List of usage examples for org.bouncycastle.asn1.cmp PKIHeader getRecipient
public GeneralName getRecipient()
From source file:org.ejbca.core.protocol.cmp.CmpMessageDispatcherSessionBean.java
License:Open Source License
/** The message may have been received by any transport protocol, and is passed here in it's binary ASN.1 form. * /*ww w. jav a2 s .c o m*/ * @param message der encoded CMP message * @return IResponseMessage containing the CMP response message or null if there is no message to send back or some internal error has occurred */ private ResponseMessage dispatch(final AuthenticationToken admin, final ASN1Primitive derObject, final boolean authenticated, String confAlias) { this.cmpConfiguration = (CmpConfiguration) this.globalConfigSession .getCachedConfiguration(CmpConfiguration.CMP_CONFIGURATION_ID); if (!cmpConfiguration.aliasExists(confAlias)) { log.info("There is no CMP alias: " + confAlias); return CmpMessageHelper.createUnprotectedErrorMessage(null, ResponseStatus.FAILURE, FailInfo.INCORRECT_DATA, "Wrong URL. CMP alias '" + confAlias + "' does not exist"); } final PKIMessage req; try { req = PKIMessage.getInstance(derObject); if (req == null) { throw new Exception("No CMP message could be parsed from received Der object."); } } catch (Throwable t) { // NOPMD: catch all to report errors back to client final String eMsg = intres.getLocalizedMessage("cmp.errornotcmpmessage"); log.error(eMsg, t); // If we could not read the message, we should return an error BAD_REQUEST return CmpMessageHelper.createUnprotectedErrorMessage(null, ResponseStatus.FAILURE, FailInfo.BAD_REQUEST, eMsg); } try { final PKIBody body = req.getBody(); final int tagno = body.getType(); if (log.isDebugEnabled()) { final PKIHeader header = req.getHeader(); log.debug("Received CMP message with pvno=" + header.getPvno() + ", sender=" + header.getSender().toString() + ", recipient=" + header.getRecipient().toString()); log.debug("Cmp configuration alias: " + confAlias); log.debug("The CMP message is already authenticated: " + authenticated); log.debug("Body is of type: " + tagno); log.debug("Transaction id: " + header.getTransactionID()); //log.debug(ASN1Dump.dumpAsString(req)); } BaseCmpMessage cmpMessage = null; ICmpMessageHandler handler = null; int unknownMessageType = -1; switch (tagno) { case 0: // 0 (ir, Initialization Request) and 2 (cr, Certification Req) are both certificate requests handler = new CrmfMessageHandler(admin, confAlias, caSession, certificateProfileSession, certificateRequestSession, endEntityAccessSession, endEntityProfileSession, signSession, certificateStoreSession, authSession, authenticationProviderSession, endEntityManagementSession, globalConfigSession); cmpMessage = new CrmfRequestMessage(req, this.cmpConfiguration.getCMPDefaultCA(confAlias), this.cmpConfiguration.getAllowRAVerifyPOPO(confAlias), this.cmpConfiguration.getExtractUsernameComponent(confAlias)); break; case 2: handler = new CrmfMessageHandler(admin, confAlias, caSession, certificateProfileSession, certificateRequestSession, endEntityAccessSession, endEntityProfileSession, signSession, certificateStoreSession, authSession, authenticationProviderSession, endEntityManagementSession, globalConfigSession); cmpMessage = new CrmfRequestMessage(req, this.cmpConfiguration.getCMPDefaultCA(confAlias), this.cmpConfiguration.getAllowRAVerifyPOPO(confAlias), this.cmpConfiguration.getExtractUsernameComponent(confAlias)); break; case 7: // Key Update request (kur, Key Update Request) handler = new CrmfKeyUpdateHandler(admin, confAlias, caSession, certificateProfileSession, endEntityAccessSession, endEntityProfileSession, signSession, certificateStoreSession, authSession, authenticationProviderSession, endEntityManagementSession, globalConfigSession); cmpMessage = new CrmfRequestMessage(req, this.cmpConfiguration.getCMPDefaultCA(confAlias), this.cmpConfiguration.getAllowRAVerifyPOPO(confAlias), this.cmpConfiguration.getExtractUsernameComponent(confAlias)); break; case 19: // PKI confirm (pkiconf, Confirmation) case 24: // Certificate confirmation (certConf, Certificate confirm) handler = new ConfirmationMessageHandler(admin, confAlias, caSession, endEntityProfileSession, certificateProfileSession, authSession, authenticationProviderSession, cryptoTokenSession, globalConfigSession); cmpMessage = new GeneralCmpMessage(req); break; case 11: // Revocation request (rr, Revocation Request) handler = new