我有一个在 JBOSS 上运行的 Web 服务。该 Web 服务有一个名为的方法,该方法public X509Certificate provideCertificate(String name, PublicKey key){ ... }
为客户端提供新证书,以便它们与其他方进行通信。
问题是,我无法收到 PublicKey,因为 JAXB 抱怨它是一个接口,并且我无法返回 X509Certificate,因为它没有空的构造函数(或者 JBOSS 这么说)。
我尝试将这些对象封装在某种 DTO 对象上,但效果不佳。我知道也许这不是这样做的方法,所以任何关于这个主题的灯光都会非常感激。
我的网络服务代码:
@javax.jws.WebService
public class CAWebService
{
@javax.jws.WebMethod
public X509Certificate addOperatorPublicKey(PublicKeyReqResDTO req)
{
PublicKey key = req.getPublicKey();
String operador = req.getNome();
X509CertImpl cert = null;
try
{
// used algorithm
String algorithm = "MD5WithRSA";
// create certificate for this request
PrivateKey privateKey = caKeyPair.getPrivate();
X509CertInfo info = new X509CertInfo();
// 3600000 = 1 hour maximum duration
Date from = new Date();
Date to = new Date(from.getTime() + 3600000L);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(operador);
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(new X500Name("CA")));
info.set(X509CertInfo.KEY, new CertificateX509Key(key));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// signs the certificate using this web service private key
cert = new X509CertImpl(info);
cert.sign(privateKey, algorithm);
// updates and re-signs
algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
cert = new X509CertImpl(info);
cert.sign(privateKey, algorithm);
}
//catch all the exceptions, its like 10 diffente ones
catch( .... )
{
}
//is the name already on the valid cert list?
boolean found = false; int index = 0;
for(int i = 0; i < validList.size(); i++)
{
if(validList.get(i).getSubjectX500Principal().getName().equals(operador))
{
found = true; index = i;
break;
}
}
//the cert was already on the valid list, so we put it on the black list
if(found)
{
blackList.add(validList.get(index));
validList.remove(index);
validList.add(cert);
}
else
{
//didnt find so no need to put on the black list
validList.add(cert);
}
return cert;
}
我也使用 ArrayList 来控制黑色和有效证书列表,因为由于某种原因,X509CRL 不包含 .add() 方法。我也对持久性不感兴趣,我只是希望它在 Web 服务在线时工作,时间是离线我不在乎是否一切都存在。
提前致谢。