001: /*************************************************************************
002: * *
003: * EJBCA: The OpenSource Certificate Authority *
004: * *
005: * This software is free software; you can redistribute it and/or *
006: * modify it under the terms of the GNU Lesser General Public *
007: * License as published by the Free Software Foundation; either *
008: * version 2.1 of the License, or any later version. *
009: * *
010: * See terms of license at gnu.org. *
011: * *
012: *************************************************************************/package org.ejbca.core.protocol.xkms.generators;
013:
014: import java.security.cert.X509Certificate;
015:
016: import org.apache.log4j.Logger;
017: import org.ejbca.core.model.InternalResources;
018: import org.ejbca.core.model.ra.UserDataConstants;
019: import org.ejbca.core.model.ra.UserDataVO;
020: import org.ejbca.core.protocol.xkms.common.XKMSConstants;
021: import org.ejbca.util.passgen.IPasswordGenerator;
022: import org.ejbca.util.passgen.PasswordGeneratorFactory;
023: import org.w3._2002._03.xkms_.KeyBindingAbstractType;
024: import org.w3._2002._03.xkms_.KeyBindingType;
025: import org.w3._2002._03.xkms_.ReissueRequestType;
026: import org.w3._2002._03.xkms_.ReissueResultType;
027: import org.w3c.dom.Document;
028:
029: /**
030: * Class generating a response for a reissue call
031: *
032: *
033: * @author Philip Vendil
034: *
035: * @version $Id: ReissueResponseGenerator.java,v 1.2 2007/01/07 19:44:14 herrvendil Exp $
036: */
037:
038: public class ReissueResponseGenerator extends KRSSResponseGenerator {
039: private static Logger log = Logger
040: .getLogger(ReissueResponseGenerator.class);
041:
042: private static final InternalResources intres = InternalResources
043: .getInstance();
044:
045: public ReissueResponseGenerator(String remoteIP,
046: ReissueRequestType req, Document requestDoc) {
047: super (remoteIP, req, requestDoc);
048: }
049:
050: /**
051: * Returns a reissue response
052: */
053: public ReissueResultType getResponse(boolean requestVerifies) {
054: ReissueResultType result = xkmsFactory
055: .createReissueResultType();
056: super .populateResponse(result, requestVerifies);
057: ReissueRequestType req = (ReissueRequestType) this .req;
058:
059: if (resultMajor == null) {
060: if (!checkValidRespondWithRequest(req.getRespondWith(),
061: false)) {
062: resultMajor = XKMSConstants.RESULTMAJOR_SENDER;
063: resultMinor = XKMSConstants.RESULTMINOR_MESSAGENOTSUPPORTED;
064: }
065:
066: if (resultMajor == null) {
067: if (resultMajor == null) {
068: X509Certificate cert = (X509Certificate) getPublicKeyInfo(
069: req, false);
070: boolean isCertValid = certIsValid(cert);
071: if (isCertValid && confirmPOP(cert.getPublicKey())) {
072: UserDataVO userData = findUserData(cert);
073: if (userData != null) {
074: String password = "";
075: boolean encryptedPassword = isPasswordEncrypted(req);
076: if (isCertValid
077: && XKMSConfig
078: .isAutomaticReissueAllowed()) {
079: password = setUserStatusToNew(userData);
080: } else {
081: if (encryptedPassword) {
082: password = getEncryptedPassword(
083: requestDoc, userData
084: .getPassword());
085: } else {
086: password = getClearPassword(req,
087: userData.getPassword());
088: }
089: }
090:
091: if (password != null) {
092: X509Certificate newCert = registerReissueOrRecover(
093: false, true, result, userData,
094: password, cert.getPublicKey(),
095: null);
096: if (newCert != null) {
097: KeyBindingAbstractType keyBinding = getResponseValues(
098: req.getReissueKeyBinding(),
099: newCert, false, true);
100: result
101: .getKeyBinding()
102: .add(
103: (KeyBindingType) keyBinding);
104: }
105: }
106: }
107: }
108: }
109: }
110: }
111:
112: if (resultMajor == null) {
113: resultMajor = XKMSConstants.RESULTMAJOR_SUCCESS;
114: }
115:
116: setResult(result);
117:
118: return result;
119: }
120:
121: /**
122: * Method that sets the users status to 'new' and a
123: * default password
124: * @param the userdata of the user
125: * @return the new password or null of operation failed.
126: */
127: private String setUserStatusToNew(UserDataVO userdata) {
128: String retval = null;
129: try {
130: IPasswordGenerator passwordGenerator = PasswordGeneratorFactory
131: .getInstance(PasswordGeneratorFactory.PASSWORDTYPE_LETTERSANDDIGITS);
132: String password = passwordGenerator.getNewPassword(8, 8);
133:
134: userdata.setStatus(UserDataConstants.STATUS_NEW);
135: userdata.setPassword(password);
136:
137: getUserAdminSession().changeUser(raAdmin, userdata, true);
138: retval = password;
139: } catch (Exception e) {
140: log.error(intres.getLocalizedMessage(
141: "xkms.errorsettinguserstatus", userdata
142: .getUsername()), e);
143: }
144:
145: return retval;
146: }
147:
148: }
|