RevocationMessageHandler(admin, confAlias, endEntityManagementSession, caSession, endEntityProfileSession, certificateProfileSession, certificateStoreSession, authSession, endEntityAccessSession, authenticationProviderSession, cryptoTokenSession, globalConfigSession); cmpMessage = new GeneralCmpMessage(req); break; case 20: // NestedMessageContent (nested) if (log.isDebugEnabled()) { log.debug("Received a NestedMessageContent"); } final NestedMessageContent nestedMessage = new NestedMessageContent(req, confAlias, globalConfigSession); if (nestedMessage.verify()) { if (log.isDebugEnabled()) { log.debug("The NestedMessageContent was verified successfully"); } try { PKIMessages nestesMessages = (PKIMessages) nestedMessage.getPKIMessage().getBody() .getContent(); PKIMessage msg = nestesMessages.toPKIMessageArray()[0]; return dispatch(admin, msg.toASN1Primitive(), true, confAlias); } catch (IllegalArgumentException e) { final String errMsg = e.getLocalizedMessage(); log.info(errMsg, e); cmpMessage = new NestedMessageContent(req, confAlias, globalConfigSession); return CmpMessageHelper.createUnprotectedErrorMessage(cmpMessage, ResponseStatus.FAILURE, FailInfo.BAD_REQUEST, errMsg); } } else { final String errMsg = "Could not verify the RA, signature verification on NestedMessageContent failed."; log.info(errMsg); cmpMessage = new NestedMessageContent(req, confAlias, globalConfigSession); return CmpMessageHelper.createUnprotectedErrorMessage(cmpMessage, ResponseStatus.FAILURE, FailInfo.BAD_REQUEST, errMsg); } default: unknownMessageType = tagno; log.info("Received an unknown message type, tagno=" + tagno); break; } if (handler == null || cmpMessage == null) { if (unknownMessageType > -1) { final String eMsg = intres.getLocalizedMessage("cmp.errortypenohandle", Integer.valueOf(unknownMessageType)); log.error(eMsg); return CmpMessageHelper.createUnprotectedErrorMessage(null, ResponseStatus.FAILURE, FailInfo.BAD_REQUEST, eMsg); } throw new Exception("Something is null! Handler=" + handler + ", cmpMessage=" + cmpMessage); } final ResponseMessage ret = handler.handleMessage(cmpMessage, authenticated); if (ret != null) { log.debug("Received a response message of type '" + ret.getClass().getName() + "' from CmpMessageHandler."); } else { log.error(intres.getLocalizedMessage("cmp.errorresponsenull")); } return ret; } catch (Exception e) { log.error(intres.getLocalizedMessage("cmp.errorprocess"), e); return null; } }
From source file:org.ejbca.core.protocol.cmp.CmpMessageHelper.java
License:Open Source License
public static PKIHeaderBuilder getHeaderBuilder(PKIHeader head) { PKIHeaderBuilder builder = new PKIHeaderBuilder(head.getPvno().getValue().intValue(), head.getSender(), head.getRecipient()); builder.setFreeText(head.getFreeText()); builder.setGeneralInfo(head.getGeneralInfo()); builder.setMessageTime(head.getMessageTime()); builder.setRecipKID((DEROctetString) head.getRecipKID()); builder.setRecipNonce(head.getRecipNonce()); builder.setSenderKID(head.getSenderKID()); builder.setSenderNonce(head.getSenderNonce()); builder.setTransactionID(head.getTransactionID()); return builder; }
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
License:Open Source License
protected static void checkCmpPKIConfirmMessage(X500Name userDN, Certificate cacert, byte[] retMsg) throws IOException { //// w ww.java 2s. c om // Parse response message // PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } assertNotNull(respObject); PKIHeader header = respObject.getHeader(); assertEquals(header.getSender().getTagNo(), 4); X509Principal responseDN = new X509Principal(header.getSender().getName().toString()); X509Principal expectedDN = new X509Principal( ((X509Certificate) cacert).getSubjectDN().getName().toString()); assertEquals(expectedDN.getName(), responseDN.getName()); responseDN = new X509Principal(header.getRecipient().getName().toString()); expectedDN = new X509Principal(userDN); assertEquals(expectedDN.getName(), responseDN.getName()); PKIBody body = respObject.getBody(); int tag = body.getType(); assertEquals(19, tag); PKIConfirmContent n = (PKIConfirmContent) body.getContent(); assertNotNull(n); assertEquals(DERNull.INSTANCE, n.toASN1Primitive()); }
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
License:Open Source License
