You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by va...@apache.org on 2007/10/08 23:31:48 UTC
svn commit: r582981 - in /geronimo/server:
branches/2.0.2/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/
branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/
branches/2.0.2/modules/geronimo-util/src/main/java/or...
Author: vamsic007
Date: Mon Oct 8 14:31:46 2007
New Revision: 582981
URL: http://svn.apache.org/viewvc?rev=582981&view=rev
Log:
GERONIMO-3473 CA Helper app should support submitting Certificate Requests from Internet Explorer
o CA Helper App now supports generating certificate requests from Internet Explorer, installing CA and personal certificates.
Added:
geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp (with props)
geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp (with props)
geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp (with props)
Modified:
geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java
geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp
geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp
geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp
geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/index.jsp
geronimo/server/branches/2.0.2/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java
geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java
geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp
geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp
geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp
geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/index.jsp
geronimo/server/branches/2.0/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java
geronimo/server/trunk/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java
geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp
geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp
geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp
geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/index.jsp
geronimo/server/trunk/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java
Modified: geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java (original)
+++ geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java Mon Oct 8 14:31:46 2007
@@ -19,6 +19,7 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.PrintStream;
import java.util.Properties;
import javax.servlet.ServletException;
@@ -26,6 +27,7 @@
import javax.servlet.http.HttpServletResponse;
import org.apache.geronimo.ca.helper.util.CAHelperUtils;
+import org.apache.geronimo.util.CaUtils;
/**
* Servlet implementation class for Servlet: CertificateRequestServlet
@@ -59,27 +61,44 @@
String reqST = request.getParameter("reqST");
String reqC = request.getParameter("reqC");
String spkac = request.getParameter("spkac");
+ String pkcs10req = request.getParameter("pkcs10req");
- if(spkac == null || spkac.equals("")) {
- // browser did not generate SignedPublicKeyAndChallenge
- throw new ServletException("Browser did not generate SignedPublicKeyAndChallenge. Resubmit your certificate request.");
+ String toStore = null;
+ if(pkcs10req != null && !pkcs10req.equals("")) {
+ // Either generated from Internet Explorer or submitted as PKCS10 request
+ if(!pkcs10req.startsWith(CaUtils.CERT_REQ_HEADER)) {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ PrintStream out = new PrintStream(baos);
+ out.println(CaUtils.CERT_REQ_HEADER);
+ out.println(pkcs10req.trim());
+ out.println(CaUtils.CERT_REQ_FOOTER);
+ out.close();
+ toStore = baos.toString();
+ } else {
+ toStore = pkcs10req;
+ }
+ } else if(spkac != null && !spkac.equals("")) {
+ // Received from a web browser that supports KEYGEN tag
+ // Create a Properties object with user supplied values
+ Properties csrProps = new Properties();
+ csrProps.setProperty("CN", reqCN);
+ csrProps.setProperty("OU", reqOU);
+ csrProps.setProperty("O", reqO);
+ csrProps.setProperty("L", reqL);
+ csrProps.setProperty("ST", reqST);
+ csrProps.setProperty("C", reqC);
+ csrProps.setProperty("SPKAC", spkac);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ csrProps.store(baos, "Request received through CA Helper Application");
+ baos.close();
+ toStore = baos.toString();
+ } else {
+ // Did not receive a SignedPublicKeyAndChallenge or a PKCS10 Cerificate Request
+ throw new ServletException("Did not receive a SignedPublicKeyAndChallenge or a PKCS10 Cerificate Request. Resubmit your certificate request.");
}
- // Create a Properties object with user supplied values
- Properties csrProps = new Properties();
- csrProps.setProperty("CN", reqCN);
- csrProps.setProperty("OU", reqOU);
- csrProps.setProperty("O", reqO);
- csrProps.setProperty("L", reqL);
- csrProps.setProperty("ST", reqST);
- csrProps.setProperty("C", reqC);
- csrProps.setProperty("SPKAC", spkac);
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- csrProps.store(baos, "Request received through CA Helper Application");
- baos.close();
// Store the CSR in the Certificate Request Store.
- String csrId = CAHelperUtils.getCertificateRequestStore().storeRequest(null, baos.toString());
+ String csrId = CAHelperUtils.getCertificateRequestStore().storeRequest(null, toStore);
// Display the CSR Id to the user and confirm the receipt of CSR
request.setAttribute("id", csrId);
Modified: geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp (original)
+++ geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp Mon Oct 8 14:31:46 2007
@@ -14,6 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
@@ -34,6 +37,7 @@
<body>
<h2>Request Certificate: Confirm and Submit Request</h2>
+<div id="Non-IE-Content" style="display:none">
<p>This is step 2 of 2 in requesting your certificate. Please review your name details and select the keysize for
your keypair. Upon clicking the <i>Submit Certificate Request</i> button, your certificate request will be generated
and sent to the CA for further processing.</p>
@@ -92,6 +96,123 @@
<input type="submit" value="Submit Certificate Request"/>
<input type="reset" name="reset" value="Reset"/>
</form>
+<%--Non-IE Content ends here --%>
+</div>
+
+<div id="IE-Content" style="display:none">
+<p> This is step 2 of 2 in requesting your certificate. Please review your name details.
+ Upon clicking the <i>Submit Certificate Request</i> button, your certificate request will be generated
+ and sent to the CA for further processing.</p>
+
+<%-- ActiveX Control to generate PKCS10 request in Internet Explorer --%>
+<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ codebase="xenroll.dll"
+ id="newCertHelper">
+</object>
+
+<%-- VBScript to generate a PKCS10 request in Internet Explorer --%>
+<SCRIPT language="VBScript">
+<!--
+Sub GenerateReq
+ ' Distinguished name variable.
+ Dim strDN
+
+ ' Request Variable.
+ Dim strReq
+
+ ' Request Disposition.
+ Dim nDisp
+
+ ' Enable error handling.
+ On Error Resume Next
+
+ ' Constants For CertRequest object.
+ const CR_IN_BASE64 = &H1
+ const CR_IN_PKCS10 = &H100
+
+ ' Build the DN.
+ strDN = "CN="&document.Confirmform.reqCN.value _
+ &",OU="&document.Confirmform.reqOU.value _
+ &",O="&document.Confirmform.reqO.value _
+ &",L="&document.Confirmform.reqL.value _
+ &",ST="&document.Confirmform.reqST.value _
+ &",C="&document.Confirmform.reqC.value _
+ '&",CC=ask"
+ ' Attempt to use the control, in this case, to create a PKCS #10.
+ strReq = newCertHelper.CreatePKCS10(strDN, " ")
+ ' If above line failed, Err.Number will not be 0.
