2

我有一个在 JBOSS 上运行的 Web 服务。该 Web 服务有一个名为的方法,该方法public X509Certificate provideCertificate(String name, PublicKey key){ ... }为客户端提供新证书,以便它们与其他方进行通信。

问题是,我无法收到 PublicKey,因为 JAXB 抱怨它是一个接口,并且我无法返回 X509Certificate,因为它没有空的构造函数(或者 JBOSS 这么说)。

我尝试将这些对象封装在某种 DTO 对象上,但效果不佳。我知道也许这不是这样做的方法,所以任何关于这个主题的灯光都会非常感激。

我的网络服务代码:

@javax.jws.WebService
public class CAWebService
{
@javax.jws.WebMethod
public X509Certificate addOperatorPublicKey(PublicKeyReqResDTO req)
{
    PublicKey key = req.getPublicKey();
    String operador = req.getNome();

    X509CertImpl cert = null;
    try
    {
        // used algorithm
        String algorithm = "MD5WithRSA";

        // create certificate for this request
        PrivateKey privateKey = caKeyPair.getPrivate();
        X509CertInfo info = new X509CertInfo();

        // 3600000 = 1 hour maximum duration
        Date from = new Date();
        Date to = new Date(from.getTime() + 3600000L);

        CertificateValidity interval = new CertificateValidity(from, to);
        BigInteger sn = new BigInteger(64, new SecureRandom());
        X500Name owner = new X500Name(operador);

        info.set(X509CertInfo.VALIDITY, interval);
        info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(new X500Name("CA")));
        info.set(X509CertInfo.KEY, new CertificateX509Key(key));
        info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
        AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
        info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));

        // signs the certificate using this web service private key
        cert = new X509CertImpl(info);
        cert.sign(privateKey, algorithm);

        // updates and re-signs
        algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
        info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
        cert = new X509CertImpl(info);
        cert.sign(privateKey, algorithm);
    }
            //catch all the exceptions, its like 10 diffente ones
    catch( .... )
            {
    }

    //is the name already on the valid cert list?
    boolean found = false; int index = 0;
    for(int i = 0; i < validList.size(); i++)
    {
        if(validList.get(i).getSubjectX500Principal().getName().equals(operador))
        {
            found = true; index = i;
            break;
        }
    }

    //the cert was already on the valid list, so we put it on the black list
    if(found)
    {
        blackList.add(validList.get(index));
        validList.remove(index);
        validList.add(cert);
    }
    else
    {
        //didnt find so no need to put on the black list
        validList.add(cert);
    }

    return cert;
}

我也使用 ArrayList 来控制黑色和有效证书列表,因为由于某种原因,X509CRL 不包含 .add() 方法。我也对持久性不感兴趣,我只是希望它在 Web 服务在线时工作,时间是离线我不在乎是否一切都存在。

提前致谢。

4

1 回答 1

3

如果您将 X509Certificate 作为 byte[] 从 Web 服务返回给客户端并在客户端从 byte[] 重新创建 X509Certificate,这将很容易。

可以通过以下方式完成。转换为字节[]:

ByteArrayOutputStream bos = new ByteArrayOutputStream(); 
ObjectOutput out = new ObjectOutputStream(bos);   
out.writeObject(certificate);
byte[] data = bos.toByteArray(); 
bos.close();


从 byte[] 重新创建 X509Certificate:

CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509Certificate = (X509Certificate) cf.generateCertificate(new  ByteArrayInputStream(data));
于 2012-05-07T05:35:23.367 回答