceException
* @throws IOException
* @throws FileNotFoundException
*/
public EjbcaWS getEjbcaRAWS() {
try {
return getEjbcaRAWS(false);
} catch (Exception ex) {
Logger.getLogger(EjbcaWSClient.class.getName()).log(Level.SEVERE, null, ex);
}
return null;
}
private EjbcaWS getEjbcaRAWS(boolean bForceNewReference) throws Exception {
if (this.ejbcaraws == null || bForceNewReference) {
final QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService");
final EjbcaWSService service = new EjbcaWSService(this.webServiceURL, qname);
if (bForceNewReference) {
return service.getEjbcaWSPort();
}
this.ejbcaraws = service.getEjbcaWSPort();
}
return this.ejbcaraws;
}
public int getRevokeReason(String reason) {
for (int i = 0; i < REASON_TEXTS.length; i++) {
if (REASON_TEXTS[i].equalsIgnoreCase(reason)) {
return REASON_VALUES[i];
}
}
return 0;
}
public String getRevokeReason(int reason) {
for (int i = 0; i < REASON_VALUES.length; i++) {
if (REASON_VALUES[i] == reason) {
return REASON_TEXTS[i];
}
}
return null;
}
private static final String[] REASON_TEXTS = {
"NOT REVOKED",
"REV_UNSPECIFIED",
"REV_KEYCOMPROMISE",
"REV_CACOMPROMISE",
"REV_AFFILIATIONCHANGED",
"REV_SUPERSEDED",
"REV_CESSATIONOFOPERATION",
"REV_CERTIFICATEHOLD",
"REV_REMOVEFROMCRL",
"REV_PRIVILEGEWITHDRAWN",
"REV_AACOMPROMISE"
};
public static final int NOT_REVOKED = 0; // RevokeStatus.NOT_REVOKED;
public static final int REVOKATION_REASON_UNSPECIFIED = 1; // RevokeStatus.REVOKATION_REASON_UNSPECIFIED;
public static final int REVOKATION_REASON_KEYCOMPROMISE = 2; // RevokeStatus.REVOKATION_REASON_KEYCOMPROMISE;
public static final int REVOKATION_REASON_CACOMPROMISE = 3; // RevokeStatus.REVOKATION_REASON_CACOMPROMISE;
public static final int REVOKATION_REASON_AFFILIATIONCHANGED = 4; // RevokeStatus.REVOKATION_REASON_AFFILIATIONCHANGED;
public static final int REVOKATION_REASON_SUPERSEDED = 5; // RevokeStatus.REVOKATION_REASON_SUPERSEDED;
public static final int REVOKATION_REASON_CESSATIONOFOPERATION = 6; // RevokeStatus.REVOKATION_REASON_CESSATIONOFOPERATION;
public static final int REVOKATION_REASON_CERTIFICATEHOLD = 7; // RevokeStatus.REVOKATION_REASON_CERTIFICATEHOLD;
public static final int REVOKATION_REASON_REMOVEFROMCRL = 8; // RevokeStatus.REVOKATION_REASON_REMOVEFROMCRL;
public static final int REVOKATION_REASON_PRIVILEGESWITHDRAWN = 9; // RevokeStatus.REVOKATION_REASON_PRIVILEGESWITHDRAWN;
public static final int REVOKATION_REASON_AACOMPROMISE = 10; // RevokeStatus.REVOKATION_REASON_AACOMPROMISE;
private static final int[] REASON_VALUES = {
NOT_REVOKED,
REVOKATION_REASON_UNSPECIFIED,
REVOKATION_REASON_KEYCOMPROMISE,
REVOKATION_REASON_CACOMPROMISE,
REVOKATION_REASON_AFFILIATIONCHANGED,
REVOKATION_REASON_SUPERSEDED,
REVOKATION_REASON_CESSATIONOFOPERATION,
REVOKATION_REASON_CERTIFICATEHOLD,
REVOKATION_REASON_REMOVEFROMCRL,
REVOKATION_REASON_PRIVILEGESWITHDRAWN,
REVOKATION_REASON_AACOMPROMISE
};
}
package eu.ubitech.ejbca.client;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.cesecore.certificates.crl.RevokedCertInfo;
import org.cesecore.util.CertTools;
import org.ejbca.core.protocol.ws.AlreadyRevokedException_Exception;
import org.ejbca.core.protocol.ws.ApprovalException_Exception;
import org.ejbca.core.protocol.ws.AuthorizationDeniedException_Exception;
import org.ejbca.core.protocol.ws.CADoesntExistsException_Exception;
import org.ejbca.core.protocol.ws.Certificate;
import org.ejbca.core.protocol.ws.CertificateResponse;
import org.ejbca.core.protocol.ws.CesecoreException_Exception;
import org.ejbca.core.protocol.ws.DateNotValidException_Exception;
import org.ejbca.core.protocol.ws.EjbcaException_Exception;
import org.ejbca.core.protocol.ws.EjbcaWS;
import org.ejbca.core.protocol.ws.EndEntityProfileNotFoundException_Exception;
import org.ejbca.core.protocol.ws.ExtendedInformationWS;
import org.ejbca.core.protocol.ws.IllegalQueryException_Exception;
