今天终于搞定通过调用WebService 接口的方式在EJBCA 中增加用户。
本项目完整代码请参见http://git.oschina.net/xiangyunsoft/EjbcaWs
1、EJBCA6 默认会配置好ws服务,如果有其他配置需要在conf/jaxws.properties文件中进行配置。
2、编写客户端代码,调用ws接口服务
package cn.com.rexen.ca; import org.cesecore.util.CryptoProviderTools; import org.cesecore.util.provider.TLSProvider; import org.ejbca.core.protocol.ws.client.gen.*; import javax.net.ssl.KeyManagerFactory; import javax.xml.namespace.QName; import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.security.*; import java.security.cert.CertificateException; import java.util.List; /** * 调用EJBCA WS接口. * Created by libo on 2014/6/16. */ public class CaWS { /** 解决 java.security.cert.CertificateException: No subject alternative names matching IP address 172.17.2.248 found 172.17.2.248 换成自己的IP或机器名。 */ static { javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier( new javax.net.ssl.HostnameVerifier() { public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) { if (hostname.equals("172.17.2.248")) { return true; } return false; } } ); } private EjbcaWS ejbcaWS; public static void main(String[] args) throws Exception { CaWS caWS = new CaWS(); caWS.initEjbcaWs(); caWS.create(); caWS.findUser(); } /** * 查询用户信息. */ public void findUser() throws MalformedURLException, EjbcaException_Exception, IllegalQueryException_Exception, EndEntityProfileNotFoundException_Exception, AuthorizationDeniedException_Exception, ApprovalException_Exception, UserDoesntFullfillEndEntityProfile_Exception, CADoesntExistsException_Exception, WaitingForApprovalException_Exception { UserMatch usermatch = new UserMatch(); usermatch.setMatchwith(UserMatch.MATCH_WITH_EMAIL); //按EMAIL地址进行查询 usermatch.setMatchtype(UserMatch.MATCH_TYPE_EQUALS); //查询匹配方式 usermatch.setMatchvalue("123@qq.com"); List<UserDataVOWS> result = ejbcaWS.findUser(usermatch); System.out.println("result:" + result); for (UserDataVOWS ud : result) { System.out.println("=========================="); System.out.println("userName:" + ud.getUsername()); System.out.println("email:" + ud.getEmail()); System.out.println("SubjectDN:" + ud.getSubjectDN()); System.out.println("caName:" + ud.getCaName()); System.out.println("=========================="); } } /** * 初始化ws 接口服务. */ public void initEjbcaWs() { CryptoProviderTools.installBCProvider(); String urlstr = "https://172.17.2.248:8443/ejbca/ejbcaws/ejbcaws?wsdl"; String fileName = "F:\\workspace\\caWS\\src\\superadmin_62.p12"; String password = "ejbca"; System.setProperty("javax.net.ssl.keyStore", fileName); System.setProperty("javax.net.ssl.keyStoreType", "pkcs12"); Provider tlsProvider = new TLSProvider(); Security.addProvider(tlsProvider); Security.setProperty("ssl.TrustManagerFactory.algorithm", "AcceptAll"); System.setProperty("javax.net.ssl.keyStorePassword", password); try { KeyManagerFactory.getInstance("NewSunX509"); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } Security.setProperty("ssl.KeyManagerFactory.algorithm", "NewSunX509"); QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService"); URL url = null; try { url = new URL(null, urlstr, new sun.net.www.protocol.http.Handler()); } catch (MalformedURLException e) { e.printStackTrace(); } EjbcaWSService service = new EjbcaWSService(url, qname); ejbcaWS = service.getEjbcaWSPort(); String version = ejbcaWS.getEjbcaVersion(); System.out.println("ejbcaWS init successfully. EJBCA Version is :" + version); } /** * 增加用户 */ public void create() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, IOException, WaitingForApprovalException_Exception, NotFoundException_Exception, AuthorizationDeniedException_Exception, ApprovalException_Exception, UserDoesntFullfillEndEntityProfile_Exception, CADoesntExistsException_Exception, EjbcaException_Exception, InvalidAlgorithmParameterException { String password = "123456"; final UserDataVOWS userData = new UserDataVOWS(); userData.setUsername("t_123"); userData.setPassword(password); //如果模板指定自动生成密码,则不需要指定。 