1 13 14 package org.ejbca.core.protocol.xkms.generators; 15 16 import java.security.cert.X509Certificate ; 17 18 import javax.ejb.FinderException ; 19 20 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 21 import org.ejbca.core.model.ca.crl.RevokedCertInfo; 22 import org.ejbca.core.model.ra.UserDataVO; 23 import org.ejbca.core.protocol.xkms.common.XKMSConstants; 24 import org.ejbca.util.CertTools; 25 import org.w3._2002._03.xkms_.KeyBindingAbstractType; 26 import org.w3._2002._03.xkms_.KeyBindingType; 27 import org.w3._2002._03.xkms_.RevokeRequestType; 28 import org.w3._2002._03.xkms_.RevokeResultType; 29 import org.w3c.dom.Document ; 30 31 39 40 public class RevokeResponseGenerator extends 41 KRSSResponseGenerator { 42 44 public RevokeResponseGenerator(String remoteIP, RevokeRequestType req, Document requestDoc) { 45 super(remoteIP, req,requestDoc); 46 } 47 48 51 public RevokeResultType getResponse(boolean requestVerifies){ 52 RevokeResultType result = xkmsFactory.createRevokeResultType(); 53 super.populateResponse(result, requestVerifies); 54 RevokeRequestType req = (RevokeRequestType) this.req; 55 56 57 if(resultMajor == null){ 58 if(!checkValidRespondWithRequest(req.getRespondWith(),true)){ 59 resultMajor = XKMSConstants.RESULTMAJOR_SENDER; 60 resultMinor = XKMSConstants.RESULTMINOR_MESSAGENOTSUPPORTED; 61 } 62 63 if(resultMajor == null){ 64 if(resultMajor == null){ 65 X509Certificate cert = (X509Certificate ) getPublicKeyInfo(req, false); 66 boolean isCertValid = certIsValid(cert); 67 if(isCertValid){ 68 UserDataVO userData = findUserData(cert); 69 String revokationCodeId = getRevokationCodeFromUserData(userData); 70 if(userData != null && revokationCodeId != null){ 71 72 73 String revokeCode = getRevocationCode(req); 74 75 if(XKMSConfig.isRevokationAllowed()){ 76 if(revokeCode != null ){ 77 X509Certificate newCert = revoke(userData,revokeCode, revokationCodeId, cert); 78 if(newCert != null && req.getRespondWith().size() > 0){ 79 KeyBindingAbstractType keyBinding = getResponseValues(req.getRevokeKeyBinding(), newCert, true, false); 80 result.getKeyBinding().add((KeyBindingType) keyBinding); 81 } 82 } 83 }else{ 84 resultMajor = XKMSConstants.RESULTMAJOR_SENDER; 85 resultMinor = XKMSConstants.RESULTMINOR_REFUSED; 86 } 87 } 88 } 89 } 90 } 91 } 92 93 if(resultMajor == null){ 94 resultMajor = XKMSConstants.RESULTMAJOR_SUCCESS; 95 } 96 97 setResult(result); 98 99 return result; 100 } 101 102 108 private String getRevokationCodeFromUserData(UserDataVO userData) { 109 String retval = null; 110 if(userData != null && userData.getExtendedinformation() != null 111 && userData.getExtendedinformation().getRevocationCodeIdentifier() != null){ 112 retval = userData.getExtendedinformation().getRevocationCodeIdentifier(); 113 } 114 115 if(retval == null){ 116 resultMajor = XKMSConstants.RESULTMAJOR_SENDER; 117 resultMinor = XKMSConstants.RESULTMINOR_NOAUTHENTICATION; 118 } 119 120 return retval; 121 } 122 123 private X509Certificate revoke(UserDataVO userData, String password, String revocationCode, X509Certificate cert) { 124 X509Certificate retval = null; 125 127 if(revocationCode.equals(password)){ 128 try { 130 getUserAdminSession().revokeCert(raAdmin, cert.getSerialNumber(), CertTools.getIssuerDN(cert), userData.getUsername(), RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED); 131 retval = cert; 132 } catch (AuthorizationDeniedException e) { 133 resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER; 134 resultMinor = XKMSConstants.RESULTMINOR_FAILURE; 135 } catch (FinderException e) { 136 resultMajor = XKMSConstants.RESULTMAJOR_SENDER; 137 resultMinor = XKMSConstants.RESULTMINOR_NOMATCH; 138 } 139 }else{ 140 resultMajor = XKMSConstants.RESULTMAJOR_SENDER; 141 resultMinor = XKMSConstants.RESULTMINOR_NOAUTHENTICATION; 142 } 143 144 return retval; 145 } 146 147 148 149 150 151 152 } 153 | Popular Tags |