Package org.ejbca.extra.db

Examples of org.ejbca.extra.db.ExtRAResponse

170
171
172
173
174
175
176
177
178
179
180
  /**
   * Create a new External RA API request message in the database and return the response from the CA.
   * @return null of the CA did not respond in time
   */
  private ExtRAResponse getResponseFromCA(ISubMessage subMessage) {
    ExtRAResponse extRAResponse = null;
    // Setup a database interaction and store the request
    MessageHome messageHome = new MessageHome(Persistence.createEntityManagerFactory("ExternalRAGUIMessageDS"), MessageHome.MESSAGETYPE_EXTRA, true);
    SubMessages submessages = new SubMessages(extRaCertificate, extRaKey, racaserviceCert);
    submessages.addSubMessage(subMessage);
    String messageId = GUIDGenerator.generateGUID(this);
View Full Code Here
33
34
35
36
37
38
39
40
    public ISubMessage process(Admin admin, ISubMessage submessage, String errormessage) {
    if(errormessage == null){
      return processExtRAEditUserRequest(admin, (EditUserRequest) submessage);
    }else{
      return new ExtRAResponse(((ExtRARequest) submessage).getRequestId(), false, errormessage);
    }
    }
View Full Code Here
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
    }
    }

    private ISubMessage processExtRAEditUserRequest(Admin admin, EditUserRequest submessage) {
    log.debug("Processing ExtRAEditUserRequest");
    ExtRAResponse retval = null;
        UserDataVO userdata = null;
    try{
            userdata = generateUserDataVO(admin, submessage);
            userdata.setPassword(submessage.getPassword());        
      userdata.setType(submessage.getType());
      userdata.setTokenType(getTokenTypeId(admin, submessage.getTokenName()));
      userdata.setHardTokenIssuerId(getHardTokenIssuerId(admin, submessage.getHardTokenIssuerName()));
          storeUserData(admin, userdata, false, submessage.getStatus());
          retval = new ExtRAResponse(submessage.getRequestId(),true,null);
    }catch(Exception e){
      log.error("Error processing ExtRAEditUserRequest : ", e);
            if (userdata != null) {
                try {
                    storeUserData(admin, userdata, false, UserDataConstants.STATUS_FAILED);                   
                } catch (Exception ignore) {/*ignore*/}
            }
      retval = new ExtRAResponse(submessage.getRequestId(),false,e.getMessage());
    }
    return retval;
  }
View Full Code Here
35
36
37
38
39
40
41
42
    public ISubMessage process(Admin admin, ISubMessage submessage, String errormessage) {
    if(errormessage == null){
      return processExtRARevocationRequest(admin, (RevocationRequest) submessage);
    }else{
      return new ExtRAResponse(((ExtRARequest) submessage).getRequestId(), false, errormessage);
    }
    }
View Full Code Here
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
    }
    }

  private ISubMessage processExtRARevocationRequest(Admin admin, RevocationRequest submessage) {
    log.debug("Processing ExtRARevocationRequest");
    ExtRAResponse retval = null;
    try {      
      // If this is a message that does contain an explicit username, use it
      String username = submessage.getUsername();
      String issuerDN = submessage.getIssuerDN();
      BigInteger serno = submessage.getCertificateSN();
      if (StringUtils.isEmpty(issuerDN) && StringUtils.isEmpty(username)) {
        retval = new ExtRAResponse(submessage.getRequestId(),false,"Either username or issuer/serno is required");
      } else {
        if (StringUtils.isEmpty(username)) {
          username = certificateStoreSession.findUsernameByCertSerno(admin, serno, CertTools.stringToBCDNString(issuerDN));
        }
        if (username != null) {
          if ( (submessage.getRevokeAll() || submessage.getRevokeUser()) ) {
            // Revoke all users certificates by revoking the whole user
            UserDataVO vo = userAdminSession.findUser(admin,username);
            if (vo != null) {
              userAdminSession.revokeUser(admin,username, submessage.getRevocationReason());
              if (!submessage.getRevokeUser()) {
                // If we were not to revoke the user itself, but only the certificates, we should set back status
                userAdminSession.setUserStatus(admin, username, vo.getStatus());
              }         
            } else {
              retval = new ExtRAResponse(submessage.getRequestId(),false,"User not found from username: username="+username);             
            }
          } else {
            // Revoke only this certificate
            userAdminSession.revokeCert(admin, serno, CertTools.stringToBCDNString(issuerDN), submessage.getRevocationReason());       
          }         
        } else {
          retval = new ExtRAResponse(submessage.getRequestId(),false,"User not found from issuer/serno: issuer='"+issuerDN+"', serno="+serno);         
        }
        // If we didn't create any other return value, it was a success
        if (retval == null) {
          retval = new ExtRAResponse(submessage.getRequestId(),true,null);         
        }
      }
    } catch (AuthorizationDeniedException e) {
      log.error("Error processing ExtRARevocationRequest : ", e);
      retval = new ExtRAResponse(submessage.getRequestId(),false, "AuthorizationDeniedException: " + e.getMessage());
    }catch(Exception e){
      log.error("Error processing ExtRARevocationRequest : ", e);
      retval = new ExtRAResponse(submessage.getRequestId(),false,e.getMessage());
    }
   
