從Web Service返回X509證書

Question

我有一個在JBOSS上運行的Web服務。該Web服務有一個名爲public X509Certificate provideCertificate(String name, PublicKey key){ ... }的方法，爲客戶提供新的證書，以便與其他方進行交流。

問題是，我不能接收一個公鑰，因爲JAXB抱怨它的一個接口，我不能返回一個X509Certificate，因爲它沒有一個空的構造函數（或者JBOSS所說的）。

我試圖封裝這些對象上的某種DTO對象，但它沒有工作。 我知道也許這不是做這件事的方法，所以關於這個主題的任何燈光都會非常令人滿意。

我的web服務代碼：

@javax.jws.WebService 
public class CAWebService 
{ 
@javax.jws.WebMethod 
public X509Certificate addOperatorPublicKey(PublicKeyReqResDTO req) 
{ 
    PublicKey key = req.getPublicKey(); 
    String operador = req.getNome(); 

    X509CertImpl cert = null; 
    try 
    { 
     // used algorithm 
     String algorithm = "MD5WithRSA"; 

     // create certificate for this request 
     PrivateKey privateKey = caKeyPair.getPrivate(); 
     X509CertInfo info = new X509CertInfo(); 

     // 3600000 = 1 hour maximum duration 
     Date from = new Date(); 
     Date to = new Date(from.getTime() + 3600000L); 

     CertificateValidity interval = new CertificateValidity(from, to); 
     BigInteger sn = new BigInteger(64, new SecureRandom()); 
     X500Name owner = new X500Name(operador); 

     info.set(X509CertInfo.VALIDITY, interval); 
     info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn)); 
     info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner)); 
     info.set(X509CertInfo.ISSUER, new CertificateIssuerName(new X500Name("CA"))); 
     info.set(X509CertInfo.KEY, new CertificateX509Key(key)); 
     info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); 
     AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid); 
     info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo)); 

     // signs the certificate using this web service private key 
     cert = new X509CertImpl(info); 
     cert.sign(privateKey, algorithm); 

     // updates and re-signs 
     algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG); 
     info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo); 
     cert = new X509CertImpl(info); 
     cert.sign(privateKey, algorithm); 
    } 
      //catch all the exceptions, its like 10 diffente ones 
    catch(....) 
      { 
    } 

    //is the name already on the valid cert list? 
    boolean found = false; int index = 0; 
    for(int i = 0; i < validList.size(); i++) 
    { 
     if(validList.get(i).getSubjectX500Principal().getName().equals(operador)) 
     { 
      found = true; index = i; 
      break; 
     } 
    } 

    //the cert was already on the valid list, so we put it on the black list 
    if(found) 
    { 
     blackList.add(validList.get(index)); 
     validList.remove(index); 
     validList.add(cert); 
    } 
    else 
    { 
     //didnt find so no need to put on the black list 
     validList.add(cert); 
    } 

    return cert; 
} 

也即時通訊使用的ArrayList來控制黑色和有效的證書列表因爲某種原因X509CRL犯規包括。新增（）方法.. 也即時在持續性不感興趣，我只是希望它能夠在Web服務在線的時候工作，時間就會離線​​，我不在乎eveything是否存在。

在此先感謝。

Answer 1

如果您將X509Certificate作爲byte []從Web服務返回給客戶端，並在客戶端從byte []重新創建X509Certificate，將會很容易。

它可以通過以下方式完成。從字節[]

ByteArrayOutputStream bos = new ByteArrayOutputStream(); 
ObjectOutput out = new ObjectOutputStream(bos); 
out.writeObject(certificate); 
byte[] data = bos.toByteArray(); 
bos.close(); 

重新創建x509證書： 轉換爲byte []

CertificateFactory cf = CertificateFactory.getInstance("X.509"); 
X509Certificate x509Certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(data));