protected static void checkCmpRevokeConfirmMessage(String issuerDN, X500Name userDN, BigInteger serno, Certificate cacert, byte[] retMsg, boolean success) throws IOException { //// ww w . j av a2 s .c o m // Parse response message // PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } assertNotNull(respObject); PKIHeader header = respObject.getHeader(); assertEquals(header.getSender().getTagNo(), 4); X509Principal responseDN = new X509Principal(header.getSender().getName().toString()); X509Principal expectedDN = new X509Principal(issuerDN); assertEquals(expectedDN.getName(), responseDN.getName()); responseDN = new X509Principal(header.getRecipient().getName().toString()); expectedDN = new X509Principal(userDN); assertEquals(expectedDN.getName(), responseDN.getName()); PKIBody body = respObject.getBody(); int tag = body.getType(); assertEquals(tag, 12); RevRepContent n = (RevRepContent) body.getContent(); assertNotNull(n); PKIStatusInfo info = n.getStatus()[0]; if (success) { assertEquals("If the revocation was successful, status should be 0.", 0, info.getStatus().intValue()); } else { assertEquals("If the revocation was unsuccessful, status should be 2.", 2, info.getStatus().intValue()); } }
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
License:Open Source License
protected static void checkCmpPKIErrorMessage(byte[] retMsg, String sender, X500Name recipient, int errorCode, String errorMsg) throws IOException { ////from w w w.j a v a 2 s . com // Parse response message // PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } assertNotNull(respObject); PKIHeader header = respObject.getHeader(); assertEquals(header.getSender().getTagNo(), 4); { final X500Name name = X500Name.getInstance(header.getSender().getName()); assertEquals(name.toString(), sender); } { final X500Name name = X500Name.getInstance(header.getRecipient().getName()); assertArrayEquals(name.getEncoded(), recipient.getEncoded()); } PKIBody body = respObject.getBody(); int tag = body.getType(); assertEquals(tag, 23); ErrorMsgContent n = (ErrorMsgContent) body.getContent(); assertNotNull(n); PKIStatusInfo info = n.getPKIStatusInfo(); assertNotNull(info); BigInteger i = info.getStatus(); assertEquals(i.intValue(), 2); DERBitString b = info.getFailInfo(); assertEquals("Return wrong error code.", errorCode, b.intValue()); if (errorMsg != null) { PKIFreeText freeText = info.getStatusString(); DERUTF8String utf = freeText.getStringAt(0); assertEquals(errorMsg, utf.getString()); } }
From source file:org.ejbca.core.protocol.cmp.CrmfRequestMessage.java
License:Open Source License
private void init() { final PKIBody body = getPKIMessage().getBody(); final PKIHeader header = getPKIMessage().getHeader(); requestType = body.getType();// www . j a va 2 s.co m final CertReqMessages msgs = getCertReqFromTag(body, requestType); try { this.req = msgs.toCertReqMsgArray()[0]; } catch (Exception e) { this.req = CmpMessageHelper.getNovosecCertReqMsg(msgs); } requestId = this.req.getCertReq().getCertReqId().getValue().intValue(); ASN1OctetString os = header.getTransactionID(); if (os != null) { byte[] val = os.getOctets(); if (val != null) { setTransactionId(new String(Base64.encode(val))); } } os = header.getSenderNonce(); if (os != null) { byte[] val = os.getOctets(); if (val != null) { setSenderNonce(new String(Base64.encode(val))); } } setRecipient(header.getRecipient()); setSender(header.getSender()); }
From source file:org.ejbca.core.protocol.cmp.GeneralCmpMessage.java
License:Open Source License
public GeneralCmpMessage(final PKIMessage msg) { final PKIBody body = msg.getBody(); final int tag = body.getType(); if (tag == 19) { // this is a PKIConfirmContent if (log.isDebugEnabled()) { log.debug("Received a PKIConfirm message"); }//w w w . java 2s . c o m // This is a null message, so there is nothing to get here //DERNull obj = body.getConf(); } if (tag == 24) { // this is a CertConfirmContent if (log.isDebugEnabled()) { log.debug("Received a Cert Confirm message"); } final CertConfirmContent obj = (CertConfirmContent) body.getContent(); CertStatus cs; try { cs = CertStatus.getInstance(obj.toASN1Primitive()); } catch (Exception e) { cs = CertStatus.getInstance(((DERSequence) obj.toASN1Primitive()).getObjectAt(0)); } final PKIStatusInfo status = cs.getStatusInfo(); if (status != null) { final int st = status.getStatus().intValue(); if (st != 0) { final String errMsg = intres.getLocalizedMessage("cmp.errorcertconfirmstatus", Integer.valueOf(st)); log.error(errMsg); // TODO: if it is rejected, we should revoke the cert? } } } if (tag == 11) { // this is a RevReqContent, if (log.isDebugEnabled()) { log.debug("Received a RevReqContent"); } final RevReqContent rr = (RevReqContent) body.getContent(); RevDetails rd; try { rd = rr.toRevDetailsArray()[0]; } catch (Exception e) { log.debug( "Could not parse the revocation request. Trying to parse it as novosec generated