    return retval;
  }
View Full Code Here
41
42
43
44
45
46
47
48
    public ISubMessage process(Admin admin, ISubMessage submessage, String errormessage) {
      if(errormessage == null){
        return processExtRAKeyRecoveryRequest(admin, (KeyRecoveryRequest) submessage);
      }else{
        return new ExtRAResponse(((ExtRARequest) submessage).getRequestId(), false, errormessage);
      }
    }
View Full Code Here
49
50
51
52
53
54
55
56
    public ISubMessage process(Admin admin, ISubMessage submessage, String errormessage) {
    if(errormessage == null){
      return processExtRACardRenewalRequest(admin, (CardRenewalRequest) submessage);
    }else{
      return new ExtRAResponse(((ExtRARequest) submessage).getRequestId(), false, errormessage);
    }
    }
View Full Code Here
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
    }
    }

    private ISubMessage processExtRACardRenewalRequest(Admin admin, CardRenewalRequest submessage) {
    log.debug("Processing ExtRACardRenewalRequest");
    ExtRAResponse retval = null;
    try {
      Certificate authcert = submessage.getAuthCertificate();
      Certificate signcert = submessage.getSignCertificate();
      String authReq = submessage.getAuthPkcs10();
      String signReq = submessage.getSignPkcs10();
      if ( (authcert == null) || (signcert == null) || (authReq == null) || (signReq == null) ) {
        retval = new ExtRAResponse(submessage.getRequestId(),false,"An authentication cert, a signature cert, an authentication request and a signature request are required");
      } else {
        BigInteger serno = CertTools.getSerialNumber(authcert);
        String issuerDN = CertTools.getIssuerDN(authcert);
                // Verify the certificates with CA cert, and then verify the pcks10 requests
                CertificateInfo authInfo = certificateStoreSession.getCertificateInfo(admin, CertTools.getFingerprintAsString(authcert));
                Certificate authcacert = certificateStoreSession.findCertificateByFingerprint(admin, authInfo.getCAFingerprint());
                CertificateInfo signInfo = certificateStoreSession.getCertificateInfo(admin, CertTools.getFingerprintAsString(signcert));
                Certificate signcacert = certificateStoreSession.findCertificateByFingerprint(admin, signInfo.getCAFingerprint());
                // Verify certificate
                try {
                    authcert.verify(authcacert.getPublicKey());                   
                } catch (Exception e) {
                    log.error("Error verifying authentication certificate: ", e);
                    retval = new ExtRAResponse(submessage.getRequestId(),false,"Error verifying authentication certificate: "+e.getMessage());
                    return retval;
                }
                try {
                    signcert.verify(signcacert.getPublicKey());                   
                } catch (Exception e) {
                    log.error("Error verifying signature certificate: ", e);
                    retval = new ExtRAResponse(submessage.getRequestId(),false,"Error verifying signature certificate: "+e.getMessage());
                    return retval;
                }
                // Verify requests
                byte[] authReqBytes = authReq.getBytes();
                byte[] signReqBytes = signReq.getBytes();
                PKCS10RequestMessage authPkcs10 = RequestMessageUtils.genPKCS10RequestMessage(authReqBytes);
                PKCS10RequestMessage signPkcs10 = RequestMessageUtils.genPKCS10RequestMessage(signReqBytes);
                String authok = null;
                try {
                    if (!authPkcs10.verify(authcert.getPublicKey())) {
                        authok = "Verify failed for authentication request";
                    }                   
                } catch (Exception e) {
                    authok="Error verifying authentication request: "+e.getMessage();
                    log.error("Error verifying authentication request: ", e);
                }
                if (authok != null) {
                    retval = new ExtRAResponse(submessage.getRequestId(),false,authok);
                    return retval;                                       
                }
                String signok = null;
                try {
                    if (!signPkcs10.verify(signcert.getPublicKey())) {
                        signok = "Verify failed for signature request";
                    }                   
                } catch (Exception e) {
                    signok="Error verifying signaturerequest: "+e.getMessage();
                    log.error("Error verifying signaturerequest: ", e);
                }
                if (signok != null) {
                    retval = new ExtRAResponse(submessage.getRequestId(),false,signok);
                    return retval;                                       
                }
               
