String username = userdata.getUsername();
IRequestMessage imsg = null;
if (reqType == SecConst.CERT_REQ_TYPE_PKCS10) {
IRequestMessage pkcs10req = RequestMessageUtils.genPKCS10RequestMessage(req.getBytes());
PublicKey pubKey = pkcs10req.getRequestPublicKey();
imsg = new SimpleRequestMessage(pubKey, username, password);
} else if (reqType == SecConst.CERT_REQ_TYPE_SPKAC) {
// parts copied from request helper.
byte[] reqBytes = req.getBytes();
if (reqBytes != null) {
log.debug("Received NS request: "+new String(reqBytes));
byte[] buffer = Base64.decode(reqBytes);
if (buffer == null) {
return null;
}
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(buffer));
ASN1Sequence spkacSeq = (ASN1Sequence) in.readObject();
in.close();
NetscapeCertRequest nscr = new NetscapeCertRequest(spkacSeq);
// Verify POPO, we don't care about the challenge, it's not important.
nscr.setChallenge("challenge");
if (nscr.verify("challenge") == false) {
log.debug("POPO verification Failed");
throw new SignRequestSignatureException("Invalid signature in NetscapeCertRequest, popo-verification failed.");
}
log.debug("POPO verification successful");
PublicKey pubKey = nscr.getPublicKey();
imsg = new SimpleRequestMessage(pubKey, username, password);
}
} else if (reqType == SecConst.CERT_REQ_TYPE_CRMF) {
byte[] request = Base64.decode(req.getBytes());
ASN1InputStream in = new ASN1InputStream(request);
ASN1Sequence crmfSeq = (ASN1Sequence) in.readObject();
ASN1Sequence reqSeq = (ASN1Sequence) ((ASN1Sequence) crmfSeq.getObjectAt(0)).getObjectAt(0);
CertRequest certReq = new CertRequest( reqSeq );
SubjectPublicKeyInfo pKeyInfo = certReq.getCertTemplate().getPublicKey();
KeyFactory keyFact = KeyFactory.getInstance("RSA", "BC");
KeySpec keySpec = new X509EncodedKeySpec( pKeyInfo.getEncoded() );
PublicKey pubKey = keyFact.generatePublic(keySpec); // just check it's ok
imsg = new SimpleRequestMessage(pubKey, username, password);
// a simple crmf is not a complete PKI message, as desired by the CrmfRequestMessage class
//PKIMessage msg = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(request)).readObject());
//CrmfRequestMessage reqmsg = new CrmfRequestMessage(msg, null, true, null);
//imsg = reqmsg;
} else if (reqType == SecConst.CERT_REQ_TYPE_PUBLICKEY) {
byte[] request;
// Request can be Base64 encoded or in PEM format
try {
request = FileTools.getBytesFromPEM(req.getBytes(), CertTools.BEGIN_PUBLIC_KEY, CertTools.END_PUBLIC_KEY);
} catch (IOException ex) {
try {
request = Base64.decode(req.getBytes());
if (request == null) {
throw new IOException("Base64 decode of buffer returns null");
}
} catch (ArrayIndexOutOfBoundsException ae) {
throw new IOException("Base64 decode fails, message not base64 encoded: " + ae.getMessage());
}
}
final ASN1InputStream in = new ASN1InputStream(request);
final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(in.readObject());
final AlgorithmIdentifier keyAlg = keyInfo.getAlgorithmId();
final X509EncodedKeySpec xKeySpec = new X509EncodedKeySpec(new DERBitString(keyInfo).getBytes());
final KeyFactory keyFact = KeyFactory.getInstance(keyAlg.getObjectId().getId(), "BC");
final PublicKey pubKey = keyFact.generatePublic(xKeySpec);
imsg = new SimpleRequestMessage(pubKey, username, password);
}
if (imsg != null) {
retval = getCertResponseFromPublicKey(admin, imsg, hardTokenSN, responseType, userdata);
}
} catch (NotFoundException e) {