userData.setClearPwd(false); userData.setSubjectDN("E=123@qq.com,UID=35,CN=t_123,OU=研发中心,O=qq.com,L=changchu,ST=jilin,C=china"); userData.setCaName("ManagementCA"); userData.setEmail("123@qq.com"); userData.setSubjectAltName(null); userData.setStatus(UserDataVOWS.STATUS_NEW); userData.setTokenType(UserDataVOWS.TOKEN_TYPE_P12); userData.setEndEntityProfileName("EMPTY"); userData.setCertificateProfileName("ENDUSER"); // userData.setSendNotification(true); //如果配置邮件发送,则可以设置增加用户时发送信息。 ejbcaWS.editUser(userData); writeFile(userData, ejbcaWS); System.out.println("create user successfully."); } /** * 生成证书 */ public void writeFile(UserDataVOWS user1, EjbcaWS ws) throws InvalidAlgorithmParameterException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, UserDoesntFullfillEndEntityProfile_Exception, AuthorizationDeniedException_Exception, ApprovalException_Exception, WaitingForApprovalException_Exception, NotFoundException_Exception, EjbcaException_Exception, InvalidKeyException, NoSuchProviderException, SignatureException, CADoesntExistsException_Exception { // For now, assume RSA and SHA1WithRSA. String strKeySpec = "1024"; KeyPair keys = KeyTools.genKeys(strKeySpec, AlgorithmConstants.KEYALGORITHM_RSA); PKCS10CertificationRequest pkcs10 = new PKCS10CertificationRequest("SHA256withRSA", new X500Principal( user1.getSubjectDN()), keys.getPublic(), null, keys.getPrivate()); CertificateResponse certenv = ws.certificateRequest(user1, new String(Base64.encode(pkcs10.getEncoded())), CertificateHelper.CERT_REQ_TYPE_PKCS10, null, CertificateHelper.RESPONSETYPE_CERTIFICATE); // X509Certificate cert = certenv.getCertificate(); java.security.KeyStore jks = java.security.KeyStore .getInstance(user1.getTokenType().equals("JKS") ? "JKS" : "pkcs12"); jks.load(null, user1.getPassword().toCharArray()); java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory .getInstance("X.509"); java.security.cert.Certificate cert1 = cf .generateCertificate(new ByteArrayInputStream(cert .getEncoded())); java.security.cert.Certificate[] certs = new java.security.cert.Certificate[1]; certs[0] = cert1; // Following logic used in EjbcaWS.java, the alias is the common // name, if present, and otherwise, is the username. String alias = CertTools.getPartFromDN(user1.getSubjectDN(), "CN"); if (alias == null) { alias = user1.getUsername(); } String strFileName = "c:\\temp\\test.p12"; FileOutputStream out = new FileOutputStream(strFileName); // storing keystore java.security.PrivateKey ff = keys.getPrivate(); jks.setKeyEntry(alias, ff, user1.getPassword().toCharArray(), certs); jks.store(out, user1.getPassword().toCharArray()); out.close(); } }
执行程序运行结果如下:
ejbcaWS init successfully. EJBCA Version is :EJBCA 6.2.0 (r19221) create user successfully. result:[org.ejbca.core.protocol.ws.client.gen.UserDataVOWS@44c35c97] ========================== userName:t_123 email:123@qq.com SubjectDN:E=123@qq.com,UID=35,CN=t_123,OU=研发中心,O=qq.com,L=changchu,ST=jilin,C=china caName:ManagementCA ==========================
工程所需要jar在ejcb_home/dist/ejbca-ws-cli/lib目录下。