Provides the client-part of the EJBCA WS (Web Service) interface.
Introduction
This library supports EJBCA RA operations like issuing and revoking certificates.
Initialization
Before any EJBCA WS operations can be performed, the interface must be initialized.
For performance reasons it is recommendable to only do this once, like in a
ServletContextListener
.
Due to the fact that EJBCA requires that the
calling applications are authenticated through TLS,
client and trust-store certificates must also be defined during initialization.
Below is a example of an intialization procedure:
import javax.xml.namespace.QName;
.
.
class MyClass
{
static EjbcaWS ejbcaws; // A single instance is enough
.
.
void myInit ()
{
// Initialization code
System.setProperty ("javax.net.ssl.trustStore", "ws-keystore.jks");
System.setProperty ("javax.net.ssl.trustStorePassword", "foo123");
System.setProperty ("javax.net.ssl.keyStore", "ws-keystore.jks");
System.setProperty ("javax.net.ssl.keyStorePassword", "foo123");
QName qname = new QName ("http://ws.protocol.core.ejbca.org/", "EjbcaWSService");
EjbcaWSService service = new EjbcaWSService (new URL ("https://localhost:8443/ejbca/ejbcaws/ejbcaws?wsdl"), qname);
ejbcaws = service.getEjbcaWSPort ();
}
Using the EJBCA interface
UserDataVOWS user = new UserDataVOWS ();
user.setUsername ("tester");
user.setPassword ("foo123");
user.setClearPwd (false);
user.setSubjectDN ("CN=Tester,C=SE");
user.setCaName ("ManagementCA");
user.setTokenType (UserDataVOWS.TOKEN_TYPE_USERGENERATED);
user.setEndEntityProfileName ("EMPTY");
user.setCertificateProfileName ("ENDUSER");
byte[] cert_blob = ejbcaws.certificateRequest (user,
pkcs10_request_in_base64,
CertificateHelper.CERT_REQ_TYPE_PKCS10,
null,
CertificateHelper.RESPONSETYPE_CERTIFICATE).getRawData ();
The data in italics
is meant to be customized for the actual installation.