1 13 14 package org.ejbca.core.protocol; 15 16 import java.io.IOException ; 17 import java.math.BigInteger ; 18 import java.security.InvalidKeyException ; 19 import java.security.NoSuchAlgorithmException ; 20 import java.security.NoSuchProviderException ; 21 import java.security.PrivateKey ; 22 import java.security.PublicKey ; 23 import java.security.SignatureException ; 24 import java.security.cert.Certificate ; 25 import java.security.cert.X509Certificate ; 26 import java.util.Date ; 27 28 import org.apache.log4j.Logger; 29 import org.bouncycastle.asn1.ASN1Set; 30 import org.bouncycastle.asn1.DEREncodable; 31 import org.bouncycastle.asn1.DERPrintableString; 32 import org.bouncycastle.asn1.DERString; 33 import org.bouncycastle.asn1.DERUTF8String; 34 import org.bouncycastle.asn1.cms.Attribute; 35 import org.bouncycastle.asn1.cms.AttributeTable; 36 import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; 37 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 38 import org.bouncycastle.asn1.x509.X509Extension; 39 import org.bouncycastle.asn1.x509.X509Extensions; 40 import org.bouncycastle.asn1.x509.X509Name; 41 import org.bouncycastle.cms.CMSSignedGenerator; 42 import org.bouncycastle.jce.PKCS10CertificationRequest; 43 import org.ejbca.util.CertTools; 44 45 46 47 52 public class PKCS10RequestMessage implements IRequestMessage { 53 62 static final long serialVersionUID = 3597275157018205137L; 63 64 private static final Logger log = Logger.getLogger(PKCS10RequestMessage.class); 65 66 67 protected byte[] p10msg; 68 69 70 protected String password = null; 71 72 73 protected String username = null; 74 75 76 protected boolean includeCACert = true; 77 78 79 private transient String preferredDigestAlg = CMSSignedGenerator.DIGEST_SHA1; 80 81 82 protected transient PKCS10CertificationRequest pkcs10 = null; 83 84 85 private int error = 0; 86 87 88 private String errorText = null; 89 90 95 public PKCS10RequestMessage() { 96 } 98 99 106 public PKCS10RequestMessage(byte[] msg) { 107 log.debug(">PKCS10RequestMessage(byte[])"); 108 this.p10msg = msg; 109 init(); 110 log.debug("<PKCS10RequestMessage(byte[])"); 111 } 112 113 118 public PKCS10RequestMessage(PKCS10CertificationRequest p10) { 119 log.debug(">PKCS10RequestMessage(ExtendedPKCS10CertificationRequest)"); 120 p10msg = p10.getEncoded(); 121 pkcs10 = p10; 122 log.debug("<PKCS10RequestMessage(ExtendedPKCS10CertificationRequest)"); 123 } 124 125 private void init() { 126 pkcs10 = new PKCS10CertificationRequest(p10msg); 127 } 128 129 138 public PublicKey getRequestPublicKey() 139 throws InvalidKeyException , NoSuchAlgorithmException , NoSuchProviderException { 140 try { 141 if (pkcs10 == null) { 142 init(); 143 } 144 } catch (IllegalArgumentException e) { 145 log.error("PKCS10 not inited!"); 146 147 return null; 148 } 149 150 return pkcs10.getPublicKey(); 151 } 152 153 155 public void setPassword(String pwd) { 156 this.password = pwd; 157 } 158 159 164 public String getPassword() { 165 if (password != null) 166 return password; 167 try { 168 if (pkcs10 == null) { 169 init(); 170 } 171 } catch (IllegalArgumentException e) { 172 log.error("PKCS10 not inited!"); 173 return null; 174 } 175 176 String ret = null; 177 178 CertificationRequestInfo info = pkcs10.getCertificationRequestInfo(); 184 AttributeTable attributes = new AttributeTable(info.getAttributes()); 185 if (attributes == null) { 186 return null; 187 } 188 Attribute attr = attributes.get(PKCSObjectIdentifiers.pkcs_9_at_challengePassword); 189 DEREncodable obj = null; 190 if (attr == null) { 191 attr = attributes.get(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); 193 if (attr == null) { 194 return null; 195 } 196 log.debug("got extension request"); 197 ASN1Set values = attr.getAttrValues(); 198 if (values.size() == 0) { 199 return null; 200 } 201 X509Extensions exts = X509Extensions.getInstance(values.getObjectAt(0)); 202 X509Extension ext = exts.getExtension(PKCSObjectIdentifiers.pkcs_9_at_challengePassword); 203 if (ext == null) { 204 log.debug("no challenge password extension"); 205 return null; 206 } 207 obj = ext.getValue(); 208 } else { 209 ASN1Set values = attr.getAttrValues(); 211 obj = values.getObjectAt(0); 212 } 213 214 if (obj != null) { 215 DERString str = null; 216 217 try { 218 str = DERPrintableString.getInstance((obj)); 219 } catch (IllegalArgumentException ie) { 220 str = DERUTF8String.getInstance((obj)); 222 } 223 224 if (str != null) { 225 ret = str.getString(); 226 } 227 } 228 229 return ret; 230 } 231 232 234 public void setUsername(String username) { 235 this.username = username; 236 } 237 238 244 public String getUsername() { 245 if (username != null) 246 return username; 247 String name = CertTools.getPartFromDN(getRequestDN(), "CN"); 248 if (name == null) { 249 log.error("No CN in DN: "+getRequestDN()); 250 return null; 251 } 252 String ret = name; 256 if (name != null) { 257 int index = name.indexOf(' '); 258 if (index > 0) { 259 ret = name.substring(0, index); 260 } else { 261 index = name.indexOf('+'); 263 if (index > 0) { 264 ret = name.substring(0, index); 265 } 266 } 267 } 268 log.debug("UserName='" + ret + "'"); 269 return ret; 270 } 271 272 277 public String getIssuerDN() { 278 return null; 279 } 280 281 287 public BigInteger getSerialNo() { 288 return null; 289 } 290 291 296 public String getCRLIssuerDN() { 297 return null; 298 } 299 300 305 public BigInteger getCRLSerialNo() { 306 return null; 307 } 308 309 314 public String getRequestDN() { 315 try { 316 if (pkcs10 == null) { 317 init(); 318 } 319 } catch (IllegalArgumentException e) { 320 log.error("PKCS10 not inited!"); 321 return null; 322 } 323 324 String ret = null; 325 326 CertificationRequestInfo info = pkcs10.getCertificationRequestInfo(); 328 329 if (info != null) { 330 X509Name name = info.getSubject(); 331 ret = name.toString(); 332 } 333 334 return ret; 335 } 336 337 public String getRequestAltNames() { 338 return null; 339 } 340 341 344 public Date getRequestValidityNotBefore() { 345 return null; 346 } 347 348 351 public Date getRequestValidityNotAfter() { 352 return null; 353 } 354 355 360 public PKCS10CertificationRequest getCertificationRequest() { 361 try { 362 if (pkcs10 == null) { 363 init(); 364 } 365 } catch (IllegalArgumentException e) { 366 log.error("PKCS10 not inited!"); 367 368 return null; 369 } 370 371 return pkcs10; 372 } 373 374 383 public boolean verify() 384 throws InvalidKeyException , NoSuchAlgorithmException , NoSuchProviderException { 385 return verify(null); 386 } 387 public boolean verify(PublicKey pubKey) 388 throws InvalidKeyException , NoSuchAlgorithmException , NoSuchProviderException { 389 log.debug(">verify()"); 390 391 boolean ret = false; 392 393 try { 394 if (pkcs10 == null) { 395 init(); 396 } 397 if (pubKey == null) { 398 ret = pkcs10.verify(); 399 } else { 400 ret = pkcs10.verify(pubKey, "BC"); 401 } 402 } catch (IllegalArgumentException e) { 403 log.error("PKCS10 not inited!"); 404 } catch (InvalidKeyException e) { 405 log.error("Error in PKCS10-request:", e); 406 throw e; 407 } catch (SignatureException e) { 408 log.error("Error in PKCS10-signature:", e); 409 } 410 411 log.debug("<verify()"); 412 413 return ret; 414 } 415 416 422 public boolean requireKeyInfo() { 423 return false; 424 } 425 426 436 public void setKeyInfo(X509Certificate cert, PrivateKey key, String Provider) { 437 } 438 439 444 public int getErrorNo() { 445 return error; 446 } 447 448 453 public String getErrorText() { 454 return errorText; 455 } 456 457 462 public String getSenderNonce() { 463 return null; 464 } 465 466 471 public String getTransactionId() { 472 return null; 473 } 474 475 480 public byte[] getRequestKeyInfo() { 481 return null; 482 } 483 484 486 public String getPreferredDigestAlg() { 487 return preferredDigestAlg; 488 } 489 491 public boolean includeCACert() { 492 return includeCACert; 493 } 494 495 497 public int getRequestType() { 498 return 0; 499 } 500 501 503 public int getRequestId() { 504 return 0; 505 } 506 507 509 public IResponseMessage createResponseMessage(Class responseClass, IRequestMessage req, Certificate cert, PrivateKey signPriv, PrivateKey encPriv, String provider) { 510 return RequestMessageUtils.createResponseMessage(responseClass, req, cert, signPriv, encPriv, provider); 511 } 512 } | Popular Tags |