requestabstracttyperesponsegenerator.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

   }
   
	/**
    * Method adding supported response values specified
    * in the request
    * 
    * @param certificate to respond
    */
   protected KeyBindingAbstractType getResponseValues(KeyBindingAbstractType queryKeyBindingType, X509Certificate cert, boolean validateOrRevokeReq, boolean kRSSCall){
   	UnverifiedKeyBindingType retval = xkmsFactory.createUnverifiedKeyBindingType();    	
   	if(validateOrRevokeReq || kRSSCall){
   		retval = xkmsFactory.createKeyBindingType();
   		
   		((KeyBindingType) retval).setStatus(getStatus(cert,  kRSSCall));
   	}
   	    	

   	retval.setId("_" + cert.getSerialNumber().toString(16));             
   	retval.setValidityInterval(getValidityInterval(cert));

   	KeyInfoType keyInfoType = sigFactory.createKeyInfoType();

   	if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_KEYNAME)){
   		String keyName = cert.getSubjectDN().toString();
   		keyInfoType.getContent().add(sigFactory.createKeyName(keyName));    		    		    	  	
   	}

   	if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_KEYVALUE)){
   		if(cert.getPublicKey() instanceof RSAPublicKey){  
   			RSAPublicKey pubKey = (RSAPublicKey) cert.getPublicKey();      	
   			RSAKeyValueType rSAKeyValueType = sigFactory.createRSAKeyValueType();
   			rSAKeyValueType.setModulus(pubKey.getModulus().toByteArray());
   			rSAKeyValueType.setExponent(pubKey.getPublicExponent().toByteArray());
   			KeyValueType keyValue = sigFactory.createKeyValueType();
   			keyValue.getContent().add(sigFactory.createRSAKeyValue(rSAKeyValueType));
   			keyInfoType.getContent().add(sigFactory.createKeyValue(keyValue));    		    		    	  	
   		}else{
   			log.error(intres.getLocalizedMessage("xkms.onlyrsakeysupported"));   			
   			resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
   			resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
   		}
   	}

   	if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CERT) || 
   			req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CHAIN) ||
   			req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CRL)){
   		    X509DataType x509DataType = sigFactory.createX509DataType();
   		if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CERT) && !req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CHAIN)){
   			try {    					
   				x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert.getEncoded()));
   			} catch (CertificateEncodingException e) {
   				log.error(intres.getLocalizedMessage("xkms.errordecodingcert"),e);   				
   				resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
   				resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
   			}
   		}
   		if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CHAIN)){
   			int caid = CertTools.getIssuerDN(cert).hashCode();
   			try {
   				Iterator iter = getCAAdminSession().getCAInfo(pubAdmin, caid).getCertificateChain().iterator();
   				while(iter.hasNext()){
   					X509Certificate next = (X509Certificate) iter.next();
   					x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(next.getEncoded()));
   				}
   				x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert.getEncoded()));
   			} catch (Exception e) {
   				log.error(intres.getLocalizedMessage("xkms.errorfetchinglastcrl"),e);   				
   				resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
   				resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
   			}
   		}
   		if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CRL)){
   			byte[] crl = null;
   			try {
   				crl = getCertStoreSession().getLastCRL(pubAdmin, CertTools.getIssuerDN(cert));
   			} catch (Exception e) {
   				log.error(intres.getLocalizedMessage("xkms.errorfetchinglastcrl"),e);
   				resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
   				resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
   			}
   			x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509CRL(crl));
   		}    		
   		keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType));
   		
   	}
   	retval.setKeyInfo(keyInfoType);
   	retval.getKeyUsage().addAll(getCertKeyUsageSpec(cert));
		try {
			retval.getUseKeyWith().addAll(genUseKeyWithAttributes(cert, queryKeyBindingType.getUseKeyWith()));
		} catch (Exception e) {
			log.error(intres.getLocalizedMessage("xkms.errorextractingusekeyattr"),e);			
			resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
			resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
			
		}
   	
   	
   	return retval;
   }
   
	protected ValidityIntervalType getValidityInterval(X509Certificate cert) {
    	ValidityIntervalType valitityIntervalType = xkmsFactory.createValidityIntervalType();
		try {    	
		  GregorianCalendar notBeforeGregorianCalendar = new GregorianCalendar();
		  notBeforeGregorianCalendar.setTime(cert.getNotBefore());
    	  XMLGregorianCalendar notBeforeXMLGregorianCalendar = javax.xml.datatype.DatatypeFactory.newInstance().newXMLGregorianCalendar(notBeforeGregorianCalendar);
    	  notBeforeXMLGregorianCalendar.normalize();
    	  valitityIntervalType.setNotBefore(notBeforeXMLGregorianCalendar);
    	