                // Now start the actual work, we are ok and verified here
        String username = certificateStoreSession.findUsernameByCertSerno(admin, serno, CertTools.stringToBCDNString(issuerDN));
        if (username != null) {
                final UserDataVO data = userAdminSession.findUser(admin, username);
                if ( data.getStatus() != UserDataConstants.STATUS_NEW) {
                  log.error("User status must be new for "+username);
            retval = new ExtRAResponse(submessage.getRequestId(),false,"User status must be new for "+username);
                } else {
                        log.info("Processing Card Renewal for: issuer='"+issuerDN+"', serno="+serno);
                        int authCertProfile = -1;
                        int signCertProfile = -1;
                        int authCA = -1;
                        int signCA = -1;
                        // Get the profiles and CAs from the message if they exist
                  if (submessage.getAuthProfile() != -1) {
                    authCertProfile = submessage.getAuthProfile();
                  }
                  if (submessage.getSignProfile() != -1) {
                    signCertProfile = submessage.getSignProfile();
                  }
                  if (submessage.getAuthCA() != -1) {
                    authCA = submessage.getAuthCA();
                  }
                  if (submessage.getSignCA() != -1) {
                    signCA = submessage.getSignCA();
                  }
                        HardTokenProfile htp = hardTokenSession.getHardTokenProfile(admin, data.getTokenType());
                        if ( htp!=null && htp instanceof EIDProfile ) {
                          EIDProfile hardTokenProfile = (EIDProfile)htp;
                          if (authCertProfile == -1) {
                            authCertProfile = hardTokenProfile.getCertificateProfileId(SwedishEIDProfile.CERTUSAGE_AUTHENC);                           
                          }
                          if (signCertProfile == -1) {
                            signCertProfile = hardTokenProfile.getCertificateProfileId(SwedishEIDProfile.CERTUSAGE_SIGN);
                          }
                          if (authCA == -1) {
                            authCA = hardTokenProfile.getCAId(SwedishEIDProfile.CERTUSAGE_AUTHENC);
                            if (authCA == EIDProfile.CAID_USEUSERDEFINED) {
                              authCA = data.getCAId();
                            }
                          }
                          if (signCA == -1) {
                            signCA = hardTokenProfile.getCAId(SwedishEIDProfile.CERTUSAGE_SIGN);
                            if (signCA == EIDProfile.CAID_USEUSERDEFINED) {
                              signCA = data.getCAId();
                            }                           
                          }
                        } else {
                          if (authCertProfile == -1) {
                            authCertProfile = data.getCertificateProfileId();
                          }
                          if (signCertProfile == -1) {
                            signCertProfile = data.getCertificateProfileId();
                          }
                          if (authCA == -1) {
                            authCA = data.getCAId();
                          }
                          if (signCA == -1) {
                            signCA = data.getCAId();
                          }
                        }

                  // Set certificate profile and CA for auth certificate
                        UserDataVO newUser = new UserDataVO(username, data.getDN(), authCA, data.getSubjectAltName(), data.getEmail(), data.getType(), data.getEndEntityProfileId(), authCertProfile, data.getTokenType(), data.getHardTokenIssuerId(), null);
                        newUser.setPassword(data.getPassword());
                        userAdminSession.setUserStatus(admin, username, UserDataConstants.STATUS_NEW);
                        userAdminSession.changeUser(admin, newUser, false);

                  // We may have changed to a new auto generated password
                  UserDataVO data1 = userAdminSession.findUser(admin, username);
                  Certificate authcertOut=pkcs10CertRequest(admin, signSession, authPkcs10, username, data1.getPassword());

                  // Set certificate and CA for sign certificate
                        newUser = new UserDataVO(username, data.getDN(), signCA, data.getSubjectAltName(), data.getEmail(), data.getType(), data.getEndEntityProfileId(), signCertProfile, data.getTokenType(), data.getHardTokenIssuerId(), null);
                        newUser.setPassword(data.getPassword());
                        userAdminSession.setUserStatus(admin, username, UserDataConstants.STATUS_NEW);
                        userAdminSession.changeUser(admin, newUser, false);

                        // We may have changed to a new auto generated password
                  data1 = userAdminSession.findUser(admin, username);
                  Certificate signcertOut=pkcs10CertRequest(admin, signSession, signPkcs10, username, data1.getPassword());

