Package org.ejbca.core.protocol

Examples of org.ejbca.core.protocol.PKCS10RequestMessage


     */
    private byte[] pkcs10CertRequest(Admin administrator, SignSession signsession, byte[] b64Encoded,
        String username, String password) throws Exception {
        byte[] result = null
        Certificate cert=null;
    PKCS10RequestMessage req = RequestMessageUtils.genPKCS10RequestMessage(b64Encoded);
    req.setUsername(username);
        req.setPassword(password);
        IResponseMessage resp = signsession.createCertificate(administrator, req, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        result = cert.getEncoded();
        return Base64.encode(result, false);
    }
View Full Code Here


    private ISubMessage processExtRAPKCS10Request(Admin admin, PKCS10Request submessage) {
    log.debug("Processing PKCS10Request");
    PKCS10Response retval = null;
    try {
        // Create a PKCS10
        PKCS10RequestMessage pkcs10 = RequestMessageUtils.genPKCS10RequestMessage(submessage.getPKCS10().getBytes());
        String password = pkcs10.getPassword();
       
        if (submessage.createOrEditUser()) {
          // If we did not provide a password, set a default one
          if (StringUtils.isEmpty(password)) {
            log.debug("Empty password received, createOrEditUser=true so setting default password.");
            password = "foo123";
          }
            UserDataVO userdata = generateUserDataVO(admin, submessage);
            userdata.setPassword(password);
            log.info("Creating/editing user: "+userdata.getUsername()+", with dn: "+userdata.getDN());
          // See if the user already exists, if it exists and have status NEW or INPROCESS we will not try to change it
          // This way we can use approvals. When a request first comes in, it is put for approval. When it is approved,
          // we will not try to change it again, because it is ready to be processed
            storeUserData(admin, userdata,false,UserDataConstants.STATUS_INPROCESS );           
        }
        if (StringUtils.isNotEmpty(password)) {
          X509Certificate cert = (X509Certificate) signSession.createCertificate(admin,submessage.getUsername(),password, pkcs10.getRequestPublicKey());
          byte[] pkcs7 = signSession.createPKCS7(admin, cert, true);
          retval = new PKCS10Response(submessage.getRequestId(),true,null,cert,pkcs7);         
        } else {
          // Will be caught below and a fail response created
          throw new Exception("No challenge password received, can not use empty password for enrollment. Nothing processed.");
View Full Code Here

                    return retval;
                }
                // Verify requests
                byte[] authReqBytes = authReq.getBytes();
                byte[] signReqBytes = signReq.getBytes();
                PKCS10RequestMessage authPkcs10 = RequestMessageUtils.genPKCS10RequestMessage(authReqBytes);
                PKCS10RequestMessage signPkcs10 = RequestMessageUtils.genPKCS10RequestMessage(signReqBytes);
                String authok = null;
                try {
                    if (!authPkcs10.verify(authcert.getPublicKey())) {
                        authok = "Verify failed for authentication request";
                    }                   
                } catch (Exception e) {
                    authok="Error verifying authentication request: "+e.getMessage();
                    log.error("Error verifying authentication request: ", e);
                }
                if (authok != null) {
                    retval = new ExtRAResponse(submessage.getRequestId(),false,authok);
                    return retval;                                       
                }
                String signok = null;
                try {
                    if (!signPkcs10.verify(signcert.getPublicKey())) {
                        signok = "Verify failed for signature request";
                    }                   
                } catch (Exception e) {
                    signok="Error verifying signaturerequest: "+e.getMessage();
                    log.error("Error verifying signaturerequest: ", e);
View Full Code Here

        }
       
        RAInterfaceBean rabean = getRaBean(request);
       
        // Decompose the PKCS#10 request, and create the user.
        PKCS10RequestMessage p10 = new PKCS10RequestMessage(buffer);
        String dn = p10.getCertificationRequest().getCertificationRequestInfo().getSubject().toString();
       
        String username = request.getParameter("username");
        if (username == null || username.trim().length() == 0) {
            username = dn;
        }
        // Strip dangerous chars
        username = StringTools.strip(username);
        // need null check here?
        // Before doing anything else, check if the user name is unique and ok.
        username = checkUsername(rabean, username);
       
        UserView newuser = new UserView();
        newuser.setUsername(username);
       
        newuser.setSubjectDN(dn);
        newuser.setTokenType(SecConst.TOKEN_SOFT_BROWSERGEN);
        newuser.setKeyRecoverable(false);
       
        String email = CertTools.getPartFromDN(dn, "E"); // BC says VeriSign
        if (email == null) {
          email = CertTools.getPartFromDN(dn, "EMAILADDRESS");
        } else {
            newuser.setEmail(email);
        }
       
