Package org.ejbca.core.protocol

Examples of org.ejbca.core.protocol.IResponseMessage

208
209
210
211
212
213
214
215
216
217
218
    user.setPassword("foo123");
    ExtendedInformation ei = new ExtendedInformation();
    ei.setCertificateSerialNumber(serno);
    user.setExtendedinformation(ei);

    IResponseMessage resp = null;
    try {
      resp = certificateRequestSession.processCertReq(admin, user, p10, org.ejbca.core.protocol.X509ResponseMessage.class);
    } catch (EjbcaException e) {
      log.debug(e.getMessage());
      assertTrue("Unexpected exception.", e.getMessage().startsWith("There is already a certificate stored in 'CertificateData' with the serial number"));
View Full Code Here
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
            PKCS10RequestMessage msg = new PKCS10RequestMessage(request);
            assertEquals("CN=TESTSIGNEDBYEXTERNAL", msg.getRequestDN());

            // Receive the certificate request on the TEST CA
            info.setSignedBy("CN=TEST".hashCode());
            IResponseMessage resp = caAdminSession.processRequest(admin, info, msg);

            // Receive the signed certificate back on our SubCA
            caAdminSession.receiveResponse(admin, info.getCAId(), resp, null, null);

            // Check that the CA has the correct certificate chain now
View Full Code Here
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
          assertTrue("Was able to receiveResponse for a CA with a non X509ResponseMessage.", false);
        } catch (EjbcaException e) {
          // Expected
        }
        try {
          IResponseMessage resp = new X509ResponseMessage();
          resp.setCertificate(caAdminSession.getCAInfo(admin, "TEST").getCertificateChain().iterator().next());
            caAdminSession.receiveResponse(admin, "CN=TEST".hashCode(), resp, null, null);
          assertTrue("Was able to receiveResponse for a CA that is not 'signed by external'.", false);
        } catch (EjbcaException e) {
          // Expected
        }
View Full Code Here
442
443
444
445
446
447
448
449
450
451
452
453
        log.debug("CertificationRequest generated successfully.");
        byte[] bcp10 = bOut.toByteArray();
        PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());

        // Verify error handling
        UserDataVO badUserData = new UserDataVO();
View Full Code Here
475
476
477
478
479
480
481
482
483
484
485
        log.debug("Reset status of 'foo' to NEW");

        PKCS10RequestMessage p10 = new PKCS10RequestMessage(keytoolp10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        log.trace("<test04TestKeytoolPKCS10()");
    }
View Full Code Here
497
498
499
500
501
502
503
504
505
506
507
        log.debug("Reset status of 'foo' to NEW");

