1 13 14 package org.ejbca.core.protocol.cmp; 15 16 import java.io.IOException ; 17 import java.security.InvalidKeyException ; 18 import java.security.NoSuchAlgorithmException ; 19 import java.security.NoSuchProviderException ; 20 import java.util.Properties ; 21 22 import javax.ejb.CreateException ; 23 24 import org.apache.commons.lang.StringUtils; 25 import org.apache.log4j.Logger; 26 import org.bouncycastle.asn1.DEROctetString; 27 import org.ejbca.core.model.ca.SignRequestException; 28 import org.ejbca.core.model.ra.NotFoundException; 29 import org.ejbca.core.protocol.FailInfo; 30 import org.ejbca.core.protocol.IResponseMessage; 31 import org.ejbca.core.protocol.ResponseStatus; 32 import org.ejbca.util.Base64; 33 34 import com.novosec.pkix.asn1.cmp.PKIHeader; 35 36 41 public class ConfirmationMessageHandler implements ICmpMessageHandler { 42 43 private static Logger log = Logger.getLogger(ConfirmationMessageHandler.class); 44 45 46 private String raAuthenticationSecret = null; 47 48 private String responseProtection = null; 49 50 public ConfirmationMessageHandler(Properties prop) throws CreateException { 51 String str = prop.getProperty("raAuthenticationSecret"); 52 if (StringUtils.isNotEmpty(str)) { 53 log.debug("raAuthenticationSecret is not null"); 54 raAuthenticationSecret = str; 55 } 56 str = prop.getProperty("responseProtection"); 57 if (StringUtils.isNotEmpty(str)) { 58 log.debug("responseProtection="+str); 59 responseProtection = str; 60 } 61 62 } 63 public IResponseMessage handleMessage(BaseCmpMessage msg) { 64 log.debug(">handleMessage"); 65 int version = msg.getHeader().getPvno().getValue().intValue(); 66 IResponseMessage resp = null; 67 if (version > 1) { 69 String owfAlg = null; 71 String macAlg = null; 72 String keyId = null; 73 int iterationCount = 1024; 74 boolean protectionVerified = false; 76 PKIHeader head = msg.getHeader(); 77 DEROctetString os = head.getSenderKID(); 78 if (os != null) { 79 keyId = new String (os.getOctets()); 80 log.debug("Found a sender keyId: "+keyId); 81 try { 82 CmpPbeVerifyer verifyer = new CmpPbeVerifyer(raAuthenticationSecret, msg.getMessage()); 83 protectionVerified = verifyer.verify(); 84 owfAlg = verifyer.getOwfOid(); 85 macAlg = verifyer.getMacOid(); 86 iterationCount = verifyer.getIterationCount(); 87 } catch (NoSuchAlgorithmException e) { 88 log.error("Exception calculating protection: ", e); 89 resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage()); 90 } catch (NoSuchProviderException e) { 91 log.error("Exception calculating protection: ", e); 92 resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage()); 93 } catch (InvalidKeyException e) { 94 log.error("Exception calculating protection: ", e); 95 resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage()); 96 } 97 } else { 98 protectionVerified = true; 100 } 101 if (protectionVerified) { 102 log.debug("Creating a PKI confirm message response"); 103 CmpConfirmResponseMessage cresp = new CmpConfirmResponseMessage(); 104 cresp.setRecipientNonce(msg.getSenderNonce()); 105 cresp.setSenderNonce(new String (Base64.encode(CmpMessageHelper.createSenderNonce()))); 106 cresp.setSender(msg.getRecipient()); 107 cresp.setRecipient(msg.getSender()); 108 cresp.setTransactionId(msg.getTransactionId()); 109 log.debug(responseProtection+", "+owfAlg+", "+macAlg+", "+keyId+", "+raAuthenticationSecret); 111 if (StringUtils.equals(responseProtection, "pbe") && (owfAlg != null) && (macAlg != null) && (keyId != null) && (raAuthenticationSecret != null) ) { 112 cresp.setPbeParameters(keyId, raAuthenticationSecret, owfAlg, macAlg, iterationCount); 113 } 114 resp = cresp; 115 try { 116 resp.create(); 117 } catch (InvalidKeyException e) { 118 log.error("Exception during CMP processing: ", e); 119 } catch (NoSuchAlgorithmException e) { 120 log.error("Exception during CMP processing: ", e); 121 } catch (NoSuchProviderException e) { 122 log.error("Exception during CMP processing: ", e); 123 } catch (SignRequestException e) { 124 log.error("Exception during CMP processing: ", e); 125 } catch (NotFoundException e) { 126 log.error("Exception during CMP processing: ", e); 127 } catch (IOException e) { 128 log.error("Exception during CMP processing: ", e); 129 } 130 } else { 131 String err = "Protection verified false on ConformationMessage"; 132 log.error(err); 133 resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, err); 134 } 135 } else { 136 log.debug("Cmp1999 - Not creating a PKI confirm meessage response"); 137 } 138 return resp; 139 } 140 141 } 142 | Popular Tags |