		  GregorianCalendar notAfterGregorianCalendar = new GregorianCalendar();
		  notAfterGregorianCalendar.setTime(cert.getNotAfter());
    	  XMLGregorianCalendar notAfterXMLGregorianCalendar = javax.xml.datatype.DatatypeFactory.newInstance().newXMLGregorianCalendar(notAfterGregorianCalendar);
    	  notAfterXMLGregorianCalendar.normalize();
    	  valitityIntervalType.setNotOnOrAfter(notAfterXMLGregorianCalendar);    	
    	
		} catch (DatatypeConfigurationException e) {
			log.error(intres.getLocalizedMessage("xkms.errorsetvalidityinterval"),e);			
		}  	
    	
    	
		return valitityIntervalType;
	}
    

    /**
     * Method that checks the status of the certificate used
     * in a XKMS validate call. 
     * 
     * @param kRSSCall, regenerated certificate return all valid
     * @param cert
     */
    private StatusType getStatus(X509Certificate cert, boolean kRSSCall) {
        StatusType retval = xkmsFactory.createStatusType();
        
        if(kRSSCall){
        	retval.setStatusValue(XKMSConstants.STATUSVALUE_VALID);
        	retval.getValidReason().add(XKMSConstants.STATUSREASON_VALIDITYINTERVAL);
        	retval.getValidReason().add(XKMSConstants.STATUSREASON_ISSUERTRUST);
        	retval.getValidReason().add(XKMSConstants.STATUSREASON_SIGNATURE);
        	retval.getValidReason().add(XKMSConstants.STATUSREASON_REVOCATIONSTATUS);
        }else{
        	boolean allValid = true;
        	boolean inValidSet = false;

        	//Check validity
        	try{
        		cert.checkValidity( new Date());
        		retval.getValidReason().add(XKMSConstants.STATUSREASON_VALIDITYINTERVAL);
        	}catch(Exception e){
        		retval.getInvalidReason().add(XKMSConstants.STATUSREASON_VALIDITYINTERVAL);
        		allValid = false;
        		inValidSet = true;
        	}

        	// Check Issuer Trust
        	try{
        		int caid = CertTools.getIssuerDN(cert).hashCode();
        		CAInfo cAInfo = getCAAdminSession().getCAInfo(pubAdmin, caid);
        		if(cAInfo != null){
        			retval.getValidReason().add(XKMSConstants.STATUSREASON_ISSUERTRUST);

        			// Check signature	
        			try{
        				if(CertTools.verify(cert, cAInfo.getCertificateChain())){
        					retval.getValidReason().add(XKMSConstants.STATUSREASON_SIGNATURE);
        				}else{
        					retval.getInvalidReason().add(XKMSConstants.STATUSREASON_SIGNATURE);
        					allValid = false;
        					inValidSet = true;
        				}
        			}catch(Exception e){
        				retval.getInvalidReason().add(XKMSConstants.STATUSREASON_SIGNATURE);
        				allValid = false;	
        				inValidSet = true;
        			}
        		}else{
        			retval.getInvalidReason().add(XKMSConstants.STATUSREASON_ISSUERTRUST);
        			retval.getIndeterminateReason().add(XKMSConstants.STATUSREASON_SIGNATURE);
        			allValid = false;
        			inValidSet = true;
        		}

        		// Check RevokationReason
        		CertificateInfo certInfo = getCertStoreSession().getCertificateInfo(pubAdmin, CertTools.getFingerprintAsString(cert));
        		if(certInfo != null){
        			if(certInfo.getRevocationReason() == RevokedCertInfo.NOT_REVOKED){
        				retval.getValidReason().add(XKMSConstants.STATUSREASON_REVOCATIONSTATUS);				  
        			}else{
        				retval.getInvalidReason().add(XKMSConstants.STATUSREASON_REVOCATIONSTATUS);
        				allValid = false;
        				inValidSet = true;
        			}			  			
        		}else{
        			retval.getIndeterminateReason().add(XKMSConstants.STATUSREASON_REVOCATIONSTATUS);
        			allValid = false;
        		}


        	}catch(CreateException e){
        		log.error(intres.getLocalizedMessage("xkms.errorcreatesession"),e);        		
        		resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
        		resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
        	} catch (ClassCastException e) {
        		log.error(intres.getLocalizedMessage("xkms.errorcreatesession"),e);
        		resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
        		resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
        	} catch (NamingException e) {
        		log.error(intres.getLocalizedMessage("xkms.errorcreatesession"),e);
        		resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
        		resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
        	}

        	if(allValid){
        		retval.setStatusValue(XKMSConstants.STATUSVALUE_VALID);
        	}else{
        		if(inValidSet){
        			retval.setStatusValue(XKMSConstants.STATUSVALUE_INVALID); 
        		}else{
        			retval.setStatusValue(XKMSConstants.STATUSVALUE_INDETERMINATE);
        		}
        	}

        }
		return retval;
	}
	
	
}