message."); rd = CmpMessageHelper.getNovosecRevDetails(rr); log.debug("Succeeded in parsing the novosec generated request."); } final CertTemplate ct = rd.getCertDetails(); final ASN1Integer serno = ct.getSerialNumber(); final X500Name issuer = ct.getIssuer(); if ((serno != null) && (issuer != null)) { final String errMsg = intres.getLocalizedMessage("cmp.receivedrevreq", issuer.toString(), serno.getValue().toString(16)); log.info(errMsg); } else { final String errMsg = intres.getLocalizedMessage("cmp.receivedrevreqnoissuer"); log.info(errMsg); } } setMessage(msg); final PKIHeader header = msg.getHeader(); if (header.getTransactionID() != null) { final byte[] val = header.getTransactionID().getOctets(); if (val != null) { setTransactionId(new String(Base64.encode(val))); } } if (header.getSenderNonce() != null) { final byte[] val = header.getSenderNonce().getOctets(); if (val != null) { setSenderNonce(new String(Base64.encode(val))); } } setRecipient(header.getRecipient()); setSender(header.getSender()); }
From source file:org.ejbca.core.protocol.cmp.NestedMessageContent.java
License:Open Source License
private void init() { final PKIHeader header = getPKIMessage().getHeader(); ASN1OctetString os = header.getTransactionID(); if (os != null) { final byte[] val = os.getOctets(); if (val != null) { setTransactionId(new String(Base64.encode(val))); }/*w w w . j a v a 2s .c om*/ } os = header.getSenderNonce(); if (os != null) { final byte[] val = os.getOctets(); if (val != null) { setSenderNonce(new String(Base64.encode(val))); } } setRecipient(header.getRecipient()); setSender(header.getSender()); }
From source file:org.ejbca.ui.cmpclient.CmpClientMessageHelper.java
License:Open Source License
private PKIHeaderBuilder getHeaderBuilder(PKIHeader head) { PKIHeaderBuilder builder = new PKIHeaderBuilder(head.getPvno().getValue().intValue(), head.getSender(), head.getRecipient()); builder.setFreeText(head.getFreeText()); builder.setGeneralInfo(head.getGeneralInfo()); builder.setMessageTime(head.getMessageTime()); builder.setRecipKID((DEROctetString) head.getRecipKID()); builder.setRecipNonce(head.getRecipNonce()); builder.setSenderKID(head.getSenderKID()); builder.setSenderNonce(head.getSenderNonce()); builder.setTransactionID(head.getTransactionID()); return builder; }
From source file:org.xipki.ca.client.impl.CmpRequestor.java
License:Open Source License
protected PKIResponse signAndSend(final PKIMessage request, final RequestResponseDebug debug) throws CmpRequestorException { PKIMessage _request;//from ww w. ja v a2s. c om if (signRequest) { _request = sign(request); } else { _request = request; } if (responderCert == null) { throw new CmpRequestorException("CMP responder is not configured"); } byte[] encodedRequest; try { encodedRequest = _request.getEncoded(); } catch (IOException e) { LOG.error("error while encode the PKI request {}", _request); throw new CmpRequestorException(e.getMessage(), e); } RequestResponsePair reqResp = null; if (debug != null) { reqResp = new RequestResponsePair(); debug.add(reqResp); reqResp.setRequest(encodedRequest); } byte[] encodedResponse; try { encodedResponse = send(encodedRequest); } catch (IOException e) { LOG.error("error while send the PKI request {} to server", _request); throw new CmpRequestorException("TRANSPORT_ERROR", e); } if (reqResp != null) { reqResp.setResponse(encodedResponse); } GeneralPKIMessage response; try { response = new GeneralPKIMessage(encodedResponse); } catch (IOException e) { if (LOG.isErrorEnabled()) { LOG.error("error while decode the received PKI message: {}", Hex.toHexString(encodedResponse)); } throw new CmpRequestorException(e.getMessage(), e); } PKIHeader respHeader = response.getHeader(); ASN1OctetString tid = respHeader.getTransactionID(); GeneralName recipient = respHeader.getRecipient(); if (sender.equals(recipient) == false) { LOG.warn("tid={}: unknown CMP requestor '{}'", tid, recipient); } PKIResponse ret = new PKIResponse(response); if (response.hasProtection()) { try { ProtectionVerificationResult verifyProtection = verifyProtection(Hex.toHexString(tid.getOctets()), response, responderCert); ret.setProtectionVerificationResult(verifyProtection); } catch (InvalidKeyException | OperatorCreationException | CMPException e) { throw new CmpRequestorException(e.getMessage(), e); } } else if (signRequest) { PKIBody respBody = response.getBody(); int bodyType = respBody.getType(); if (bodyType != PKIBody.TYPE_ERROR) { throw new CmpRequestorException("response is not signed"); } } return ret; }