Examples of IResponseMessage

Examples of org.ejbca.core.protocol.IResponseMessage

169
170
171
172
173
174
175
176
177
178
179
          log.error(eMsg);
          return CmpMessageHelper.createUnprotectedErrorMessage(null, ResponseStatus.FAILURE, FailInfo.BAD_REQUEST, eMsg);
        }
        throw new Exception("Something is null! Handler="+handler+", cmpMessage="+cmpMessage);
      }
      final IResponseMessage ret  = handler.handleMessage(cmpMessage);
      if (ret != null) {
        log.debug("Received a response message from CmpMessageHandler.");
      } else {
        log.error( intres.getLocalizedMessage("cmp.errorresponsenull") );
      }
View Full Code Here

Examples of org.ejbca.core.protocol.IResponseMessage

1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
    @Override
    public IResponseMessage processRequest(Admin admin, CAInfo cainfo, IRequestMessage requestmessage) throws CAExistsException, CADoesntExistsException,
            AuthorizationDeniedException, CATokenOfflineException {
        final CA ca;
        Collection<Certificate> certchain = null;
        IResponseMessage returnval = null;
        // check authorization
        if(!authorizationSession.isAuthorizedNoLog(admin, "/super_administrator")) {
            String msg = intres.getLocalizedMessage("caadmin.notauthorizedtocertresp", cainfo.getName());
            logSession.log(admin, admin.getCaId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE,
                    msg);
            throw new AuthorizationDeniedException(msg);
        }

        // Check that CA doesn't already exists
        CAData oldcadata = null;
        int caid = cainfo.getCAId();
        if (caid >= 0 && caid <= CAInfo.SPECIALCAIDBORDER) {
          String msg = intres.getLocalizedMessage("caadmin.errorcaexists", cainfo.getName());
          logSession.log(admin, admin.getCaId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_CAEDITED, msg);
          throw new CAExistsException(msg);
        }
        oldcadata = CAData.findById(entityManager, Integer.valueOf(caid));
        // If it did not exist with a certain DN (caid) perhaps a CA with the
        // same CA name exists?
        if (oldcadata == null) {
          oldcadata = CAData.findByName(entityManager, cainfo.getName());
        }
        boolean processinternalca = false;
        if (oldcadata != null) {
            // If we find an already existing CA, there is a good chance that we
            // should throw an exception
            // Saying that the CA already exists.
            // However, if we have the same DN, and give the same name, we
            // simply assume that the admin actually wants
            // to treat an internal CA as an external CA, perhaps there is
            // different HSMs connected for root CA and sub CA?
            if (log.isDebugEnabled()) {
                log.debug("Old castatus=" + oldcadata.getStatus() + ", oldcaid=" + oldcadata.getCaId().intValue() + ", caid=" + cainfo.getCAId()
                        + ", oldcaname=" + oldcadata.getName() + ", name=" + cainfo.getName());
            }
            if (((oldcadata.getStatus() == SecConst.CA_WAITING_CERTIFICATE_RESPONSE) || (oldcadata.getStatus() == SecConst.CA_ACTIVE) || (oldcadata.getStatus() == SecConst.CA_EXTERNAL))
                    && (oldcadata.getCaId().intValue() == cainfo.getCAId()) && (oldcadata.getName().equals(cainfo.getName()))) {
                // Yes, we have all the same DN, CAName and the old CA is either
                // waiting for a certificate response or is active
                // (new CA or active CA that we want to renew)
                // or it is an external CA that we want to issue a new
                // certificate to
                processinternalca = true;
                if (oldcadata.getStatus() == SecConst.CA_EXTERNAL) {
                    log.debug("Renewing an external CA.");
                } else {
                    log.debug("Processing an internal CA, as an external.");
                }
            } else {
                String msg = intres.getLocalizedMessage("caadmin.errorcaexists", cainfo.getName());
                log.info(msg);
                throw new CAExistsException(msg);
            }
        }

        // get signing CA
        if (cainfo.getSignedBy() > CAInfo.SPECIALCAIDBORDER || cainfo.getSignedBy() < 0) {
            try {
              CAData signcadata = CAData.findByIdOrThrow(entityManager, Integer.valueOf(cainfo.getSignedBy()));
                CA signca = signcadata.getCA();
                try {
                    // Check that the signer is valid
                    checkSignerValidity(admin, signcadata);

                    // Get public key from request
                    PublicKey publickey = requestmessage.getRequestPublicKey();

