KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > protocol > cmp > CmpResponseMessage


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13
14 package org.ejbca.core.protocol.cmp;
15
16 import java.io.ByteArrayInputStream JavaDoc;
17 import java.io.IOException JavaDoc;
18 import java.security.InvalidKeyException JavaDoc;
19 import java.security.NoSuchAlgorithmException JavaDoc;
20 import java.security.NoSuchProviderException JavaDoc;
21 import java.security.PrivateKey JavaDoc;
22 import java.security.SignatureException JavaDoc;
23 import java.security.cert.CRL JavaDoc;
24 import java.security.cert.Certificate JavaDoc;
25 import java.security.cert.CertificateEncodingException JavaDoc;
26 import java.security.cert.X509Certificate JavaDoc;
27
28 import org.apache.log4j.Logger;
29 import org.bouncycastle.asn1.ASN1InputStream;
30 import org.bouncycastle.asn1.DERInteger;
31 import org.bouncycastle.asn1.DERUTF8String;
32 import org.bouncycastle.asn1.x509.X509CertificateStructure;
33 import org.bouncycastle.asn1.x509.X509Name;
34 import org.bouncycastle.cms.CMSSignedGenerator;
35 import org.ejbca.core.protocol.FailInfo;
36 import org.ejbca.core.protocol.IRequestMessage;
37 import org.ejbca.core.protocol.IResponseMessage;
38 import org.ejbca.core.protocol.ResponseStatus;
39
40 import com.novosec.pkix.asn1.cmp.CertOrEncCert;
41 import com.novosec.pkix.asn1.cmp.CertRepMessage;
42 import com.novosec.pkix.asn1.cmp.CertResponse;
43 import com.novosec.pkix.asn1.cmp.CertifiedKeyPair;
44 import com.novosec.pkix.asn1.cmp.ErrorMsgContent;
45 import com.novosec.pkix.asn1.cmp.PKIBody;
46 import com.novosec.pkix.asn1.cmp.PKIFreeText;
47 import com.novosec.pkix.asn1.cmp.PKIHeader;
48 import com.novosec.pkix.asn1.cmp.PKIMessage;
49 import com.novosec.pkix.asn1.cmp.PKIStatusInfo;
50
51 /**
52  * CMP certificate response message
53  * @author tomas
54  * @version $Id: CmpResponseMessage.java,v 1.7 2006/11/09 11:03:14 anatom Exp $
55  */

56 public class CmpResponseMessage implements IResponseMessage {
57     
58     /**
59      * Determines if a de-serialized file is compatible with this class.
60      *
61      * Maintainers must change this value if and only if the new version
62      * of this class is not compatible with old versions. See Sun docs
63      * for <a HREF=http://java.sun.com/products/jdk/1.1/docs/guide
64      * /serialization/spec/version.doc.html> details. </a>
65      *
66      */

67     static final long serialVersionUID = 10002L;
68     
69     private static final Logger log = Logger.getLogger(CmpResponseMessage.class);
70     
71     /** The encoded response message */
72     private byte[] responseMessage = null;
73
74     /** status for the response */
75     private ResponseStatus status = ResponseStatus.SUCCESS;
76     
77     /** Possible fail information in the response. Defaults to 'badRequest (2)'. */
78     private FailInfo failInfo = FailInfo.BAD_REQUEST;
79     
80     /** Possible clear text error information in the response. Defaults to null. */
81     private String JavaDoc failText = null;
82
83     /**
84      * SenderNonce. This is base64 encoded bytes
85      */

86     private String JavaDoc senderNonce = null;
87     /**
88      * RecipientNonce in a response is the senderNonce from the request. This is base64 encoded bytes
89      */

