Example 6 with X509Certificate
use of com.itrus.cert.X509Certificate in project portal by ixinportal.
the class UserCertService method isBindCert.
/**
* 判断证书是否已经关联了用户 <br>
* false表示未关联用户<br>
* true标识关联了用户
*
* @param userInfoId
* @param certBase64
* @return
* @throws CertificateException
* @throws SigningServerException
*/
public boolean isBindCert(Long userInfoId, String certBase64) throws CertificateException, SigningServerException {
X509Certificate cert = X509Certificate.getInstance(certBase64);
// trustService.verifyCertificate(cert);
String certSn = CertUtilsOfUkey.getValidSerialNumber(cert.getHexSerialNumber());
// 判断是否和证书绑定
UserCertExample example = new UserCertExample();
UserCertExample.Criteria criteria = example.or();
criteria.andCertSnEqualTo(certSn);
criteria.andUserinfoEqualTo(userInfoId);
example.setLimit(1);
UserCert userCert = sqlSession.selectOne("com.itrus.portal.db.UserCertMapper.selectByExample", example);
if (null == userCert) {
return false;
}
return true;
}
Also used :
UserCertExample(com.itrus.portal.db.UserCertExample)
X509Certificate(com.itrus.cert.X509Certificate)
UserCert(com.itrus.portal.db.UserCert)
Example 7 with X509Certificate
use of com.itrus.cert.X509Certificate in project portal by ixinportal.
the class CrlContextController method update.
// 修改处理
@RequestMapping(params = "update", produces = "text/html")
public String update(@Valid CrlContext crlContext, BindingResult bindingResult, Model uiModel, HttpServletRequest httpServletRequest) {
if (bindingResult.hasErrors()) {
uiModel.addAttribute("crlContext", crlContext);
uiModel.addAttribute("message", "提交数据不正确");
return "crlcontext/update";
}
CrlContext crlContext0 = sqlSession.selectOne("com.itrus.portal.db.CrlContextMapper.selectByPrimaryKey", crlContext.getId());
// 不存在要更新数据时,抛出异常
if (crlContext0 == null) {
uiModel.addAttribute("crlContext", crlContext);
uiModel.addAttribute("message", "要修改数据不存在");
return "crlcontext/update";
}
// 检查是否包含CA证书
if (crlContext.getCaCertBuf() == null || crlContext.getCaCertBuf().length == 0) {
crlContext0.setCheckCrl(crlContext.getCheckCrl());
crlContext0.setCrlUrl(crlContext.getCrlUrl());
crlContext0.setRetryPolicy(crlContext.getRetryPolicy());
sqlSession.update("com.itrus.portal.db.CrlContextMapper.updateByPrimaryKeySelective", crlContext0);
} else {
String message = null;
// 验证CRL文件有效性
try {
X509Certificate caCert = com.itrus.cert.X509Certificate.getInstance(crlContext.getCaCertBuf());
crlContext.setIssuerdn(caCert.getIssuerDNString());
crlContext.setCertSn(caCert.getHexSerialNumber().toUpperCase());
crlContext.setCertSubject(caCert.getSubjectDNString());
crlContext.setCertStartTime(caCert.getNotBefore());
crlContext.setCertEndTime(caCert.getNotAfter());
// 检查crl文件的有效性,此处未设置
/*
* if (crlContext.crlBuf != null && crlContext.crlBuf.length > 0) {
* X509CRL crl =
* com.itrus.cert.X509CRL.getInstance(crlContext.crlBuf); if
* (crlContext.getCheckCrl()) { if
* (java.security.Security.getProvider("BC") == null) {
* java.security.Security.addProvider(new BouncyCastleProvider()); }
* crl.verify(caCert.publicKey); } }
*/
} catch (Exception e) {
if (e instanceof SignatureException)
message = "CRL签名验证失败,请您检查CRL是否为CA签发。";
else if (e instanceof CertificateException)
message = "X509Certificate对象实例化失败,请您检查CA证书格式是否正确。";
else if (e instanceof CRLException)
message = "X509CRL对象实例化失败,请您检查CRL文件格式是否正确。";
uiModel.addAttribute("message", message);
return updateForm(crlContext.getId(), uiModel);
}
sqlSession.update("com.itrus.portal.db.CrlContextMapper.updateByPrimaryKeyWithBLOBs", crlContext);
}
// 重新初始化信任源配置
cacheCustomer.initCrlConfig();
String oper = "修改信任源";
String info = "CA证书主题: " + crlContext.getCertSubject();
LogUtil.adminlog(sqlSession, oper, info);
return "redirect:/crlcontext/" + crlContext.getId();
}
Also used :
CrlContext(com.itrus.portal.db.CrlContext)
CertificateException(java.security.cert.CertificateException)
SignatureException(java.security.SignatureException)
CRLException(java.security.cert.CRLException)
X509Certificate(com.itrus.cert.X509Certificate)
SignatureException(java.security.SignatureException)
CertificateException(java.security.cert.CertificateException)
CRLException(java.security.cert.CRLException)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 8 with X509Certificate
use of com.itrus.cert.X509Certificate in project portal by ixinportal.
