X509 servlet

1. package Cloud;
2.  
3. import java.io.ByteArrayInputStream;
4. import java.io.IOException;
5. import java.io.PrintWriter;
6. import java.io.UnsupportedEncodingException;
7. import java.security.InvalidKeyException;
8. import java.security.NoSuchAlgorithmException;
9. import java.security.PublicKey;
10. import java.security.Signature;
11. import java.security.SignatureException;
12. import java.security.cert.Certificate;
13. import java.security.cert.X509Certificate;
14. import java.security.cert.CertificateException;
15. import java.security.cert.CertificateFactory;
16.  
17. import javax.servlet.ServletException;
18. //import javax.servlet.annotation.WebServlet;
19. import javax.servlet.http.HttpServlet;
20. import javax.servlet.http.HttpServletRequest;
21. import javax.servlet.http.HttpServletResponse;
22. import javax.xml.bind.DatatypeConverter;
23.  
24. /**
25.  * Servlet implementation class SignVerify
26.  */
27. public class SignVerify extends HttpServlet {
28.     private static final long serialVersionUID = 1L;
29.  
30.     /**
31.      * @see HttpServlet#HttpServlet()
32.      */
33.     public SignVerify() {
34.         super();
35.     }
36.  
37.     /**
38.      * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
39.      *      response)
40.      */
41.     protected void doGet(HttpServletRequest request,
42.             HttpServletResponse response) throws ServletException, IOException {
43.     }
44.  
45.     /**
46.      * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
47.      *      response)
48.      */
49.     protected void doPost(HttpServletRequest request,
50.             HttpServletResponse response) throws ServletException, IOException {
51.         response.setContentType("text/html; charset=utf-8");
52.         PrintWriter writer = response.getWriter();
53.         String plainText = request.getParameter("plainText");
54.         boolean valid = checkTicket(plainText);
55.         if (valid) {
56.             String base64Certificate = request.getParameter("certificate");
57.             X509Certificate certificate = null;
58.             try {
59.                 certificate = rebuildCertificate(base64Certificate);
60.             } catch (CertificateException e) {
61.                 writer.write(e.toString());
62.             }
63.             valid = checkCertificate(certificate);
64.             if (valid) {
65.                 PublicKey publicKey = getPublicKey(certificate);
66.                 byte[] plainBytes = getStringBytes(plainText);
67.                 String signValue = request.getParameter("signValue");
68.                 byte[] signBytes = decodeBase64(signValue);
69.                 try {
70.                     valid = verifySignature(publicKey, plainBytes, signBytes);
71.                 } catch (InvalidKeyException e) {
72.                     writer.write(e.toString());
73.                 } catch (NoSuchAlgorithmException e) {
74.                     writer.write(e.toString());
75.                 } catch (SignatureException e) {
76.                     writer.write(e.toString());
77.                 }
78.                 if (valid) {
79.                     String subject = getSubject(certificate);
80.                     writer.write("Welcome " + subject);
81.                 } else {
82.                     writer.write("Verify Fail");
83.                 }
84.             } else {
85.                 writer.write("Invalid Certificate");
86.             }
87.         } else {
88.             writer.write("Invalid Ticket");
89.         }
90.     }
91.  
92.     // 檢查這個票證是否由本伺服器發出, 並且沒有逾期.
93.     private boolean checkTicket(String ticket) {
94.         return true;
95.     }
96.  
97.     // 檢查憑證的信任鍊是否能成功建立.
98.     private boolean checkCertificate(Certificate certificate) {
99.         return true;
100.     }
101.  
102.     private byte[] decodeBase64(String base64Encoded) {
103.         return DatatypeConverter.parseBase64Binary(base64Encoded);
104.     }
105.  
106.     private X509Certificate rebuildCertificate(String base64Certificate)
107.             throws CertificateException, IOException {
108.         byte[] certificateBytes = decodeBase64(base64Certificate);
109.         ByteArrayInputStream stream = new ByteArrayInputStream(certificateBytes);
110.         CertificateFactory factory = CertificateFactory.getInstance("X.509");
111.         X509Certificate certificate = (X509Certificate) factory
112.                 .generateCertificate(stream);
113.         stream.close();
114.         return certificate;
115.     }
116.  
117.     private PublicKey getPublicKey(Certificate certificate) {
118.         return certificate.getPublicKey();
119.     }
120.  
121.     private byte[] getStringBytes(String plainText)
122.             throws UnsupportedEncodingException {
123.         return plainText.getBytes("UTF-8");
124.     }
125.  
126.     private boolean verifySignature(PublicKey publicKey, byte[] plainBytes,
127.             byte[] signBytes) throws NoSuchAlgorithmException,
128.             InvalidKeyException, SignatureException {
129.         Signature signature = Signature.getInstance("SHA1withRSA");
130.         signature.initVerify(publicKey);
131.         signature.update(plainBytes);
132.         return signature.verify(signBytes);
133.     }
134.  
135.     private String getSubject(X509Certificate certificate) {
136.         return certificate.getSubjectDN().toString();
137.     }
138. }