📄 scepresponsemessage.java
字号:
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/package org.ejbca.core.protocol;import java.io.IOException;import java.security.InvalidAlgorithmParameterException;import java.security.InvalidKeyException;import java.security.NoSuchAlgorithmException;import java.security.NoSuchProviderException;import java.security.PrivateKey;import java.security.cert.CRL;import java.security.cert.CertStore;import java.security.cert.CertStoreException;import java.security.cert.Certificate;import java.security.cert.CertificateEncodingException;import java.security.cert.CertificateException;import java.security.cert.CollectionCertStoreParameters;import java.security.cert.X509Certificate;import java.util.ArrayList;import java.util.Hashtable;import javax.ejb.ObjectNotFoundException;import org.apache.log4j.Logger;import org.bouncycastle.asn1.DERObjectIdentifier;import org.bouncycastle.asn1.DEROctetString;import org.bouncycastle.asn1.DERPrintableString;import org.bouncycastle.asn1.DERSet;import org.bouncycastle.asn1.cms.Attribute;import org.bouncycastle.asn1.cms.AttributeTable;import org.bouncycastle.asn1.smime.SMIMECapability;import org.bouncycastle.cms.CMSEnvelopedData;import org.bouncycastle.cms.CMSEnvelopedDataGenerator;import org.bouncycastle.cms.CMSException;import org.bouncycastle.cms.CMSProcessable;import org.bouncycastle.cms.CMSProcessableByteArray;import org.bouncycastle.cms.CMSSignedData;import org.bouncycastle.cms.CMSSignedDataGenerator;import org.bouncycastle.cms.CMSSignedGenerator;import org.ejbca.core.model.ca.SignRequestException;import org.ejbca.core.model.ra.NotFoundException;import org.ejbca.util.Base64;import org.ejbca.util.CertTools;/** * A response message for scep (pkcs7). * * @version $Id: ScepResponseMessage.java,v 1.7 2006/10/22 09:05:05 anatom Exp $ */public class ScepResponseMessage implements IResponseMessage { /** * Determines if a de-serialized file is compatible with this class. * * Maintainers must change this value if and only if the new version * of this class is not compatible with old versions. See Sun docs * for <a href=http://java.sun.com/products/jdk/1.1/docs/guide * /serialization/spec/version.doc.html> details. </a> * */ static final long serialVersionUID = 2016710353393853878L; private static Logger log = Logger.getLogger(ScepResponseMessage.class); /** The encoded response message */ private byte[] responseMessage = null; /** status for the response */ private ResponseStatus status = ResponseStatus.SUCCESS; /** Possible fail information in the response. Defaults to 'badRequest (2)'. */ private FailInfo failInfo = FailInfo.BAD_REQUEST; /** Possible clear text error information in the response. Defaults to null. */ private String failText = null; /** * SenderNonce. This is base64 encoded bytes */ private String senderNonce = null; /** * RecipientNonce in a response is the senderNonce from the request. This is base64 encoded bytes */ private String recipientNonce = null; /** transaction id */ private String transactionId = null; /** recipient key identifier, usually IssuerAndSerialno in X509 world. */ private byte[] recipientKeyInfo = null; /** The un-encoded response message itself */ private transient CMSSignedData signedData = null; /** Certificate to be in response message, not serialized */ private transient Certificate cert = null; private transient CRL crl = null; /** Certificate for the signer of the response message (CA) */ private transient X509Certificate signCert = null; /** Private key used to sign the response message */ private transient PrivateKey signKey = null; /** The default provider is BC, if nothing else is specified when setting SignKeyInfo */ private transient String provider = "BC"; /** If the CA certificate should be included in the reponse or not, default to true = yes */ private transient boolean includeCACert = true; /** Default digest algorithm for SCEP response message, can be overridden */ private transient String digestAlg = CMSSignedGenerator.DIGEST_MD5; /** * Sets the complete certificate in the response message. * * @param cert certificate in the response message. */ public void setCertificate(Certificate cert) { this.cert = cert; } /** * Sets the CRL (if present) in the response message. * * @param crl crl in the response message. */ public void setCrl(CRL crl) { this.crl = crl; } /** @see org.ejbca.core.protocol.IResponseMessage#setIncludeCACert * */ public void setIncludeCACert(boolean incCACert) { this.includeCACert = incCACert; } /** * Gets the response message in the default encoding format. * * @return the response message in the default encoding format. */ public byte[] getResponseMessage() throws IOException, CertificateEncodingException { return responseMessage; } /** * Sets the status of the response message. * * @param status status of the response. */ public void setStatus(ResponseStatus status) { this.status = status; } /** * Gets the status of the response message. * * @return status status of the response. */ public ResponseStatus getStatus() { return status; } /** * Sets info about reason for failure. * * @param failInfo reason for failure. */ public void setFailInfo(FailInfo failInfo) { this.failInfo = failInfo; } /** * Gets info about reason for failure. * * @return failInfo reason for failure. */ public FailInfo getFailInfo() { return failInfo; } public void setFailText(String failText) { this.failText = failText; } public String getFailText() { return this.failText; } /** * Create encrypts and creates signatures as needed to produce a complete response message. If * needed setSignKeyInfo and setEncKeyInfo must be called before this method. After this is * called the response message can be retrieved with getResponseMessage(); * * @return True if signature/encryption was successful, false if it failed, request should not * be sent back i failed. * * @throws IOException If input/output or encoding failed. * @throws InvalidKeyException If the key used for signing/encryption is invalid. * @throws NoSuchProviderException if there is an error with the Provider. * @throws NoSuchAlgorithmException if the signature on the request is done with an unhandled * algorithm. * @throws ObjectNotFoundException * * @see #setSignKeyInfo * @see #setEncKeyInfo */ public boolean create() throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignRequestException, NotFoundException { boolean ret = false; try { if (status.equals(ResponseStatus.SUCCESS)) { log.debug("Creating a STATUS_OK message."); } else { if (status.equals(ResponseStatus.FAILURE)) { log.debug("Creating a STATUS_FAILED message (or throwing an exception)."); if (failInfo.equals(FailInfo.WRONG_AUTHORITY)) { throw new SignRequestException(failText); } if (failInfo.equals(FailInfo.INCORRECT_DATA)) { throw new NotFoundException(failText); } } else { log.debug("Creating a STATUS_PENDING message."); } } CMSProcessable msg; // The signed data to be enveloped CMSSignedData s = null; // Create encrypted response if this is success and NOT a CRL response message if (status.equals(ResponseStatus.SUCCESS)) { CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); // Add the issued certificate to the signed portion of the CMS (as signer, degenerate case) ArrayList certList = new ArrayList(); if (crl != null) { log.debug("Adding CRL to response message (inner signer)");⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -