Examples with Request com.github.zhenwei.core.asn1.ocsp.Request used on opensource projects

Example 26 with Request

use of com.github.zhenwei.core.asn1.ocsp.Request in project LinLong-Java by zhenwei1108.

the class PKCS10CertificationRequest method verify.

/**
 * verify the request using the passed in public key and the provider..
 */
public boolean verify(PublicKey pubKey, String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
    Signature sig;
    try {
        if (provider == null) {
            sig = Signature.getInstance(getSignatureName(sigAlgId));
        } else {
            sig = Signature.getInstance(getSignatureName(sigAlgId), provider);
        }
    } catch (NoSuchAlgorithmException e) {
        // 
        if (oids.get(sigAlgId.getAlgorithm()) != null) {
            String signatureAlgorithm = (String) oids.get(sigAlgId.getAlgorithm());
            if (provider == null) {
                sig = Signature.getInstance(signatureAlgorithm);
            } else {
                sig = Signature.getInstance(signatureAlgorithm, provider);
            }
        } else {
            throw e;
        }
    }
    setSignatureParameters(sig, sigAlgId.getParameters());
    sig.initVerify(pubKey);
    try {
        sig.update(reqInfo.getEncoded(ASN1Encoding.DER));
    } catch (Exception e) {
        throw new SignatureException("exception encoding TBS cert request - " + e);
    }
    return sig.verify(sigBits.getOctets());
}

Example 27 with Request

use of com.github.zhenwei.core.asn1.ocsp.Request in project LinLong-Java by zhenwei1108.

the class CertificateRequestMessageBuilder method build.

public CertificateRequestMessage build() throws CRMFException {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(new ASN1Integer(certReqId));
    if (!extGenerator.isEmpty()) {
        templateBuilder.setExtensions(extGenerator.generate());
    }
    v.add(templateBuilder.build());
    if (!controls.isEmpty()) {
        ASN1EncodableVector controlV = new ASN1EncodableVector();
        for (Iterator it = controls.iterator(); it.hasNext(); ) {
            Control control = (Control) it.next();
            controlV.add(new AttributeTypeAndValue(control.getType(), control.getValue()));
        }
        v.add(new DERSequence(controlV));
    }
    CertRequest request = CertRequest.getInstance(new DERSequence(v));
    v = new ASN1EncodableVector();
    v.add(request);
    if (popSigner != null) {
        CertTemplate template = request.getCertTemplate();
        if (template.getSubject() == null || template.getPublicKey() == null) {
            SubjectPublicKeyInfo pubKeyInfo = request.getCertTemplate().getPublicKey();
            ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(pubKeyInfo);
            if (sender != null) {
                builder.setSender(sender);
            } else {
                PKMACValueGenerator pkmacGenerator = new PKMACValueGenerator(pkmacBuilder);
                builder.setPublicKeyMac(pkmacGenerator, password);
            }
            v.add(new ProofOfPossession(builder.build(popSigner)));
        } else {
            ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(request);
            v.add(new ProofOfPossession(builder.build(popSigner)));
        }
    } else if (popoPrivKey != null) {
        v.add(new ProofOfPossession(popoType, popoPrivKey));
    } else if (agreeMAC != null) {
        v.add(new ProofOfPossession(ProofOfPossession.TYPE_KEY_AGREEMENT, POPOPrivKey.getInstance(new DERTaggedObject(false, POPOPrivKey.agreeMAC, agreeMAC))));
    } else if (popRaVerified != null) {
        v.add(new ProofOfPossession());
    }
    return new CertificateRequestMessage(CertReqMsg.getInstance(new DERSequence(v)));
}

Example 28 with Request

use of com.github.zhenwei.core.asn1.ocsp.Request in project LinLong-Java by zhenwei1108.

the class PKIHeaderBuilder method build.

