use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project xipki by xipki.
the class Client method scepGetCert.
public List<X509Certificate> scepGetCert(PrivateKey identityKey, X509Certificate identityCert, X500Name issuer, BigInteger serialNumber) throws ScepClientException {
ScepUtil.requireNonNull("identityKey", identityKey);
ScepUtil.requireNonNull("identityCert", identityCert);
ScepUtil.requireNonNull("issuer", issuer);
ScepUtil.requireNonNull("serialNumber", serialNumber);
initIfNotInited();
PkiMessage request = new PkiMessage(TransactionId.randomTransactionId(), MessageType.GetCert);
IssuerAndSerialNumber isn = new IssuerAndSerialNumber(issuer, serialNumber);
request.setMessageData(isn);
ContentInfo envRequest = encryptThenSign(request, identityKey, identityCert);
ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest);
CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert);
if (response.getPkiStatus() != PkiStatus.SUCCESS) {
throw new ScepClientException("server returned " + response.getPkiStatus());
}
ContentInfo messageData = ContentInfo.getInstance(response.getMessageData());
try {
return ScepUtil.getCertsFromSignedData(SignedData.getInstance(messageData.getContent()));
} catch (CertificateException ex) {
throw new ScepClientException(ex.getMessage(), ex);
}
}
use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project xipki by xipki.
the class Client method scepCertPoll.
public EnrolmentResponse scepCertPoll(PrivateKey identityKey, X509Certificate identityCert, TransactionId transactionId, X500Name issuer, X500Name subject) throws ScepClientException {
ScepUtil.requireNonNull("identityKey", identityKey);
ScepUtil.requireNonNull("identityCert", identityCert);
ScepUtil.requireNonNull("issuer", issuer);
ScepUtil.requireNonNull("transactionId", transactionId);
initIfNotInited();
PkiMessage pkiMessage = new PkiMessage(transactionId, MessageType.CertPoll);
IssuerAndSubject is = new IssuerAndSubject(issuer, subject);
pkiMessage.setMessageData(is);
ContentInfo envRequest = encryptThenSign(pkiMessage, identityKey, identityCert);
ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest);
CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert);
assertSameNonce(pkiMessage, response);
return new EnrolmentResponse(response);
}
use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project xipki by xipki.
the class Client method enroll.
private EnrolmentResponse enroll(MessageType messageType, CertificationRequest csr, PrivateKey identityKey, X509Certificate identityCert) throws ScepClientException {
TransactionId tid;
try {
tid = TransactionId.sha1TransactionId(csr.getCertificationRequestInfo().getSubjectPublicKeyInfo());
} catch (InvalidKeySpecException ex) {
throw new ScepClientException(ex.getMessage(), ex);
}
PkiMessage pkiMessage = new PkiMessage(tid, messageType);
pkiMessage.setMessageData(csr);
ContentInfo envRequest = encryptThenSign(pkiMessage, identityKey, identityCert);
ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest);
CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert);
assertSameNonce(pkiMessage, response);
return new EnrolmentResponse(response);
}
use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project pdfbox by apache.
the class PublicKeySecurityHandler method createDERForRecipient.
private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException {
String algorithm = PKCSObjectIdentifiers.RC2_CBC.getId();
AlgorithmParameterGenerator apg;
KeyGenerator keygen;
Cipher cipher;
try {
Provider provider = SecurityProvider.getProvider();
apg = AlgorithmParameterGenerator.getInstance(algorithm, provider);
keygen = KeyGenerator.getInstance(algorithm, provider);
cipher = Cipher.getInstance(algorithm, provider);
} catch (NoSuchAlgorithmException e) {
// happens when using the command line app .jar file
throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + algorithm + "; possible reason: using an unsigned .jar file", e);
} catch (NoSuchPaddingException e) {
// should never happen, if this happens throw IOException instead
throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
}
AlgorithmParameters parameters = apg.generateParameters();
ASN1Primitive object;
try (ASN1InputStream input = new ASN1InputStream(parameters.getEncoded("ASN.1"))) {
object = input.readObject();
}
keygen.init(128);
SecretKey secretkey = keygen.generateKey();
cipher.init(1, secretkey, parameters);
byte[] bytes = cipher.doFinal(in);
KeyTransRecipientInfo recipientInfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet set = new DERSet(new RecipientInfo(recipientInfo));
AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(algorithm), object);
EncryptedContentInfo encryptedInfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmId, new DEROctetString(bytes));
EnvelopedData enveloped = new EnvelopedData(null, set, encryptedInfo, (ASN1Set) null);
ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, enveloped);
return contentInfo.toASN1Primitive();
}
use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project xipki by xipki.
the class ScepResponder method encodeResponse.
// method getCrl
private ContentInfo encodeResponse(PkiMessage response, DecodedPkiMessage request) throws OperationException {
notNull(response, "response");
notNull(request, "request");
String algorithm = responderKey.getAlgorithm();
if (!"RSA".equalsIgnoreCase(algorithm)) {
throw new UnsupportedOperationException("getSignatureAlgorithm() for non-RSA is not supported yet.");
}
HashAlgo hashAlgo = request.getDigestAlgorithm();
ContentInfo ci;
try {
SignAlgo signatureAlgorithm = SignAlgo.getInstance(hashAlgo.getJceName() + "withRSA");
X509Cert[] cmsCertSet = control.isIncludeSignerCert() ? new X509Cert[] { responderCert } : null;
ci = response.encode(responderKey, signatureAlgorithm, responderCert, cmsCertSet, request.getSignatureCert(), request.getContentEncryptionAlgorithm());
} catch (MessageEncodingException | NoSuchAlgorithmException ex) {
LogUtil.error(LOG, ex, "could not encode response");
throw new OperationException(SYSTEM_FAILURE, ex);
}
return ci;
}
Aggregations