ScepPkiOpHelper


1   /*************************************************************************
2    *                                                                       *
3    *  EJBCA: The OpenSource Certificate Authority                          *
4    *                                                                       *
5    *  This software is free software; you can redistribute it and/or       *
6    *  modify it under the terms of the GNU Lesser General Public           *
7    *  License as published by the Free Software Foundation; either         *
8    *  version 2.1 of the License, or any later version.                    *
9    *                                                                       *
10   *  See terms of license at gnu.org.                                     *
11   *                                                                       *
12   *************************************************************************/
13  
14  package org.ejbca.ui.web.protocol;
15  
16  import java.io.IOException  ;
17  import java.security.GeneralSecurityException  ;
18  
19  import org.apache.log4j.Logger;
20  import org.ejbca.core.ejb.ca.sign.ISignSessionLocal;
21  import org.ejbca.core.model.ca.AuthLoginException;
22  import org.ejbca.core.model.ca.AuthStatusException;
23  import org.ejbca.core.model.ca.IllegalKeyException;
24  import org.ejbca.core.model.ca.SignRequestException;
25  import org.ejbca.core.model.ca.SignRequestSignatureException;
26  import org.ejbca.core.model.ca.caadmin.CADoesntExistsException;
27  import org.ejbca.core.model.log.Admin;
28  import org.ejbca.core.model.ra.NotFoundException;
29  import org.ejbca.core.protocol.IResponseMessage;
30  import org.ejbca.core.protocol.ScepRequestMessage;
31  
32  
33  /**
34   * Helper class to handle SCEP (draft-nourse-scep-06.txt) requests.
35   *
36   * @version  $Id: ScepPkiOpHelper.java,v 1.3.2.1 2007/03/28 12:26:54 anatom Exp $
37   */
38  public class ScepPkiOpHelper {
39      private static Logger log = Logger.getLogger(ScepPkiOpHelper.class);
40      private ScepRequestMessage reqmsg = null;
41      private Admin admin = null;
42      private ISignSessionLocal signsession = null;
43  
44      /**
45       * Creates a new ScepPkiOpHelper object.
46       *
47       * @param admin administrator performing this
48       * @param signsession signsession used to request certificates
49       */
50      public ScepPkiOpHelper(Admin admin, ISignSessionLocal signsession) {
51          log.debug(">ScepPkiOpHelper");
52          this.admin = admin;
53          this.signsession = signsession;
54          log.debug("<ScepPkiOpHelper");
55      }
56  
57      /**
58       * Handles SCEP certificate request
59       *
60       * @param msg buffer holding the SCEP-request (DER encoded).
61       *
62       * @return byte[] containing response to be sent to client.
63       */
64      public byte[] scepCertRequest(byte[] msg, boolean includeCACert)
65              throws NotFoundException, AuthLoginException,
66              SignRequestException, AuthStatusException, IllegalKeyException,
67              SignRequestSignatureException, CADoesntExistsException {
68          byte[] ret = null;
69          log.debug(">getRequestMessage(" + msg.length + " bytes)");
70  
71          try {
72              reqmsg = new ScepRequestMessage(msg, includeCACert);
73  
74              if (reqmsg.getErrorNo() != 0) {
75                  log.error("Error '" + reqmsg.getErrorNo() + "' receiving Scep request message.");
76                  return null;
77              }
78              if (reqmsg.getMessageType() == ScepRequestMessage.SCEP_TYPE_PKCSREQ) {
79                  // Get the certificate
80                  IResponseMessage resp = signsession.createCertificate(admin, reqmsg, -1,
81                          Class.forName(org.ejbca.core.protocol.ScepResponseMessage.class.getName()));
82                  if (resp != null) {
83                      ret = resp.getResponseMessage();
84                  }
85              }
86              if (reqmsg.getMessageType() == ScepRequestMessage.SCEP_TYPE_GETCRL) {
87                  // create the stupid encrypted CRL message, the below can actually only be made 
88                  // at the CA, since CAs privvate key is needed to decrypt
89                  IResponseMessage resp = signsession.getCRL(admin, reqmsg,
90                          Class.forName(org.ejbca.core.protocol.ScepResponseMessage.class.getName()));
91                  if (resp != null) {
92                      ret = resp.getResponseMessage();
93                  }
94              }
95          } catch (IOException   e) {
96              log.error("Error receiving ScepMessage: ", e);
97          } catch (GeneralSecurityException   e) {
98              log.error("Error receiving ScepMessage: ", e);
99          } catch (ClassNotFoundException   e) {
100             log.error("Error createing response message template: ", e);
101         }
102 
103         log.debug("<getRequestMessage():" + ((ret == null) ? 0 : ret.length));
104 
105         return ret;
106     }
107 }
108
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags