1 13 14 package org.ejbca.core.protocol.cmp; 15 16 import java.io.ByteArrayInputStream ; 17 import java.io.IOException ; 18 import java.security.InvalidKeyException ; 19 import java.security.NoSuchAlgorithmException ; 20 import java.security.NoSuchProviderException ; 21 import java.security.PrivateKey ; 22 import java.security.SignatureException ; 23 import java.security.cert.CRL ; 24 import java.security.cert.Certificate ; 25 import java.security.cert.CertificateEncodingException ; 26 import java.security.cert.X509Certificate ; 27 28 import org.apache.log4j.Logger; 29 import org.bouncycastle.asn1.ASN1InputStream; 30 import org.bouncycastle.asn1.DERInteger; 31 import org.bouncycastle.asn1.DERUTF8String; 32 import org.bouncycastle.asn1.x509.X509CertificateStructure; 33 import org.bouncycastle.asn1.x509.X509Name; 34 import org.bouncycastle.cms.CMSSignedGenerator; 35 import org.ejbca.core.protocol.FailInfo; 36 import org.ejbca.core.protocol.IRequestMessage; 37 import org.ejbca.core.protocol.IResponseMessage; 38 import org.ejbca.core.protocol.ResponseStatus; 39 40 import com.novosec.pkix.asn1.cmp.CertOrEncCert; 41 import com.novosec.pkix.asn1.cmp.CertRepMessage; 42 import com.novosec.pkix.asn1.cmp.CertResponse; 43 import com.novosec.pkix.asn1.cmp.CertifiedKeyPair; 44 import com.novosec.pkix.asn1.cmp.ErrorMsgContent; 45 import com.novosec.pkix.asn1.cmp.PKIBody; 46 import com.novosec.pkix.asn1.cmp.PKIFreeText; 47 import com.novosec.pkix.asn1.cmp.PKIHeader; 48 import com.novosec.pkix.asn1.cmp.PKIMessage; 49 import com.novosec.pkix.asn1.cmp.PKIStatusInfo; 50 51 56 public class CmpResponseMessage implements IResponseMessage { 57 58 67 static final long serialVersionUID = 10002L; 68 69 private static final Logger log = Logger.getLogger(CmpResponseMessage.class); 70 71 72 private byte[] responseMessage = null; 73 74 75 private ResponseStatus status = ResponseStatus.SUCCESS; 76 77 78 private FailInfo failInfo = FailInfo.BAD_REQUEST; 79 80 81 private String failText = null; 82 83 86 private String senderNonce = null; 87 90 private String recipientNonce = null; 91 92 93 private String transactionId = null; 94 95 96 private transient Certificate cert = null; 97 98 private transient String digestAlg = CMSSignedGenerator.DIGEST_SHA1; 99 100 private transient X509Certificate signCert = null; 101 102 private transient PrivateKey signKey = null; 103 104 private transient String provider = "BC"; 105 106 private transient int requestType; 107 108 private transient int requestId; 109 110 private transient int pbeIterationCount = 1024; 111 private transient String pbeDigestAlg = null; 112 private transient String pbeMacAlg = null; 113 private transient String pbeKeyId = null; 114 private transient String pbeKey = null; 115 116 public void setCertificate(Certificate cert) { 117 this.cert = cert; 118 } 119 120 public void setCrl(CRL crl) { 121 122 } 123 124 public void setIncludeCACert(boolean incCACert) { 125 } 126 127 public byte[] getResponseMessage() throws IOException , CertificateEncodingException { 128 return responseMessage; 129 } 130 131 public void setStatus(ResponseStatus status) { 132 this.status = status; 133 } 134 135 public ResponseStatus getStatus() { 136 return status; 137 } 138 139 public void setFailInfo(FailInfo failInfo) { 140 this.failInfo = failInfo; 141 } 142 143 public FailInfo getFailInfo() { 144 return failInfo; 145 } 146 147 public void setFailText(String failText) { 148 this.failText = failText; 149 } 150 151 public String getFailText() { 152 return this.failText; 153 } 154 155 public boolean create() throws IOException , InvalidKeyException , NoSuchAlgorithmException , NoSuchProviderException { 156 boolean ret = false; 157 String issuer = null; 159 String subject = null; 160 if (cert != null) { 161 X509Certificate x509cert = (X509Certificate )cert; 162 issuer = x509cert.getIssuerDN().getName(); 163 subject = x509cert.getSubjectDN().getName(); 164 } else if (signCert != null) { 165 issuer = signCert.getSubjectDN().getName(); 166 subject = "CN=fooSubject"; 167 } else { 168 issuer = "CN=fooIssuer"; 169 subject = "CN=fooSubject"; 170 } 171 172 X509Name issuerName = new X509Name(issuer); 173 X509Name subjectName = new X509Name(subject); 174 PKIHeader myPKIHeader = CmpMessageHelper.createPKIHeader(issuerName, subjectName, senderNonce, recipientNonce, transactionId); 175 176 try { 177 if (status.equals(ResponseStatus.SUCCESS)) { 178 if (cert != null) { 179 log.debug("Creating a CertRepMessage 'accepted'"); 180 PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(new DERInteger(0)); CertResponse myCertResponse = new CertResponse(new DERInteger(requestId), myPKIStatusInfo); 182 183 X509CertificateStructure struct = X509CertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream (cert.getEncoded())).readObject()); 184 CertOrEncCert retCert = new