+ if ( Err.Number <> 0 ) then
+ MsgBox("Error in call to createPKCS10 " & Err.Number)
+ err.clear
+ return
+ else
+ document.Confirmform.pkcs10req.value = strReq
+ end if
+ document.Confirmform.submit()
+End Sub
+-->
+</SCRIPT>
+
+<form name="Confirmform" action="CertificateRequestServlet" method="post">
+ <table border="0">
+ <tr>
+ <th align="right">Common Name (CN):</th>
+ <td>
+ <input type="hidden" name="reqCN" value="<%=reqCN%>"/> <%=reqCN%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Division/Business Unit (OU):</th>
+ <td>
+ <input type="hidden" name="reqOU" value="<%=reqOU%>"/> <%=reqOU%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Company/Organization (O):</th>
+ <td>
+ <input type="hidden" name="reqO" value="<%=reqO%>"/> <%=reqO%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">City/Locality (L):</th>
+ <td>
+ <input type="hidden" name="reqL" value="<%=reqL%>"/> <%=reqL%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">State/Province (ST):</th>
+ <td>
+ <input type="hidden" name="reqST" value="<%=reqST%>"/> <%=reqST%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Country Code (2 char) (C):</th>
+ <td>
+ <input type="hidden" name="reqC" value="<%=reqC%>"/> <%=reqC%>
+ <input type="hidden" name="pkcs10req"> <%-- This hidden field stores the pkcs10 request --%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Challenge Phrase:</th>
+ <td>
+ Not Supported for IE
+ </td>
+ </tr>
+ </table>
+ <input type="button" value="Submit Certificate Request" onClick="GenerateReq()"/>
+</form>
+<%-- IE Content ends here --%>
+</div>
+
+<!-- The following is used to detect if the browser supports KEYGEN tag and disply only the relevant form -->
+<div style="display:none"><form name='keygentest'><keygen name="test"/></form></div>
+<SCRIPT language="JavaScript">
+if(document.keygentest.elements.length == 0)
+ document.getElementById('IE-Content').style.display = 'block'
+else
+ document.getElementById('Non-IE-Content').style.display = 'block'
+</SCRIPT>
+
<a href="<%=request.getContextPath()%>">Cancel</a>
</body>
</html>
Modified: geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp (original)
+++ geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp Mon Oct 8 14:31:46 2007
@@ -14,13 +14,21 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page import="java.security.cert.X509Certificate" %>
<%@ page import="org.apache.geronimo.ca.helper.util.CAHelperUtils"%>
+<%@ page import="org.apache.geronimo.util.CaUtils"%>
+<%@ page import="org.apache.geronimo.util.CertificateUtil"%>
<%
X509Certificate cert = (X509Certificate) CAHelperUtils.getCertificateStore().getCACertificate();
request.setAttribute("cert", cert);
+ String base64Cert = CaUtils.base64Certificate(cert);
+ String fpSHA1 = CertificateUtil.generateFingerprint(cert, "SHA1");
+ String fpMD5 = CertificateUtil.generateFingerprint(cert, "MD5");
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
@@ -30,16 +38,55 @@
</head>
<body>
<h2>Download CA's Certificate</h2>
-<p>This page enables you to download and install CA's certificate into your web browser. Click on the link below to
-download and install CA's certificate.</p>
+<p>This page enables you to download and install CA's certificate into your web browser.</p>
+
+<SCRIPT LANGUAGE="VBScript">
+<!--
+Sub Install_Onclick
+ certificate = document.installForm.caCert.value
+ On Error Resume Next
+ Dim Enroll
+
+ Set Enroll = CreateObject("CEnroll.CEnroll.2")
+ if ( (Err.Number = 438) OR (Err.Number = 429) ) Then
+ Err.Clear
+ Set Enroll = CreateObject("CEnroll.CEnroll.1")
+ End If
+ if Err.Number <> 0 then
+ MsgBox("Error in creating CEnroll object. error:" & Hex(err))
+ Else
+ Call Enroll.installPKCS7(certificate)
+ If err.Number <> 0 then
+ MsgBox("Certificate installation failed. error: "& Hex(err))
+ Else
+ MsgBox("CA Certificate installed sucessfully")
+ End if
+ End If
+End sub
+-->
+</SCRIPT>
-<a href="DownloadCertificateServlet?type=ca">Download CA's Certificate</a> <a href="<%=request.getContextPath()%>">Back to CA Helper home</a>
+To install CA's certificate into Internet Explorer, click on the <i>Install CA's Certificate</i> button below.
+For other web browsers, click on <a href="DownloadCertificateServlet?type=ca">this link</a>.
+<form>
+ <input type="button" value="Install CA's Certificate" onClick="Install_Onclick()"/>
+</form>
+
+<br><b>Base64 encoded Certificate Text</b>
+<br>
+<form name="installForm">
+ <textarea name="cacert" rows="10" cols="80" READONLY><%=base64Cert%></textarea>
+</form>
<table border="0">
<tr>
<th colspan="2" align="left">Certificate Details</th>
</tr>
<tr>
+ <th align="right">Finger Prints</th>
+ <td>SHA1 <%=fpSHA1%> <br>MD5 <%=fpMD5%></td>
+ </tr>
+ <tr>
<th align="right">Version:</th>
<td>${cert.version}</td>
</tr>
@@ -76,6 +123,8 @@
<td><pre>${cert}</pre></td>
</tr>
</table>
+
+<br><a href="<%=request.getContextPath()%>">Back to CA Helper home</a>
</body>
</html>
Modified: geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp (original)
+++ geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp Mon Oct 8 14:31:46 2007
@@ -14,6 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
@@ -34,11 +37,11 @@
</script>
</head>
<body>
-<h2>Download Certificate</h2>
-<p>This page enables you to download and install certificate issued to you by the CA. Before installing your certificate,
-install the CA's certificate in your web browser by clicking on the <a href="DownloadCertificateServlet?type=ca"> this link</a>.</p>
+<h2>Download Personal Certificate</h2>
+<p>This page enables you to download and install a certificate issued to you by the CA. Before installing your personal certificate,
+install the CA's certificate in your web browser by visiting <a href="downloadCACertificate.jsp">this link</a>.</p>
-<form action="DownloadCertificateServlet" method="post">
+<form action="installPersonalCertificate.jsp" method="post">
<table border="0">
<tr>
<th align="right">CSR Id:</th>
Modified: geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/index.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/index.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/index.jsp (original)
+++ geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/index.jsp Mon Oct 8 14:31:46 2007
@@ -14,6 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
@@ -32,32 +35,22 @@
<p>Welcome to CA Helper application. <p>
<%if(certReqStore == null) {%>
-<p>A ceritificate request store is not available. Application can not receive Certificate Signing Requests.</p>
+<p>A certificate request store is not available. Application can not receive Certificate Signing Requests.</p>
<%}%>
<%if(certStore == null) {%>
-<p>A ceritificate store is not available. Application can not upload certificates.</p>
+<p>A certificate store is not available. Application can not upload certificates.</p>
<%}%>
<%if(certReqStore == null || certStore == null) {%>
<p>Please contact the system administrator.</p>
<%} else {%>
-<!-- The following is used to detect if the browser supports KEYGEN tag -->
-<div style="display:none"><form name='keygentest'><keygen name="test"/></form></div>
-<script>
-if(document.keygentest.elements.length == 0) {
- document.write('Your browser does not support KEYGEN tag. This application requires a browser that supports KEYGEN.');
-} else {
- document.write('<p>This application allows you to submit certificate requests, download and install certificates issued by the CA.</p>');
- document.write(
- '<table border="0">'+
- '<tr>'+
- '<td> <a href="requestCertificate.jsp">Request Certificate</a> </td>'+
- '<td> <a href="downloadCertificate.jsp">Download your Certificate</a> </td>'+
- '<td> <a href="downloadCACertificate.jsp">Download CA Certificate</a> </td>'+
- '</tr>'+
- '</table>'
- )
-}
-</script>
+<p>This application allows you to submit certificate requests, download and install certificates issued by the CA.</p>
+<table border="0">
+ <tr>
+ <td> <a href="requestCertificate.jsp">Request Certificate</a> </td>
+ <td> <a href="downloadCertificate.jsp">Download your Certificate</a> </td>
+ <td> <a href="downloadCACertificate.jsp">Download CA Certificate</a> </td>
+ </tr>
+</table>
<%}%>
</body>
</html>
Added: geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp?rev=582981&view=auto
==============================================================================
--- geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp (added)
+++ geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp Mon Oct 8 14:31:46 2007
@@ -0,0 +1,144 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+
+<%-- $Rev$ $Date$ --%>
+
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<%@ page import="java.security.cert.Certificate" %>
+<%@ page import="org.apache.geronimo.ca.helper.util.CAHelperUtils"%>
+<%@ page import="org.apache.geronimo.util.CaUtils"%>
+<%@ page import="org.apache.geronimo.util.CertificateUtil"%>
+<%@ page import="org.apache.geronimo.management.geronimo.*"%>
+<%@ page import="java.math.BigInteger"%>
+<%
+ String csrId = request.getParameter("csrId");
+ CertificateRequestStore certReqStore = CAHelperUtils.getCertificateRequestStore();
+ BigInteger sNo = certReqStore.getSerialNumberForRequest(csrId);
+ String base64Cert = null;
+ String fpSHA1 = null;
+ String fpMD5 = null;
+ if(sNo != null) {
+ CertificateStore certStore = CAHelperUtils.getCertificateStore();
+ Certificate cert = certStore.getCertificate(sNo);
+ request.setAttribute("cert", cert);
+ base64Cert = CaUtils.base64Certificate(cert);
+ fpSHA1 = CertificateUtil.generateFingerprint(cert, "SHA1");
+ fpMD5 = CertificateUtil.generateFingerprint(cert, "MD5");
+ }
+%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Install Personal Certificate</title>
+</head>
+<body>
+<h2>Install Personal Certificate</h2>
+<p>This page enables you to download and install a personal certificate into your web browser.</p>
+
+<%if(sNo == null) {%>
+ERROR: Either the CSR is yet to be fulfilled or the csrId <%=csrId%> is invalid.
