📄 requestabstracttyperesponsegenerator.java
字号:
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/package org.ejbca.core.protocol.xkms.generators;import java.math.BigInteger;import java.security.cert.CertificateEncodingException;import java.security.cert.X509Certificate;import java.security.interfaces.RSAPublicKey;import java.util.ArrayList;import java.util.Date;import java.util.GregorianCalendar;import java.util.Iterator;import java.util.List;import javax.ejb.CreateException;import javax.naming.NamingException;import javax.xml.datatype.DatatypeConfigurationException;import javax.xml.datatype.XMLGregorianCalendar;import org.apache.log4j.Logger;import org.ejbca.core.ejb.ca.sign.SernoGenerator;import org.ejbca.core.model.InternalResources;import org.ejbca.core.model.ca.caadmin.CAInfo;import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile;import org.ejbca.core.model.ca.crl.RevokedCertInfo;import org.ejbca.core.model.ca.store.CertificateInfo;import org.ejbca.core.protocol.xkms.common.XKMSConstants;import org.ejbca.util.CertTools;import org.ejbca.util.dn.DNFieldExtractor;import org.w3._2000._09.xmldsig_.KeyInfoType;import org.w3._2000._09.xmldsig_.KeyValueType;import org.w3._2000._09.xmldsig_.RSAKeyValueType;import org.w3._2000._09.xmldsig_.X509DataType;import org.w3._2002._03.xkms_.KeyBindingAbstractType;import org.w3._2002._03.xkms_.KeyBindingType;import org.w3._2002._03.xkms_.ObjectFactory;import org.w3._2002._03.xkms_.RequestAbstractType;import org.w3._2002._03.xkms_.ResultType;import org.w3._2002._03.xkms_.StatusType;import org.w3._2002._03.xkms_.UnverifiedKeyBindingType;import org.w3._2002._03.xkms_.UseKeyWithType;import org.w3._2002._03.xkms_.ValidityIntervalType;/** * Help method that generates the most basic parts of a xkms message * response * * * @author Philip Vendil 2006 sep 27 * * @version $Id: RequestAbstractTypeResponseGenerator.java,v 1.4 2007/01/07 19:44:14 herrvendil Exp $ */public abstract class RequestAbstractTypeResponseGenerator extends BaseResponseGenerator{ private static Logger log = Logger.getLogger(RequestAbstractTypeResponseGenerator.class); private static final InternalResources intres = InternalResources.getInstance(); protected static final BigInteger SERVERRESPONSELIMIT = new BigInteger("30"); protected RequestAbstractType req; protected ObjectFactory xkmsFactory = new ObjectFactory(); protected org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory(); protected String resultMajor = null; protected String resultMinor = null; public RequestAbstractTypeResponseGenerator(String remoteIP, RequestAbstractType req){ super(remoteIP); this.req = req; } /** * Returns the generated response common data that should be sent back to the client * @return the response */ protected void populateResponse(ResultType result, boolean requestVerifies){ result.setService(genServiceValue()); result.setId(genId()); result.setRequestId(req.getId()); result.setOpaqueClientData(req.getOpaqueClientData()); // Nonce is required for two phase commit if(!requestVerifies){ resultMajor = XKMSConstants.RESULTMAJOR_SENDER; resultMinor = XKMSConstants.RESULTMINOR_NOAUTHENTICATION; } } protected int getResponseLimit() { if(req.getResponseLimit() == null || req.getResponseLimit().compareTo(SERVERRESPONSELIMIT) >= 0){ return SERVERRESPONSELIMIT.intValue(); } return req.getResponseLimit().intValue(); } private String genId() { String id = ""; try { id = SernoGenerator.instance().getSerno().toString(); } catch (Exception e) { log.error(intres.getLocalizedMessage("xkms.errorgenrespid"),e); } return "_" + id; } private String genServiceValue() { return "http://@httpsserver.hostname@:@httpserver.pubhttp@/ejbca/xkms/xkms"; } /** * Method used to set the result of the operation */ protected void setResult(ResultType result){ result.setResultMajor(resultMajor); if(resultMinor != null){ result.setResultMinor(resultMinor); } } /** * Method that returns the XKMS KeyUsage Constants that can be applied to the given * X509Certiifcate * * return List<String> of size 0 to 3 of XKMSConstants.KEYUSAGE_ constants. */ protected List<String> getCertKeyUsageSpec(X509Certificate cert) { ArrayList<String> retval = new ArrayList<String>(); if(cert.getKeyUsage()[CertificateProfile.DATAENCIPHERMENT]){ retval.add(XKMSConstants.KEYUSAGE_ENCRYPTION); } if(cert.getKeyUsage()[CertificateProfile.DIGITALSIGNATURE] || cert.getKeyUsage()[CertificateProfile.KEYENCIPHERMENT]){ retval.add(XKMSConstants.KEYUSAGE_EXCHANGE); } if(XKMSConfig.signatureIsNonRep()){ if(cert.getKeyUsage()[CertificateProfile.NONREPUDIATION]){ retval.add(XKMSConstants.KEYUSAGE_SIGNATURE); } }else{ if(cert.getKeyUsage()[CertificateProfile.DIGITALSIGNATURE]){ retval.add(XKMSConstants.KEYUSAGE_SIGNATURE); } } return retval; } /** * Method that determines the UseKeyWith attribute from an X509Certificate * and the requested UseKeyWithAttributes */ protected List<UseKeyWithType> genUseKeyWithAttributes(X509Certificate cert, List<UseKeyWithType> reqUsages) throws Exception{ ArrayList<UseKeyWithType> retval = new ArrayList(); Iterator<UseKeyWithType> iter = reqUsages.iterator(); while(iter.hasNext()){ UseKeyWithType useKeyWithType = iter.next(); DNFieldExtractor altNameExtractor = new DNFieldExtractor(CertTools.getSubjectAlternativeName(cert),DNFieldExtractor.TYPE_SUBJECTALTNAME); String cn = CertTools.getPartFromDN(cert.getSubjectDN().toString(), "CN"); if(useKeyWithType.getApplication().equals(XKMSConstants.USEKEYWITH_XKMS)|| useKeyWithType.getApplication().equals(XKMSConstants.USEKEYWITH_XKMSPROFILE) || useKeyWithType.getApplication().equals(XKMSConstants.USEKEYWITH_TLS)){ if(altNameExtractor.getField(DNFieldExtractor.URI, 0).startsWith(useKeyWithType.getIdentifier())){ retval.add(useKeyWithType); } } if(useKeyWithType.getApplication().equals(XKMSConstants.USEKEYWITH_SMIME)|| useKeyWithType.getApplication().equals(XKMSConstants.USEKEYWITH_PGP)){ if(altNameExtractor.getField(DNFieldExtractor.RFC822NAME, 0).startsWith(useKeyWithType.getIdentifier())){ retval.add(useKeyWithType); } } if(useKeyWithType.getApplication().equals(XKMSConstants.USEKEYWITH_TLSHTTP)){ if(cn.startsWith(useKeyWithType.getIdentifier())){ retval.add(useKeyWithType); } } if(useKeyWithType.getApplication().equals(XKMSConstants.USEKEYWITH_TLSSMTP)){ if(altNameExtractor.getField(DNFieldExtractor.DNSNAME, 0).startsWith(useKeyWithType.getIdentifier())){ retval.add(useKeyWithType); } } if(useKeyWithType.getApplication().equals(XKMSConstants.USEKEYWITH_IPSEC)){ if(altNameExtractor.getField(DNFieldExtractor.IPADDRESS, 0).startsWith(useKeyWithType.getIdentifier())){ retval.add(useKeyWithType); } } if(useKeyWithType.getApplication().equals(XKMSConstants.USEKEYWITH_PKIX)){ if(cert.getSubjectDN().toString().equalsIgnoreCase(CertTools.stringToBCDNString(useKeyWithType.getIdentifier()))){ retval.add(useKeyWithType); } } } return retval;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -