KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > protocol > cmp > RevocationMessageHandler


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13
14 package org.ejbca.core.protocol.cmp;
15
16 import java.io.IOException JavaDoc;
17 import java.rmi.RemoteException JavaDoc;
18 import java.security.InvalidKeyException JavaDoc;
19 import java.security.NoSuchAlgorithmException JavaDoc;
20 import java.security.NoSuchProviderException JavaDoc;
21 import java.util.Properties JavaDoc;
22
23 import javax.ejb.CreateException JavaDoc;
24 import javax.ejb.FinderException JavaDoc;
25
26 import org.apache.commons.lang.StringUtils;
27 import org.apache.log4j.Logger;
28 import org.bouncycastle.asn1.DERBitString;
29 import org.bouncycastle.asn1.DERInteger;
30 import org.bouncycastle.asn1.DEROctetString;
31 import org.bouncycastle.asn1.x509.X509Name;
32 import org.ejbca.core.ejb.ServiceLocator;
33 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome;
34 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
35 import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
36 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
37 import org.ejbca.core.model.InternalResources;
38 import org.ejbca.core.model.authorization.AuthorizationDeniedException;
39 import org.ejbca.core.model.ca.SignRequestException;
40 import org.ejbca.core.model.log.Admin;
41 import org.ejbca.core.model.ra.NotFoundException;
42 import org.ejbca.core.protocol.FailInfo;
43 import org.ejbca.core.protocol.IResponseMessage;
44 import org.ejbca.core.protocol.ResponseStatus;
45 import org.ejbca.util.Base64;
46 import org.ejbca.util.CertTools;
47
48 import com.novosec.pkix.asn1.cmp.PKIBody;
49 import com.novosec.pkix.asn1.cmp.PKIHeader;
50 import com.novosec.pkix.asn1.cmp.PKIMessage;
51 import com.novosec.pkix.asn1.cmp.RevDetails;
52 import com.novosec.pkix.asn1.cmp.RevReqContent;
53 import com.novosec.pkix.asn1.crmf.CertTemplate;
54
55 /**
56  * Message handler for certificate request messages in the CRMF format
57  * @author tomas
58  * @version $Id: RevocationMessageHandler.java,v 1.3 2006/12/13 10:35:09 anatom Exp $
59  */

60 public class RevocationMessageHandler implements ICmpMessageHandler {
61     
62     private static Logger log = Logger.getLogger(RevocationMessageHandler.class);
63     /** Internal localization of logs and errors */
64     private static final InternalResources intres = InternalResources.getInstance();
65     
66     /** Parameter used to authenticate RA messages if we are using RA mode to create users */
67     private String JavaDoc raAuthenticationSecret = null;
68     /** Parameter used to determine the type of prtection for the response message */
69     private String JavaDoc responseProtection = null;
70     
71     private Admin admin;
72     private IUserAdminSessionRemote usersession = null;
73     private ICertificateStoreSessionRemote storesession = null;
74     
75     public RevocationMessageHandler(Admin admin, Properties JavaDoc prop) throws CreateException JavaDoc, RemoteException JavaDoc {
76         String JavaDoc str = prop.getProperty("raAuthenticationSecret");
77         if (StringUtils.isNotEmpty(str)) {
78             log.debug("raAuthenticationSecret is not null");
79             raAuthenticationSecret = str;
80         }
81         str = prop.getProperty("responseProtection");
82         if (StringUtils.isNotEmpty(str)) {
83             log.debug("responseProtection="+str);
84             responseProtection = str;
85         }
86         this.admin = admin;
87         // Get EJB beans, we can not use local beans here because the MBean used for the TCP listener does not work with that
88
IUserAdminSessionHome userHome = (IUserAdminSessionHome) ServiceLocator.getInstance().getRemoteHome(IUserAdminSessionHome.JNDI_NAME, IUserAdminSessionHome.class);
89         ICertificateStoreSessionHome storeHome = (ICertificateStoreSessionHome) ServiceLocator.getInstance().getRemoteHome(ICertificateStoreSessionHome.JNDI_NAME, ICertificateStoreSessionHome.class);
90         this.usersession = userHome.create();
91         this.storesession = storeHome.create();
92
93     }
94     public IResponseMessage handleMessage(BaseCmpMessage msg) {
95         log.debug(">handleMessage");
96         IResponseMessage resp = null;
97         // if version == 1 it is cmp1999 and we should not return a message back
98
// Try to find a HMAC/SHA1 protection key
99
String JavaDoc owfAlg = null;
100         String JavaDoc macAlg = null;
101         String JavaDoc keyId = null;
102         int iterationCount = 1024;
103         PKIHeader head = msg.getHeader();
104         DEROctetString os = head.getSenderKID();
105         if (os != null) {
106             keyId = new String JavaDoc(os.getOctets());
107             log.debug("Found a sender keyId: "+keyId);
108             try {
109                 ResponseStatus status = ResponseStatus.FAILURE;
110                 FailInfo failInfo = FailInfo.BAD_MESSAGE_CHECK;
111                 String JavaDoc failText = null;
112                 CmpPbeVerifyer verifyer = new CmpPbeVerifyer(raAuthenticationSecret, msg.getMessage());
113                 boolean ret = verifyer.verify();
114                 owfAlg = verifyer.getOwfOid();
115                 macAlg = verifyer.getMacOid();
116                 iterationCount = verifyer.getIterationCount();
117                 if (ret) {
118                     // If authentication was correct, we will now try to find the certificate to revoke
119
PKIMessage pkimsg = msg.getMessage();
120                     PKIBody body = pkimsg.getBody();
121                     RevReqContent rr = body.getRr();
122                     RevDetails rd = rr.getRevDetails(0);
123                     CertTemplate ct = rd.getCertDetails();
124                     DERInteger serno = ct.getSerialNumber();
125                     X509Name issuer = ct.getIssuer();
126                     DERBitString reasonbits = rd.getRevocationReason();
127                     int reason = CertTools.bitStringToRevokedCertInfo(reasonbits);
128                     if ( (serno != null) && (issuer != null) ) {