import org.ejbca.core.protocol.ws.KeyStore;
import org.ejbca.core.protocol.ws.NameAndId;
import org.ejbca.core.protocol.ws.NotFoundException_Exception;
import org.ejbca.core.protocol.ws.RevokeBackDateNotAllowedForProfileException_Exception;
import org.ejbca.core.protocol.ws.RevokeStatus;
import org.ejbca.core.protocol.ws.UserDataVOWS;
import org.ejbca.core.protocol.ws.UserMatch;
import org.ejbca.core.protocol.ws.WaitingForApprovalException_Exception;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
//import org.cesecore.authorization.AuthorizationDeniedException;
//import org.cesecore.certificates.ca.CADoesntExistsException;
//import org.cesecore.certificates.crl.RevokedCertInfo;
//import org.cesecore.util.CertTools;
//import org.ejbca.core.EjbcaException;
//import org.ejbca.core.model.ra.raadmin.EndEntityProfileNotFoundException;
//import org.ejbca.ui.cli.ErrorAdminCommandException;
//import org.ejbca.util.query.IllegalQueryException;
/**
*
* @author Panagiotis Gouvas - (pgouvas@ubitech.eu)
*
*/
@Component
public class EjbcaWSClientImpl {
@Autowired
EjbcaWSClient CLIENT;
private final Logger logger = Logger.getLogger(EjbcaWSClientImpl.class.getName());
private enum Encode {
BASE64, BINARY
};
private enum Extension {
P12, PEM, DER, JKS
};
/**
* Edits/adds a user to the EJBCA database.
*
* @param ejbcaUser An EjbcaUser Object which contains all info for the user
* to be edited/created
* @return The generated KeyStore or null if no KeyStore could be created
*
*/
public boolean editUser(EjbcaUser ejbcaUser) {
EjbcaWSLogger wslogger = new EjbcaWSLogger();
try {
final UserDataVOWS userdata = convertEjbcaUserTOUserDataVOWS(ejbcaUser);
wslogger.append("Trying to add user:");
wslogger.append("Username: " + userdata.getUsername());
wslogger.append("Subject DN: " + userdata.getSubjectDN());
wslogger.append("Subject Altname: " + userdata.getSubjectAltName());
wslogger.append("Email: " + userdata.getEmail());
wslogger.append("CA Name: " + userdata.getCaName());
wslogger.append("Token: " + userdata.getTokenType());
wslogger.append("Status: " + userdata.getStatus());
wslogger.append("End entity profile: " + userdata.getEndEntityProfileName());
wslogger.append("Certificate profile: " + userdata.getCertificateProfileName());
wslogger.append("Hard Token Issuer Alias: " + (userdata.getHardTokenIssuerName() != null ? userdata.getHardTokenIssuerName() : "null"));
final List<ExtendedInformationWS> eil = userdata.getExtendedInformation();
if (eil != null) {
wslogger.append("Extended information:");
for (ExtendedInformationWS ei : eil) {
wslogger.append(" '" + ei.getName() + "' = '" + ei.getValue() + "'");
}
}
final BigInteger bi = userdata.getCertificateSerialNumber();
if (bi != null) {
wslogger.append("CERTIFICATESERIALNUMBER" + "=0x" + bi.toString(16));
}
//Add/Edit End-Entity to EJBCA
getEjbcaRAWS().editUser(userdata);
wslogger.append("User '" + userdata.getUsername() + "' has been added/edited.");
wslogger.showLogs(this.logger);
return true;
} catch (Exception ex) {
Logger.getLogger(EjbcaWSClientImpl.class.getName()).log(Level.SEVERE, null, ex);
}
wslogger.showLogs(this.logger);
return false;
}
public KeyStore createSoftTokenRequest(EjbcaUser ejbcaUser) {
KeyStore keystore = null;
try {
EjbcaWSLogger wslogger = new EjbcaWSLogger();
UserDataVOWS userdata = convertEjbcaUserTOUserDataVOWS(ejbcaUser);
keystore = getEjbcaRAWS().softTokenRequest(userdata, userdata.getHardTokenIssuerName(), ejbcaUser.getEntityArgument(EjbcaUser.Arguments.KEYLENGTH), ejbcaUser.getEntityArgument(EjbcaUser.Arguments.ENCRYPTION_ALGORYTHM));
if (keystore == null) {
wslogger.append("No certificate could be generated for user, check server logs for error.");
}
} catch (Exception ex) {
Logger.getLogger(EjbcaWSClientImpl.class.getName()).log(Level.SEVERE, null, ex);
}
return keystore;
}
/**
* Fetches issued certificate.