                  // We are generated all right
                  data.setStatus(UserDataConstants.STATUS_GENERATED);
                  // set back to original values (except for generated)
                  userAdminSession.changeUser(admin, data, true);
                  retval = new CardRenewalResponse(submessage.getRequestId(), true, null, authcertOut, signcertOut);
                }
        } else {
                    log.error("User not found from issuer/serno: issuer='"+issuerDN+"', serno="+serno);
          retval = new ExtRAResponse(submessage.getRequestId(),false,"User not found from issuer/serno: issuer='"+issuerDN+"', serno="+serno);         
        }
      }      
    } catch(Exception e) {
      log.error("Error processing ExtRACardRenewalRequest : ", e);
      retval = new ExtRAResponse(submessage.getRequestId(),false,e.getMessage());
    }
     
    return retval;
  }
View Full Code Here
169
170
171
172
173
174
175
176
177
178
179
180
181
    msghome.create("SimplePKCS10Test1", smgs);   
        msg = waitForUser("SimplePKCS10Test1");
    assertNotNull(msg);
    submessagesresp = msg.getSubMessages(null,null,null);
    assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1);
    ExtRAResponse editresp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next();
    assertTrue("Wrong Request ID" + editresp.getRequestId(), editresp.getRequestId() == 101);
    assertTrue("External RA CA Service was not successful.", editresp.isSuccessful() == true);

    // Create a new request, now it should be ok
    smgs = new SubMessages(null,null,null);
    smgs.addSubMessage(ExtRAMessagesTest.genExtRAPKCS10Request(102,"SimplePKCS10Test1", Constants.pkcs10_1, false));
    msghome.create("SimplePKCS10Test1", smgs);   
View Full Code Here
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
   
    SubMessages submessagesresp = msg.getSubMessages(null,null,null);
   
    assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1);
   
    ExtRAResponse resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next();
    assertTrue("Wrong Request ID" + resp.getRequestId(), resp.getRequestId() == 10);
    assertTrue(resp.isSuccessful() == true);
 
    // revoke second certificate 
    SubMessages smgs2 = new SubMessages(null,null,null);
    assertNotNull("Missing certificate from previous test.", secondCertificate);
    smgs2.addSubMessage(new RevocationRequest(6, CertTools.getIssuerDN(secondCertificate), secondCertificate.getSerialNumber(), RevocationRequest.REVOKATION_REASON_UNSPECIFIED));
   
    msghome.create("SimpleRevocationTest", smgs2);
   
        Message msg2 = waitForUser("SimpleRevocationTest");
   
    assertNotNull(msg2);
   
    SubMessages submessagesresp2 = msg2.getSubMessages(null,null,null);
   
    assertTrue("Number of submessages " + submessagesresp2.getSubMessages().size() ,  submessagesresp2.getSubMessages().size() == 1);
   
    ExtRAResponse resp2 = (ExtRAResponse) submessagesresp2.getSubMessages().iterator().next();
    assertTrue(resp2.getRequestId() == 6);
    assertTrue(resp2.isSuccessful() == true);
   
    // try to revoke nonexisting certificate 
    SubMessages smgs3 = new SubMessages(null,null,null);
    smgs3.addSubMessage(new RevocationRequest(7, CertTools.getIssuerDN(secondCertificate), new BigInteger("1234"), RevocationRequest.REVOKATION_REASON_UNSPECIFIED));
   
    msghome.create("SimpleRevocationTest", smgs3);
   
        Message msg3 = waitForUser("SimpleRevocationTest");
   
    assertNotNull(msg3);
   
    SubMessages submessagesresp3 = msg3.getSubMessages(null,null,null);
   
    assertTrue(submessagesresp3.getSubMessages().size() == 1);
   
    ExtRAResponse resp3 = (ExtRAResponse) submessagesresp3.getSubMessages().iterator().next();
    assertTrue(resp3.getRequestId() == 7);
    assertTrue(resp3.isSuccessful() == false);
       
    // try to revoke a users all certificates
    SubMessages smgs4 = new SubMessages(null,null,null);
    smgs4.addSubMessage(new RevocationRequest(8, CertTools.getIssuerDN(secondCertificate), secondCertificate.getSerialNumber(), RevocationRequest.REVOKATION_REASON_UNSPECIFIED, false, true));
   
    msghome.create("SimpleRevocationTest", smgs4);
   
        Message msg4 = waitForUser("SimpleRevocationTest");
   
    assertNotNull(msg4);
   
    SubMessages submessagesresp4 = msg4.getSubMessages(null,null,null);
   
    assertTrue(submessagesresp4.getSubMessages().size() == 1);
   