                    // Create cacertificate
                    Certificate cacertificate = null;
                    String subjectAltName = null;
                    if (cainfo instanceof X509CAInfo) {
                        subjectAltName = ((X509CAInfo) cainfo).getSubjectAltName();
                    }
                    UserDataVO cadata = new UserDataVO("nobody", cainfo.getSubjectDN(), cainfo.getSubjectDN().hashCode(), subjectAltName, null, 0, 0, 0, cainfo
                            .getCertificateProfileId(), null, null, 0, 0, null);
                    // We can pass the PKCS10 request message as extra
                    // parameters
                    if (requestmessage instanceof PKCS10RequestMessage) {
                        ExtendedInformation extInfo = new ExtendedInformation();
                        PKCS10CertificationRequest pkcs10 = ((PKCS10RequestMessage) requestmessage).getCertificationRequest();
                        extInfo.setCustomData(ExtendedInformation.CUSTOM_PKCS10, new String(Base64.encode(pkcs10.getEncoded())));
                        cadata.setExtendedinformation(extInfo);
                    }
                    CertificateProfile certprofile = certificateProfileSession.getCertificateProfile(admin, cainfo.getCertificateProfileId());
                    String sequence = null;
                    byte[] ki = requestmessage.getRequestKeyInfo();
                    if ((ki != null) && (ki.length > 0)) {
                        sequence = new String(ki);
                    }
                    cacertificate = signca.generateCertificate(cadata, publickey, -1, cainfo.getValidity(), certprofile, sequence);
                    // X509ResponseMessage works for both X509 CAs and CVC CAs
                    // here...pure luck? I don't think so!
                    returnval = new X509ResponseMessage();
                    returnval.setCertificate(cacertificate);

                    // Build Certificate Chain
                    Collection<Certificate> rootcachain = signca.getCertificateChain();
                    certchain = new ArrayList<Certificate>();
                    certchain.add(cacertificate);
View Full Code Here

Examples of org.ejbca.core.protocol.IResponseMessage

58
59
60
61
62
63
64
65
66
67
68
69
      } else {
        getLogger().error("Input file '"+csr+"' is not a PKCS#10 request.");
        return;
      }
      // Call signsession to create a certificate
      IResponseMessage resp = ejb.getSignSession().createCertificate(getAdmin(), req, X509ResponseMessage.class, null);
      byte[] respBytes = resp.getResponseMessage();
      // Convert to PEM
      Certificate cert = CertTools.getCertfromByteArray(respBytes);
      Collection certs = new ArrayList();
      certs.add(cert);
      byte[] pembytes = CertTools.getPEMFromCerts(certs);
View Full Code Here

Examples of org.ejbca.core.protocol.IResponseMessage

68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
                log.error("Error '" + reqmsg.getErrorNo() + "' receiving Scep request message.");
                return null;
            }
            if (reqmsg.getMessageType() == ScepRequestMessage.SCEP_TYPE_PKCSREQ) {
                // Get the certificate
                IResponseMessage resp = signsession.createCertificate(admin, reqmsg, org.ejbca.core.protocol.scep.ScepResponseMessage.class, null);
                if (resp != null) {
                    ret = resp.getResponseMessage();
                }
            }
            if (reqmsg.getMessageType() == ScepRequestMessage.SCEP_TYPE_GETCRL) {
                // create the stupid encrypted CRL message, the below can actually only be made
                // at the CA, since CAs private key is needed to decrypt
                IResponseMessage resp = signsession.getCRL(admin, reqmsg, org.ejbca.core.protocol.scep.ScepResponseMessage.class);
                if (resp != null) {
                    ret = resp.getResponseMessage();
                }
            }
        } catch (IOException e) {
            log.error("Error receiving ScepMessage: ", e);
        } catch (GeneralSecurityException e) {
View Full Code Here

Examples of org.ejbca.core.protocol.IResponseMessage

224
225
226
227
228
229
230
231
232
233
234
235
236
237
    }
    Certificate cert=null;
    debugInfo += "Request: " + requestData + "\n";
    req.setUsername(username);
    req.setPassword(password);
    IResponseMessage resp;
    try {
      resp = signSession.createCertificate(admin, req, X509ResponseMessage.class, null);
      cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
      result = signSession.createPKCS7(admin, cert, true);
      debugInfo += "Resulting cert: " + new String(Base64.encode(result, true)) + "\n";
    } catch (Exception e) {
      log.error("Noooo!!! ", e);
      response.getOutputStream().println("An error has occurred.");
View Full Code Here

