case CertificateRequestRequest.REQUEST_TYPE_PKCS10:
Certificate cert = null;
PKCS10RequestMessage req = RequestMessageUtils.genPKCS10RequestMessage(submessage.getRequestData());
req.setUsername(submessage.getUsername());
req.setPassword(submessage.getPassword());
IResponseMessage resp = signSession.createCertificate(admin, req, X509ResponseMessage.class, null);
cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_CERTIFICATE) {
result = cert.getEncoded();
} else {
result = signSession.createPKCS7(admin, cert, true);
}
break;
case CertificateRequestRequest.REQUEST_TYPE_SPKAC:
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(submessage.getRequestData()));
ASN1Sequence spkac = (ASN1Sequence) in.readObject();
in.close();
NetscapeCertRequest nscr = new NetscapeCertRequest(spkac);
cert = signSession.createCertificate(admin, submessage.getUsername(), submessage.getPassword(), nscr.getPublicKey());
if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_CERTIFICATE) {
result = cert.getEncoded();
} else if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_PKCS7) {
result = signSession.createPKCS7(admin, cert, true);
} else if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_PKCS7WITHCHAIN) {
// Read certificate chain
ArrayList<Certificate> certList = new ArrayList<Certificate>();
certList.add(cert);
certList.addAll(caSession.getCA(Admin.getInternalAdmin(), CertTools.getIssuerDN(cert).hashCode()).getCertificateChain());
// Create large certificate-only PKCS7
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CertPath certPath = cf.generateCertPath(new ByteArrayInputStream(CertTools.getPEMFromCerts(certList)));
result = certPath.getEncoded("PKCS7");
} else {
return new CertificateRequestResponse(submessage.getRequestId(), false, MSG_UNSUPPORTED_RESPONSE_TYPE, null, null);
}
break;
case CertificateRequestRequest.REQUEST_TYPE_CRMF:
// Extract request in a format that EJBCA can process
CertReqMessages certReqMessages = CertReqMessages.getInstance(new ASN1InputStream(submessage.getRequestData()).readObject());
PKIMessage msg = new PKIMessage(new PKIHeader(
new DERInteger(2), new GeneralName(new X509Name("CN=unused")), new GeneralName(new X509Name("CN=unused"))),
new PKIBody(certReqMessages, 2)); // [2] CertReqMessages --Certification Request
CrmfRequestMessage crmfReq = new CrmfRequestMessage(msg, null, true, null);
crmfReq.setUsername(submessage.getUsername());
crmfReq.setPassword(submessage.getPassword());
// Request and extract certificate from response
IResponseMessage response = signSession.createCertificate(admin, crmfReq, org.ejbca.core.protocol.cmp.CmpResponseMessage.class, null);
ASN1InputStream ais = new ASN1InputStream(new ByteArrayInputStream(response.getResponseMessage()));
CertRepMessage certRepMessage = PKIMessage.getInstance(ais.readObject()).getBody().getCp();
InputStream inStream = new ByteArrayInputStream(certRepMessage.getResponse(0).getCertifiedKeyPair().getCertOrEncCert().getCertificate().getEncoded());
cert = CertificateFactory.getInstance("X.509").generateCertificate(inStream);
inStream.close();
// Convert to the right response type