Class CRSEnrollment

  • All Implemented Interfaces:
    java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

    public class CRSEnrollment
    extends javax.servlet.http.HttpServlet
    This servlet deals with PKCS#10-based certificate requests from CRS, now called SCEP, and defined at: http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe The HTTP parameters are 'operation' and 'message' operation can be either 'GetCACert' or 'PKIOperation'
    Version:
    $Revision$, $Date$
    See Also:
    Serialized Form
    • Field Detail

      • mProfileId

        protected java.lang.String mProfileId
      • mAppendDN

        protected java.lang.String mAppendDN
      • mEntryObjectclass

        protected java.lang.String mEntryObjectclass
      • mCreateEntry

        protected boolean mCreateEntry
      • mFlattenDN

        protected boolean mFlattenDN
      • mLogger

        protected Logger mLogger
      • mSHADigest

        protected java.security.MessageDigest mSHADigest
      • OID_UNSTRUCTUREDADDRESS

        public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS
    • Constructor Detail

      • CRSEnrollment

        public CRSEnrollment()
    • Method Detail

      • toHashtable

        public static java.util.Hashtable<java.lang.String,​java.lang.String> toHashtable​(javax.servlet.http.HttpServletRequest req)
      • init

        public void init​(javax.servlet.ServletConfig sc)
        Specified by:
        init in interface javax.servlet.Servlet
        Overrides:
        init in class javax.servlet.GenericServlet
      • service

        public void service​(javax.servlet.http.HttpServletRequest httpReq,
                            javax.servlet.http.HttpServletResponse httpResp)
                     throws javax.servlet.ServletException
        Service a CRS Request. It all starts here. This is where the message from the router is processed
        Overrides:
        service in class javax.servlet.http.HttpServlet
        Parameters:
        httpReq - The HttpServletRequest.
        httpResp - The HttpServletResponse.
        Throws:
        javax.servlet.ServletException
      • handleGetCACert

        public void handleGetCACert​(javax.servlet.http.HttpServletRequest httpReq,
                                    javax.servlet.http.HttpServletResponse httpResp)
                             throws javax.servlet.ServletException
        Return the CA certificate back to the requestor. This needs to be changed so that if the CA has a certificate chain, the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no signerInfo)
        Throws:
        javax.servlet.ServletException
      • getPasswordFromP10

        public java.lang.String getPasswordFromP10​(PKCS10 p10)
      • decodePKIMessage

        public void decodePKIMessage​(javax.servlet.http.HttpServletRequest httpReq,
                                     javax.servlet.http.HttpServletResponse httpResp,
                                     java.lang.String msg)
                              throws javax.servlet.ServletException
        Decodes the PKI message and return information to RA.
        Throws:
        javax.servlet.ServletException
      • handlePKIOperation

        public void handlePKIOperation​(javax.servlet.http.HttpServletRequest httpReq,
                                       javax.servlet.http.HttpServletResponse httpResp,
                                       java.lang.String msg)
                                throws javax.servlet.ServletException
        finds a request with this transaction ID. If could not find any request - return null If could only find 'rejected' or 'cancelled' requests, return null If found 'pending' or 'completed' request - return that request
        Throws:
        javax.servlet.ServletException
      • findRequestByTransactionID

        public IRequest findRequestByTransactionID​(java.lang.String txid,
                                                   boolean ignoreRejected)
                                            throws EBaseException
        finds a request with this transaction ID. If could not find any request - return null If could only find 'rejected' or 'cancelled' requests, return null If found 'pending' or 'completed' request - return that request
        Throws:
        EBaseException
      • handleGetCertInitial

        public X509CertImpl handleGetCertInitial​(CRSPKIMessage req,
                                                 CRSPKIMessage resp)
        Called if the router is requesting us to send it its certificate Examine request queue for a request matching the transaction ID. Ignore any rejected or cancelled requests. If a request is found in the pending state, the response should be 'pending' If a request is found in the completed state, the response should be to return the certificate If no request is found, the response should be to return null
      • verifyRequest

        public void verifyRequest​(CRSPKIMessage req,
                                  com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx)
                           throws com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSInvalidSignatureException
        Throws:
        com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSInvalidSignatureException
      • unwrapPKCS10

        public void unwrapPKCS10​(CRSPKIMessage req,
                                 com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx)
                          throws javax.servlet.ServletException,
                                 org.mozilla.jss.NotInitializedException,
                                 com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext.CryptoContextException,
                                 com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException
        Here we decrypt the PKCS10 message from the client
        Throws:
        javax.servlet.ServletException
        org.mozilla.jss.NotInitializedException
        com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext.CryptoContextException
        com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException
      • handlePKCSReq

        public X509CertImpl handlePKCSReq​(javax.servlet.http.HttpServletRequest httpReq,
                                          IRequest cmsRequest,
                                          CRSPKIMessage req,
                                          CRSPKIMessage crsResp,
                                          com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx)
                                   throws javax.servlet.ServletException,
                                          org.mozilla.jss.NotInitializedException,
                                          com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException
        Throws:
        javax.servlet.ServletException
        org.mozilla.jss.NotInitializedException
        com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException
      • makeFingerPrints

        public java.util.Hashtable<java.lang.String,​byte[]> makeFingerPrints​(CRSPKIMessage req)
      • hashPassword

        protected java.lang.String hashPassword​(java.lang.String pwd)