// Create large certificate-only PKCS7
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CertPath certPath = cf.generateCertPath(new ByteArrayInputStream(CertTools.getPEMFromCerts(certList)));
result = certPath.getEncoded("PKCS7");
} else {
return new CertificateRequestResponse(submessage.getRequestId(), false, MSG_UNSUPPORTED_RESPONSE_TYPE, null, null);
}
break;
case CertificateRequestRequest.REQUEST_TYPE_CRMF:
// Extract request in a format that EJBCA can process
CertReqMessages certReqMessages = CertReqMessages.getInstance(new ASN1InputStream(submessage.getRequestData()).readObject());
PKIMessage msg = new PKIMessage(new PKIHeader(
new DERInteger(2), new GeneralName(new X509Name("CN=unused")), new GeneralName(new X509Name("CN=unused"))),
new PKIBody(certReqMessages, 2)); // [2] CertReqMessages --Certification Request
CrmfRequestMessage crmfReq = new CrmfRequestMessage(msg, null, true, null);
crmfReq.setUsername(submessage.getUsername());
crmfReq.setPassword(submessage.getPassword());
// Request and extract certificate from response
IResponseMessage response = signSession.createCertificate(admin, crmfReq, org.ejbca.core.protocol.cmp.CmpResponseMessage.class, null);
ASN1InputStream ais = new ASN1InputStream(new ByteArrayInputStream(response.getResponseMessage()));
CertRepMessage certRepMessage = PKIMessage.getInstance(ais.readObject()).getBody().getCp();
InputStream inStream = new ByteArrayInputStream(certRepMessage.getResponse(0).getCertifiedKeyPair().getCertOrEncCert().getCertificate().getEncoded());
cert = CertificateFactory.getInstance("X.509").generateCertificate(inStream);
inStream.close();
// Convert to the right response type
if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_CERTIFICATE) {
result = cert.getEncoded();
} else if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_PKCS7) {
result = signSession.createPKCS7(admin, cert, false);
} else if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_PKCS7WITHCHAIN) {
// Read certificate chain
ArrayList<Certificate> certList = new ArrayList<Certificate>();
certList.add(cert);
certList.addAll(caSession.getCA(Admin.getInternalAdmin(), CertTools.getIssuerDN(cert).hashCode()).getCertificateChain());
// Create large certificate-only PKCS7
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CertPath certPath = cf.generateCertPath(new ByteArrayInputStream(CertTools.getPEMFromCerts(certList)));
result = certPath.getEncoded("PKCS7");
} else {
return new CertificateRequestResponse(submessage.getRequestId(), false, MSG_UNSUPPORTED_RESPONSE_TYPE, null, null);
}
break;
default:
return new CertificateRequestResponse(submessage.getRequestId(), false, MSG_UNSUPPORTED_REQUEST_TYPE, null, null);
}
}
// Return the response when we have response data (byte[])
return new CertificateRequestResponse(submessage.getRequestId(), true, null, submessage.getResponseType(), result);
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("External RA request generated an error: " + e.getMessage());
}
return new CertificateRequestResponse(submessage.getRequestId(), false, "Error " + e.getMessage(), null, null);
}
}