129                         String JavaDoc iMsg = intres.getLocalizedMessage("cmp.receivedrevreq", issuer.toString(), serno.getValue().toString(16));
130                         log.info(iMsg);
131                         try {
132                             String JavaDoc username = storesession.findUsernameByCertSerno(admin, serno.getValue(), issuer.toString());
133                             usersession.revokeCert(admin, serno.getValue(), issuer.toString(), username, reason);
134                             status = ResponseStatus.SUCCESS;
135                         } catch (AuthorizationDeniedException e) {
136                             failInfo = FailInfo.NOT_AUTHORIZED;
137                             String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errornotauthrevoke", issuer.toString(), serno.getValue().toString(16));
138                             failText = errMsg;
139                             log.error(failText);
140                         } catch (FinderException JavaDoc e) {
141                             failInfo = FailInfo.BAD_CERTIFICATE_ID;
142                             String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorcertnofound", issuer.toString(), serno.getValue().toString(16));
143                             failText = errMsg;
144                             log.error(failText);
145                         }
146                     } else {
147                         failInfo = FailInfo.BAD_CERTIFICATE_ID;
148                         String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errormissingissuerrevoke", issuer.toString(), serno.getValue().toString(16));
149                         failText = errMsg;
150                         log.error(failText);
151                     }
152                 } else {
153                     String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorauthmessage");
154                     log.error(errMsg);
155                     failText = errMsg;
156                     if (verifyer.getErrMsg() != null) {
157                         failText = verifyer.getErrMsg();
158                     }
159                 }
160                 log.debug("Creating a PKI revocation message response");
161                 CmpRevokeResponseMessage rresp = new CmpRevokeResponseMessage();
162                 rresp.setRecipientNonce(msg.getSenderNonce());
163                 rresp.setSenderNonce(new String JavaDoc(Base64.encode(CmpMessageHelper.createSenderNonce())));
164                 rresp.setSender(msg.getRecipient());
165                 rresp.setRecipient(msg.getSender());
166                 rresp.setTransactionId(msg.getTransactionId());
167                 rresp.setFailInfo(failInfo);
168                 rresp.setFailText(failText);
169                 rresp.setStatus(status);
170                 // Set all protection parameters
171
log.debug(responseProtection+", "+owfAlg+", "+macAlg+", "+keyId+", "+raAuthenticationSecret);
172                 if (StringUtils.equals(responseProtection, "pbe") && (owfAlg != null) && (macAlg != null) && (keyId != null) && (raAuthenticationSecret != null) ) {
173                     rresp.setPbeParameters(keyId, raAuthenticationSecret, owfAlg, macAlg, iterationCount);
174                 }
175                 resp = rresp;
176                 try {
177                     resp.create();
178                 } catch (InvalidKeyException JavaDoc e) {
179                     String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorgeneral");
180                     log.error(errMsg, e);
181                 } catch (NoSuchAlgorithmException JavaDoc e) {
182                     String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorgeneral");
183                     log.error(errMsg, e);
184                 } catch (NoSuchProviderException JavaDoc e) {
185                     String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorgeneral");
186                     log.error(errMsg, e);
187                 } catch (SignRequestException e) {
188                     String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorgeneral");
189                     log.error(errMsg, e);
190                 } catch (NotFoundException e) {
191                     String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorgeneral");
192                     log.error(errMsg, e);
193                 } catch (IOException JavaDoc e) {
194                     String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorgeneral");
195                     log.error(errMsg, e);
196                 }
197
198             } catch (NoSuchAlgorithmException JavaDoc e) {
199                 String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorcalcprotection");
200                 log.error(errMsg, e);
201                 resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
202             } catch (NoSuchProviderException JavaDoc e) {
203                 String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorcalcprotection");
204                 log.error(errMsg, e);
205                 resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
206             } catch (InvalidKeyException JavaDoc e) {
207                 String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorcalcprotection");
208                 log.error(errMsg, e);
209                 resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, e.getMessage());
210             } catch (RemoteException JavaDoc e) {
211                 // Fatal error
212
String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errorrevoke");
213                 log.error(errMsg, e);
214                 resp = null;
215             }
216         } else {
217             // If we don't have any protection to verify, we fail
218
String JavaDoc errMsg = intres.getLocalizedMessage("cmp.errornoprot");
219             resp = CmpMessageHelper.createUnprotectedErrorMessage(msg, ResponseStatus.FAILURE, FailInfo.BAD_MESSAGE_CHECK, errMsg);
220         }
221         
222         return resp;
223     }
224     
225 }
226
Popular Tags