Examples with PKCS10CertificationRequestBuilder - com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequestBuilder

Example 1 with PKCS10CertificationRequestBuilder

use of com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequestBuilder in project LinLong-Java by zhenwei1108.

the class ESTService method simpleEnrollPoP.

/**
 * Implements Enroll with PoP. Request will have the tls-unique attribute added to it before it is
 * signed and completed.
 *
 * @param reEnroll      True = re enroll.
 * @param builder       The request builder.
 * @param contentSigner The content signer.
 * @param auth          Auth modes.
 * @return Enrollment response.
 * @throws IOException
 */
public EnrollmentResponse simpleEnrollPoP(boolean reEnroll, final PKCS10CertificationRequestBuilder builder, final ContentSigner contentSigner, ESTAuth auth) throws IOException {
    if (!clientProvider.isTrusted()) {
        throw new IllegalStateException("No trust anchors.");
    }
    ESTResponse resp = null;
    try {
        URL url = new URL(server + (reEnroll ? SIMPLE_REENROLL : SIMPLE_ENROLL));
        ESTClient client = clientProvider.makeClient();
        // 
        // Connect supplying a source listener.
        // The source listener is responsible for completing the PCS10 Cert request and encoding it.
        // 
        ESTRequestBuilder reqBldr = new ESTRequestBuilder("POST", url).withClient(client).withConnectionListener(new ESTSourceConnectionListener() {

            public ESTRequest onConnection(Source source, ESTRequest request) throws IOException {
                if (source instanceof TLSUniqueProvider && ((TLSUniqueProvider) source).isTLSUniqueAvailable()) {
                    PKCS10CertificationRequestBuilder localBuilder = new PKCS10CertificationRequestBuilder(builder);
                    ByteArrayOutputStream bos = new ByteArrayOutputStream();
                    byte[] tlsUnique = ((TLSUniqueProvider) source).getTLSUnique();
                    localBuilder.setAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(Base64.toBase64String(tlsUnique)));
                    bos.write(annotateRequest(localBuilder.build(contentSigner).getEncoded()).getBytes());
                    bos.flush();
                    ESTRequestBuilder reqBuilder = new ESTRequestBuilder(request).withData(bos.toByteArray());
                    reqBuilder.setHeader("Content-Type", "application/pkcs10");
                    reqBuilder.setHeader("Content-Transfer-Encoding", "base64");
                    reqBuilder.setHeader("Content-Length", Long.toString(bos.size()));
                    return reqBuilder.build();
                } else {
                    throw new IOException("Source does not supply TLS unique.");
                }
            }
        });
        if (auth != null) {
            auth.applyAuth(reqBldr);
        }
        resp = client.doRequest(reqBldr.build());
        return handleEnrollResponse(resp);
    } catch (Throwable t) {
        if (t instanceof ESTException) {
            throw (ESTException) t;
        } else {
            throw new ESTException(t.getMessage(), t);
        }
    } finally {
        if (resp != null) {
            resp.close();
        }
    }
}

Also used : PKCS10CertificationRequestBuilder(com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequestBuilder) IOException(java.io.IOException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) URL(java.net.URL) DERPrintableString(com.github.zhenwei.core.asn1.DERPrintableString)

Aggregations

DERPrintableString (com.github.zhenwei.core.asn1.DERPrintableString)1 PKCS10CertificationRequestBuilder (com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequestBuilder)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 URL (java.net.URL)1