private byte[] processCertReq( String username, String password, String req, // NOPMD int reqType, String hardTokenSN, String responseType) // NOPMD throws EjbcaException_Exception, AuthorizationDeniedException_Exception { try { final byte[] retval; UserDataVOWS userdata = findUser(username); if (userdata == null) { EjbcaException ex = new EjbcaException(); ErrorCode code = new ErrorCode(); // code.setInternalErrorCode(todo) ex.setErrorCode(code); throw new EjbcaException_Exception("User not found: " + username, ex); } // String caName = userdata.getCaName(); pkcs10req = RequestMessageUtils.genPKCS10RequestMessage(req.getBytes()); PublicKey pubKey = pkcs10req.getRequestPublicKey(); // IRequestMessage imsg = new SimpleRequestMessage(pubKey, username, // password); X509Certificate cert = ca.issueCertificate(userdata.getSubjectDN(), 5, "SHA1withRSA", pubKey); if (RESPONSETYPE_PKCS7WITHCHAIN.equals(responseType)) { retval = ca.createPKCS7(cert, true); } else { // retval = cert.getEncoded(); throw new UnsupportedOperationException("Not supported yet"); } // Set to generated userdata.setStatus(40); return retval; } catch (Exception ex) { throw new RuntimeException(ex); } }
@Override public CommandResult execute(ParameterContainer parameters) { String username = parameters.get(ENTITY_NAME); String password = parameters.get(ENTITY_PASSWORD); String csr = parameters.get(CSR); String certf = parameters.get(DESTINATION_FILE); byte[] bytes; try { bytes = FileTools.readFiletoBuffer(csr); } catch (FileNotFoundException e) { log.error("File " + csr + " not found."); return CommandResult.FUNCTIONAL_FAILURE; } RequestMessage req = RequestMessageUtils.parseRequestMessage(bytes); if (req instanceof PKCS10RequestMessage) { PKCS10RequestMessage p10req = (PKCS10RequestMessage) req; p10req.setUsername(username); p10req.setPassword(password); } else { log.error("Input file '" + csr + "' is not a PKCS#10 request."); return CommandResult.FUNCTIONAL_FAILURE; } final SignSessionRemote signSession = EjbRemoteHelper.INSTANCE.getRemoteSession(SignSessionRemote.class); // Call signsession to create a certificate ResponseMessage resp; try { resp = signSession.createCertificate( getAuthenticationToken(), req, X509ResponseMessage.class, null); } catch (EjbcaException e) { log.error("Could not create certificate: " + e.getMessage()); return CommandResult.FUNCTIONAL_FAILURE; } catch (CesecoreException e) { log.error("Could not create certificate: " + e.getMessage()); return CommandResult.FUNCTIONAL_FAILURE; } catch (AuthorizationDeniedException ee) { log.error( "CLI user with username " + parameters.get(USERNAME_KEY) + " was not authorized to create a certificate."); return CommandResult.AUTHORIZATION_FAILURE; } catch (CertificateExtensionException e) { log.error("CSR specified extensions which were invalid: " + e.getMessage()); return CommandResult.FUNCTIONAL_FAILURE; } byte[] pembytes; try { pembytes = CertTools.getPemFromCertificateChain( Arrays.asList(((X509ResponseMessage) resp).getCertificate())); } catch (CertificateException e) { throw new IllegalStateException( "Newly created certificate could not be parsed. This should not happen.", e); } // Write the resulting cert to file try { FileOutputStream fos = new FileOutputStream(certf); fos.write(pembytes); fos.close(); } catch (IOException e) { log.error("Could not write to certificate file " + certf + ". " + e.getMessage()); return CommandResult.FUNCTIONAL_FAILURE; } log.info("PEM certificate written to file '" + certf + "'"); return CommandResult.SUCCESS; }