EJBCA 6 通过调用WebService接口增加用户并获取证书
2019独角兽企业重金招聘Python工程师标准>>>
今天终于搞定通过调用WebService 接口的方式在EJBCA 中增加用户。
本项目完整代码请参见http://git.oschina.net/xiangyunsoft/EjbcaWs
1、EJBCA6 默认会配置好ws服务,如果有其他配置需要在conf/jaxws.properties文件中进行配置。
2、编写客户端代码,调用ws接口服务
package cn.com.rexen.ca;import org.cesecore.util.CryptoProviderTools;
import org.cesecore.util.provider.TLSProvider;
import org.ejbca.core.protocol.ws.client.gen.*;import javax.net.ssl.KeyManagerFactory;
import javax.xml.namespace.QName;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.*;
import java.security.cert.CertificateException;
import java.util.List;/*** 调用EJBCA WS接口.* Created by libo on 2014/6/16.*/
public class CaWS {/** 解决 java.security.cert.CertificateException: No subject alternative names matching IP address 172.17.2.248 found172.17.2.248 换成自己的IP或机器名。*/static {javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {public boolean verify(String hostname,javax.net.ssl.SSLSession sslSession) {if (hostname.equals("172.17.2.248")) {return true;}return false;}});}private EjbcaWS ejbcaWS;public static void main(String[] args) throws Exception {CaWS caWS = new CaWS();caWS.initEjbcaWs();caWS.create();caWS.findUser();}/*** 查询用户信息.*/public void findUser() throws MalformedURLException, EjbcaException_Exception, IllegalQueryException_Exception, EndEntityProfileNotFoundException_Exception, AuthorizationDeniedException_Exception, ApprovalException_Exception, UserDoesntFullfillEndEntityProfile_Exception, CADoesntExistsException_Exception, WaitingForApprovalException_Exception {UserMatch usermatch = new UserMatch();usermatch.setMatchwith(UserMatch.MATCH_WITH_EMAIL); //按EMAIL地址进行查询usermatch.setMatchtype(UserMatch.MATCH_TYPE_EQUALS); //查询匹配方式usermatch.setMatchvalue("123@qq.com");List<UserDataVOWS> result = ejbcaWS.findUser(usermatch);System.out.println("result:" + result);for (UserDataVOWS ud : result) {System.out.println("==========================");System.out.println("userName:" + ud.getUsername());System.out.println("email:" + ud.getEmail());System.out.println("SubjectDN:" + ud.getSubjectDN());System.out.println("caName:" + ud.getCaName());System.out.println("==========================");}}/*** 初始化ws 接口服务.*/public void initEjbcaWs() {CryptoProviderTools.installBCProvider();String urlstr = "https://172.17.2.248:8443/ejbca/ejbcaws/ejbcaws?wsdl";String fileName = "F:\\workspace\\caWS\\src\\superadmin_62.p12";String password = "ejbca";System.setProperty("javax.net.ssl.keyStore", fileName);System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");Provider tlsProvider = new TLSProvider();Security.addProvider(tlsProvider);Security.setProperty("ssl.TrustManagerFactory.algorithm", "AcceptAll");System.setProperty("javax.net.ssl.keyStorePassword", password);try {KeyManagerFactory.getInstance("NewSunX509");} catch (NoSuchAlgorithmException e) {e.printStackTrace();}Security.setProperty("ssl.KeyManagerFactory.algorithm", "NewSunX509");QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService");URL url = null;try {url = new URL(null, urlstr, new sun.net.www.protocol.http.Handler());} catch (MalformedURLException e) {e.printStackTrace();}EjbcaWSService service = new EjbcaWSService(url, qname);ejbcaWS = service.getEjbcaWSPort();String version = ejbcaWS.getEjbcaVersion();System.out.println("ejbcaWS init successfully. EJBCA Version is :" + version);}/*** 增加用户*/public void create() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, IOException, WaitingForApprovalException_Exception, NotFoundException_Exception, AuthorizationDeniedException_Exception, ApprovalException_Exception, UserDoesntFullfillEndEntityProfile_Exception, CADoesntExistsException_Exception, EjbcaException_Exception, InvalidAlgorithmParameterException {String password = "123456";final UserDataVOWS userData = new UserDataVOWS();userData.setUsername("t_123");userData.setPassword(password); //如果模板指定自动生成密码,则不需要指定。userData.setClearPwd(false);userData.setSubjectDN("E=123@qq.com,UID=35,CN=t_123,OU=研发中心,O=qq.com,L=changchu,ST=jilin,C=china");userData.setCaName("ManagementCA");userData.setEmail("123@qq.com");userData.setSubjectAltName(null);userData.setStatus(UserDataVOWS.STATUS_NEW);userData.setTokenType(UserDataVOWS.TOKEN_TYPE_P12);userData.setEndEntityProfileName("EMPTY");userData.setCertificateProfileName("ENDUSER");
// userData.setSendNotification(true); //如果配置邮件发送,则可以设置增加用户时发送信息。ejbcaWS.editUser(userData);writeFile(userData, ejbcaWS);System.out.println("create user successfully.");}/*** 生成证书*/public void writeFile(UserDataVOWS user1, EjbcaWS ws) throws InvalidAlgorithmParameterException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, UserDoesntFullfillEndEntityProfile_Exception, AuthorizationDeniedException_Exception, ApprovalException_Exception, WaitingForApprovalException_Exception, NotFoundException_Exception, EjbcaException_Exception, InvalidKeyException, NoSuchProviderException, SignatureException, CADoesntExistsException_Exception {// For now, assume RSA and SHA1WithRSA.String strKeySpec = "1024";KeyPair keys = KeyTools.genKeys(strKeySpec,AlgorithmConstants.KEYALGORITHM_RSA);PKCS10CertificationRequest pkcs10 = new PKCS10CertificationRequest("SHA256withRSA", new X500Principal(user1.getSubjectDN()), keys.getPublic(), null, keys.getPrivate());CertificateResponse certenv = ws.certificateRequest(user1,new String(Base64.encode(pkcs10.getEncoded())),CertificateHelper.CERT_REQ_TYPE_PKCS10, null,CertificateHelper.RESPONSETYPE_CERTIFICATE);
//X509Certificate cert = certenv.getCertificate();java.security.KeyStore jks = java.security.KeyStore.getInstance(user1.getTokenType().equals("JKS") ? "JKS": "pkcs12");jks.load(null, user1.getPassword().toCharArray());java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");java.security.cert.Certificate cert1 = cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));java.security.cert.Certificate[] certs = new java.security.cert.Certificate[1];certs[0] = cert1;// Following logic used in EjbcaWS.java, the alias is the common// name, if present, and otherwise, is the username.String alias = CertTools.getPartFromDN(user1.getSubjectDN(),"CN");if (alias == null) {alias = user1.getUsername();}String strFileName = "c:\\temp\\test.p12";FileOutputStream out = new FileOutputStream(strFileName);// storing keystorejava.security.PrivateKey ff = keys.getPrivate();jks.setKeyEntry(alias, ff, user1.getPassword().toCharArray(),certs);jks.store(out, user1.getPassword().toCharArray());out.close();}
}
执行程序运行结果如下:
ejbcaWS init successfully. EJBCA Version is :EJBCA 6.2.0 (r19221)
create user successfully.