        PKCS10RequestMessage p10 = new PKCS10RequestMessage(iep10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        log.trace("<test05TestIEPKCS10()");
    }
View Full Code Here
558
559
560
561
562
563
564
565
566
567
568
569
        try {
            PKCS10RequestMessage p10 = new PKCS10RequestMessage(keytooldsa);
            p10.setUsername("foo");
            p10.setPassword("foo123");
            IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
            Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
            log.info("cert with DN '" + CertTools.getSubjectDN(cert) + "' should not be issued?");
        } catch (Exception e) {
            // RSASignSession should throw an IllegalKeyException here.
            assertTrue("Expected IllegalKeyException: " + e.toString(), e instanceof IllegalKeyException);
        }
View Full Code Here
953
954
955
956
957
958
959
960
961
962
963
964
        log.debug("CertificationRequest generated successfully.");
        byte[] bcp10 = bOut.toByteArray();
        PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        PublicKey pk = cert.getPublicKey();
        if (pk instanceof JCEECPublicKey) {
            JCEECPublicKey ecpk = (JCEECPublicKey) pk;
View Full Code Here
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
  public IResponseMessage handleMessage(BaseCmpMessage msg) {
    if (LOG.isTraceEnabled()) {
      LOG.trace(">handleMessage");
    }
    int version = msg.getHeader().getPvno().getValue().intValue();
    IResponseMessage resp = null;
    // if version == 1 it is cmp1999 and we should not return a message back
    if (version > 1) {
      // Try to find a HMAC/SHA1 protection key
      String owfAlg = null;
      String macAlg = null;
      int iterationCount = 1024;
      String cmpRaAuthSecret = null
      String keyId = getSenderKeyId(msg.getHeader());
      if (keyId != null) {
        try {
          CmpPbeVerifyer verifyer = new CmpPbeVerifyer(msg.getMessage());
          owfAlg = verifyer.getOwfOid();
          macAlg = verifyer.getMacOid();
          iterationCount = verifyer.getIterationCount();
          // If we use a globally configured shared secret for all CAs we check it right away
          if (raAuthenticationSecret != null) {
            if (!verifyer.verify(raAuthenticationSecret)) {
              String err = "Protection verified false on ConformationMessage";
              LOG.error(err);
              return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, err);
            }
            cmpRaAuthSecret = raAuthenticationSecret;
          } else {
            // Get the correct profiles' and CA ids based on current configuration.
            CAInfo caInfo;
            try {
              int eeProfileId = getUsedEndEntityProfileId(keyId);
              int caId = getUsedCaId(keyId, eeProfileId);
              caInfo = caAdminSession.getCAInfo(admin, caId);
            } catch (NotFoundException e) {
              LOG.info(INTRES.getLocalizedMessage(CMP_ERRORGENERAL, e.getMessage()), e);
              return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.INCORRECT_DATA, e.getMessage());
            } catch (EJBException e) {
              final String errMsg = INTRES.getLocalizedMessage(CMP_ERRORADDUSER);
              LOG.error(errMsg, e);     
              return null// Fatal error
            }
            if (caInfo instanceof X509CAInfo) {
              cmpRaAuthSecret = ((X509CAInfo) caInfo).getCmpRaAuthSecret();
            }
            // Now we know which CA the request is for, if we didn't use a global shared secret we can check it now!
            if (cmpRaAuthSecret == null || !verifyer.verify(cmpRaAuthSecret)) {
              String errMsg = INTRES.getLocalizedMessage("cmp.errorauthmessage");
              LOG.info(errMsg); // info because this is something we should expect and we handle it
              if (verifyer.getErrMsg() != null) {
                errMsg = verifyer.getErrMsg();
              }
              return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, errMsg);
            }
          }
        } catch (NoSuchAlgorithmException e) {
          LOG.error("Exception calculating protection: ", e);
          return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
        } catch (NoSuchProviderException e) {
          LOG.error("Exception calculating protection: ", e);
          return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
        } catch (InvalidKeyException e) {
          LOG.error("Exception calculating protection: ", e);
          return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
        }
      }
      if (LOG.isDebugEnabled()) {
        LOG.debug("Creating a PKI confirm message response");
      }
      CmpConfirmResponseMessage cresp = new CmpConfirmResponseMessage();
      cresp.setRecipientNonce(msg.getSenderNonce());
      cresp.setSenderNonce(new String(Base64.encode(CmpMessageHelper.createSenderNonce())));
      cresp.setSender(msg.getRecipient());
      cresp.setRecipient(msg.getSender());
      cresp.setTransactionId(msg.getTransactionId());
      // Set all protection parameters
      if (LOG.isDebugEnabled()) {
        LOG.debug(responseProtection+", "+owfAlg+", "+macAlg+", "+keyId+", "+cmpRaAuthSecret);
      }
      if (StringUtils.equals(responseProtection, "pbe") && (owfAlg != null) && (macAlg != null) && (keyId != null) && (cmpRaAuthSecret != null) ) {
        cresp.setPbeParameters(keyId, cmpRaAuthSecret, owfAlg, macAlg, iterationCount);
      }
      resp = cresp;
      try {
        resp.create();
      } catch (InvalidKeyException e) {
        LOG.error("Exception during CMP processing: ", e);     
      } catch (NoSuchAlgorithmException e) {
        LOG.error("Exception during CMP processing: ", e);     
      } catch (NoSuchProviderException e) {
View Full Code Here
172
173
174
175
176
177
178
179
180
181
182
  public IResponseMessage handleMessage(final BaseCmpMessage msg) {
    if (LOG.isTraceEnabled()) {
      LOG.trace(">handleMessage");
    }
    IResponseMessage resp = null;
    try {
      CrmfRequestMessage crmfreq = null;
      if (msg instanceof CrmfRequestMessage) {
        crmfreq = (CrmfRequestMessage) msg;
        crmfreq.getMessage();
View Full Code Here
TOP

Related Classes of org.ejbca.core.protocol.IResponseMessage

  • org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
  • org.ejbca.core.ejb.ca.caadmin.CAsTest
  • org.ejbca.core.ejb.ca.sign.CustomCertSerialnumberTest
  • org.ejbca.core.ejb.ca.sign.RSASignSessionBean
  • org.ejbca.core.ejb.ca.sign.SignSessionTest
  • org.ejbca.core.ejb.ra.CertificateRequestSessionBean
  • org.ejbca.core.protocol.cmp.CmpMessageDispatcherSessionBean
  • org.ejbca.core.protocol.cmp.ConfirmationMessageHandler
  • org.ejbca.core.protocol.cmp.CrmfMessageHandler
  • org.ejbca.core.protocol.cmp.RevocationMessageHandler
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.