Examples of org.ejbca.core.protocol.IResponseMessage

106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
            case CertificateRequestRequest.REQUEST_TYPE_PKCS10:
              Certificate cert = null;
              PKCS10RequestMessage req = RequestMessageUtils.genPKCS10RequestMessage(submessage.getRequestData());
              req.setUsername(submessage.getUsername());
              req.setPassword(submessage.getPassword());
              IResponseMessage resp = signSession.createCertificate(admin, req, X509ResponseMessage.class, null);
              cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
              if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_CERTIFICATE) {
                result = cert.getEncoded();
              } else
                result = signSession.createPKCS7(admin, cert, true);
              }
              break;
            case CertificateRequestRequest.REQUEST_TYPE_SPKAC:
              ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(submessage.getRequestData()));
              ASN1Sequence spkac = (ASN1Sequence) in.readObject();
              in.close();
              NetscapeCertRequest nscr = new NetscapeCertRequest(spkac);
                cert = signSession.createCertificate(admin, submessage.getUsername(), submessage.getPassword(), nscr.getPublicKey());
              if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_CERTIFICATE) {
                result = cert.getEncoded();
              } else if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_PKCS7) { 
                result = signSession.createPKCS7(admin, cert, true);
              } else if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_PKCS7WITHCHAIN) {
                // Read certificate chain
                    ArrayList<Certificate> certList = new ArrayList<Certificate>();
                      certList.add(cert);
                      certList.addAll(caSession.getCA(Admin.getInternalAdmin(), CertTools.getIssuerDN(cert).hashCode()).getCertificateChain());
                      // Create large certificate-only PKCS7
                      CertificateFactory cf = CertificateFactory.getInstance("X.509");
                      CertPath certPath = cf.generateCertPath(new ByteArrayInputStream(CertTools.getPEMFromCerts(certList)));
                      result = certPath.getEncoded("PKCS7");
              } else
              return new CertificateRequestResponse(submessage.getRequestId(), false, MSG_UNSUPPORTED_RESPONSE_TYPE, null, null);
              }
              break;
            case CertificateRequestRequest.REQUEST_TYPE_CRMF:
              // Extract request in a format that EJBCA can process
          CertReqMessages certReqMessages = CertReqMessages.getInstance(new ASN1InputStream(submessage.getRequestData()).readObject());
          PKIMessage msg = new PKIMessage(new PKIHeader(
              new DERInteger(2), new GeneralName(new X509Name("CN=unused")), new GeneralName(new X509Name("CN=unused"))),
              new PKIBody(certReqMessages, 2)); // [2] CertReqMessages --Certification Request
              CrmfRequestMessage crmfReq = new CrmfRequestMessage(msg, null, true, null);
              crmfReq.setUsername(submessage.getUsername());
              crmfReq.setPassword(submessage.getPassword());
              // Request and extract certificate from response
              IResponseMessage response = signSession.createCertificate(admin, crmfReq, org.ejbca.core.protocol.cmp.CmpResponseMessage.class, null);
              ASN1InputStream ais = new ASN1InputStream(new ByteArrayInputStream(response.getResponseMessage()));
              CertRepMessage certRepMessage = PKIMessage.getInstance(ais.readObject()).getBody().getCp();
          InputStream inStream = new ByteArrayInputStream(certRepMessage.getResponse(0).getCertifiedKeyPair().getCertOrEncCert().getCertificate().getEncoded());
          cert = CertificateFactory.getInstance("X.509").generateCertificate(inStream);
          inStream.close();
          // Convert to the right response type
View Full Code Here

Examples of org.ejbca.core.protocol.IResponseMessage

488
489
490
491
492
493
494
495
496
497
        byte[] result = null
        Certificate cert=null;
    PKCS10RequestMessage req = RequestMessageUtils.genPKCS10RequestMessage(b64Encoded);
    req.setUsername(username);
        req.setPassword(password);
        IResponseMessage resp = signsession.createCertificate(administrator, req, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        result = cert.getEncoded();
        return Base64.encode(result, false);
    }
View Full Code Here

Examples of org.ejbca.core.protocol.IResponseMessage

247
248
249
250
251
252
253
254
255
    private Certificate pkcs10CertRequest(Admin administrator, SignSession signSession, PKCS10RequestMessage req,
        String username, String password) throws EjbcaException, CertificateEncodingException, CertificateException, IOException, ClassNotFoundException {
        Certificate cert=null;
    req.setUsername(username);
        req.setPassword(password);
        IResponseMessage resp = signSession.createCertificate(administrator,req,X509ResponseMessage.class, null);
        cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        return cert;
    }
View Full Code Here

Examples of org.ejbca.core.protocol.IResponseMessage

261
262
263
264
265
266
267
268
269
270
271
272
       
        byte[] pkcs7;
        try {
            p10.setUsername(username);
            p10.setPassword(password);
            IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
            Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
            pkcs7 = signSession.createPKCS7(admin, cert, true);
        } catch (EjbcaException e) {
            // EJBCA did not accept any of all parameters in the request.
            throw new ServletException(e);
        } catch (CertificateEncodingException e) {
View Full Code Here

Examples of org.ejbca.core.protocol.IResponseMessage

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
    if ( cmpTcpMessage.message==null )  {
      handler.closeConnection();
    } else {
      // We must use an administrator with rights to create users
      final Admin administrator = new Admin(Admin.TYPE_RA_USER, handler.getHostAddress());
      final IResponseMessage resp;
      try {
         resp = getEjb().getCmpMessageDispatcherSession().dispatch(administrator, cmpTcpMessage.message);
      } catch (IOException e) {
        LOG.error( INTRES.getLocalizedMessage("cmp.errornoasn1"), e );
        handler.closeConnection();
        return;
      }
      if (LOG.isDebugEnabled()) {
        LOG.debug("Sending back CMP response to client.");
      }
      // Send back reply
      final TcpReturnMessage sendBack;
      {
        byte tmp[] = null;
        try {
          if (resp!=null) {
            tmp = resp.getResponseMessage();
          }
        } catch (CertificateEncodingException e) {
          LOG.debug("CertificateEncodingException: " + e.getMessage());
        }
        sendBack = TcpReturnMessage.createMessage(tmp, cmpTcpMessage.doClose);
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.