Package org.ejbca.core.protocol

Examples of org.ejbca.core.protocol.IResponseMessage


    user.setPassword("foo123");
    ExtendedInformation ei = new ExtendedInformation();
    ei.setCertificateSerialNumber(serno);
    user.setExtendedinformation(ei);

    IResponseMessage resp = null;
    try {
      resp = certificateRequestSession.processCertReq(admin, user, p10, org.ejbca.core.protocol.X509ResponseMessage.class);
    } catch (EjbcaException e) {
      log.debug(e.getMessage());
      assertTrue("Unexpected exception.", e.getMessage().startsWith("There is already a certificate stored in 'CertificateData' with the serial number"));
View Full Code Here


            PKCS10RequestMessage msg = new PKCS10RequestMessage(request);
            assertEquals("CN=TESTSIGNEDBYEXTERNAL", msg.getRequestDN());

            // Receive the certificate request on the TEST CA
            info.setSignedBy("CN=TEST".hashCode());
            IResponseMessage resp = caAdminSession.processRequest(admin, info, msg);

            // Receive the signed certificate back on our SubCA
            caAdminSession.receiveResponse(admin, info.getCAId(), resp, null, null);

            // Check that the CA has the correct certificate chain now
View Full Code Here

          assertTrue("Was able to receiveResponse for a CA with a non X509ResponseMessage.", false);
        } catch (EjbcaException e) {
          // Expected
        }
        try {
          IResponseMessage resp = new X509ResponseMessage();
          resp.setCertificate(caAdminSession.getCAInfo(admin, "TEST").getCertificateChain().iterator().next());
            caAdminSession.receiveResponse(admin, "CN=TEST".hashCode(), resp, null, null);
          assertTrue("Was able to receiveResponse for a CA that is not 'signed by external'.", false);
        } catch (EjbcaException e) {
          // Expected
        }
View Full Code Here

        log.debug("CertificationRequest generated successfully.");
        byte[] bcp10 = bOut.toByteArray();
        PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());

        // Verify error handling
        UserDataVO badUserData = new UserDataVO();
View Full Code Here

        log.debug("Reset status of 'foo' to NEW");

        PKCS10RequestMessage p10 = new PKCS10RequestMessage(keytoolp10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        log.trace("<test04TestKeytoolPKCS10()");
    }
View Full Code Here

        log.debug("Reset status of 'foo' to NEW");

        PKCS10RequestMessage p10 = new PKCS10RequestMessage(iep10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        log.trace("<test05TestIEPKCS10()");
    }
View Full Code Here

        try {
            PKCS10RequestMessage p10 = new PKCS10RequestMessage(keytooldsa);
            p10.setUsername("foo");
            p10.setPassword("foo123");
            IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
            Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
            log.info("cert with DN '" + CertTools.getSubjectDN(cert) + "' should not be issued?");
        } catch (Exception e) {
            // RSASignSession should throw an IllegalKeyException here.
            assertTrue("Expected IllegalKeyException: " + e.toString(), e instanceof IllegalKeyException);
        }
View Full Code Here

        log.debug("CertificationRequest generated successfully.");
        byte[] bcp10 = bOut.toByteArray();
        PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        PublicKey pk = cert.getPublicKey();
        if (pk instanceof JCEECPublicKey) {
            JCEECPublicKey ecpk = (JCEECPublicKey) pk;
View Full Code Here

