KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > protocol > cmp > CmpMessageDispatcher


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13
14 package org.ejbca.core.protocol.cmp;
15
16 import java.io.ByteArrayInputStream JavaDoc;
17 import java.rmi.RemoteException JavaDoc;
18 import java.util.Properties JavaDoc;
19
20 import javax.ejb.CreateException JavaDoc;
21
22 import org.apache.commons.lang.StringUtils;
23 import org.apache.log4j.Logger;
24 import org.bouncycastle.asn1.ASN1InputStream;
25 import org.ejbca.core.model.log.Admin;
26 import org.ejbca.core.protocol.FailInfo;
27 import org.ejbca.core.protocol.IResponseMessage;
28 import org.ejbca.core.protocol.ResponseStatus;
29 import org.ejbca.util.CertTools;
30
31 import com.novosec.pkix.asn1.cmp.PKIBody;
32 import com.novosec.pkix.asn1.cmp.PKIHeader;
33 import com.novosec.pkix.asn1.cmp.PKIMessage;
34
35 /**
36  * Class that receives a CMP message and passes it on to the correct message handler.
37  *
38  * -----
39  * This processes does the following:
40  * 1. receive a CMP message
41  * 2. check wich message type it is
42  * 3. dispatch to the correct message handler
43  * 4. send back the response received from the handler
44  * -----
45  *
46  * Messages supported:
47  * - Initialization Request - will return an Initialization Response
48  * - Revocation Request - will return a Revocation Response
49  * - PKI Confirmation - same as certificate confirmation accept - will return a PKIConfirm
50  * - Certificate Confirmation - accept or reject by client - will return a PKIConfirm
51  *
52  * @author tomas
53  * @version $Id: CmpMessageDispatcher.java,v 1.10 2006/11/02 17:03:02 anatom Exp $
54  */

55 public class CmpMessageDispatcher {
56     private static final Logger log = Logger.getLogger(CmpMessageDispatcher.class);
57     
58     /** This defines if we allows messages that has a POPO setting of raVerify.
59      * If this variable is true, and raVerify is the POPO defined in the message, no POPO check will be done.
60      */

61     private boolean allowRaVerifyPopo = false;
62     /** The default CA used for signing requests, if it is not given in the request itself. */
63     private String JavaDoc defaultCA = null;
64     /** Defines which component from the DN should be used as username in EJBCA. Can be DN, UID or nothing. Nothing means that the DN will be used to look up the user. */
65     private String JavaDoc extractUsernameComponent = null;
66     private Admin admin;
67     /** Configuration properties passed from higher class, used to configure message handlers as well */
68     private Properties JavaDoc properties;
69     
70     public CmpMessageDispatcher(Admin adm, Properties JavaDoc prop) {
71         this.admin = adm;
72         this.properties = prop;
73         // Install BouncyCastle provider
74
CertTools.installBCProvider();
75         
76         // Read parameters
77
String JavaDoc str = prop.getProperty("allowRaVerifyPopo");
78         if (StringUtils.equals("true", str)) {
79             log.debug("allowRAVerifyPopo=true");
80             allowRaVerifyPopo = true;
81         }
82         str = prop.getProperty("defaultCA");
83         log.debug("defaultCA="+str);
84         if (StringUtils.isNotEmpty(str)) {
85             defaultCA = str;
86         }
87         str = prop.getProperty("extractUsernameComponent");
88         log.debug("extractUsernameComponent="+str);
89         if (StringUtils.isNotEmpty(str)) {
90             extractUsernameComponent = str;
91         }
92     }
93     
94     /** The message may have been received by any transport protocol, and is passed here in it's binary asn.1 form.
95      *
96      * @param message der encoded CMP message
97      * @return IResponseMessage containing the CMP response message or null if there is no message to send back
98      */

99     public IResponseMessage dispatch(byte[] message) {
100         IResponseMessage ret = null;
101         try {
102             PKIMessage req = null;
103             try {
104                 req = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream JavaDoc(message)).readObject());
105             } catch (Exception JavaDoc e) {
106                 // If we could not read the message, we should return an error BAD_REQUEST
107
ret = CmpMessageHelper.createUnprotectedErrorMessage(null, ResponseStatus.FAILURE, FailInfo.BAD_REQUEST, "Can not parse request message");
108                 return ret;
109             }
110             PKIHeader header = req.getHeader();
111             PKIBody body = req.getBody();
112             
113             int tagno = -1;
114             if (log.isDebugEnabled()) {
115                 tagno = body.getTagNo();
116                 log.debug("Received CMP message with pvno="+header.getPvno()+", sender="+header.getSender()+", recipient="+header.getRecipient());
117                 log.debug("Body is of type: "+tagno);
118                 log.debug(req);
119                 //log.debug(ASN1Dump.dumpAsString(req));
120
}
121             BaseCmpMessage cmpMessage = null;
122             ICmpMessageHandler handler = null;
123             int unknownMessageType = -1;
124             switch (tagno) {
125             case 0:
126                 // 0 and 2 are both certificate requests
127
handler = new CrmfMessageHandler(admin, properties);
128                 cmpMessage = new CrmfRequestMessage(req, defaultCA, allowRaVerifyPopo, extractUsernameComponent);
129                 break;
130             case 2:
131                 handler = new CrmfMessageHandler(admin, properties);
132                 cmpMessage = new CrmfRequestMessage(req, defaultCA, allowRaVerifyPopo, extractUsernameComponent);
133                 break;
134             case 19:
135                 // PKI confirm
136
handler = new ConfirmationMessageHandler(properties);
137                 cmpMessage = new GeneralCmpMessage(req);
138                 break;
139             case 24:
140                 // Certificate confirmation
141
handler = new ConfirmationMessageHandler(properties);
142                 cmpMessage = new GeneralCmpMessage(req);
143                 break;
144             case 11:
145                 // Revocation request
146
handler = new RevocationMessageHandler(admin, properties);
147                 cmpMessage = new GeneralCmpMessage(req);
148                 break;
149             default:
150                 unknownMessageType = tagno;
151                 break;
152             }
153             if ( (handler != null) && (cmpMessage != null) ) {
154                 ret = handler.handleMessage(cmpMessage);
155                 if (ret != null) {
156                     log.debug("Received a response message from CmpMessageHandler.");
157                 } else {
158                     log.error("CmpMessageHandler returned a null message");
159                 }
160             } else {
161                 log.error("Something is null! Handler="+handler+", cmpMessage="+cmpMessage);
162                 if (unknownMessageType > -1) {
163                     log.error("Unknown message type "+unknownMessageType+" received, creating error message");
164                     ret = CmpMessageHelper.createUnprotectedErrorMessage(null, ResponseStatus.FAILURE, FailInfo.BAD_REQUEST, "Can not handle message type");
165                 }
166
167             }
168         } catch (CreateException JavaDoc e) {
169             log.error("Exception during CMP processing: ", e);
170         } catch (RemoteException JavaDoc e) {
171             log.error("Exception during CMP processing: ", e);
172         }
173
174         return ret;
175     }
176     
177 }
178
Popular Tags