KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > protocol > cmp > ConfirmationMessageHandler


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13
14 package org.ejbca.core.protocol.cmp;
15
16 import java.io.IOException JavaDoc;
17 import java.security.InvalidKeyException JavaDoc;
18 import java.security.NoSuchAlgorithmException JavaDoc;
19 import java.security.NoSuchProviderException JavaDoc;
20 import java.util.Properties JavaDoc;
21
22 import javax.ejb.CreateException JavaDoc;
23
24 import org.apache.commons.lang.StringUtils;
25 import org.apache.log4j.Logger;
26 import org.bouncycastle.asn1.DEROctetString;
27 import org.ejbca.core.model.ca.SignRequestException;
28 import org.ejbca.core.model.ra.NotFoundException;
29 import org.ejbca.core.protocol.FailInfo;
30 import org.ejbca.core.protocol.IResponseMessage;
31 import org.ejbca.core.protocol.ResponseStatus;
32 import org.ejbca.util.Base64;
33
34 import com.novosec.pkix.asn1.cmp.PKIHeader;
35
36 /**
37  * Message handler for certificate request messages in the CRMF format
38  * @author tomas
39  * @version $Id: ConfirmationMessageHandler.java,v 1.5 2006/11/02 17:03:01 anatom Exp $
40  */

41 public class ConfirmationMessageHandler implements ICmpMessageHandler {
42     
43     private static Logger log = Logger.getLogger(ConfirmationMessageHandler.class);
44     
45     /** Parameter used to authenticate RA messages if we are using RA mode to create users */
46     private String JavaDoc raAuthenticationSecret = null;
47     /** Parameter used to determine the type of prtection for the response message */
48     private String JavaDoc responseProtection = null;
49     
50     public ConfirmationMessageHandler(Properties JavaDoc prop) throws CreateException JavaDoc {
51         String JavaDoc str = prop.getProperty("raAuthenticationSecret");
52         if (StringUtils.isNotEmpty(str)) {
53             log.debug("raAuthenticationSecret is not null");
54             raAuthenticationSecret = str;
55         }
56         str = prop.getProperty("responseProtection");
57         if (StringUtils.isNotEmpty(str)) {
58             log.debug("responseProtection="+str);
59             responseProtection = str;
60         }
61
62     }
63     public IResponseMessage handleMessage(BaseCmpMessage msg) {
64         log.debug(">handleMessage");
65         int version = msg.getHeader().getPvno().getValue().intValue();
66         IResponseMessage resp = null;
67         // if version == 1 it is cmp1999 and we should not return a message back
68
if (version > 1) {
69             // Try to find a HMAC/SHA1 protection key
70
String JavaDoc owfAlg = null;
71             String JavaDoc macAlg = null;
72             String JavaDoc keyId = null;
73             int iterationCount = 1024;
74             // Flag to set if protection is verified ok!
75
boolean protectionVerified = false;
76             PKIHeader head = msg.getHeader();
77             DEROctetString os = head.getSenderKID();
78             if (os != null) {
79                 keyId = new String JavaDoc(os.getOctets());
80                 log.debug("Found a sender keyId: "+keyId);
81                 try {
82                     CmpPbeVerifyer verifyer = new CmpPbeVerifyer(raAuthenticationSecret, msg.getMessage());
83                     protectionVerified = verifyer.verify();
84                     owfAlg = verifyer.getOwfOid();
85                     macAlg = verifyer.getMacOid();
86                     iterationCount = verifyer.getIterationCount();
87                 } catch (NoSuchAlgorithmException JavaDoc e) {
88                     log.error("Exception calculating protection: ", e);
89                     resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
90                 } catch (NoSuchProviderException JavaDoc e) {
91                     log.error("Exception calculating protection: ", e);
92                     resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
93                 } catch (InvalidKeyException JavaDoc e) {
94                     log.error("Exception calculating protection: ", e);
95                     resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
96                 }
97             } else {
98                 // If we don't have any protection to verify, we simly say that it is verified ok
99
protectionVerified = true;
100             }
101             if (protectionVerified) {
102                 log.debug("Creating a PKI confirm message response");
103                 CmpConfirmResponseMessage cresp = new CmpConfirmResponseMessage();
104                 cresp.setRecipientNonce(msg.getSenderNonce());
105                 cresp.setSenderNonce(new String JavaDoc(Base64.encode(CmpMessageHelper.createSenderNonce())));
106                 cresp.setSender(msg.getRecipient());
107                 cresp.setRecipient(msg.getSender());
108                 cresp.setTransactionId(msg.getTransactionId());
109                 // Set all protection parameters
110
log.debug(responseProtection+", "+owfAlg+", "+macAlg+", "+keyId+", "+raAuthenticationSecret);
111                 if (StringUtils.equals(responseProtection, "pbe") && (owfAlg != null) && (macAlg != null) && (keyId != null) && (raAuthenticationSecret != null) ) {
112                     cresp.setPbeParameters(keyId, raAuthenticationSecret, owfAlg, macAlg, iterationCount);
113                 }
114                 resp = cresp;
115                 try {
116                     resp.create();
117                 } catch (InvalidKeyException JavaDoc e) {
118                     log.error("Exception during CMP processing: ", e);
119                 } catch (NoSuchAlgorithmException JavaDoc e) {
120                     log.error("Exception during CMP processing: ", e);
121                 } catch (NoSuchProviderException JavaDoc e) {
122                     log.error("Exception during CMP processing: ", e);
123                 } catch (SignRequestException e) {
124                     log.error("Exception during CMP processing: ", e);
125                 } catch (NotFoundException e) {
126                     log.error("Exception during CMP processing: ", e);
127                 } catch (IOException JavaDoc e) {
128                     log.error("Exception during CMP processing: ", e);
129                 }
130             } else {
131                 String JavaDoc err = "Protection verified false on ConformationMessage";
132                 log.error(err);
133                 resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, err);
134             }
135         } else {
136             log.debug("Cmp1999 - Not creating a PKI confirm meessage response");
137         }
138         return resp;
139     }
140     
141 }
142
Popular Tags