  public IResponseMessage handleMessage(BaseCmpMessage msg) {
    if (LOG.isTraceEnabled()) {
      LOG.trace(">handleMessage");
    }
    int version = msg.getHeader().getPvno().getValue().intValue();
    IResponseMessage resp = null;
    // if version == 1 it is cmp1999 and we should not return a message back
    if (version > 1) {
      // Try to find a HMAC/SHA1 protection key
      String owfAlg = null;
      String macAlg = null;
      int iterationCount = 1024;
      String cmpRaAuthSecret = null
      String keyId = getSenderKeyId(msg.getHeader());
      if (keyId != null) {
        try {
          CmpPbeVerifyer verifyer = new CmpPbeVerifyer(msg.getMessage());
          owfAlg = verifyer.getOwfOid();
          macAlg = verifyer.getMacOid();
          iterationCount = verifyer.getIterationCount();
          // If we use a globally configured shared secret for all CAs we check it right away
          if (raAuthenticationSecret != null) {
            if (!verifyer.verify(raAuthenticationSecret)) {
              String err = "Protection verified false on ConformationMessage";
              LOG.error(err);
              return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, err);
            }
            cmpRaAuthSecret = raAuthenticationSecret;
          } else {
            // Get the correct profiles' and CA ids based on current configuration.
            CAInfo caInfo;
            try {
              int eeProfileId = getUsedEndEntityProfileId(keyId);
              int caId = getUsedCaId(keyId, eeProfileId);
              caInfo = caAdminSession.getCAInfo(admin, caId);
            } catch (NotFoundException e) {
              LOG.info(INTRES.getLocalizedMessage(CMP_ERRORGENERAL, e.getMessage()), e);
              return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.INCORRECT_DATA, e.getMessage());
            } catch (EJBException e) {
              final String errMsg = INTRES.getLocalizedMessage(CMP_ERRORADDUSER);
              LOG.error(errMsg, e);     
              return null// Fatal error
            }
            if (caInfo instanceof X509CAInfo) {
              cmpRaAuthSecret = ((X509CAInfo) caInfo).getCmpRaAuthSecret();
            }
            // Now we know which CA the request is for, if we didn't use a global shared secret we can check it now!
            if (cmpRaAuthSecret == null || !verifyer.verify(cmpRaAuthSecret)) {
              String errMsg = INTRES.getLocalizedMessage("cmp.errorauthmessage");
              LOG.info(errMsg); // info because this is something we should expect and we handle it
              if (verifyer.getErrMsg() != null) {
                errMsg = verifyer.getErrMsg();
              }
              return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, errMsg);
            }
          }
        } catch (NoSuchAlgorithmException e) {
          LOG.error("Exception calculating protection: ", e);
          return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
        } catch (NoSuchProviderException e) {
          LOG.error("Exception calculating protection: ", e);
          return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
        } catch (InvalidKeyException e) {
          LOG.error("Exception calculating protection: ", e);
          return CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
        }
      }
      if (LOG.isDebugEnabled()) {
        LOG.debug("Creating a PKI confirm message response");
      }
      CmpConfirmResponseMessage cresp = new CmpConfirmResponseMessage();
      cresp.setRecipientNonce(msg.getSenderNonce());
      cresp.setSenderNonce(new String(Base64.encode(CmpMessageHelper.createSenderNonce())));
      cresp.setSender(msg.getRecipient());
      cresp.setRecipient(msg.getSender());
      cresp.setTransactionId(msg.getTransactionId());
      // Set all protection parameters
      if (LOG.isDebugEnabled()) {
        LOG.debug(responseProtection+", "+owfAlg+", "+macAlg+", "+keyId+", "+cmpRaAuthSecret);
      }
      if (StringUtils.equals(responseProtection, "pbe") && (owfAlg != null) && (macAlg != null) && (keyId != null) && (cmpRaAuthSecret != null) ) {
        cresp.setPbeParameters(keyId, cmpRaAuthSecret, owfAlg, macAlg, iterationCount);
      }
      resp = cresp;
      try {
        resp.create();
      } catch (InvalidKeyException e) {
        LOG.error("Exception during CMP processing: ", e);     
      } catch (NoSuchAlgorithmException e) {
        LOG.error("Exception during CMP processing: ", e);     
      } catch (NoSuchProviderException e) {
View Full Code Here

  public IResponseMessage handleMessage(final BaseCmpMessage msg) {
    if (LOG.isTraceEnabled()) {
      LOG.trace(">handleMessage");
    }
    IResponseMessage resp = null;
    try {
      CrmfRequestMessage crmfreq = null;
      if (msg instanceof CrmfRequestMessage) {
        crmfreq = (CrmfRequestMessage) msg;
        crmfreq.getMessage();
View Full Code Here

TOP

Related Classes of org.ejbca.core.protocol.IResponseMessage

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.