+<%} else {%>
+<SCRIPT LANGUAGE="VBScript">
+<!--
+Sub Install_Onclick
+ certificate = document.installForm.cert.value
+ On Error Resume Next
+ Dim Enroll
+
+ Set Enroll = CreateObject("CEnroll.CEnroll.2")
+ if ( (Err.Number = 438) OR (Err.Number = 429) ) Then
+ Err.Clear
+ Set Enroll = CreateObject("CEnroll.CEnroll.1")
+ End If
+ if Err.Number <> 0 then
+ MsgBox("Error in creating CEnroll object. error:" & Hex(err))
+ Else
+ Call Enroll.acceptPKCS7(certificate)
+ If err.Number <> 0 then
+ MsgBox("Certificate installation failed. error: "& Hex(err))
+ Else
+ MsgBox("Certificate installed sucessfully")
+ End if
+ End If
+End sub
+-->
+</SCRIPT>
+
+To install your certificate into Internet Explorer, click on the <i>Install Certificate</i> button below.
+For other web browsers, click on <a href="DownloadCertificateServlet?csrId=<%=csrId%>">this link</a>.
+<form>
+ <input type="button" value="Install Certificate" onClick="Install_Onclick()"/>
+</form>
+
+<br><b>Base64 encoded Certificate Text</b>
+<br>
+<form name="installForm">
+ <textarea name="cert" rows="10" cols="80" READONLY><%=base64Cert%></textarea>
+</form>
+
+ <table border="0">
+ <tr>
+ <th colspan="2" align="left">Certificate Details</th>
+ </tr>
+ <tr>
+ <th align="right">Finger Prints</th>
+ <td>SHA1 <%=fpSHA1%> <br>MD5 <%=fpMD5%></td>
+ </tr>
+ <tr>
+ <th align="right">Version:</th>
+ <td>${cert.version}</td>
+ </tr>
+ <tr>
+ <th align="right">Subject:</th>
+ <td>${cert.subjectDN.name}</td>
+ </tr>
+ <tr>
+ <th align="right">Issuer:</th>
+ <td>${cert.issuerDN.name}</td>
+ </tr>
+ <tr>
+ <th align="right">Serial Number:</th>
+ <td>${cert.serialNumber}</td>
+ </tr>
+ <tr>
+ <th align="right">Valid From:</th>
+ <td>${cert.notBefore}</td>
+ </tr>
+ <tr>
+ <th align="right">Valid To:</th>
+ <td>${cert.notAfter}</td>
+ </tr>
+ <tr>
+ <th align="right">Signature Alg:</th>
+ <td>${cert.sigAlgName}</td>
+ </tr>
+ <tr>
+ <th align="right">Public Key Alg:</th>
+ <td>${cert.publicKey.algorithm}</td>
+ </tr>
+ <tr>
+ <th align="right" valign="top">cert.toString()</th>
+ <td><pre>${cert}</pre></td>
+ </tr>
+ </table>
+<%}%>
+<br><a href="<%=request.getContextPath()%>">Back to CA Helper home</a>
+
+</body>
+</html>
Propchange: geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/branches/2.0.2/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: geronimo/server/branches/2.0.2/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0.2/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0.2/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java (original)
+++ geronimo/server/branches/2.0.2/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java Mon Oct 8 14:31:46 2007
@@ -69,6 +69,7 @@
public static final String CERT_HEADER = "-----BEGIN CERTIFICATE-----";
public static final String CERT_FOOTER = "-----END CERTIFICATE-----";
public static final String CERT_REQ_HEADER = "-----BEGIN CERTIFICATE REQUEST-----";
+ public static final String CERT_REQ_FOOTER = "-----END CERTIFICATE REQUEST-----";
public static final int B64_LINE_SIZE = 76;
public static final String CERT_REQ_SUBJECT = "subject";
public static final String CERT_REQ_PUBLICKEY = "publickey";
Modified: geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java (original)
+++ geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java Mon Oct 8 14:31:46 2007
@@ -19,6 +19,7 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.PrintStream;
import java.util.Properties;
import javax.servlet.ServletException;
@@ -26,6 +27,7 @@
import javax.servlet.http.HttpServletResponse;
import org.apache.geronimo.ca.helper.util.CAHelperUtils;
+import org.apache.geronimo.util.CaUtils;
/**
* Servlet implementation class for Servlet: CertificateRequestServlet
@@ -59,27 +61,44 @@
String reqST = request.getParameter("reqST");
String reqC = request.getParameter("reqC");
String spkac = request.getParameter("spkac");
+ String pkcs10req = request.getParameter("pkcs10req");
- if(spkac == null || spkac.equals("")) {
- // browser did not generate SignedPublicKeyAndChallenge
- throw new ServletException("Browser did not generate SignedPublicKeyAndChallenge. Resubmit your certificate request.");
+ String toStore = null;
+ if(pkcs10req != null && !pkcs10req.equals("")) {
+ // Either generated from Internet Explorer or submitted as PKCS10 request
+ if(!pkcs10req.startsWith(CaUtils.CERT_REQ_HEADER)) {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ PrintStream out = new PrintStream(baos);
+ out.println(CaUtils.CERT_REQ_HEADER);
+ out.println(pkcs10req.trim());
+ out.println(CaUtils.CERT_REQ_FOOTER);
+ out.close();
+ toStore = baos.toString();
+ } else {
+ toStore = pkcs10req;
+ }
+ } else if(spkac != null && !spkac.equals("")) {
+ // Received from a web browser that supports KEYGEN tag
+ // Create a Properties object with user supplied values
+ Properties csrProps = new Properties();
+ csrProps.setProperty("CN", reqCN);
+ csrProps.setProperty("OU", reqOU);
+ csrProps.setProperty("O", reqO);
+ csrProps.setProperty("L", reqL);
+ csrProps.setProperty("ST", reqST);
+ csrProps.setProperty("C", reqC);
+ csrProps.setProperty("SPKAC", spkac);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ csrProps.store(baos, "Request received through CA Helper Application");
+ baos.close();
+ toStore = baos.toString();
+ } else {
+ // Did not receive a SignedPublicKeyAndChallenge or a PKCS10 Cerificate Request
+ throw new ServletException("Did not receive a SignedPublicKeyAndChallenge or a PKCS10 Cerificate Request. Resubmit your certificate request.");
}
- // Create a Properties object with user supplied values
- Properties csrProps = new Properties();
- csrProps.setProperty("CN", reqCN);
- csrProps.setProperty("OU", reqOU);
- csrProps.setProperty("O", reqO);
- csrProps.setProperty("L", reqL);
- csrProps.setProperty("ST", reqST);
- csrProps.setProperty("C", reqC);
- csrProps.setProperty("SPKAC", spkac);
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- csrProps.store(baos, "Request received through CA Helper Application");
- baos.close();
// Store the CSR in the Certificate Request Store.