the class UserInfoWebController method certLogin.
/**
* 证书登陆//登录成功后跳转至选择企业页面 szy 2016年8月18日 下午1:17:57
*
* @param certBase64
* 证书信息
* @param productId
* 产品id
* @param projectId
* 项目id
* @param session
* @return Map<String,Object> retCode -1 失败, 0成功,1 没有绑定证书,2不存在用户
*/
@RequestMapping("/certLogin")
@ResponseBody
public Map<String, Object> certLogin(@RequestParam(value = "pkcs7", required = true) String pkcs7, @RequestParam(value = "productId", required = false) Long productId, @RequestParam(value = "projectId", required = false) Long projectId, HttpSession session) {
Map<String, Object> retMap = new HashMap<String, Object>();
// 默认失败
retMap.put("retCode", -1);
try {
// 验证签名
String webrandom = (String) session.getAttribute("webrandom");
// 验证签名
X509Certificate cert = X509Certificate.getInstance(SVM.verifySignature("LOGONDATA:" + webrandom, pkcs7));
// 获得证书信息
UserCert userCert = userCertService.getUserCert(cert);
Long userid = userCert.getUserinfo();
// 没有绑定用户
if (userid == null) {
retMap.put("retCode", 1);
retMap.put("retMsg", "请先绑定证书");
return retMap;
}
if (null != userCert.getIsValid() && userCert.getIsValid().equals(0)) {
retMap.put("retMsg", "该证书已过期,请使用更新后的证书登录");
return retMap;
}
UserInfoExample example = new UserInfoExample();
UserInfoExample.Criteria criteria = example.or();
criteria.andIdEqualTo(userid);
UserInfo userInfo = sqlSession.selectOne("com.itrus.portal.db.UserInfoMapper.selectByExample", example);
if (userInfo == null) {
retMap.put("retCode", 2);
retMap.put("retMsg", "不存在该用户");
return retMap;
}
// 成功
retMap.put("retCode", 0);
// 设置session
// 验证码验证通过
session.setAttribute("webverifyCodeStatus", true);
session.setAttribute("webuserInfo", userInfo);
// 携带产品信息时,将webnoProduct设置为false
if (null != projectId && null != productId) {
session.setAttribute("webproductId", productId);
session.setAttribute("webprojectId", projectId);
session.setAttribute("webnoProduct", false);
} else {
session.setAttribute("webnoProduct", true);
}
// 记录日志
UserLog userlog = new UserLog();
userlog.setProject(userInfo.getProject());
userlog.setType("证书登录");
userlog.setInfo("证书登录成功");
userlog.setHostId("未知");
userlog.setSn(null == userInfo.getUniqueId() ? null : userInfo.getUniqueId());
LogUtil.userlog(sqlSession, userlog);
} catch (CertificateException e) {
retMap.put("retMsg", e.getMessage());
return retMap;
} catch (SigningServerException e) {
retMap.put("retMsg", e.getMessage());
return retMap;
} catch (Exception e) {
retMap.put("retMsg", "服务端出现未知异常,请联系管理员");
String info = "证书登录失败,原因:" + e.getMessage();
LogUtil.syslog(sqlSession, "证书登录", info);
return retMap;
}
return retMap;
}
Also used :
HashMap(java.util.HashMap)
CertificateException(java.security.cert.CertificateException)
X509Certificate(com.itrus.cert.X509Certificate)
ParseException(java.text.ParseException)
JsonGenerationException(org.codehaus.jackson.JsonGenerationException)
FileNotFoundException(java.io.FileNotFoundException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
JsonMappingException(org.codehaus.jackson.map.JsonMappingException)
BiffException(jxl.read.biff.BiffException)
TerminalServiceException(com.itrus.portal.exception.TerminalServiceException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SigningServerException(com.itrus.cryptorole.SigningServerException)
UserInfoServiceException(com.itrus.portal.exception.UserInfoServiceException)
SigningServerException(com.itrus.cryptorole.SigningServerException)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Example 9 with X509Certificate
use of com.itrus.cert.X509Certificate in project portal by ixinportal.
