2019獨角獸企業重金招聘Python工程師標準>>>

今天終于搞定通過調用WebService 接口的方式在EJBCA 中增加用戶。

本項目完整代碼請參見http://git.oschina.net/xiangyunsoft/EjbcaWs

1、EJBCA6 默認會配置好ws服務，如果有其他配置需要在conf/jaxws.properties文件中進行配置。

2、編寫客戶端代碼，調用ws接口服務

package?cn.com.rexen.ca;import?org.cesecore.util.CryptoProviderTools; import?org.cesecore.util.provider.TLSProvider; import?org.ejbca.core.protocol.ws.client.gen.*;import?javax.net.ssl.KeyManagerFactory; import?javax.xml.namespace.QName; import?java.io.IOException; import?java.net.MalformedURLException; import?java.net.URL; import?java.security.*; import?java.security.cert.CertificateException; import?java.util.List;/***?調用EJBCA?WS接口.*?Created?by?libo?on?2014/6/16.*/ public?class?CaWS?{/**?解決?java.security.cert.CertificateException:?No?subject?alternative?names?matching?IP?address?172.17.2.248?found172.17.2.248?換成自己的IP或機器名。*/static?{javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new?javax.net.ssl.HostnameVerifier()?{public?boolean?verify(String?hostname,javax.net.ssl.SSLSession?sslSession)?{if?(hostname.equals("172.17.2.248"))?{return?true;}return?false;}});}private?EjbcaWS?ejbcaWS;public?static?void?main(String[]?args)?throws?Exception?{CaWS?caWS?=?new?CaWS();caWS.initEjbcaWs();caWS.create();caWS.findUser();}/***?查詢用戶信息.*/public?void?findUser()?throws?MalformedURLException,?EjbcaException_Exception,?IllegalQueryException_Exception,?EndEntityProfileNotFoundException_Exception,?AuthorizationDeniedException_Exception,?ApprovalException_Exception,?UserDoesntFullfillEndEntityProfile_Exception,?CADoesntExistsException_Exception,?WaitingForApprovalException_Exception?{UserMatch?usermatch?=?new?UserMatch();usermatch.setMatchwith(UserMatch.MATCH_WITH_EMAIL);?//按EMAIL地址進行查詢usermatch.setMatchtype(UserMatch.MATCH_TYPE_EQUALS);????//查詢匹配方式usermatch.setMatchvalue("123@qq.com");List<UserDataVOWS>?result?=?ejbcaWS.findUser(usermatch);System.out.println("result:"?+?result);for?(UserDataVOWS?ud?:?result)?{System.out.println("==========================");System.out.println("userName:"?+?ud.getUsername());System.out.println("email:"?+?ud.getEmail());System.out.println("SubjectDN:"?+?ud.getSubjectDN());System.out.println("caName:"?+?ud.getCaName());System.out.println("==========================");}}/***?初始化ws?接口服務.*/public?void?initEjbcaWs()?{CryptoProviderTools.installBCProvider();String?urlstr?=?"https://172.17.2.248:8443/ejbca/ejbcaws/ejbcaws?wsdl";String?fileName?=?"F:\\workspace\\caWS\\src\\superadmin_62.p12";String?password?=?"ejbca";System.setProperty("javax.net.ssl.keyStore",?fileName);System.setProperty("javax.net.ssl.keyStoreType",?"pkcs12");Provider?tlsProvider?=?new?TLSProvider();Security.addProvider(tlsProvider);Security.setProperty("ssl.TrustManagerFactory.algorithm",?"AcceptAll");System.setProperty("javax.net.ssl.keyStorePassword",?password);try?{KeyManagerFactory.getInstance("NewSunX509");}?catch?(NoSuchAlgorithmException?e)?{e.printStackTrace();}Security.setProperty("ssl.KeyManagerFactory.algorithm",?"NewSunX509");QName?qname?=?new?QName("http://ws.protocol.core.ejbca.org/",?"EjbcaWSService");URL?url?=?null;try?{url?=?new?URL(null,?urlstr,?new?sun.net.www.protocol.http.Handler());}?catch?(MalformedURLException?e)?{e.printStackTrace();}EjbcaWSService?service?=?new?EjbcaWSService(url,?qname);ejbcaWS?=?service.getEjbcaWSPort();String?version?=?ejbcaWS.getEjbcaVersion();System.out.println("ejbcaWS?init?successfully.?EJBCA?Version?is?:"?+?version);}/***?