- String csrId = CAHelperUtils.getCertificateRequestStore().storeRequest(null, baos.toString());
+ String csrId = CAHelperUtils.getCertificateRequestStore().storeRequest(null, toStore);
// Display the CSR Id to the user and confirm the receipt of CSR
request.setAttribute("id", csrId);
Modified: geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp (original)
+++ geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp Mon Oct 8 14:31:46 2007
@@ -14,6 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
@@ -34,6 +37,7 @@
<body>
<h2>Request Certificate: Confirm and Submit Request</h2>
+<div id="Non-IE-Content" style="display:none">
<p>This is step 2 of 2 in requesting your certificate. Please review your name details and select the keysize for
your keypair. Upon clicking the <i>Submit Certificate Request</i> button, your certificate request will be generated
and sent to the CA for further processing.</p>
@@ -92,6 +96,123 @@
<input type="submit" value="Submit Certificate Request"/>
<input type="reset" name="reset" value="Reset"/>
</form>
+<%--Non-IE Content ends here --%>
+</div>
+
+<div id="IE-Content" style="display:none">
+<p> This is step 2 of 2 in requesting your certificate. Please review your name details.
+ Upon clicking the <i>Submit Certificate Request</i> button, your certificate request will be generated
+ and sent to the CA for further processing.</p>
+
+<%-- ActiveX Control to generate PKCS10 request in Internet Explorer --%>
+<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ codebase="xenroll.dll"
+ id="newCertHelper">
+</object>
+
+<%-- VBScript to generate a PKCS10 request in Internet Explorer --%>
+<SCRIPT language="VBScript">
+<!--
+Sub GenerateReq
+ ' Distinguished name variable.
+ Dim strDN
+
+ ' Request Variable.
+ Dim strReq
+
+ ' Request Disposition.
+ Dim nDisp
+
+ ' Enable error handling.
+ On Error Resume Next
+
+ ' Constants For CertRequest object.
+ const CR_IN_BASE64 = &H1
+ const CR_IN_PKCS10 = &H100
+
+ ' Build the DN.
+ strDN = "CN="&document.Confirmform.reqCN.value _
+ &",OU="&document.Confirmform.reqOU.value _
+ &",O="&document.Confirmform.reqO.value _
+ &",L="&document.Confirmform.reqL.value _
+ &",ST="&document.Confirmform.reqST.value _
+ &",C="&document.Confirmform.reqC.value _
+ '&",CC=ask"
+ ' Attempt to use the control, in this case, to create a PKCS #10.
+ strReq = newCertHelper.CreatePKCS10(strDN, " ")
+ ' If above line failed, Err.Number will not be 0.
+ if ( Err.Number <> 0 ) then
+ MsgBox("Error in call to createPKCS10 " & Err.Number)
+ err.clear
+ return
+ else
+ document.Confirmform.pkcs10req.value = strReq
+ end if
+ document.Confirmform.submit()
+End Sub
+-->
+</SCRIPT>
+
+<form name="Confirmform" action="CertificateRequestServlet" method="post">
+ <table border="0">
+ <tr>
+ <th align="right">Common Name (CN):</th>
+ <td>
+ <input type="hidden" name="reqCN" value="<%=reqCN%>"/> <%=reqCN%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Division/Business Unit (OU):</th>
+ <td>
+ <input type="hidden" name="reqOU" value="<%=reqOU%>"/> <%=reqOU%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Company/Organization (O):</th>
+ <td>
+ <input type="hidden" name="reqO" value="<%=reqO%>"/> <%=reqO%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">City/Locality (L):</th>
+ <td>
+ <input type="hidden" name="reqL" value="<%=reqL%>"/> <%=reqL%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">State/Province (ST):</th>
+ <td>
+ <input type="hidden" name="reqST" value="<%=reqST%>"/> <%=reqST%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Country Code (2 char) (C):</th>
+ <td>
+ <input type="hidden" name="reqC" value="<%=reqC%>"/> <%=reqC%>
+ <input type="hidden" name="pkcs10req"> <%-- This hidden field stores the pkcs10 request --%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Challenge Phrase:</th>
+ <td>
+ Not Supported for IE
+ </td>
+ </tr>
+ </table>
+ <input type="button" value="Submit Certificate Request" onClick="GenerateReq()"/>
+</form>
+<%-- IE Content ends here --%>
+</div>
+
+<!-- The following is used to detect if the browser supports KEYGEN tag and disply only the relevant form -->
+<div style="display:none"><form name='keygentest'><keygen name="test"/></form></div>
+<SCRIPT language="JavaScript">
+if(document.keygentest.elements.length == 0)
+ document.getElementById('IE-Content').style.display = 'block'
+else
+ document.getElementById('Non-IE-Content').style.display = 'block'
+</SCRIPT>
+
<a href="<%=request.getContextPath()%>">Cancel</a>
</body>
</html>
Modified: geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp (original)
+++ geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp Mon Oct 8 14:31:46 2007
@@ -14,13 +14,21 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page import="java.security.cert.X509Certificate" %>
<%@ page import="org.apache.geronimo.ca.helper.util.CAHelperUtils"%>
+<%@ page import="org.apache.geronimo.util.CaUtils"%>
+<%@ page import="org.apache.geronimo.util.CertificateUtil"%>
<%
X509Certificate cert = (X509Certificate) CAHelperUtils.getCertificateStore().getCACertificate();
request.setAttribute("cert", cert);
+ String base64Cert = CaUtils.base64Certificate(cert);
+ String fpSHA1 = CertificateUtil.generateFingerprint(cert, "SHA1");
+ String fpMD5 = CertificateUtil.generateFingerprint(cert, "MD5");
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
@@ -30,16 +38,55 @@
</head>
<body>
<h2>Download CA's Certificate</h2>
-<p>This page enables you to download and install CA's certificate into your web browser. Click on the link below to
-download and install CA's certificate.</p>
+<p>This page enables you to download and install CA's certificate into your web browser.</p>
+
+<SCRIPT LANGUAGE="VBScript">
+<!--
+Sub Install_Onclick
+ certificate = document.installForm.caCert.value
+ On Error Resume Next
+ Dim Enroll
+
+ Set Enroll = CreateObject("CEnroll.CEnroll.2")
+ if ( (Err.Number = 438) OR (Err.Number = 429) ) Then
+ Err.Clear
+ Set Enroll = CreateObject("CEnroll.CEnroll.1")
+ End If
+ if Err.Number <> 0 then
+ MsgBox("Error in creating CEnroll object. error:" & Hex(err))
+ Else
+ Call Enroll.installPKCS7(certificate)
+ If err.Number <> 0 then
+ MsgBox("Certificate installation failed. error: "& Hex(err))
+ Else
+ MsgBox("CA Certificate installed sucessfully")
+ End if
+ End If
+End sub
+-->
+</SCRIPT>
-<a href="DownloadCertificateServlet?type=ca">Download CA's Certificate</a> <a href="<%=request.getContextPath()%>">Back to CA Helper home</a>
+To install CA's certificate into Internet Explorer, click on the <i>Install CA's Certificate</i> button below.
