EJBCA 6 通过调用WebService接口增加用户并获取证书

今天终于搞定通过调用WebService 接口的方式在EJBCA 中增加用户。

本项目完整代码请参见http://git.oschina.net/xiangyunsoft/EjbcaWs

1、EJBCA6 默认会配置好ws服务，如果有其他配置需要在conf/jaxws.properties文件中进行配置。

2、编写客户端代码，调用ws接口服务

package?cn.com.rexen.ca;

import?org.cesecore.util.CryptoProviderTools;
import?org.cesecore.util.provider.TLSProvider;
import?org.ejbca.core.protocol.ws.client.gen.*;

import?javax.net.ssl.KeyManagerFactory;
import?javax.xml.namespace.QName;
import?java.io.IOException;
import?java.net.MalformedURLException;
import?java.net.URL;
import?java.security.*;
import?java.security.cert.CertificateException;
import?java.util.List;

/**
?*?调用EJBCA?WS接口.
?*?Created?by?libo?on?2014/6/16.
?*/
public?class?CaWS?{

????/**?解决?java.security.cert.CertificateException:?No?subject?alternative?names?matching?IP?address?172.17.2.248?found
????172.17.2.248?换成自己的IP或机器名。
?????*/
????static?{
????????javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
????????????????new?javax.net.ssl.HostnameVerifier()?{

????????????????????public?boolean?verify(String?hostname,??????????????????????????????????????????javax.net.ssl.SSLSession?sslSession)?{
????????????????????????if?(hostname.equals("172.17.2.248"))?{
????????????????????????????return?true;
????????????????????????}
????????????????????????return?false;
????????????????????}
????????????????}
????????);
????}

????private?EjbcaWS?ejbcaWS;

????public?static?void?main(String[]?args)?throws?Exception?{
????????CaWS?caWS?=?new?CaWS();
????????caWS.initEjbcaWs();
????????caWS.create();
????????caWS.findUser();
????}

????/**
?????*?查询用户信息.
?????*/
????public?void?findUser()?throws?MalformedURLException,?EjbcaException_Exception,?IllegalQueryException_Exception,?EndEntityProfileNotFoundException_Exception,?AuthorizationDeniedException_Exception,?ApprovalException_Exception,?UserDoesntFullfillEndEntityProfile_Exception,?CADoesntExistsException_Exception,?WaitingForApprovalException_Exception?{
????????UserMatch?usermatch?=?new?UserMatch();
????????usermatch.setMatchwith(UserMatch.MATCH_WITH_EMAIL);?//按EMAIL地址进行查询
????????usermatch.setMatchtype(UserMatch.MATCH_TYPE_EQUALS);????//查询匹配方式
????????usermatch.setMatchvalue("123@qq.com");
????????List<UserDataVOWS>?result?=?ejbcaWS.findUser(usermatch);
????????System.out.println("result:"?+?result);

????????for?(UserDataVOWS?ud?:?result)?{
????????????System.out.println("==========================");
????????????System.out.println("userName:"?+?ud.getUsername());
????????????System.out.println("email:"?+?ud.getEmail());
????????????System.out.println("SubjectDN:"?+?ud.getSubjectDN());
????????????System.out.println("caName:"?+?ud.getCaName());
????????????System.out.println("==========================");
????????}
????}

????/**
?????*?初始化ws?接口服务.
?????*/
????public?void?initEjbcaWs()?{
????????CryptoProviderTools.installBCProvider();
????????String?urlstr?=?"https://172.17.2.248:8443/ejbca/ejbcaws/ejbcaws?wsdl";
????????String?fileName?=?"F:workspacecaWSsrcsuperadmin_62.p12";
????????String?password?=?"ejbca";
????????System.setProperty("javax.net.ssl.keyStore",?fileName);
????????System.setProperty("javax.net.ssl.keyStoreType",?"pkcs12");

????????Provider?tlsProvider?=?new?TLSProvider();
????????Security.addProvider(tlsProvider);
????????Security.setProperty("ssl.TrustManagerFactory.algorithm",?"AcceptAll");
????????System.setProperty("javax.net.ssl.keyStorePassword",?password);
????????try?{
????????????KeyManagerFactory.getInstance("NewSunX509");
????????}?catch?(NoSuchAlgorithmException?e)?{
????????????e.printStackTrace();
????????}

????????Security.setProperty("ssl.KeyManagerFactory.algorithm",?"NewSunX509");
????????QName?qname?=?new?QName("http://ws.protocol.core.ejbca.org/",?"EjbcaWSService");
????????URL?url?=?null;
????????try?{
????????????url?=?new?URL(null,?urlstr,?new?sun.net.www.protocol.http.Handler());
????????}?catch?(MalformedURLException?e)?{
????????????e.printStackTrace();
????????}
????????EjbcaWSService?service?=?new?EjbcaWSService(url,?qname);
????????ejbcaWS?=?service.getEjbcaWSPort();