90     private String JavaDoc recipientNonce = null;
91     
92     /** transaction id */
93     private String JavaDoc transactionId = null;
94     
95     /** Certificate to be in certificate response message, not serialized */
96     private transient Certificate JavaDoc cert = null;
97     /** Default digest algorithm for SCEP response message, can be overridden */
98     private transient String JavaDoc digestAlg = CMSSignedGenerator.DIGEST_SHA1;
99     /** Certificate for the signer of the response message (CA) */
100     private transient X509Certificate JavaDoc signCert = null;
101     /** Private key used to sign the response message */
102     private transient PrivateKey JavaDoc signKey = null;
103     /** The default provider is BC, if nothing else is specified when setting SignKeyInfo */
104     private transient String JavaDoc provider = "BC";
105     /** used to choose response body type */
106     private transient int requestType;
107     /** used to match request with response */
108     private transient int requestId;
109     
110     private transient int pbeIterationCount = 1024;
111     private transient String JavaDoc pbeDigestAlg = null;
112     private transient String JavaDoc pbeMacAlg = null;
113     private transient String JavaDoc pbeKeyId = null;
114     private transient String JavaDoc pbeKey = null;
115     
116     public void setCertificate(Certificate JavaDoc cert) {
117         this.cert = cert;
118     }
119     
120     public void setCrl(CRL JavaDoc crl) {
121         
122     }
123     
124     public void setIncludeCACert(boolean incCACert) {
125     }
126     
127     public byte[] getResponseMessage() throws IOException JavaDoc, CertificateEncodingException JavaDoc {
128         return responseMessage;
129     }
130     
131     public void setStatus(ResponseStatus status) {
132         this.status = status;
133     }
134     
135     public ResponseStatus getStatus() {
136         return status;
137     }
138     
139     public void setFailInfo(FailInfo failInfo) {
140         this.failInfo = failInfo;
141     }
142     
143     public FailInfo getFailInfo() {
144         return failInfo;
145     }
146     
147     public void setFailText(String JavaDoc failText) {
148         this.failText = failText;
149     }
150
151     public String JavaDoc getFailText() {
152         return this.failText;
153     }
154
155     public boolean create() throws IOException JavaDoc, InvalidKeyException JavaDoc, NoSuchAlgorithmException JavaDoc, NoSuchProviderException JavaDoc {
156         boolean ret = false;
157         // Some general stuff, common for all types of messages
158
String JavaDoc issuer = null;
159         String JavaDoc subject = null;
160         if (cert != null) {
161             X509Certificate JavaDoc x509cert = (X509Certificate JavaDoc)cert;
162             issuer = x509cert.getIssuerDN().getName();
163             subject = x509cert.getSubjectDN().getName();
164         } else if (signCert != null) {
165             issuer = signCert.getSubjectDN().getName();
166             subject = "CN=fooSubject";
167         } else {
168             issuer = "CN=fooIssuer";
169             subject = "CN=fooSubject";
170         }
171         
172         X509Name issuerName = new X509Name(issuer);
173         X509Name subjectName = new X509Name(subject);
174         PKIHeader myPKIHeader = CmpMessageHelper.createPKIHeader(issuerName, subjectName, senderNonce, recipientNonce, transactionId);
175
176         try {
177             if (status.equals(ResponseStatus.SUCCESS)) {
178                 if (cert != null) {
179                     log.debug("Creating a CertRepMessage 'accepted'");
180                     PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(new DERInteger(0)); // 0 = accepted
181
CertResponse myCertResponse = new CertResponse(new DERInteger(requestId), myPKIStatusInfo);
182                     
183                     X509CertificateStructure struct = X509CertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream JavaDoc(cert.getEncoded())).readObject());
184                     CertOrEncCert retCert = new CertOrEncCert(struct, 0);
185                     CertifiedKeyPair myCertifiedKeyPair = new CertifiedKeyPair(retCert);
186                     myCertResponse.setCertifiedKeyPair(myCertifiedKeyPair);
187                     //myCertResponse.setRspInfo(new DEROctetString(new byte[] { 101, 111, 121 }));
188

