Question

i 设有一个网上服务,在JBOSS上运行。该网络服务采用以下方法:public X509Certificate provideCertificate (String name, PublicKey key){ },向客户提供新证书,以便与其他当事人沟通。

问题在于,由于日本宇宙航空研究开发机构抱怨其接口,而且由于它有空的建筑商(或如JBOSS的话),它必须归还X509Certificate。

i ve tried encapsulating those objects on some kind of DTO object but it didnt work as well. i know maybe this is not the way to do it, so any lights on the subject would be greatly appretiated.

我的网络服务守则:

@javax.jws.WebService
public class CAWebService
{
@javax.jws.WebMethod
public X509Certificate addOperatorPublicKey(PublicKeyReqResDTO req)
{
    PublicKey key = req.getPublicKey();
    String operador = req.getNome();

    X509CertImpl cert = null;
    try
    {
        // used algorithm
        String algorithm = "MD5WithRSA";

        // create certificate for this request
        PrivateKey privateKey = caKeyPair.getPrivate();
        X509CertInfo info = new X509CertInfo();

        // 3600000 = 1 hour maximum duration
        Date from = new Date();
        Date to = new Date(from.getTime() + 3600000L);

        CertificateValidity interval = new CertificateValidity(from, to);
        BigInteger sn = new BigInteger(64, new SecureRandom());
        X500Name owner = new X500Name(operador);

        info.set(X509CertInfo.VALIDITY, interval);
        info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(new X500Name("CA")));
        info.set(X509CertInfo.KEY, new CertificateX509Key(key));
        info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
        AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
        info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));

        // signs the certificate using this web service private key
        cert = new X509CertImpl(info);
        cert.sign(privateKey, algorithm);

        // updates and re-signs
        algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
        info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
        cert = new X509CertImpl(info);
        cert.sign(privateKey, algorithm);
    }
            //catch all the exceptions, its like 10 diffente ones
    catch( .... )
            {
    }

    //is the name already on the valid cert list?
    boolean found = false; int index = 0;
    for(int i = 0; i < validList.size(); i++)
    {
        if(validList.get(i).getSubjectX500Principal().getName().equals(operador))
        {
            found = true; index = i;
            break;
        }
    }

    //the cert was already on the valid list, so we put it on the black list
    if(found)
    {
        blackList.add(validList.get(index));
        validList.remove(index);
        validList.add(cert);
    }
    else
    {
        //didnt find so no need to put on the black list
        validList.add(cert);
    }

    return cert;
}

also im using ArrayList to control the black and valid certificate lists because for some reason X509CRL doesnt include an .add() method.. also im not interested in persistency, i just want it to work while the web service is online, the time is goes offline i dont care if eveything siezes to exist.

预先感谢。

Answer 1

It will be easy if you will return X509Certificate as byte[] to client from web-service and recreate X509Certificate from byte[] at client side.

It can be done by following way. Convert to byte[]:

ByteArrayOutputStream bos = new ByteArrayOutputStream(); 
ObjectOutput out = new ObjectOutputStream(bos);   
out.writeObject(certificate);
byte[] data = bos.toByteArray(); 
bos.close();

Recreating X509Certificate from byte[]:

CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509Certificate = (X509Certificate) cf.generateCertificate(new  ByteArrayInputStream(data));

友情链接