result:[org.ejbca.core.protocol.ws.client.gen.UserDataVOWS@44c35c97]
==========================
userName:t_123
email:123@qq.com
SubjectDN:E=123@qq.com,UID=35,CN=t_123,OU=研发中心,O=qq.com,L=changchu,ST=jilin,C=china
caName:ManagementCA
==========================
工程所需要jar在ejcb_home/dist/ejbca-ws-cli/lib目录下。
转载于:https://my.oschina.net/thinker4self/blog/286979
EJBCA 6 通过调用WebService接口增加用户并获取证书相关推荐
- android调用web接口,Android调用webservice 接口
以查询手机号码归属地的Web service为例,它的wsdl为 1 在Android项目中导入??Ksoap2-android jar第三方jar包?? 2 Activity代码 public cl ...
- Python 调用WebService接口出错-suds.transport.TransportError: HTTP Error 401: Unauthori
使用Python调用WebService接口出现"suds.transport.TransportError: HTTP Error 401: Unauthorized"错误. 问 ...
- Delphi 2010 调用WebService接口
Delphi 调用WebService接口 此测试程序使用Delphi2010编写 打开Delphi2010 一.File-> New-> Application 新建一个工程 在窗体上放 ...
- 调用webservice接口,数据不回滚问题
调用webservice接口,数据不回滚问题 使用cxf+spring框架开发webservice接口,在开发一个具有保存数据的接口功能时,如果数据发生了异常,对service层无论使用了xml配置声 ...
- VC++使用Soap ToolKit3.0调用WebService接口
由于项目需要,需要实现VC调用WebService接口,之前没接触过这个,所以花了一天找了点资料,并自己编写了demo. 1. 首先看了Soap相关资料,见http://www.w3school.co ...
- cmd 调用webservice接口_c# 三种方法调用WebService接口
1.引用*.wsdl文件 WebService服务端会提供wsdl文件,客户端通过该文件生成.cs文件以及生成.dll. 注意:若服务端只提供的了URL,在URL后面加上"?wsdl&quo ...
- python调用webservice接口实例_python调用各种接口,webservice,c接口,com接口,socket协议方法...
python调用webservice接口(SOAP) (2)调用示例: 需要先安装suds库:pip install suds from suds.client import Client #如果需要 ...
- Java使用XFire调用WebService接口
看了一些Java调用WebService接口的例子,很多都是Ctrl+C,Ctrl+V的,其中有很多拿来使用后发现有错误,令人郁闷,特此写了一篇经过测试的,只是一个小例子. 服务端(为客户端提供Web ...
- java用axis方式调用webservice接口
最近需要使用webservice接口,所以总结了一下全过程,希望能够对大家有所帮助. 开发使用的项目框架是ssm框架,tomcat服务器. 首先我们会拿到一个调用webservice接口的网址,类似这 ...
最新文章
- python判断网页密码加密方式_python实现网页登录时的rsa加密流程
- asp.net中缓存Cache类的使用案例(附源码)
- e影安全智能浏览器_【启耀玻璃】智能调光玻璃有什么特点? - 调光艺术玻璃|防火防弹玻璃|LOW-E节能玻璃|隔音隔热玻璃|特种安全玻璃|夹层中空玻璃-...
- [MSDN]ASP.NET MVC2(5)MVCRoute和urls
- day19 复习,组合和继承
- 安装thinkphp,其实就是下载thinkphp,然后放到网站根目录下就可以直接使用了。
- 鸿蒙专属ota升级真机,鸿蒙OS手机开发者Beta版发布,华为P40、Mate 30系列优先公测...
- php怎么查找函数库,php 查找字符串常用函数说明
- 看我用ubuntu virtualbox
- 从入门到精通,C程序员必读的3本
- android 查看cad方案,android 加载dwg 图纸解决方案
- HCNE复习参考(上)
- python 实验八 函数 (上)
- 非对称加密算法--RSA
- 登录密码加密,RSA加密算法
- 一维数组——折半查找法
- [精简]RuoYi开发实战-搭建开发环境
- xml的三种解析方式
- networkx, 网络节点多个属性
- MATLAB画带厚度的圆弧线