189                     CertRepMessage myCertRepMessage = new CertRepMessage(myCertResponse);
190                     
191                     int respType = requestType + 1; // 1 = intitialization response, 3 = certification response etc
192
log.debug("Creating response body of type respType.");
193                     PKIBody myPKIBody = new PKIBody(myCertRepMessage, respType);
194                     PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody);
195                     
196                     if ( (pbeKeyId != null) && (pbeKey != null) && (pbeDigestAlg != null) && (pbeMacAlg != null) ) {
197                         responseMessage = CmpMessageHelper.protectPKIMessageWithPBE(myPKIMessage, pbeKeyId, pbeKey, pbeDigestAlg, pbeMacAlg, pbeIterationCount);
198                     } else {
199                         responseMessage = CmpMessageHelper.signPKIMessage(myPKIMessage, signCert, signKey, digestAlg, provider);
200                     }
201                     ret = true;
202                 }
203             } else if (status.equals(ResponseStatus.FAILURE)) {
204                 log.debug("Creating a CertRepMessage 'rejected'");
205                 // Create a failure message
206
PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(new DERInteger(2)); // 2 = rejection
207
myPKIStatusInfo.setFailInfo(failInfo.getAsBitString());
208                 if (failText != null) {
209                     myPKIStatusInfo.setStatusString(new PKIFreeText(new DERUTF8String(failText)));
210                 }
211                 PKIBody myPKIBody = CmpMessageHelper.createCertRequestRejectBody(myPKIHeader, myPKIStatusInfo, requestId, requestType);
212                 PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody);
213                 
214                 if ( (pbeKeyId != null) && (pbeKey != null) && (pbeDigestAlg != null) && (pbeMacAlg != null) ) {
215                     responseMessage = CmpMessageHelper.protectPKIMessageWithPBE(myPKIMessage, pbeKeyId, pbeKey, pbeDigestAlg, pbeMacAlg, pbeIterationCount);
216                 } else {
217                     responseMessage = CmpMessageHelper.signPKIMessage(myPKIMessage, signCert, signKey, digestAlg, provider);
218                 }
219                 ret = true;
220             } else {
221                 log.debug("Creating a 'waiting' message?");
222                 // Not supported, lets create a PKIError failure instead
223
// Create a failure message
224
PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(new DERInteger(2)); // 2 = rejection
225
myPKIStatusInfo.setFailInfo(failInfo.getAsBitString());
226                 if (failText != null) {
227                     myPKIStatusInfo.setStatusString(new PKIFreeText(new DERUTF8String(failText)));
228                 }
229                 ErrorMsgContent myErrorContent = new ErrorMsgContent(myPKIStatusInfo);
230                 PKIBody myPKIBody = new PKIBody(myErrorContent, 23); // 23 = error
231
PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody);
232                 if ( (pbeKeyId != null) && (pbeKey != null) && (pbeDigestAlg != null) && (pbeMacAlg != null) ) {
233                     responseMessage = CmpMessageHelper.protectPKIMessageWithPBE(myPKIMessage, pbeKeyId, pbeKey, pbeDigestAlg, pbeMacAlg, pbeIterationCount);
234                 } else {
235                     responseMessage = CmpMessageHelper.signPKIMessage(myPKIMessage, signCert, signKey, digestAlg, provider);
236                 }
237                 ret = true;
238             }
239         } catch (CertificateEncodingException JavaDoc e) {
240             log.error("Error creating CertRepMessage: ", e);
241         } catch (InvalidKeyException JavaDoc e) {
242             log.error("Error creating CertRepMessage: ", e);
243         } catch (NoSuchProviderException JavaDoc e) {
244             log.error("Error creating CertRepMessage: ", e);
245         } catch (NoSuchAlgorithmException JavaDoc e) {
246             log.error("Error creating CertRepMessage: ", e);
247         } catch (SecurityException JavaDoc e) {
248             log.error("Error creating CertRepMessage: ", e);
249         } catch (SignatureException JavaDoc e) {
250             log.error("Error creating CertRepMessage: ", e);
251         }
252         
253         return ret;
254     }
255     
256     public boolean requireSignKeyInfo() {
257         return true;
258     }
259     
260     public boolean requireEncKeyInfo() {
261         return false;
262     }
263     
264     public void setSignKeyInfo(X509Certificate JavaDoc cert, PrivateKey JavaDoc key, String JavaDoc provider) {
265         this.signCert = cert;
266         this.signKey = key;
267         if (provider != null) {
268             this.provider = provider;
269         }
270     }
271     
272     public void setEncKeyInfo(X509Certificate JavaDoc cert, PrivateKey JavaDoc key,
273             String JavaDoc provider) {
274     }
275     
276     public void setSenderNonce(String JavaDoc senderNonce) {
277         this.senderNonce = senderNonce;
278     }
279     
280     public void setRecipientNonce(String JavaDoc recipientNonce) {
281         this.recipientNonce = recipientNonce;
282     }
283     
284     public void setTransactionId(String JavaDoc transactionId) {
285         this.transactionId = transactionId;
286     }
287     
288     public void setRecipientKeyInfo(byte[] recipientKeyInfo) {
289     }
290     
291     public void setPreferredDigestAlg(String JavaDoc digest) {
292         this.digestAlg = digest;
293     }
294
295     /** @see org.ejca.core.protocol.IResponseMessage
296      */

297     public void setRequestType(int reqtype) {
298         this.requestType = reqtype;
299     }
300
301     /** @see org.ejca.core.protocol.IResponseMessage
302      */

303     public void setRequestId(int reqid) {
304         this.requestId = reqid;
305     }
306     
307     public void setProtectionParamsFromRequest(IRequestMessage reqMsg) {
308         if (reqMsg instanceof CrmfRequestMessage) {
309             CrmfRequestMessage crmf = (CrmfRequestMessage) reqMsg;
310             this.pbeIterationCount = crmf.getPbeIterationCount();
311             this.pbeDigestAlg = crmf.getPbeDigestAlg();
312             this.pbeMacAlg = crmf.getPbeMacAlg();
313             this.pbeKeyId = crmf.getPbeKeyId();
314             this.pbeKey = crmf.getPbeKey();
315             
316         }
317     }
318
319 }
320
Popular Tags