the class TrustService method verifyCert.
// 验证签名及证书有效性
public X509Certificate verifyCert(String toSign, String signedData) throws CertException {
if (StringUtils.isBlank(toSign) || StringUtils.isBlank(signedData))
throw new CertException("原文或者签名值为空");
X509Certificate cert;
try {
cert = X509Certificate.getInstance(SVM.verifySignature(toSign, signedData));
// 验证证书有效性失败,则直接抛出异常
verifyCertificate(cert);
} catch (SigningServerException e) {
throw new CertException(e.getMessage(), e);
} catch (Exception e) {
logger.error("TrustService", e);
throw new CertException("签名验证失败", e);
}
return cert;
}
Also used :
SigningServerException(com.itrus.cryptorole.SigningServerException)
CertException(org.bouncycastle.cert.CertException)
X509Certificate(com.itrus.cert.X509Certificate)
CryptoException(com.itrus.cryptorole.CryptoException)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
FileNotFoundException(java.io.FileNotFoundException)
SigningServerException(com.itrus.cryptorole.SigningServerException)
NotSupportException(com.itrus.cryptorole.NotSupportException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertException(org.bouncycastle.cert.CertException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 10 with X509Certificate
use of com.itrus.cert.X509Certificate in project portal by ixinportal.
the class TrustService method initCVM.
/**
* 初始化CVM
*/
public void initCVM() {
CVM.clear();
CrlContextExample example = new CrlContextExample();
List<CrlContext> contexts = sqlSession.selectList("com.itrus.portal.db.CrlContextMapper.selectByExampleWithBLOBs", example);
// 若没有配置信任源则不进行初始化
if (contexts.isEmpty())
return;
try {
for (CrlContext context : contexts) {
X509Certificate x509cert = null;
if (context.getCaCertBuf() != null && context.getCaCertBuf().length > 0) {
x509cert = X509Certificate.getInstance(context.getCaCertBuf());
}
CVM.addSupportCA(x509cert, context.getCrlUrl().trim(), context.getRetryPolicy().trim(), !context.getCheckCrl());
}
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
Also used :
CrlContext(com.itrus.portal.db.CrlContext)
CrlContextExample(com.itrus.portal.db.CrlContextExample)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
NoSuchProviderException(java.security.NoSuchProviderException)
X509Certificate(com.itrus.cert.X509Certificate)
Aggregations
X509Certificate (com.itrus.cert.X509Certificate)11
CertificateException (java.security.cert.CertificateException)10
IOException (java.io.IOException)6
CRLException (java.security.cert.CRLException)4
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)4
SigningServerException (com.itrus.cryptorole.SigningServerException)3
CrlContext (com.itrus.portal.db.CrlContext)3
NoSuchProviderException (java.security.NoSuchProviderException)3
SignatureException (java.security.SignatureException)3
UserInfoServiceException (com.itrus.portal.exception.UserInfoServiceException)2
FileNotFoundException (java.io.FileNotFoundException)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
KeyStoreException (java.security.KeyStoreException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
ParseException (java.text.ParseException)2
JsonGenerationException (org.codehaus.jackson.JsonGenerationException)2
JsonMappingException (org.codehaus.jackson.map.JsonMappingException)2
CryptoException (com.itrus.cryptorole.CryptoException)1
NotSupportException (com.itrus.cryptorole.NotSupportException)1
ItrusCRL (com.itrus.portal.certAPI.cert.ItrusCRL)1