+For other web browsers, click on <a href="DownloadCertificateServlet?type=ca">this link</a>.
+<form>
+ <input type="button" value="Install CA's Certificate" onClick="Install_Onclick()"/>
+</form>
+
+<br><b>Base64 encoded Certificate Text</b>
+<br>
+<form name="installForm">
+ <textarea name="cacert" rows="10" cols="80" READONLY><%=base64Cert%></textarea>
+</form>
<table border="0">
<tr>
<th colspan="2" align="left">Certificate Details</th>
</tr>
<tr>
+ <th align="right">Finger Prints</th>
+ <td>SHA1 <%=fpSHA1%> <br>MD5 <%=fpMD5%></td>
+ </tr>
+ <tr>
<th align="right">Version:</th>
<td>${cert.version}</td>
</tr>
@@ -76,6 +123,8 @@
<td><pre>${cert}</pre></td>
</tr>
</table>
+
+<br><a href="<%=request.getContextPath()%>">Back to CA Helper home</a>
</body>
</html>
Modified: geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp (original)
+++ geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp Mon Oct 8 14:31:46 2007
@@ -14,6 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
@@ -34,11 +37,11 @@
</script>
</head>
<body>
-<h2>Download Certificate</h2>
-<p>This page enables you to download and install certificate issued to you by the CA. Before installing your certificate,
-install the CA's certificate in your web browser by clicking on the <a href="DownloadCertificateServlet?type=ca"> this link</a>.</p>
+<h2>Download Personal Certificate</h2>
+<p>This page enables you to download and install a certificate issued to you by the CA. Before installing your personal certificate,
+install the CA's certificate in your web browser by visiting <a href="downloadCACertificate.jsp">this link</a>.</p>
-<form action="DownloadCertificateServlet" method="post">
+<form action="installPersonalCertificate.jsp" method="post">
<table border="0">
<tr>
<th align="right">CSR Id:</th>
Modified: geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/index.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/index.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/index.jsp (original)
+++ geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/index.jsp Mon Oct 8 14:31:46 2007
@@ -14,6 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
@@ -32,32 +35,22 @@
<p>Welcome to CA Helper application. <p>
<%if(certReqStore == null) {%>
-<p>A ceritificate request store is not available. Application can not receive Certificate Signing Requests.</p>
+<p>A certificate request store is not available. Application can not receive Certificate Signing Requests.</p>
<%}%>
<%if(certStore == null) {%>
-<p>A ceritificate store is not available. Application can not upload certificates.</p>
+<p>A certificate store is not available. Application can not upload certificates.</p>
<%}%>
<%if(certReqStore == null || certStore == null) {%>
<p>Please contact the system administrator.</p>
<%} else {%>
-<!-- The following is used to detect if the browser supports KEYGEN tag -->
-<div style="display:none"><form name='keygentest'><keygen name="test"/></form></div>
-<script>
-if(document.keygentest.elements.length == 0) {
- document.write('Your browser does not support KEYGEN tag. This application requires a browser that supports KEYGEN.');
-} else {
- document.write('<p>This application allows you to submit certificate requests, download and install certificates issued by the CA.</p>');
- document.write(
- '<table border="0">'+
- '<tr>'+
- '<td> <a href="requestCertificate.jsp">Request Certificate</a> </td>'+
- '<td> <a href="downloadCertificate.jsp">Download your Certificate</a> </td>'+
- '<td> <a href="downloadCACertificate.jsp">Download CA Certificate</a> </td>'+
- '</tr>'+
- '</table>'
- )
-}
-</script>
+<p>This application allows you to submit certificate requests, download and install certificates issued by the CA.</p>
+<table border="0">
+ <tr>
+ <td> <a href="requestCertificate.jsp">Request Certificate</a> </td>
+ <td> <a href="downloadCertificate.jsp">Download your Certificate</a> </td>
+ <td> <a href="downloadCACertificate.jsp">Download CA Certificate</a> </td>
+ </tr>
+</table>
<%}%>
</body>
</html>
Added: geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp?rev=582981&view=auto
==============================================================================
--- geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp (added)
+++ geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp Mon Oct 8 14:31:46 2007
@@ -0,0 +1,144 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+
+<%-- $Rev$ $Date$ --%>
+
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<%@ page import="java.security.cert.Certificate" %>
+<%@ page import="org.apache.geronimo.ca.helper.util.CAHelperUtils"%>
+<%@ page import="org.apache.geronimo.util.CaUtils"%>
+<%@ page import="org.apache.geronimo.util.CertificateUtil"%>
+<%@ page import="org.apache.geronimo.management.geronimo.*"%>
+<%@ page import="java.math.BigInteger"%>
+<%
+ String csrId = request.getParameter("csrId");
+ CertificateRequestStore certReqStore = CAHelperUtils.getCertificateRequestStore();
+ BigInteger sNo = certReqStore.getSerialNumberForRequest(csrId);
+ String base64Cert = null;
+ String fpSHA1 = null;
+ String fpMD5 = null;
+ if(sNo != null) {
+ CertificateStore certStore = CAHelperUtils.getCertificateStore();
+ Certificate cert = certStore.getCertificate(sNo);
+ request.setAttribute("cert", cert);
+ base64Cert = CaUtils.base64Certificate(cert);
+ fpSHA1 = CertificateUtil.generateFingerprint(cert, "SHA1");
+ fpMD5 = CertificateUtil.generateFingerprint(cert, "MD5");
+ }
+%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Install Personal Certificate</title>
+</head>
+<body>
+<h2>Install Personal Certificate</h2>
+<p>This page enables you to download and install a personal certificate into your web browser.</p>
+
+<%if(sNo == null) {%>
+Either the CSR is yet to be fulfilled or the csrId <%=csrId%> is invalid.
+<%} else {%>
+<SCRIPT LANGUAGE="VBScript">
+<!--
+Sub Install_Onclick
+ certificate = document.installForm.cert.value
+ On Error Resume Next
+ Dim Enroll
+
+ Set Enroll = CreateObject("CEnroll.CEnroll.2")
+ if ( (Err.Number = 438) OR (Err.Number = 429) ) Then
+ Err.Clear
+ Set Enroll = CreateObject("CEnroll.CEnroll.1")
+ End If
+ if Err.Number <> 0 then
+ MsgBox("Error in creating CEnroll object. error:" & Hex(err))
+ Else
+ Call Enroll.acceptPKCS7(certificate)
+ If err.Number <> 0 then
+ MsgBox("Certificate installation failed. error: "& Hex(err))
+ Else
+ MsgBox("Certificate installed sucessfully")
+ End if
+ End If
+End sub
+-->
+</SCRIPT>
+
+To install your certificate into Internet Explorer, click on the <i>Install Certificate</i> button below.
+For other web browsers, click on <a href="DownloadCertificateServlet?csrId=<%=csrId%>">this link</a>.