    ExtRAResponse resp4 = (ExtRAResponse) submessagesresp4.getSubMessages().iterator().next();
    assertTrue(resp4.getRequestId() == 8);
    assertTrue(resp4.isSuccessful() == true);
   
    // try to revoke a users all certificates by giving the username
    SubMessages smgs5 = new SubMessages(null,null,null);
    smgs5.addSubMessage(new RevocationRequest(9, "SimplePKCS10Test1", RevocationRequest.REVOKATION_REASON_UNSPECIFIED, false));
   
    msghome.create("SimpleRevocationTest", smgs5);
   
        Message msg5 = waitForUser("SimpleRevocationTest");
   
    assertNotNull(msg5);
   
    SubMessages submessagesresp5 = msg5.getSubMessages(null,null,null);
   
    assertTrue(submessagesresp5.getSubMessages().size() == 1);
   
    ExtRAResponse resp5 = (ExtRAResponse) submessagesresp5.getSubMessages().iterator().next();
    assertTrue(resp5.getRequestId() == 9);
    assertTrue(resp5.isSuccessful() == true);
   
    // Try some error cases
        // First a message with null as parameters
    SubMessages smgs6 = new SubMessages(null,null,null);
    smgs6.addSubMessage(new RevocationRequest(10, null, RevocationRequest.REVOKATION_REASON_UNSPECIFIED, false));   
    msghome.create("SimpleRevocationTest", smgs6);
        Message msg6 = waitForUser("SimpleRevocationTest");
    assertNotNull(msg6);
    SubMessages submessagesresp6 = msg6.getSubMessages(null,null,null);
    assertTrue(submessagesresp6.getSubMessages().size() == 1);
    ExtRAResponse resp6 = (ExtRAResponse) submessagesresp6.getSubMessages().iterator().next();
    assertTrue(resp6.getRequestId() == 10);
    assertTrue(resp6.isSuccessful() == false);
        assertEquals(resp6.getFailInfo(), "Either username or issuer/serno is required");
       
        // Then a message with a suername that does not exist
        SubMessages smgs7 = new SubMessages(null,null,null);
        smgs7.addSubMessage(new RevocationRequest(11, "184hjeyyydvv88q", RevocationRequest.REVOKATION_REASON_UNSPECIFIED, false));    
        msghome.create("SimpleRevocationTest", smgs7);
        Message msg7 = waitForUser("SimpleRevocationTest");
        assertNotNull(msg7);
        SubMessages submessagesresp7 = msg7.getSubMessages(null,null,null);
        assertTrue(submessagesresp7.getSubMessages().size() == 1);
        ExtRAResponse resp7 = (ExtRAResponse) submessagesresp7.getSubMessages().iterator().next();
        assertTrue(resp7.getRequestId() == 11);
        assertTrue(resp7.isSuccessful() == false);
        assertEquals(resp7.getFailInfo(), "User not found from username: username=184hjeyyydvv88q");

        // Then a message with a issuer/serno that does not exist
        SubMessages smgs8 = new SubMessages(null,null,null);
        smgs8.addSubMessage(new RevocationRequest(12, "CN=ffo558444,O=338qqwaa,C=qq", new BigInteger("123"), RevocationRequest.REVOKATION_REASON_UNSPECIFIED, false, false));    
        msghome.create("SimpleRevocationTest", smgs8);
        Message msg8 = waitForUser("SimpleRevocationTest");
        assertNotNull(msg8);
        SubMessages submessagesresp8 = msg8.getSubMessages(null,null,null);
        assertTrue(submessagesresp8.getSubMessages().size() == 1);
        ExtRAResponse resp8 = (ExtRAResponse) submessagesresp8.getSubMessages().iterator().next();
        assertTrue(resp8.getRequestId() == 12);
        assertTrue(resp8.isSuccessful() == false);
        assertEquals(resp8.getFailInfo(), "User not found from issuer/serno: issuer='CN=ffo558444,O=338qqwaa,C=qq', serno=123");
  }
View Full Code Here
TOP

Related Classes of org.ejbca.extra.db.ExtRAResponse

  • org.ejbca.externalra.gui.ExternalRARequestDispatcher
  • org.ejbca.extra.caservice.processor.CardRenewalRequestProcessor
  • org.ejbca.extra.caservice.processor.EditUserRequestProcessor
  • org.ejbca.extra.caservice.processor.KeyRecoveryRequestProcessor
  • org.ejbca.extra.caservice.processor.RevocationRequestProcessor
  • org.ejbca.extra.ra.RAApiTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.