Package com.netscape.cms.servlet.cert.scep

Class CRSEnrollment

  • All Implemented Interfaces:
    java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
    public class CRSEnrollment
extends javax.servlet.http.HttpServlet
    This servlet deals with PKCS#10-based certificate requests from CRS, now called SCEP, and defined at: http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe The HTTP parameters are 'operation' and 'message' operation can be either 'GetCACert' or 'PKIOperation'
    Version:
    $Revision$, $Date$
    See Also:
    Serialized Form

    • Field Detail

      • mProfileId

        protected java.lang.String mProfileId

      • mAppendDN

        protected java.lang.String mAppendDN

      • mEntryObjectclass

        protected java.lang.String mEntryObjectclass

      • mCreateEntry

        protected boolean mCreateEntry

      • mFlattenDN

        protected boolean mFlattenDN

      • mLogger

        protected Logger mLogger

      • mSHADigest

        protected java.security.MessageDigest mSHADigest

      • OID_UNSTRUCTUREDADDRESS

        public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS

    • Constructor Detail

      • CRSEnrollment

        public CRSEnrollment()

    • Method Detail

      • toHashtable

        public static java.util.Hashtable<java.lang.String,​java.lang.String> toHashtable​(javax.servlet.http.HttpServletRequest req)

      • init

        public void init​(javax.servlet.ServletConfig sc)
        Specified by:
        init in interface javax.servlet.Servlet
        Overrides:
        init in class javax.servlet.GenericServlet

      • service

        public void service​(javax.servlet.http.HttpServletRequest httpReq,
                    javax.servlet.http.HttpServletResponse httpResp)
             throws javax.servlet.ServletException
        Service a CRS Request. It all starts here. This is where the message from the router is processed
        Overrides:
        service in class javax.servlet.http.HttpServlet
        Parameters:
        httpReq - The HttpServletRequest.
        httpResp - The HttpServletResponse.
        Throws:
        javax.servlet.ServletException

      • handleGetCACert

        public void handleGetCACert​(javax.servlet.http.HttpServletRequest httpReq,
                            javax.servlet.http.HttpServletResponse httpResp)
                     throws javax.servlet.ServletException
        Return the CA certificate back to the requestor. This needs to be changed so that if the CA has a certificate chain, the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no signerInfo)
        Throws:
        javax.servlet.ServletException

      • getPasswordFromP10

        public java.lang.String getPasswordFromP10​(PKCS10 p10)

      • decodePKIMessage

        public void decodePKIMessage​(javax.servlet.http.HttpServletRequest httpReq,
                             javax.servlet.http.HttpServletResponse httpResp,
                             java.lang.String msg)
                      throws javax.servlet.ServletException
        Decodes the PKI message and return information to RA.
        Throws:
        javax.servlet.ServletException

      • handlePKIOperation

        public void handlePKIOperation​(javax.servlet.http.HttpServletRequest httpReq,
                               javax.servlet.http.HttpServletResponse httpResp,
                               java.lang.String msg)
                        throws javax.servlet.ServletException
        finds a request with this transaction ID. If could not find any request - return null If could only find 'rejected' or 'cancelled' requests, return null If found 'pending' or 'completed' request - return that request
        Throws:
        javax.servlet.ServletException

      • findRequestByTransactionID

        public IRequest findRequestByTransactionID​(java.lang.String txid,
                                           boolean ignoreRejected)
                                    throws EBaseException
        finds a request with this transaction ID. If could not find any request - return null If could only find 'rejected' or 'cancelled' requests, return null If found 'pending' or 'completed' request - return that request
        Throws:
        EBaseException

      • handleGetCertInitial

        public X509CertImpl handleGetCertInitial​(CRSPKIMessage req,
                                         CRSPKIMessage resp)
        Called if the router is requesting us to send it its certificate Examine request queue for a request matching the transaction ID. Ignore any rejected or cancelled requests. If a request is found in the pending state, the response should be 'pending' If a request is found in the completed state, the response should be to return the certificate If no request is found, the response should be to return null

      • verifyRequest

        public void verifyRequest​(CRSPKIMessage req,
                          com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx)
                   throws com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSInvalidSignatureException
        Throws:
        com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSInvalidSignatureException

      • unwrapPKCS10

        public void unwrapPKCS10​(CRSPKIMessage req,
                         com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx)
                  throws javax.servlet.ServletException,
                         org.mozilla.jss.NotInitializedException,
                         com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext.CryptoContextException,
                         com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException
        Here we decrypt the PKCS10 message from the client
        Throws:
        javax.servlet.ServletException
        org.mozilla.jss.NotInitializedException
        com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext.CryptoContextException
        com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException

      • handlePKCSReq

        public X509CertImpl handlePKCSReq​(javax.servlet.http.HttpServletRequest httpReq,
                                  IRequest cmsRequest,
                                  CRSPKIMessage req,
                                  CRSPKIMessage crsResp,
                                  com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx)
                           throws javax.servlet.ServletException,
                                  org.mozilla.jss.NotInitializedException,
                                  com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException
        Throws:
        javax.servlet.ServletException
        org.mozilla.jss.NotInitializedException
        com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException

      • makeFingerPrints

        public java.util.Hashtable<java.lang.String,​byte[]> makeFingerPrints​(CRSPKIMessage req)

      • hashPassword

        protected java.lang.String hashPassword​(java.lang.String pwd)