+<form>
+ <input type="button" value="Install Certificate" onClick="Install_Onclick()"/>
+</form>
+
+<br><b>Base64 encoded Certificate Text</b>
+<br>
+<form name="installForm">
+ <textarea name="cert" rows="10" cols="80" READONLY><%=base64Cert%></textarea>
+</form>
+
+ <table border="0">
+ <tr>
+ <th colspan="2" align="left">Certificate Details</th>
+ </tr>
+ <tr>
+ <th align="right">Finger Prints</th>
+ <td>SHA1 <%=fpSHA1%> <br>MD5 <%=fpMD5%></td>
+ </tr>
+ <tr>
+ <th align="right">Version:</th>
+ <td>${cert.version}</td>
+ </tr>
+ <tr>
+ <th align="right">Subject:</th>
+ <td>${cert.subjectDN.name}</td>
+ </tr>
+ <tr>
+ <th align="right">Issuer:</th>
+ <td>${cert.issuerDN.name}</td>
+ </tr>
+ <tr>
+ <th align="right">Serial Number:</th>
+ <td>${cert.serialNumber}</td>
+ </tr>
+ <tr>
+ <th align="right">Valid From:</th>
+ <td>${cert.notBefore}</td>
+ </tr>
+ <tr>
+ <th align="right">Valid To:</th>
+ <td>${cert.notAfter}</td>
+ </tr>
+ <tr>
+ <th align="right">Signature Alg:</th>
+ <td>${cert.sigAlgName}</td>
+ </tr>
+ <tr>
+ <th align="right">Public Key Alg:</th>
+ <td>${cert.publicKey.algorithm}</td>
+ </tr>
+ <tr>
+ <th align="right" valign="top">cert.toString()</th>
+ <td><pre>${cert}</pre></td>
+ </tr>
+ </table>
+<%}%>
+<br><a href="<%=request.getContextPath()%>">Back to CA Helper home</a>
+
+</body>
+</html>
Propchange: geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/branches/2.0/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: geronimo/server/branches/2.0/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java (original)
+++ geronimo/server/branches/2.0/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java Mon Oct 8 14:31:46 2007
@@ -69,6 +69,7 @@
public static final String CERT_HEADER = "-----BEGIN CERTIFICATE-----";
public static final String CERT_FOOTER = "-----END CERTIFICATE-----";
public static final String CERT_REQ_HEADER = "-----BEGIN CERTIFICATE REQUEST-----";
+ public static final String CERT_REQ_FOOTER = "-----END CERTIFICATE REQUEST-----";
public static final int B64_LINE_SIZE = 76;
public static final String CERT_REQ_SUBJECT = "subject";
public static final String CERT_REQ_PUBLICKEY = "publickey";
Modified: geronimo/server/trunk/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/trunk/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java (original)
+++ geronimo/server/trunk/applications/geronimo-ca-helper/src/main/java/org/apache/geronimo/ca/helper/CertificateRequestServlet.java Mon Oct 8 14:31:46 2007
@@ -19,6 +19,7 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.PrintStream;
import java.util.Properties;
import javax.servlet.ServletException;
@@ -26,6 +27,7 @@
import javax.servlet.http.HttpServletResponse;
import org.apache.geronimo.ca.helper.util.CAHelperUtils;
+import org.apache.geronimo.util.CaUtils;
/**
* Servlet implementation class for Servlet: CertificateRequestServlet
@@ -59,27 +61,44 @@
String reqST = request.getParameter("reqST");
String reqC = request.getParameter("reqC");
String spkac = request.getParameter("spkac");
+ String pkcs10req = request.getParameter("pkcs10req");
- if(spkac == null || spkac.equals("")) {
- // browser did not generate SignedPublicKeyAndChallenge
- throw new ServletException("Browser did not generate SignedPublicKeyAndChallenge. Resubmit your certificate request.");
+ String toStore = null;
+ if(pkcs10req != null && !pkcs10req.equals("")) {
+ // Either generated from Internet Explorer or submitted as PKCS10 request
+ if(!pkcs10req.startsWith(CaUtils.CERT_REQ_HEADER)) {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ PrintStream out = new PrintStream(baos);
+ out.println(CaUtils.CERT_REQ_HEADER);
+ out.println(pkcs10req.trim());
+ out.println(CaUtils.CERT_REQ_FOOTER);
+ out.close();
+ toStore = baos.toString();
+ } else {
+ toStore = pkcs10req;
+ }
+ } else if(spkac != null && !spkac.equals("")) {
+ // Received from a web browser that supports KEYGEN tag
+ // Create a Properties object with user supplied values
+ Properties csrProps = new Properties();
+ csrProps.setProperty("CN", reqCN);
+ csrProps.setProperty("OU", reqOU);
+ csrProps.setProperty("O", reqO);
+ csrProps.setProperty("L", reqL);
+ csrProps.setProperty("ST", reqST);
+ csrProps.setProperty("C", reqC);
+ csrProps.setProperty("SPKAC", spkac);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ csrProps.store(baos, "Request received through CA Helper Application");
+ baos.close();
+ toStore = baos.toString();
+ } else {
+ // Did not receive a SignedPublicKeyAndChallenge or a PKCS10 Cerificate Request
+ throw new ServletException("Did not receive a SignedPublicKeyAndChallenge or a PKCS10 Cerificate Request. Resubmit your certificate request.");
}
- // Create a Properties object with user supplied values
- Properties csrProps = new Properties();
- csrProps.setProperty("CN", reqCN);
- csrProps.setProperty("OU", reqOU);
- csrProps.setProperty("O", reqO);
- csrProps.setProperty("L", reqL);
- csrProps.setProperty("ST", reqST);
- csrProps.setProperty("C", reqC);
- csrProps.setProperty("SPKAC", spkac);
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- csrProps.store(baos, "Request received through CA Helper Application");
- baos.close();
// Store the CSR in the Certificate Request Store.
- String csrId = CAHelperUtils.getCertificateRequestStore().storeRequest(null, baos.toString());
+ String csrId = CAHelperUtils.getCertificateRequestStore().storeRequest(null, toStore);
// Display the CSR Id to the user and confirm the receipt of CSR
request.setAttribute("id", csrId);
Modified: geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp (original)
+++ geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/confirmRequest.jsp Mon Oct 8 14:31:46 2007
@@ -14,6 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
@@ -34,6 +37,7 @@
<body>
<h2>Request Certificate: Confirm and Submit Request</h2>
+<div id="Non-IE-Content" style="display:none">
<p>This is step 2 of 2 in requesting your certificate. Please review your name details and select the keysize for
your keypair. Upon clicking the <i>Submit Certificate Request</i> button, your certificate request will be generated
and sent to the CA for further processing.</p>
@@ -92,6 +96,123 @@
<input type="submit" value="Submit Certificate Request"/>
<input type="reset" name="reset" value="Reset"/>
</form>
+<%--Non-IE Content ends here --%>
+</div>
+
+<div id="IE-Content" style="display:none">
+<p> This is step 2 of 2 in requesting your certificate. Please review your name details.
+ Upon clicking the <i>Submit Certificate Request</i> button, your certificate request will be generated
+ and sent to the CA for further processing.</p>
+
+<%-- ActiveX Control to generate PKCS10 request in Internet Explorer --%>
+<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ codebase="xenroll.dll"
+ id="newCertHelper">
+</object>
+
+<%-- VBScript to generate a PKCS10 request in Internet Explorer --%>
+<SCRIPT language="VBScript">
+<!--
+Sub GenerateReq
+ ' Distinguished name variable.
+ Dim strDN
+
+ ' Request Variable.
+ Dim strReq
+
+ ' Request Disposition.
+ Dim nDisp
+
+ ' Enable error handling.
+ On Error Resume Next
+
+ ' Constants For CertRequest object.
