001: /*************************************************************************
002: * *
003: * EJBCA: The OpenSource Certificate Authority *
004: * *
005: * This software is free software; you can redistribute it and/or *
006: * modify it under the terms of the GNU Lesser General Public *
007: * License as published by the Free Software Foundation; either *
008: * version 2.1 of the License, or any later version. *
009: * *
010: * See terms of license at gnu.org. *
011: * *
012: *************************************************************************/package org.ejbca.core.protocol.xkms.generators;
013:
014: import java.security.cert.X509Certificate;
015:
016: import javax.ejb.FinderException;
017:
018: import org.ejbca.core.model.approval.ApprovalException;
019: import org.ejbca.core.model.approval.WaitingForApprovalException;
020: import org.ejbca.core.model.authorization.AuthorizationDeniedException;
021: import org.ejbca.core.model.ca.crl.RevokedCertInfo;
022: import org.ejbca.core.model.ra.AlreadyRevokedException;
023: import org.ejbca.core.model.ra.UserDataVO;
024: import org.ejbca.core.protocol.xkms.common.XKMSConstants;
025: import org.ejbca.util.CertTools;
026: import org.w3._2002._03.xkms_.KeyBindingAbstractType;
027: import org.w3._2002._03.xkms_.KeyBindingType;
028: import org.w3._2002._03.xkms_.RevokeRequestType;
029: import org.w3._2002._03.xkms_.RevokeResultType;
030: import org.w3c.dom.Document;
031:
032: /**
033: * Class generating a response for a revoke call
034: *
035: *
036: * @author Philip Vendil
037: *
038: * @version $Id: RevokeResponseGenerator.java,v 1.5 2007/08/17 14:45:43 jeklund Exp $
039: */
040:
041: public class RevokeResponseGenerator extends KRSSResponseGenerator {
042: //private static Logger log = Logger.getLogger(RevokeResponseGenerator.class);
043:
044: public RevokeResponseGenerator(String remoteIP,
045: RevokeRequestType req, Document requestDoc) {
046: super (remoteIP, req, requestDoc);
047: }
048:
049: /**
050: * Returns a reissue response
051: */
052: public RevokeResultType getResponse(boolean requestVerifies) {
053: RevokeResultType result = xkmsFactory.createRevokeResultType();
054: super .populateResponse(result, requestVerifies);
055: RevokeRequestType req = (RevokeRequestType) this .req;
056:
057: if (resultMajor == null) {
058: if (!checkValidRespondWithRequest(req.getRespondWith(),
059: true)) {
060: resultMajor = XKMSConstants.RESULTMAJOR_SENDER;
061: resultMinor = XKMSConstants.RESULTMINOR_MESSAGENOTSUPPORTED;
062: }
063:
064: if (resultMajor == null) {
065: if (resultMajor == null) {
066: X509Certificate cert = (X509Certificate) getPublicKeyInfo(
067: req, false);
068: boolean isCertValid = certIsValid(cert);
069: if (isCertValid) {
070: UserDataVO userData = findUserData(cert);
071: String revokationCodeId = getRevokationCodeFromUserData(userData);
072: if (userData != null
073: && revokationCodeId != null) {
074:
075: String revokeCode = getRevocationCode(req);
076:
077: if (XKMSConfig.isRevokationAllowed()) {
078: if (revokeCode != null) {
079: X509Certificate newCert = revoke(
080: userData, revokeCode,
081: revokationCodeId, cert);
082: if (newCert != null
083: && req.getRespondWith()
084: .size() > 0) {
085: KeyBindingAbstractType keyBinding = getResponseValues(
086: req
087: .getRevokeKeyBinding(),
088: newCert, true, false);
089: result
090: .getKeyBinding()
091: .add(
092: (KeyBindingType) keyBinding);
093: }
094: }
095: } else {
096: resultMajor = XKMSConstants.RESULTMAJOR_SENDER;
097: resultMinor = XKMSConstants.RESULTMINOR_REFUSED;
098: }
099: }
100: }
101: }
102: }
103: }
104:
105: if (resultMajor == null) {
106: resultMajor = XKMSConstants.RESULTMAJOR_SUCCESS;
107: }
108:
109: setResult(result);
110:
111: return result;
112: }
113:
114: /**
115: * Method that returns the revokation code identifier in the extended information
116: * or null of no revokation identier existed
117: * @param userData
118: * @return
119: */
120: private String getRevokationCodeFromUserData(UserDataVO userData) {
121: String retval = null;
122: if (userData != null
123: && userData.getExtendedinformation() != null
124: && userData.getExtendedinformation()
125: .getRevocationCodeIdentifier() != null) {
126: retval = userData.getExtendedinformation()
127: .getRevocationCodeIdentifier();
128: }
129:
130: if (retval == null) {
131: resultMajor = XKMSConstants.RESULTMAJOR_SENDER;
132: resultMinor = XKMSConstants.RESULTMINOR_NOAUTHENTICATION;
133: }
134:
135: return retval;
136: }
137:
138: private X509Certificate revoke(UserDataVO userData,
139: String password, String revocationCode, X509Certificate cert) {
140: X509Certificate retval = null;
141: // Check the password
142:
143: if (revocationCode.equals(password)) {
144: // revoke cert
145: try {
146: getUserAdminSession().revokeCert(raAdmin,
147: cert.getSerialNumber(),
148: CertTools.getIssuerDN(cert),
149: userData.getUsername(),
150: RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED);
151: retval = cert;
152: } catch (WaitingForApprovalException e) {
153: // The request has been sent for approval. -> Only part of the information requested could be provided.
154: resultMajor = XKMSConstants.RESULTMAJOR_SUCCESS;
155: resultMinor = XKMSConstants.RESULTMINOR_INCOMPLETE;
156: retval = cert;
157: } catch (ApprovalException e) {
158: // Approval request already exists. -> The receiver is currently refusing certain requests for unspecified reasons.
159: resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
160: resultMinor = XKMSConstants.RESULTMINOR_REFUSED;
161: } catch (AuthorizationDeniedException e) {
162: resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
163: resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
164: } catch (AlreadyRevokedException e) {
165: resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
166: resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
167: } catch (FinderException e) {
168: resultMajor = XKMSConstants.RESULTMAJOR_SENDER;
169: resultMinor = XKMSConstants.RESULTMINOR_NOMATCH;
170: }
171: } else {
172: resultMajor = XKMSConstants.RESULTMAJOR_SENDER;
173: resultMinor = XKMSConstants.RESULTMINOR_NOAUTHENTICATION;
174: }
175:
176: return retval;
177: }
178:
179: }
|