增加用戶*/public?void?create()?throws?CertificateException,?NoSuchAlgorithmException,?KeyStoreException,?NoSuchProviderException,?IOException,?WaitingForApprovalException_Exception,?NotFoundException_Exception,?AuthorizationDeniedException_Exception,?ApprovalException_Exception,?UserDoesntFullfillEndEntityProfile_Exception,?CADoesntExistsException_Exception,?EjbcaException_Exception,?InvalidAlgorithmParameterException?{String?password?=?"123456";final?UserDataVOWS?userData?=?new?UserDataVOWS();userData.setUsername("t_123");userData.setPassword(password);?//如果模板指定自動生成密碼，則不需要指定。userData.setClearPwd(false);userData.setSubjectDN("E=123@qq.com,UID=35,CN=t_123,OU=研發中心,O=qq.com,L=changchu,ST=jilin,C=china");userData.setCaName("ManagementCA");userData.setEmail("123@qq.com");userData.setSubjectAltName(null);userData.setStatus(UserDataVOWS.STATUS_NEW);userData.setTokenType(UserDataVOWS.TOKEN_TYPE_P12);userData.setEndEntityProfileName("EMPTY");userData.setCertificateProfileName("ENDUSER"); //????????userData.setSendNotification(true);???????//如果配置郵件發送，則可以設置增加用戶時發送信息。ejbcaWS.editUser(userData);writeFile(userData,?ejbcaWS);System.out.println("create?user?successfully.");}/***?生成證書*/public?void?writeFile(UserDataVOWS?user1,?EjbcaWS?ws)?throws?InvalidAlgorithmParameterException,?CertificateException,?KeyStoreException,?IOException,?NoSuchAlgorithmException,?UserDoesntFullfillEndEntityProfile_Exception,?AuthorizationDeniedException_Exception,?ApprovalException_Exception,?WaitingForApprovalException_Exception,?NotFoundException_Exception,?EjbcaException_Exception,?InvalidKeyException,?NoSuchProviderException,?SignatureException,?CADoesntExistsException_Exception?{//?For?now,?assume?RSA?and?SHA1WithRSA.String?strKeySpec?=?"1024";KeyPair?keys?=?KeyTools.genKeys(strKeySpec,AlgorithmConstants.KEYALGORITHM_RSA);PKCS10CertificationRequest?pkcs10?=?new?PKCS10CertificationRequest("SHA256withRSA",?new?X500Principal(user1.getSubjectDN()),?keys.getPublic(),?null,?keys.getPrivate());CertificateResponse?certenv?=?ws.certificateRequest(user1,new?String(Base64.encode(pkcs10.getEncoded())),CertificateHelper.CERT_REQ_TYPE_PKCS10,?null,CertificateHelper.RESPONSETYPE_CERTIFICATE); //X509Certificate?cert?=?certenv.getCertificate();java.security.KeyStore?jks?=?java.security.KeyStore.getInstance(user1.getTokenType().equals("JKS")???"JKS":?"pkcs12");jks.load(null,?user1.getPassword().toCharArray());java.security.cert.CertificateFactory?cf?=?java.security.cert.CertificateFactory.getInstance("X.509");java.security.cert.Certificate?cert1?=?cf.generateCertificate(new?ByteArrayInputStream(cert.getEncoded()));java.security.cert.Certificate[]?certs?=?new?java.security.cert.Certificate[1];certs[0]?=?cert1;//?Following?logic?used?in?EjbcaWS.java,?the?alias?is?the?common//?name,?if?present,?and?otherwise,?is?the?username.String?alias?=?CertTools.getPartFromDN(user1.getSubjectDN(),"CN");if?(alias?==?null)?{alias?=?user1.getUsername();}String?strFileName?=?"c:\\temp\\test.p12";FileOutputStream?out?=?new?FileOutputStream(strFileName);//?storing?keystorejava.security.PrivateKey?ff?=?keys.getPrivate();jks.setKeyEntry(alias,?ff,?user1.getPassword().toCharArray(),certs);jks.store(out,?user1.getPassword().toCharArray());out.close();} }

執行程序運行結果如下：

ejbcaWS?init?successfully.?EJBCA?Version?is?:EJBCA?6.2.0?(r19221) create?user?successfully. result:[org.ejbca.core.protocol.ws.client.gen.UserDataVOWS@44c35c97] ========================== userName:t_123 email:123@qq.com SubjectDN:E=123@qq.com,UID=35,CN=t_123,OU=研發中心,O=qq.com,L=changchu,ST=jilin,C=china caName:ManagementCA ==========================

工程所需要jar在ejcb_home/dist/ejbca-ws-cli/lib目錄下。

轉載于:https://my.oschina.net/thinker4self/blog/286979

總結

以上是生活随笔為你收集整理的EJBCA 6 通过调用WebService接口增加用户并获取证书的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。