+ const CR_IN_BASE64 = &H1
+ const CR_IN_PKCS10 = &H100
+
+ ' Build the DN.
+ strDN = "CN="&document.Confirmform.reqCN.value _
+ &",OU="&document.Confirmform.reqOU.value _
+ &",O="&document.Confirmform.reqO.value _
+ &",L="&document.Confirmform.reqL.value _
+ &",ST="&document.Confirmform.reqST.value _
+ &",C="&document.Confirmform.reqC.value _
+ '&",CC=ask"
+ ' Attempt to use the control, in this case, to create a PKCS #10.
+ strReq = newCertHelper.CreatePKCS10(strDN, " ")
+ ' If above line failed, Err.Number will not be 0.
+ if ( Err.Number <> 0 ) then
+ MsgBox("Error in call to createPKCS10 " & Err.Number)
+ err.clear
+ return
+ else
+ document.Confirmform.pkcs10req.value = strReq
+ end if
+ document.Confirmform.submit()
+End Sub
+-->
+</SCRIPT>
+
+<form name="Confirmform" action="CertificateRequestServlet" method="post">
+ <table border="0">
+ <tr>
+ <th align="right">Common Name (CN):</th>
+ <td>
+ <input type="hidden" name="reqCN" value="<%=reqCN%>"/> <%=reqCN%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Division/Business Unit (OU):</th>
+ <td>
+ <input type="hidden" name="reqOU" value="<%=reqOU%>"/> <%=reqOU%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Company/Organization (O):</th>
+ <td>
+ <input type="hidden" name="reqO" value="<%=reqO%>"/> <%=reqO%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">City/Locality (L):</th>
+ <td>
+ <input type="hidden" name="reqL" value="<%=reqL%>"/> <%=reqL%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">State/Province (ST):</th>
+ <td>
+ <input type="hidden" name="reqST" value="<%=reqST%>"/> <%=reqST%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Country Code (2 char) (C):</th>
+ <td>
+ <input type="hidden" name="reqC" value="<%=reqC%>"/> <%=reqC%>
+ <input type="hidden" name="pkcs10req"> <%-- This hidden field stores the pkcs10 request --%>
+ </td>
+ </tr>
+ <tr>
+ <th align="right">Challenge Phrase:</th>
+ <td>
+ Not Supported for IE
+ </td>
+ </tr>
+ </table>
+ <input type="button" value="Submit Certificate Request" onClick="GenerateReq()"/>
+</form>
+<%-- IE Content ends here --%>
+</div>
+
+<!-- The following is used to detect if the browser supports KEYGEN tag and disply only the relevant form -->
+<div style="display:none"><form name='keygentest'><keygen name="test"/></form></div>
+<SCRIPT language="JavaScript">
+if(document.keygentest.elements.length == 0)
+ document.getElementById('IE-Content').style.display = 'block'
+else
+ document.getElementById('Non-IE-Content').style.display = 'block'
+</SCRIPT>
+
<a href="<%=request.getContextPath()%>">Cancel</a>
</body>
</html>
Modified: geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp (original)
+++ geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/downloadCACertificate.jsp Mon Oct 8 14:31:46 2007
@@ -14,13 +14,21 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page import="java.security.cert.X509Certificate" %>
<%@ page import="org.apache.geronimo.ca.helper.util.CAHelperUtils"%>
+<%@ page import="org.apache.geronimo.util.CaUtils"%>
+<%@ page import="org.apache.geronimo.util.CertificateUtil"%>
<%
X509Certificate cert = (X509Certificate) CAHelperUtils.getCertificateStore().getCACertificate();
request.setAttribute("cert", cert);
+ String base64Cert = CaUtils.base64Certificate(cert);
+ String fpSHA1 = CertificateUtil.generateFingerprint(cert, "SHA1");
+ String fpMD5 = CertificateUtil.generateFingerprint(cert, "MD5");
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
@@ -30,16 +38,55 @@
</head>
<body>
<h2>Download CA's Certificate</h2>
-<p>This page enables you to download and install CA's certificate into your web browser. Click on the link below to
-download and install CA's certificate.</p>
+<p>This page enables you to download and install CA's certificate into your web browser.</p>
+
+<SCRIPT LANGUAGE="VBScript">
+<!--
+Sub Install_Onclick
+ certificate = document.installForm.caCert.value
+ On Error Resume Next
+ Dim Enroll
+
+ Set Enroll = CreateObject("CEnroll.CEnroll.2")
+ if ( (Err.Number = 438) OR (Err.Number = 429) ) Then
+ Err.Clear
+ Set Enroll = CreateObject("CEnroll.CEnroll.1")
+ End If
+ if Err.Number <> 0 then
+ MsgBox("Error in creating CEnroll object. error:" & Hex(err))
+ Else
+ Call Enroll.installPKCS7(certificate)
+ If err.Number <> 0 then
+ MsgBox("Certificate installation failed. error: "& Hex(err))
+ Else
+ MsgBox("CA Certificate installed sucessfully")
+ End if
+ End If
+End sub
+-->
+</SCRIPT>
-<a href="DownloadCertificateServlet?type=ca">Download CA's Certificate</a> <a href="<%=request.getContextPath()%>">Back to CA Helper home</a>
+To install CA's certificate into Internet Explorer, click on the <i>Install CA's Certificate</i> button below.
+For other web browsers, click on <a href="DownloadCertificateServlet?type=ca">this link</a>.
