1 13 14 package org.ejbca.core.protocol; 15 16 import java.io.IOException ; 17 import java.security.InvalidAlgorithmParameterException ; 18 import java.security.InvalidKeyException ; 19 import java.security.NoSuchAlgorithmException ; 20 import java.security.NoSuchProviderException ; 21 import java.security.PrivateKey ; 22 import java.security.cert.CRL ; 23 import java.security.cert.CertStore ; 24 import java.security.cert.CertStoreException ; 25 import java.security.cert.Certificate ; 26 import java.security.cert.CertificateEncodingException ; 27 import java.security.cert.CertificateException ; 28 import java.security.cert.CollectionCertStoreParameters ; 29 import java.security.cert.X509Certificate ; 30 import java.util.ArrayList ; 31 import java.util.Hashtable ; 32 33 import javax.ejb.ObjectNotFoundException ; 34 35 import org.apache.log4j.Logger; 36 import org.bouncycastle.asn1.DERObjectIdentifier; 37 import org.bouncycastle.asn1.DEROctetString; 38 import org.bouncycastle.asn1.DERPrintableString; 39 import org.bouncycastle.asn1.DERSet; 40 import org.bouncycastle.asn1.cms.Attribute; 41 import org.bouncycastle.asn1.cms.AttributeTable; 42 import org.bouncycastle.asn1.smime.SMIMECapability; 43 import org.bouncycastle.cms.CMSEnvelopedData; 44 import org.bouncycastle.cms.CMSEnvelopedDataGenerator; 45 import org.bouncycastle.cms.CMSException; 46 import org.bouncycastle.cms.CMSProcessable; 47 import org.bouncycastle.cms.CMSProcessableByteArray; 48 import org.bouncycastle.cms.CMSSignedData; 49 import org.bouncycastle.cms.CMSSignedDataGenerator; 50 import org.bouncycastle.cms.CMSSignedGenerator; 51 import org.ejbca.core.model.ca.SignRequestException; 52 import org.ejbca.core.model.ra.NotFoundException; 53 import org.ejbca.util.Base64; 54 import org.ejbca.util.CertTools; 55 56 61 public class ScepResponseMessage implements IResponseMessage { 62 71 static final long serialVersionUID = 2016710353393853878L; 72 73 private static Logger log = Logger.getLogger(ScepResponseMessage.class); 74 75 76 private byte[] responseMessage = null; 77 78 79 private ResponseStatus status = ResponseStatus.SUCCESS; 80 81 82 private FailInfo failInfo = FailInfo.BAD_REQUEST; 83 84 85 private String failText = null; 86 87 90 private String senderNonce = null; 91 94 private String recipientNonce = null; 95 96 97 private String transactionId = null; 98 99 100 private byte[] recipientKeyInfo = null; 101 102 103 private transient CMSSignedData signedData = null; 104 105 106 private transient Certificate cert = null; 107 private transient CRL crl = null; 108 109 private transient X509Certificate signCert = null; 110 111 private transient PrivateKey signKey = null; 112 113 private transient String provider = "BC"; 114 115 private transient boolean includeCACert = true; 116 117 118 private transient String digestAlg = CMSSignedGenerator.DIGEST_MD5; 119 124 public void setCertificate(Certificate cert) { 125 this.cert = cert; 126 } 127 128 133 public void setCrl(CRL crl) { 134 this.crl = crl; 135 } 136 137 140 public void setIncludeCACert(boolean incCACert) { 141 this.includeCACert = incCACert; 142 } 143 144 149 public byte[] getResponseMessage() throws IOException , CertificateEncodingException { 150 return responseMessage; 151 } 152 153 158 public void setStatus(ResponseStatus status) { 159 this.status = status; 160 } 161 162 167 public ResponseStatus getStatus() { 168 return status; 169 } 170 171 176 public void setFailInfo(FailInfo failInfo) { 177 this.failInfo = failInfo; 178 } 179 180 185 public FailInfo getFailInfo() { 186 return failInfo; 187 } 188 189 public void setFailText(String failText) { 190 this.failText = failText; 191 } 192 193 public String getFailText() { 194 return this.failText; 195 } 196 197 215 public boolean create() 216 throws IOException , InvalidKeyException , NoSuchAlgorithmException , NoSuchProviderException , SignRequestException, NotFoundException { 217 boolean ret = false; 218 219 try { 220 221 if (status.equals(ResponseStatus.SUCCESS)) { 222 log.debug("Creating a STATUS_OK message."); 223 } else { 224 if (status.equals(ResponseStatus.FAILURE)) { 225 log.debug("Creating a STATUS_FAILED message (or throwing an exception)."); 226 if (failInfo.equals(FailInfo.WRONG_AUTHORITY)) { 227 throw new SignRequestException(failText); 228 } 229 if (failInfo.equals(FailInfo.INCORRECT_DATA)) { 230 throw new NotFoundException (failText); 231 } 232 233 } else { 234 log.debug("Creating a STATUS_PENDING message."); 235 } 236 } 237 238 CMSProcessable msg; 239 CMSSignedData s = null; 241 if (status.equals(ResponseStatus.SUCCESS)) { 243 244 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 245 ArrayList certList = new ArrayList (); 247 if (crl != null) { 248 log.debug("Adding CRL to response message (inner signer)"); 249 certList.add(crl); 250 } else if (cert != null) { 251 log.debug("Adding certificates to response message"); 252 certList.add(cert); 253 