        String tmp = null;
        int eProfileId = SecConst.EMPTY_ENDENTITYPROFILE;
        if ((tmp = request.getParameter("entityprofile")) != null) {
            int reqId = rabean.getEndEntityProfileId(tmp);
            if (reqId == 0) {
                throw new ServletException("No such end entity profile: " + tmp);
            }
            eProfileId = reqId;
        }
        newuser.setEndEntityProfileId(eProfileId);
       
        int cProfileId = SecConst.CERTPROFILE_FIXED_ENDUSER;
        if ((tmp = request.getParameter("certificateprofile")) != null) {
            CAInterfaceBean cabean = getCaBean(request);
            int reqId = cabean.getCertificateProfileId(tmp);
            if (reqId == 0) {
                throw new ServletException("No such certificate profile: " + tmp);
            }
            cProfileId = reqId;
        }
        newuser.setCertificateProfileId(cProfileId);
       
        int caid = 0;
        if ((tmp = request.getParameter("ca")) != null) {
            // TODO: get requested CA to sign with
        }
        newuser.setCAId(caid);
       
       
        String password = request.getParameter("password");
        if (password == null) {
          password = "";
        }
        newuser.setPassword(password);
        newuser.setClearTextPassword(false);
       
        try {
            rabean.addUser(newuser);
        } catch (Exception e) {
            throw new ServletException("Error adding user: " + e.toString(), e);
        }
       
        byte[] pkcs7;
        try {
            p10.setUsername(username);
            p10.setPassword(password);
            IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
            Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
            pkcs7 = signSession.createPKCS7(admin, cert, true);
        } catch (EjbcaException e) {
            // EJBCA did not accept any of all parameters in the request.
View Full Code Here

                } catch (ParseException ex) {
                    // Apparently it wasn't a CVC request, ignore
                } catch (IllegalArgumentException ex) {
                    // Apparently it wasn't a X.509 certificate, was it a certificate request?
                try {
                    PKCS10RequestMessage p10 = RequestMessageUtils.genPKCS10RequestMessage(request);
                    filename = CertTools.getPartFromDN(p10.getRequestX509Name().toString(), "CN");
                } catch (Exception e1) { // NOPMD
                  // Nope, not a certificate request either, see if it was an X.509 certificate
                  Certificate cert = CertTools.getCertfromByteArray(request);
                  filename = CertTools.getPartFromDN(CertTools.getSubjectDN(cert), "CN");
                  if (filename == null) {
View Full Code Here

        boolean verify = req2.verify();
        log.debug("Verify returned " + verify);
        assertTrue(verify);
        log.debug("CertificationRequest generated successfully.");
        byte[] bcp10 = bOut.toByteArray();
        PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());

        // Verify error handling
        UserDataVO badUserData = new UserDataVO();
        badUserData.setCAId(rsacaid);
        p10 = new PKCS10RequestMessage(bcp10);
        try {
          signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, badUserData);
            assertFalse("Was able to create certificate when it should have failed.", true);
        } catch (SignRequestException e) {
          log.info("Expected exception caught (no password supplied): " + e.getMessage());
View Full Code Here

        log.trace(">test04TestKeytoolPKCS10()");

        userAdminSession.setUserStatus(admin, "foo", UserDataConstants.STATUS_NEW);
        log.debug("Reset status of 'foo' to NEW");

        PKCS10RequestMessage p10 = new PKCS10RequestMessage(keytoolp10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        log.trace("<test04TestKeytoolPKCS10()");
View Full Code Here

        log.trace(">test05TestIEPKCS10()");

        userAdminSession.setUserStatus(admin, "foo", UserDataConstants.STATUS_NEW);
        log.debug("Reset status of 'foo' to NEW");

        PKCS10RequestMessage p10 = new PKCS10RequestMessage(iep10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        log.trace("<test05TestIEPKCS10()");
View Full Code Here

        userAdminSession.setUserStatus(admin, "foo", UserDataConstants.STATUS_NEW);
        log.debug("Reset status of 'foo' to NEW");

        try {
            PKCS10RequestMessage p10 = new PKCS10RequestMessage(keytooldsa);
            p10.setUsername("foo");
            p10.setPassword("foo123");
            IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
            Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
            log.info("cert with DN '" + CertTools.getSubjectDN(cert) + "' should not be issued?");
        } catch (Exception e) {
            // RSASignSession should throw an IllegalKeyException here.
View Full Code Here

        boolean verify = req2.verify();
        log.debug("Verify returned " + verify);
        assertTrue(verify);
        log.debug("CertificationRequest generated successfully.");
        byte[] bcp10 = bOut.toByteArray();
        PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        PublicKey pk = cert.getPublicKey();
View Full Code Here

TOP

Related Classes of org.ejbca.core.protocol.PKCS10RequestMessage

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.