+<form>
+ <input type="button" value="Install CA's Certificate" onClick="Install_Onclick()"/>
+</form>
+
+<br><b>Base64 encoded Certificate Text</b>
+<br>
+<form name="installForm">
+ <textarea name="cacert" rows="10" cols="80" READONLY><%=base64Cert%></textarea>
+</form>
<table border="0">
<tr>
<th colspan="2" align="left">Certificate Details</th>
</tr>
<tr>
+ <th align="right">Finger Prints</th>
+ <td>SHA1 <%=fpSHA1%> <br>MD5 <%=fpMD5%></td>
+ </tr>
+ <tr>
<th align="right">Version:</th>
<td>${cert.version}</td>
</tr>
@@ -76,6 +123,8 @@
<td><pre>${cert}</pre></td>
</tr>
</table>
+
+<br><a href="<%=request.getContextPath()%>">Back to CA Helper home</a>
</body>
</html>
Modified: geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp (original)
+++ geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/downloadCertificate.jsp Mon Oct 8 14:31:46 2007
@@ -14,6 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
@@ -34,11 +37,11 @@
</script>
</head>
<body>
-<h2>Download Certificate</h2>
-<p>This page enables you to download and install certificate issued to you by the CA. Before installing your certificate,
-install the CA's certificate in your web browser by clicking on the <a href="DownloadCertificateServlet?type=ca"> this link</a>.</p>
+<h2>Download Personal Certificate</h2>
+<p>This page enables you to download and install a certificate issued to you by the CA. Before installing your personal certificate,
+install the CA's certificate in your web browser by visiting <a href="downloadCACertificate.jsp">this link</a>.</p>
-<form action="DownloadCertificateServlet" method="post">
+<form action="installPersonalCertificate.jsp" method="post">
<table border="0">
<tr>
<th align="right">CSR Id:</th>
Modified: geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/index.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/index.jsp?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/index.jsp (original)
+++ geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/index.jsp Mon Oct 8 14:31:46 2007
@@ -14,6 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+
+<%-- $Rev$ $Date$ --%>
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
@@ -32,32 +35,22 @@
<p>Welcome to CA Helper application. <p>
<%if(certReqStore == null) {%>
-<p>A ceritificate request store is not available. Application can not receive Certificate Signing Requests.</p>
+<p>A certificate request store is not available. Application can not receive Certificate Signing Requests.</p>
<%}%>
<%if(certStore == null) {%>
-<p>A ceritificate store is not available. Application can not upload certificates.</p>
+<p>A certificate store is not available. Application can not upload certificates.</p>
<%}%>
<%if(certReqStore == null || certStore == null) {%>
<p>Please contact the system administrator.</p>
<%} else {%>
-<!-- The following is used to detect if the browser supports KEYGEN tag -->
-<div style="display:none"><form name='keygentest'><keygen name="test"/></form></div>
-<script>
-if(document.keygentest.elements.length == 0) {
- document.write('Your browser does not support KEYGEN tag. This application requires a browser that supports KEYGEN.');
-} else {
- document.write('<p>This application allows you to submit certificate requests, download and install certificates issued by the CA.</p>');
- document.write(
- '<table border="0">'+
- '<tr>'+
- '<td> <a href="requestCertificate.jsp">Request Certificate</a> </td>'+
- '<td> <a href="downloadCertificate.jsp">Download your Certificate</a> </td>'+
- '<td> <a href="downloadCACertificate.jsp">Download CA Certificate</a> </td>'+
- '</tr>'+
- '</table>'
- )
-}
-</script>
+<p>This application allows you to submit certificate requests, download and install certificates issued by the CA.</p>
+<table border="0">
+ <tr>
+ <td> <a href="requestCertificate.jsp">Request Certificate</a> </td>
+ <td> <a href="downloadCertificate.jsp">Download your Certificate</a> </td>
+ <td> <a href="downloadCACertificate.jsp">Download CA Certificate</a> </td>
+ </tr>
+</table>
<%}%>
</body>
</html>
Added: geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp?rev=582981&view=auto
==============================================================================
--- geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp (added)
+++ geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp Mon Oct 8 14:31:46 2007
@@ -0,0 +1,144 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+
+<%-- $Rev$ $Date$ --%>
+
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<%@ page import="java.security.cert.Certificate" %>
+<%@ page import="org.apache.geronimo.ca.helper.util.CAHelperUtils"%>
+<%@ page import="org.apache.geronimo.util.CaUtils"%>
+<%@ page import="org.apache.geronimo.util.CertificateUtil"%>
+<%@ page import="org.apache.geronimo.management.geronimo.*"%>
+<%@ page import="java.math.BigInteger"%>
+<%
+ String csrId = request.getParameter("csrId");
+ CertificateRequestStore certReqStore = CAHelperUtils.getCertificateRequestStore();
+ BigInteger sNo = certReqStore.getSerialNumberForRequest(csrId);
+ String base64Cert = null;
+ String fpSHA1 = null;
+ String fpMD5 = null;
+ if(sNo != null) {
+ CertificateStore certStore = CAHelperUtils.getCertificateStore();
+ Certificate cert = certStore.getCertificate(sNo);
+ request.setAttribute("cert", cert);
+ base64Cert = CaUtils.base64Certificate(cert);
+ fpSHA1 = CertificateUtil.generateFingerprint(cert, "SHA1");
+ fpMD5 = CertificateUtil.generateFingerprint(cert, "MD5");
+ }
+%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Install Personal Certificate</title>
+</head>
+<body>
+<h2>Install Personal Certificate</h2>
+<p>This page enables you to download and install a personal certificate into your web browser.</p>
+
+<%if(sNo == null) {%>
+Either the CSR is yet to be fulfilled or the csrId <%=csrId%> is invalid.
+<%} else {%>
+<SCRIPT LANGUAGE="VBScript">
+<!--
+Sub Install_Onclick
+ certificate = document.installForm.cert.value
+ On Error Resume Next
+ Dim Enroll
+
+ Set Enroll = CreateObject("CEnroll.CEnroll.2")
+ if ( (Err.Number = 438) OR (Err.Number = 429) ) Then
+ Err.Clear
+ Set Enroll = CreateObject("CEnroll.CEnroll.1")
+ End If
+ if Err.Number <> 0 then
+ MsgBox("Error in creating CEnroll object. error:" & Hex(err))
+ Else
+ Call Enroll.acceptPKCS7(certificate)
+ If err.Number <> 0 then
+ MsgBox("Certificate installation failed. error: "& Hex(err))
+ Else
+ MsgBox("Certificate installed sucessfully")
+ End if
+ End If
+End sub
+-->
+</SCRIPT>
+
+To install your certificate into Internet Explorer, click on the <i>Install Certificate</i> button below.
+For other web browsers, click on <a href="DownloadCertificateServlet?csrId=<%=csrId%>">this link</a>.
+<form>
+ <input type="button" value="Install Certificate" onClick="Install_Onclick()"/>
+</form>
+
+<br><b>Base64 encoded Certificate Text</b>
+<br>
+<form name="installForm">
+ <textarea name="cert" rows="10" cols="80" READONLY><%=base64Cert%></textarea>
+</form>
+
+ <table border="0">
+ <tr>
+ <th colspan="2" align="left">Certificate Details</th>
+ </tr>
+ <tr>
+ <th align="right">Finger Prints</th>
+ <td>SHA1 <%=fpSHA1%> <br>MD5 <%=fpMD5%></td>
+ </tr>
+ <tr>
+ <th align="right">Version:</th>
+ <td>${cert.version}</td>
+ </tr>
+ <tr>
+ <th align="right">Subject:</th>
+ <td>${cert.subjectDN.name}</td>
+ </tr>
+ <tr>
+ <th align="right">Issuer:</th>
+ <td>${cert.issuerDN.name}</td>
+ </tr>
+ <tr>
+ <th align="right">Serial Number:</th>
+ <td>${cert.serialNumber}</td>
+ </tr>
+ <tr>
+ <th align="right">Valid From:</th>
+ <td>${cert.notBefore}</td>
+ </tr>
+ <tr>
+ <th align="right">Valid To:</th>
+ <td>${cert.notAfter}</td>
+ </tr>
+ <tr>
+ <th align="right">Signature Alg:</th>
+ <td>${cert.sigAlgName}</td>
+ </tr>
+ <tr>
+ <th align="right">Public Key Alg:</th>
+ <td>${cert.publicKey.algorithm}</td>
+ </tr>
+ <tr>
+ <th align="right" valign="top">cert.toString()</th>
+ <td><pre>${cert}</pre></td>
+ </tr>
+ </table>
+<%}%>
+<br><a href="<%=request.getContextPath()%>">Back to CA Helper home</a>
+
+</body>
+</html>
Propchange: geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/applications/geronimo-ca-helper/src/main/webapp/installPersonalCertificate.jsp
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: geronimo/server/trunk/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java?rev=582981&r1=582980&r2=582981&view=diff
==============================================================================
--- geronimo/server/trunk/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java (original)
+++ geronimo/server/trunk/modules/geronimo-util/src/main/java/org/apache/geronimo/util/CaUtils.java Mon Oct 8 14:31:46 2007
@@ -69,6 +69,7 @@
public static final String CERT_HEADER = "-----BEGIN CERTIFICATE-----";
public static final String CERT_FOOTER = "-----END CERTIFICATE-----";
public static final String CERT_REQ_HEADER = "-----BEGIN CERTIFICATE REQUEST-----";
+ public static final String CERT_REQ_FOOTER = "-----END CERTIFICATE REQUEST-----";
public static final int B64_LINE_SIZE = 76;
public static final String CERT_REQ_SUBJECT = "subject";
public static final String CERT_REQ_PUBLICKEY = "publickey";