????????String?version?=?ejbcaWS.getEjbcaVersion();

????????System.out.println("ejbcaWS?init?successfully.?EJBCA?Version?is?:"?+?version);
????}

????/**
?????*?增加用户
?????*/
????public?void?create()?throws?CertificateException,?NoSuchAlgorithmException,?KeyStoreException,?NoSuchProviderException,?IOException,?WaitingForApprovalException_Exception,?NotFoundException_Exception,?InvalidAlgorithmParameterException?{
????????String?password?=?"123456";

????????final?UserDataVOWS?userData?=?new?UserDataVOWS();
????????userData.setUsername("t_123");
????????userData.setPassword(password);?//如果模板指定自动生成密码，则不需要指定。
????????userData.setClearPwd(false);
????????userData.setSubjectDN("E=123@qq.com,UID=35,CN=t_123,OU=研发中心,O=qq.com,L=changchu,ST=jilin,C=china");
????????userData.setCaName("ManagementCA");
????????userData.setEmail("123@qq.com");
????????userData.setSubjectAltName(null);
????????userData.setStatus(UserDataVOWS.STATUS_NEW);
????????userData.setTokenType(UserDataVOWS.TOKEN_TYPE_P12);
????????userData.setEndEntityProfileName("EMPTY");
????????userData.setCertificateProfileName("ENDUSER");
//????????userData.setSendNotification(true);???????//如果配置邮件发送，则可以设置增加用户时发送信息。
????????ejbcaWS.editUser(userData);
????????
????????writeFile(userData,?ejbcaWS);

????????System.out.println("create?user?successfully.");
????}
????
????????/**
?????*?生成证书
?????*/
????public?void?writeFile(UserDataVOWS?user1,?EjbcaWS?ws)?throws?InvalidAlgorithmParameterException,?CertificateException,?InvalidKeyException,?SignatureException,?CADoesntExistsException_Exception?{
????????//?For?now,?assume?RSA?and?SHA1WithRSA.
????????String?strKeySpec?=?"1024";
????????KeyPair?keys?=?KeyTools.genKeys(strKeySpec,????????????????AlgorithmConstants.KEYALGORITHM_RSA);

????????PKCS10CertificationRequest?pkcs10?=?new?PKCS10CertificationRequest("SHA256withRSA",?new?X500Principal(
????????????????user1.getSubjectDN()),?keys.getPublic(),?null,?keys.getPrivate());

????????CertificateResponse?certenv?=?ws.certificateRequest(user1,????????????????new?String(Base64.encode(pkcs10.getEncoded())),????????????????CertificateHelper.CERT_REQ_TYPE_PKCS10,????????????????CertificateHelper.RESPONSETYPE_CERTIFICATE);
//
????????X509Certificate?cert?=?certenv.getCertificate();
????????java.security.KeyStore?jks?=?java.security.KeyStore
????????????????.getInstance(user1.getTokenType().equals("JKS")???"JKS"
????????????????????????:?"pkcs12");
????????jks.load(null,?user1.getPassword().toCharArray());

????????java.security.cert.CertificateFactory?cf?=?java.security.cert.CertificateFactory
????????????????.getInstance("X.509");
????????java.security.cert.Certificate?cert1?=?cf
????????????????.generateCertificate(new?ByteArrayInputStream(cert
????????????????????????.getEncoded()));

????????java.security.cert.Certificate[]?certs?=?new?java.security.cert.Certificate[1];
????????certs[0]?=?cert1;

????????//?Following?logic?used?in?EjbcaWS.java,?the?alias?is?the?common
????????//?name,?if?present,?and?otherwise,?is?the?username.
????????String?alias?=?CertTools.getPartFromDN(user1.getSubjectDN(),????????????????"CN");
????????if?(alias?==?null)?{
????????????alias?=?user1.getUsername();
????????}


????????String?strFileName?=?"c:temptest.p12";

????????FileOutputStream?out?=?new?FileOutputStream(strFileName);

????????//?storing?keystore
????????java.security.PrivateKey?ff?=?keys.getPrivate();

????????jks.setKeyEntry(alias,?ff,?user1.getPassword().toCharArray(),????????????????certs);
????????jks.store(out,?user1.getPassword().toCharArray());
????????out.close();
????}
}

执行程序运行结果如下：

ejbcaWS?init?successfully.?EJBCA?Version?is?:EJBCA?6.2.0?(r19221)
create?user?successfully.
result:[org.ejbca.core.protocol.ws.client.gen.UserDataVOWS@44c35c97]
==========================
userName:t_123
email:123@qq.com
SubjectDN:E=123@qq.com,C=china
caName:ManagementCA
==========================

工程所需要jar在ejcb_home/dist/ejbca-ws-cli/lib目录下。