Mar 212013
 

This class provides functionality for retrieving the X509 certificate and certificate details from the HttpServletRequest.

 

package bolin;

import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.faces.context.FacesContext;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletRequest;

/**
 * This class provides utility to extract X509Certificate data, specifically 
 * subject name and cert serial, from the HttpServletRequest.
 * @author Steven P. Bolin - Mar 21, 2013
 */
public class CertificatePlucker {

  private HttpServletRequest request;
  private X509Certificate cert;    // The certificate we are interested in.

  public CertificatePlucker() {

    this.request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
    X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");

    if(certs != null) {
      //TODO: It should be the first cert, but this needs to be confirmed that it is always the case. - sbolin
      this.cert = certs[0];
    } else if (certs == null || certs.length == 0) {
      this.cert = null;
      System.err.println("Certificates supplied are null or empty :" + (certs == null));
      // TODO: log this when logging functionality is decided upon - sbolin
    }
  }

  /**
   * Returns true if the current date is after the getValidFromDate and before
   * the getExpirationDate, false otherwise. If cert = null, then returns false;
   */
  public boolean isValidDate() {

  	boolean isValidDate = false;

  	if(this.cert != null) {
  		// if the cert exists, then re-initialize to true.
  		isValidDate = true;

  		// The validity is checked and handled by catching the exceptions.
  		// This is the designed functionality of cert.checkValidity
  		try {      
  			cert.checkValidity();
  		} catch (CertificateExpiredException ex) {
  			isValidDate = false;
  			// TODO: Log this when logging functionality is decided upon - sbolin
  		} catch (CertificateNotYetValidException ex) {
  			isValidDate = false;
  			// TODO: Log this when logging functionality is decided upon. - sbolin
  		}
  	}

  	return isValidDate;
  }

  /**
   * Returns the subject name of the Certificate
   * if the certificate is null, returns null.
   * @return Returns the subject name of the Certificate
   * if the certificate is null, returns null
   * @pre-condition The certificate subject is a name of the format ...redacted
   * @post-condition The name of the certificate is returned in the format ...redacted
   */
  public String getName() {
	  String subject = null;

	  if(this.cert != null) {

		  X500Principal certificatePrincipal = cert.getSubjectX500Principal();
		  subject = certificatePrincipal.getName().substring(0, certificatePrincipal.getName().indexOf(","));
		  String[] parts = subject.split("=");

		  if(parts != null && parts.length == 2) {
			  subject = parts[1];
		  } else {
			  subject = null;
		  }
	  }
	  return subject;
  }

  /**
   * Returns the serialNumber value from the certificate, if the certificate is null, returns null
   * @return Returns the serialNumber value from the certificate, if the certificate is null, returns null
   */
  public String getSerial() {
  	String serial = null;
  	if(this.cert != null) {
      serial = cert.getSerialNumber().toString();
  	}
    return serial;
  }

  /**
   * Returns the Date that the certificate validity ends, if the certificate is null, returns null
   * @return Returns the Date that the certificate validity ends, if the certificate is null, returns null
   */
  public Date getExpirationDate() {
  	Date date = null;
  	if(this.cert != null) {
  		date = cert.getNotAfter();
  	}
  	return date;
  }

  /**
   * Returns the Date that the certificate validity begins, if the certificate is null, returns null
   * @return Returns the Date that the certificate validity begins., if the certificate is null, returns null
   */
  public Date getValidFromDate() {
  	Date date = null;
  	if(this.cert != null) {
  		date = cert.getNotBefore();
  	}
  	return date;
  }

} // end of class

 

 

 Posted by at 12:00 am