Package org.ejbca.core.protocol.scep

Examples of org.ejbca.core.protocol.scep.ScepRequestMessage


                if (StringUtils.equals("0", getInitParameter("includeCACert"))) {
                  includeCACert = false;
                }

                byte[] reply = null;                               
                ScepRequestMessage reqmsg = new ScepRequestMessage(scepmsg, includeCACert);
                String transId = reqmsg.getTransactionId();
                log.debug("Received a message of type: "+reqmsg.getMessageType());
                if(reqmsg.getMessageType() == ScepRequestMessage.SCEP_TYPE_GETCERTINITIAL) {
                  log.info("Received a GetCertInitial message from host: "+remoteAddr);
                  Message msg = null;
                  try {
                    msg = msgHome.findByMessageId(transId);                   
                  } catch (Exception e) {
                    // TODO: internal resources
                    log.info("Error looking for message with transId "+transId+" :", e);
                  }
                  if(msg != null) {
                    if(msg.getStatus().equals(Message.STATUS_PROCESSED)) {
                      log.debug("Request is processed with status: "+msg.getStatus());
                      SubMessages submessagesresp = msg.getSubMessages(null,null,null);
                      Iterator<ISubMessage> iter =  submessagesresp.getSubMessages().iterator();
                      PKCS10Response resp = (PKCS10Response)iter.next();
                      // create proper ScepResponseMessage
                      IResponseMessage ret = reqmsg.createResponseMessage(org.ejbca.core.protocol.scep.ScepResponseMessage.class, reqmsg, racert, rapriv, cryptProvider);
                      ret.setCACert(cacert);
                    X509Certificate respCert = resp.getCertificate();
                      if ( resp.isSuccessful() && (respCert != null) ) {
                        ret.setCertificate(respCert);                         
                      } else {
                        ret.setStatus(ResponseStatus.FAILURE);
                        ret.setFailInfo(FailInfo.BAD_REQUEST);
                        String failText = resp.getFailInfo();
                        ret.setFailText(failText);
                      }
                      ret.create();
                      reply = ret.getResponseMessage();                       
                    } else {
                      log.debug("Request is not yet processed, status: "+msg.getStatus());
                        reply = createPendingResponseMessage(reqmsg, racert, rapriv, cryptProvider).getResponseMessage();
                        log.debug("Responding with pending response, still pending.");                    
                    }                   
                  }else{
                    // User doesn't exist
                  }
                } else {        
                  if(reqmsg.getMessageType() == ScepRequestMessage.SCEP_TYPE_PKCSREQ) { 
                      log.debug("Received a PKCSReq message from host: "+remoteAddr);
                      // Decrypt the Scep message and extract the pkcs10 request
                        if (reqmsg.requireKeyInfo()) {
                            // scep encrypts message with the RAs certificate
                            reqmsg.setKeyInfo(racert, rapriv, cryptProvider);
                        }
                        // Verify the request
                        if (reqmsg.verify() == false) {
                          String msg = "POPO verification failed.";
                            log.error(msg);
                            throw new SignRequestSignatureException(msg);
                        }
                        String username = reqmsg.getUsername();
                        if (username == null) {
                          String msg = "No username in request, request DN: "+reqmsg.getRequestDN();
                            log.error(msg);
                            throw new SignRequestException(msg);
                        }
                        log.info("Received a SCEP/PKCS10 request for user: "+username+", from host: "+remoteAddr);
                        String authPwd = ExtraConfiguration.instance().getString(ExtraConfiguration.SCEPAUTHPWD);
                        if (StringUtils.isNotEmpty(authPwd) && !StringUtils.equals(authPwd, "none")) {
                          log.debug("Requiring authPwd in order to precess SCEP requests");
                          String pwd = reqmsg.getPassword();
                          if (!StringUtils.equals(authPwd, pwd)) {
                            log.error("Wrong auth password received in SCEP request: "+pwd);
                                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Auth pwd missmatch");
                                return;
                          }
                          log.debug("Request passed authPwd test.");
                        } else {
                          log.debug("Not requiring authPwd in order to precess SCEP requests");                         
                        }
                        // Try to find the CA name from the issuerDN, if we can't find it (i.e. not defined in web.xml) we use the default
                        String issuerDN = CertTools.stringToBCDNString(reqmsg.getIssuerDN());
                        String caName = ExtraConfiguration.instance().getString(issuerDN);
                        if (StringUtils.isEmpty(caName)) {
                          caName = ExtraConfiguration.instance().getString(ExtraConfiguration.SCEPDEFAULTCA);
                          log.info("Did not find a CA name from issuerDN: "+issuerDN+", using the default CA '"+caName+"'");
                        } else {
                          log.debug("Found a CA name '"+caName+"' from issuerDN: "+issuerDN);
                        }
                        // Get altNames if we can find them
                        String altNames = reqmsg.getRequestAltNames();

                        byte[] encoded = reqmsg.getCertificationRequest().getEncoded();
                        String pkcs10 = new String(Base64.encode(encoded, false));
                       
                      // Create a pkcs10 request
                        String certificateProfile = ExtraConfiguration.instance().getString(ExtraConfiguration.SCEPCERTPROFILEKEY);
                        String entityProfile = ExtraConfiguration.instance().getString(ExtraConfiguration.SCEPENTITYPROFILEKEY);
                    boolean createOrEditUser = ExtraConfiguration.instance().getBoolean(ExtraConfiguration.SCEPEDITUSER);
                    PKCS10Request req = new PKCS10Request(100,username, reqmsg.getRequestDN(), altNames, null, null, entityProfile, certificateProfile, caName, pkcs10);
                    req.setCreateOrEditUser(createOrEditUser);
                    SubMessages submessages = new SubMessages();
                    submessages.addSubMessage(req);
                    msgHome.create(transId, submessages);
                    reply = createPendingResponseMessage(reqmsg, racert, rapriv, cryptProvider).getResponseMessage();
View Full Code Here


        byte[] ret = null;
        if (log.isTraceEnabled()) {
          log.trace(">getRequestMessage(" + msg.length + " bytes)");
        }
        try {
            reqmsg = new ScepRequestMessage(msg, includeCACert);

            if (reqmsg.getErrorNo() != 0) {
                log.error("Error '" + reqmsg.getErrorNo() + "' receiving Scep request message.");
                return null;
            }
View Full Code Here

TOP

Related Classes of org.ejbca.core.protocol.scep.ScepRequestMessage

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.