CertOrEncCert(struct, 0); 185 CertifiedKeyPair myCertifiedKeyPair = new CertifiedKeyPair(retCert); 186 myCertResponse.setCertifiedKeyPair(myCertifiedKeyPair); 187 189 CertRepMessage myCertRepMessage = new CertRepMessage(myCertResponse); 190 191 int respType = requestType + 1; log.debug("Creating response body of type respType."); 193 PKIBody myPKIBody = new PKIBody(myCertRepMessage, respType); 194 PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody); 195 196 if ( (pbeKeyId != null) && (pbeKey != null) && (pbeDigestAlg != null) && (pbeMacAlg != null) ) { 197 responseMessage = CmpMessageHelper.protectPKIMessageWithPBE(myPKIMessage, pbeKeyId, pbeKey, pbeDigestAlg, pbeMacAlg, pbeIterationCount); 198 } else { 199 responseMessage = CmpMessageHelper.signPKIMessage(myPKIMessage, signCert, signKey, digestAlg, provider); 200 } 201 ret = true; 202 } 203 } else if (status.equals(ResponseStatus.FAILURE)) { 204 log.debug("Creating a CertRepMessage 'rejected'"); 205 PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(new DERInteger(2)); myPKIStatusInfo.setFailInfo(failInfo.getAsBitString()); 208 if (failText != null) { 209 myPKIStatusInfo.setStatusString(new PKIFreeText(new DERUTF8String(failText))); 210 } 211 PKIBody myPKIBody = CmpMessageHelper.createCertRequestRejectBody(myPKIHeader, myPKIStatusInfo, requestId, requestType); 212 PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody); 213 214 if ( (pbeKeyId != null) && (pbeKey != null) && (pbeDigestAlg != null) && (pbeMacAlg != null) ) { 215 responseMessage = CmpMessageHelper.protectPKIMessageWithPBE(myPKIMessage, pbeKeyId, pbeKey, pbeDigestAlg, pbeMacAlg, pbeIterationCount); 216 } else { 217 responseMessage = CmpMessageHelper.signPKIMessage(myPKIMessage, signCert, signKey, digestAlg, provider); 218 } 219 ret = true; 220 } else { 221 log.debug("Creating a 'waiting' message?"); 222 PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(new DERInteger(2)); myPKIStatusInfo.setFailInfo(failInfo.getAsBitString()); 226 if (failText != null) { 227 myPKIStatusInfo.setStatusString(new PKIFreeText(new DERUTF8String(failText))); 228 } 229 ErrorMsgContent myErrorContent = new ErrorMsgContent(myPKIStatusInfo); 230 PKIBody myPKIBody = new PKIBody(myErrorContent, 23); PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody); 232 if ( (pbeKeyId != null) && (pbeKey != null) && (pbeDigestAlg != null) && (pbeMacAlg != null) ) { 233 responseMessage = CmpMessageHelper.protectPKIMessageWithPBE(myPKIMessage, pbeKeyId, pbeKey, pbeDigestAlg, pbeMacAlg, pbeIterationCount); 234 } else { 235 responseMessage = CmpMessageHelper.signPKIMessage(myPKIMessage, signCert, signKey, digestAlg, provider); 236 } 237 ret = true; 238 } 239 } catch (CertificateEncodingException e) { 240 log.error("Error creating CertRepMessage: ", e); 241 } catch (InvalidKeyException e) { 242 log.error("Error creating CertRepMessage: ", e); 243 } catch (NoSuchProviderException e) { 244 log.error("Error creating CertRepMessage: ", e); 245 } catch (NoSuchAlgorithmException e) { 246 log.error("Error creating CertRepMessage: ", e); 247 } catch (SecurityException e) { 248 log.error("Error creating CertRepMessage: ", e); 249 } catch (SignatureException e) { 250 log.error("Error creating CertRepMessage: ", e); 251 } 252 253 return ret; 254 } 255 256 public boolean requireSignKeyInfo() { 257 return true; 258 } 259 260 public boolean requireEncKeyInfo() { 261 return false; 262 } 263 264 public void setSignKeyInfo(X509Certificate cert, PrivateKey key, String provider) { 265 this.signCert = cert; 266 this.signKey = key; 267 if (provider != null) { 268 this.provider = provider; 269 } 270 } 271 272 public void setEncKeyInfo(X509Certificate cert, PrivateKey key, 273 String provider) { 274 } 275 276 public void setSenderNonce(String senderNonce) { 277 this.senderNonce = senderNonce; 278 } 279 280 public void setRecipientNonce(String recipientNonce) { 281 this.recipientNonce = recipientNonce; 282 } 283 284 public void setTransactionId(String transactionId) { 285 this.transactionId = transactionId; 286 } 287 288 public void setRecipientKeyInfo(byte[] recipientKeyInfo) { 289 } 290 291 public void setPreferredDigestAlg(String digest) { 292 this.digestAlg = digest; 293 } 294 295 297 public void setRequestType(int reqtype) { 298 this.requestType = reqtype; 299 } 300 301 303 public void setRequestId(int reqid) { 304 this.requestId = reqid; 305 } 306 307 public void setProtectionParamsFromRequest(IRequestMessage reqMsg) { 308 if (reqMsg instanceof CrmfRequestMessage) { 309 CrmfRequestMessage crmf = (CrmfRequestMessage) reqMsg; 310 this.pbeIterationCount = crmf.getPbeIterationCount(); 311 this.pbeDigestAlg = crmf.getPbeDigestAlg(); 312 this.pbeMacAlg = crmf.getPbeMacAlg(); 313 this.pbeKeyId = crmf.getPbeKeyId(); 314 this.pbeKey = crmf.getPbeKey(); 315 316 } 317 } 318 319 } 320 | Popular Tags |