private byte[] processCertReq(
String username,
String password,
String req, // NOPMD
int reqType,
String hardTokenSN,
String responseType) // NOPMD
throws EjbcaException_Exception, AuthorizationDeniedException_Exception {
try {
final byte[] retval;
UserDataVOWS userdata = findUser(username);
if (userdata == null) {
EjbcaException ex = new EjbcaException();
ErrorCode code = new ErrorCode();
// code.setInternalErrorCode(todo)
ex.setErrorCode(code);
throw new EjbcaException_Exception("User not found: " + username, ex);
}
// String caName = userdata.getCaName();
pkcs10req = RequestMessageUtils.genPKCS10RequestMessage(req.getBytes());
PublicKey pubKey = pkcs10req.getRequestPublicKey();
// IRequestMessage imsg = new SimpleRequestMessage(pubKey, username,
// password);
X509Certificate cert = ca.issueCertificate(userdata.getSubjectDN(), 5, "SHA1withRSA", pubKey);
if (RESPONSETYPE_PKCS7WITHCHAIN.equals(responseType)) {
retval = ca.createPKCS7(cert, true);
} else {
// retval = cert.getEncoded();
throw new UnsupportedOperationException("Not supported yet");
}
// Set to generated
userdata.setStatus(40);
return retval;
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
@Override
public CommandResult execute(ParameterContainer parameters) {
String username = parameters.get(ENTITY_NAME);
String password = parameters.get(ENTITY_PASSWORD);
String csr = parameters.get(CSR);
String certf = parameters.get(DESTINATION_FILE);
byte[] bytes;
try {
bytes = FileTools.readFiletoBuffer(csr);
} catch (FileNotFoundException e) {
log.error("File " + csr + " not found.");
return CommandResult.FUNCTIONAL_FAILURE;
}
RequestMessage req = RequestMessageUtils.parseRequestMessage(bytes);
if (req instanceof PKCS10RequestMessage) {
PKCS10RequestMessage p10req = (PKCS10RequestMessage) req;
p10req.setUsername(username);
p10req.setPassword(password);
} else {
log.error("Input file '" + csr + "' is not a PKCS#10 request.");
return CommandResult.FUNCTIONAL_FAILURE;
}
final SignSessionRemote signSession =
EjbRemoteHelper.INSTANCE.getRemoteSession(SignSessionRemote.class);
// Call signsession to create a certificate
ResponseMessage resp;
try {
resp =
signSession.createCertificate(
getAuthenticationToken(), req, X509ResponseMessage.class, null);
} catch (EjbcaException e) {
log.error("Could not create certificate: " + e.getMessage());
return CommandResult.FUNCTIONAL_FAILURE;
} catch (CesecoreException e) {
log.error("Could not create certificate: " + e.getMessage());
return CommandResult.FUNCTIONAL_FAILURE;
} catch (AuthorizationDeniedException ee) {
log.error(
"CLI user with username "
+ parameters.get(USERNAME_KEY)
+ " was not authorized to create a certificate.");
return CommandResult.AUTHORIZATION_FAILURE;
} catch (CertificateExtensionException e) {
log.error("CSR specified extensions which were invalid: " + e.getMessage());
return CommandResult.FUNCTIONAL_FAILURE;
}
byte[] pembytes;
try {
pembytes =
CertTools.getPemFromCertificateChain(
Arrays.asList(((X509ResponseMessage) resp).getCertificate()));
} catch (CertificateException e) {
throw new IllegalStateException(
"Newly created certificate could not be parsed. This should not happen.", e);
}
// Write the resulting cert to file
try {
FileOutputStream fos = new FileOutputStream(certf);
fos.write(pembytes);
fos.close();
} catch (IOException e) {
log.error("Could not write to certificate file " + certf + ". " + e.getMessage());
return CommandResult.FUNCTIONAL_FAILURE;
}
log.info("PEM certificate written to file '" + certf + "'");
return CommandResult.SUCCESS;
}
