if (StringUtils.equals("0", getInitParameter("includeCACert"))) {
includeCACert = false;
}
byte[] reply = null;
ScepRequestMessage reqmsg = new ScepRequestMessage(scepmsg, includeCACert);
String transId = reqmsg.getTransactionId();
log.debug("Received a message of type: "+reqmsg.getMessageType());
if(reqmsg.getMessageType() == ScepRequestMessage.SCEP_TYPE_GETCERTINITIAL) {
log.info("Received a GetCertInitial message from host: "+remoteAddr);
Message msg = null;
try {
msg = msgHome.findByMessageId(transId);
} catch (Exception e) {
// TODO: internal resources
log.info("Error looking for message with transId "+transId+" :", e);
}
if(msg != null) {
if(msg.getStatus().equals(Message.STATUS_PROCESSED)) {
log.debug("Request is processed with status: "+msg.getStatus());
SubMessages submessagesresp = msg.getSubMessages(null,null,null);
Iterator<ISubMessage> iter = submessagesresp.getSubMessages().iterator();
PKCS10Response resp = (PKCS10Response)iter.next();
// create proper ScepResponseMessage
IResponseMessage ret = reqmsg.createResponseMessage(org.ejbca.core.protocol.scep.ScepResponseMessage.class, reqmsg, racert, rapriv, cryptProvider);
ret.setCACert(cacert);
X509Certificate respCert = resp.getCertificate();
if ( resp.isSuccessful() && (respCert != null) ) {
ret.setCertificate(respCert);
} else {
ret.setStatus(ResponseStatus.FAILURE);
ret.setFailInfo(FailInfo.BAD_REQUEST);
String failText = resp.getFailInfo();
ret.setFailText(failText);
}
ret.create();
reply = ret.getResponseMessage();
} else {
log.debug("Request is not yet processed, status: "+msg.getStatus());
reply = createPendingResponseMessage(reqmsg, racert, rapriv, cryptProvider).getResponseMessage();
log.debug("Responding with pending response, still pending.");
}
}else{
// User doesn't exist
}
} else {
if(reqmsg.getMessageType() == ScepRequestMessage.SCEP_TYPE_PKCSREQ) {
log.debug("Received a PKCSReq message from host: "+remoteAddr);
// Decrypt the Scep message and extract the pkcs10 request
if (reqmsg.requireKeyInfo()) {
// scep encrypts message with the RAs certificate
reqmsg.setKeyInfo(racert, rapriv, cryptProvider);
}
// Verify the request
if (reqmsg.verify() == false) {
String msg = "POPO verification failed.";
log.error(msg);
throw new SignRequestSignatureException(msg);
}
String username = reqmsg.getUsername();
if (username == null) {
String msg = "No username in request, request DN: "+reqmsg.getRequestDN();
log.error(msg);
throw new SignRequestException(msg);
}
log.info("Received a SCEP/PKCS10 request for user: "+username+", from host: "+remoteAddr);
String authPwd = ExtraConfiguration.instance().getString(ExtraConfiguration.SCEPAUTHPWD);
if (StringUtils.isNotEmpty(authPwd) && !StringUtils.equals(authPwd, "none")) {
log.debug("Requiring authPwd in order to precess SCEP requests");
String pwd = reqmsg.getPassword();
if (!StringUtils.equals(authPwd, pwd)) {
log.error("Wrong auth password received in SCEP request: "+pwd);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Auth pwd missmatch");
return;
}
log.debug("Request passed authPwd test.");
} else {
log.debug("Not requiring authPwd in order to precess SCEP requests");
}
// Try to find the CA name from the issuerDN, if we can't find it (i.e. not defined in web.xml) we use the default
String issuerDN = CertTools.stringToBCDNString(reqmsg.getIssuerDN());
String caName = ExtraConfiguration.instance().getString(issuerDN);
if (StringUtils.isEmpty(caName)) {
caName = ExtraConfiguration.instance().getString(ExtraConfiguration.SCEPDEFAULTCA);
log.info("Did not find a CA name from issuerDN: "+issuerDN+", using the default CA '"+caName+"'");
} else {
log.debug("Found a CA name '"+caName+"' from issuerDN: "+issuerDN);
}
// Get altNames if we can find them
String altNames = reqmsg.getRequestAltNames();
byte[] encoded = reqmsg.getCertificationRequest().getEncoded();
String pkcs10 = new String(Base64.encode(encoded, false));
// Create a pkcs10 request
String certificateProfile = ExtraConfiguration.instance().getString(ExtraConfiguration.SCEPCERTPROFILEKEY);
String entityProfile = ExtraConfiguration.instance().getString(ExtraConfiguration.SCEPENTITYPROFILEKEY);
boolean createOrEditUser = ExtraConfiguration.instance().getBoolean(ExtraConfiguration.SCEPEDITUSER);
PKCS10Request req = new PKCS10Request(100,username, reqmsg.getRequestDN(), altNames, null, null, entityProfile, certificateProfile, caName, pkcs10);
req.setCreateOrEditUser(createOrEditUser);
SubMessages submessages = new SubMessages();
submessages.addSubMessage(req);
msgHome.create(transId, submessages);
reply = createPendingResponseMessage(reqmsg, racert, rapriv, cryptProvider).getResponseMessage();