if (includeCACert) { 255 certList.add(signCert); 256 } 257 } 258 CertStore certs = CertStore.getInstance("Collection", 259 new CollectionCertStoreParameters (certList), "BC"); 260 261 CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); 264 gen.addCertificatesAndCRLs(certs); 265 s = gen.generate(null, false, "BC"); 266 267 if (recipientKeyInfo != null) { 269 try { 270 X509Certificate rec = CertTools.getCertfromByteArray(recipientKeyInfo); 271 log.debug("Added recipient information - issuer: '" + CertTools.getIssuerDN(rec) + "', serno: '" + rec.getSerialNumber().toString(16)); 272 edGen.addKeyTransRecipient(rec); 273 } catch (CertificateException e) { 274 throw new IOException ("Can not decode recipients self signed certificate!"); 275 } 276 } else { 277 edGen.addKeyTransRecipient((X509Certificate ) cert); 278 } 279 CMSEnvelopedData ed = edGen.generate(new CMSProcessableByteArray(s.getEncoded()), 280 SMIMECapability.dES_CBC.getId(), "BC"); 281 282 log.debug("Enveloped data is " + ed.getEncoded().length + " bytes long"); 283 msg = new CMSProcessableByteArray(ed.getEncoded()); 284 } else { 285 msg = new CMSProcessableByteArray("PrimeKey".getBytes()); 287 } 288 289 CMSSignedDataGenerator gen1 = new CMSSignedDataGenerator(); 291 292 Hashtable attributes = new Hashtable (); 294 DERObjectIdentifier oid; 295 Attribute attr; 296 DERSet value; 297 298 305 306 320 321 oid = new DERObjectIdentifier(ScepRequestMessage.id_messageType); 323 value = new DERSet(new DERPrintableString("3")); 324 attr = new Attribute(oid, value); 325 attributes.put(attr.getAttrType(), attr); 326 327 if (transactionId != null) { 329 oid = new DERObjectIdentifier(ScepRequestMessage.id_transId); 330 log.debug("Added transactionId: " + transactionId); 331 value = new DERSet(new DERPrintableString(transactionId)); 332 attr = new Attribute(oid, value); 333 attributes.put(attr.getAttrType(), attr); 334 } 335 336 oid = new DERObjectIdentifier(ScepRequestMessage.id_pkiStatus); 338 value = new DERSet(new DERPrintableString(status.getValue())); 339 attr = new Attribute(oid, value); 340 attributes.put(attr.getAttrType(), attr); 341 342 if (status.equals(ResponseStatus.FAILURE)) { 343 oid = new DERObjectIdentifier(ScepRequestMessage.id_failInfo); 344 log.debug("Added failInfo: " + failInfo.getValue()); 345 value = new DERSet(new DERPrintableString(failInfo.getValue())); 346 attr = new Attribute(oid, value); 347 attributes.put(attr.getAttrType(), attr); 348 } 349 350 if (senderNonce != null) { 352 oid = new DERObjectIdentifier(ScepRequestMessage.id_senderNonce); 353 log.debug("Added senderNonce: " + senderNonce); 354 value = new DERSet(new DEROctetString(Base64.decode(senderNonce.getBytes()))); 355 attr = new Attribute(oid, value); 356 attributes.put(attr.getAttrType(), attr); 357 } 358 359 if (recipientNonce != null) { 361 oid = new DERObjectIdentifier(ScepRequestMessage.id_recipientNonce); 362 log.debug("Added recipientNonce: " + recipientNonce); 363 value = new DERSet(new DEROctetString(Base64.decode(recipientNonce.getBytes()))); 364 attr = new Attribute(oid, value); 365 attributes.put(attr.getAttrType(), attr); 366 } 367 368 gen1.addSigner(signKey, signCert, digestAlg, 370 new AttributeTable(attributes), null); 371 signedData = gen1.generate(msg, true, provider); 372 responseMessage = signedData.getEncoded(); 373 if (responseMessage != null) { 374 ret = true; 375 } 376 } catch (InvalidAlgorithmParameterException e) { 377 log.error("Error creating CertStore: ", e); 378 } catch (CertStoreException e) { 379 log.error("Error creating CertStore: ", e); 380 } catch (CMSException e) { 381 log.error("Error creating CMS message: ", e); 382 } 383 384 return ret; 385 } 386 387 393 public boolean requireSignKeyInfo() { 394 return true; 395 } 396 397 403 public boolean requireEncKeyInfo() { 404 return false; 405 } 406 407 417 public void setSignKeyInfo(X509Certificate cert, PrivateKey key, String prov) { 418 this.signCert = cert; 419 this.signKey = key; 420 if (prov != null) { 421 this.provider = prov; 422 } 423 } 424 425 435 public void setEncKeyInfo(X509Certificate cert, PrivateKey key, String provider) { 436 } 438 439 444 public void setSenderNonce(String senderNonce) { 445 this.senderNonce = senderNonce; 446 } 447 448 453 public void setRecipientNonce(String recipientNonce) { 454 this.recipientNonce = recipientNonce; 455 } 456 457 462 public void setTransactionId(String transactionId) { 463 this.transactionId = transactionId; 464 } 465 466 471 public void setRecipientKeyInfo(byte[] recipientKeyInfo) { 472 this.recipientKeyInfo = recipientKeyInfo; 473 } 474 475 477 public void setPreferredDigestAlg(String digest) { 478 this.digestAlg = digest; 479 } 480 481 483 public void setRequestType(int reqtype) { 484 } 485 486 488 public void setRequestId(int reqid) { 489 } 490 491 493 public void setProtectionParamsFromRequest(IRequestMessage reqMsg) { 494 } 495 } 496 | Popular Tags |