/**
 * <pre>
 *  PKIHeader ::= SEQUENCE {
 *            pvno                INTEGER     { cmp1999(1), cmp2000(2) },
 *            sender              GeneralName,
 *            -- identifies the sender
 *            recipient           GeneralName,
 *            -- identifies the intended recipient
 *            messageTime     [0] GeneralizedTime         OPTIONAL,
 *            -- time of production of this message (used when sender
 *            -- believes that the transport will be "suitable"; i.e.,
 *            -- that the time will still be meaningful upon receipt)
 *            protectionAlg   [1] AlgorithmIdentifier     OPTIONAL,
 *            -- algorithm used for calculation of protection bits
 *            senderKID       [2] KeyIdentifier           OPTIONAL,
 *            recipKID        [3] KeyIdentifier           OPTIONAL,
 *            -- to identify specific keys used for protection
 *            transactionID   [4] OCTET STRING            OPTIONAL,
 *            -- identifies the transaction; i.e., this will be the same in
 *            -- corresponding request, response, certConf, and PKIConf
 *            -- messages
 *            senderNonce     [5] OCTET STRING            OPTIONAL,
 *            recipNonce      [6] OCTET STRING            OPTIONAL,
 *            -- nonces used to provide replay protection, senderNonce
 *            -- is inserted by the creator of this message; recipNonce
 *            -- is a nonce previously inserted in a related message by
 *            -- the intended recipient of this message
 *            freeText        [7] PKIFreeText             OPTIONAL,
 *            -- this may be used to indicate context-specific instructions
 *            -- (this field is intended for human consumption)
 *            generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
 *                                 InfoTypeAndValue     OPTIONAL
 *            -- this may be used to convey context-specific information
 *            -- (this field not primarily intended for human consumption)
 * }
 * </pre>
 *
 * @return a basic ASN.1 object representation.
 */
public PKIHeader build() {
    ASN1EncodableVector v = new ASN1EncodableVector(12);
    v.add(pvno);
    v.add(sender);
    v.add(recipient);
    addOptional(v, 0, messageTime);
    addOptional(v, 1, protectionAlg);
    addOptional(v, 2, senderKID);
    addOptional(v, 3, recipKID);
    addOptional(v, 4, transactionID);
    addOptional(v, 5, senderNonce);
    addOptional(v, 6, recipNonce);
    addOptional(v, 7, freeText);
    addOptional(v, 8, generalInfo);
    messageTime = null;
    protectionAlg = null;
    senderKID = null;
    recipKID = null;
    transactionID = null;
    senderNonce = null;
    recipNonce = null;
    freeText = null;
    generalInfo = null;
    return PKIHeader.getInstance(new DERSequence(v));
}

Example 29 with Request

use of com.github.zhenwei.core.asn1.ocsp.Request in project LinLong-Java by zhenwei1108.

the class PKIStatusInfo method toASN1Primitive.

/**
 * <pre>
 * PKIStatusInfo ::= SEQUENCE {
 *     status        PKIStatus,                (INTEGER)
 *     statusString  PKIFreeText     OPTIONAL,
 *     failInfo      PKIFailureInfo  OPTIONAL  (BIT STRING)
 * }
 *
 * PKIStatus:
 *   granted                (0), -- you got exactly what you asked for
 *   grantedWithMods        (1), -- you got something like what you asked for
 *   rejection              (2), -- you don't get it, more information elsewhere in the message
 *   waiting                (3), -- the request body part has not yet been processed, expect to hear more later
 *   revocationWarning      (4), -- this message contains a warning that a revocation is imminent
 *   revocationNotification (5), -- notification that a revocation has occurred
 *   keyUpdateWarning       (6)  -- update already done for the oldCertId specified in CertReqMsg
 *
 * PKIFailureInfo:
 *   badAlg           (0), -- unrecognized or unsupported Algorithm Identifier
 *   badMessageCheck  (1), -- integrity check failed (e.g., signature did not verify)
 *   badRequest       (2), -- transaction not permitted or supported
 *   badTime          (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
 *   badCertId        (4), -- no certificate could be found matching the provided criteria
 *   badDataFormat    (5), -- the data submitted has the wrong format
 *   wrongAuthority   (6), -- the authority indicated in the request is different from the one creating the response token
 *   incorrectData    (7), -- the requester's data is incorrect (for notary services)
 *   missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
 *   badPOP           (9)  -- the proof-of-possession failed
 *
 * </pre>
 */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector(3);
    v.add(status);
    if (statusString != null) {
        v.add(statusString);
    }
    if (failInfo != null) {
        v.add(failInfo);
    }
    return new DERSequence(v);
}

Example 30 with Request

use of com.github.zhenwei.core.asn1.ocsp.Request in project LinLong-Java by zhenwei1108.

the class SCVPReqRes method toASN1Primitive.

/**
 * @return the ASN.1 primitive representation.
 */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector(2);
    if (request != null) {
        v.add(new DERTaggedObject(true, 0, request));
    }
    v.add(response);
    return new DERSequence(v);
}