Examples with ContentInfo com.github.zhenwei.pkix.util.asn1.cms.ContentInfo used on opensource projects

Search in sources :

Example 41 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project xipki by xipki.

the class Client method scepGetCert.

public List<X509Certificate> scepGetCert(PrivateKey identityKey, X509Certificate identityCert, X500Name issuer, BigInteger serialNumber) throws ScepClientException {
    ScepUtil.requireNonNull("identityKey", identityKey);
    ScepUtil.requireNonNull("identityCert", identityCert);
    ScepUtil.requireNonNull("issuer", issuer);
    ScepUtil.requireNonNull("serialNumber", serialNumber);
    initIfNotInited();
    PkiMessage request = new PkiMessage(TransactionId.randomTransactionId(), MessageType.GetCert);
    IssuerAndSerialNumber isn = new IssuerAndSerialNumber(issuer, serialNumber);
    request.setMessageData(isn);
    ContentInfo envRequest = encryptThenSign(request, identityKey, identityCert);
    ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest);
    CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
    DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert);
    if (response.getPkiStatus() != PkiStatus.SUCCESS) {
        throw new ScepClientException("server returned " + response.getPkiStatus());
    }
    ContentInfo messageData = ContentInfo.getInstance(response.getMessageData());
    try {
        return ScepUtil.getCertsFromSignedData(SignedData.getInstance(messageData.getContent()));
    } catch (CertificateException ex) {
        throw new ScepClientException(ex.getMessage(), ex);
    }
}
Also used : IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber) ScepClientException(org.xipki.scep.client.exception.ScepClientException) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) PkiMessage(org.xipki.scep.message.PkiMessage) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) CertificateException(java.security.cert.CertificateException) CMSSignedData(org.bouncycastle.cms.CMSSignedData)

Example 42 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project xipki by xipki.

the class Client method scepCertPoll.

public EnrolmentResponse scepCertPoll(PrivateKey identityKey, X509Certificate identityCert, TransactionId transactionId, X500Name issuer, X500Name subject) throws ScepClientException {
    ScepUtil.requireNonNull("identityKey", identityKey);
    ScepUtil.requireNonNull("identityCert", identityCert);
    ScepUtil.requireNonNull("issuer", issuer);
    ScepUtil.requireNonNull("transactionId", transactionId);
    initIfNotInited();
    PkiMessage pkiMessage = new PkiMessage(transactionId, MessageType.CertPoll);
    IssuerAndSubject is = new IssuerAndSubject(issuer, subject);
    pkiMessage.setMessageData(is);
    ContentInfo envRequest = encryptThenSign(pkiMessage, identityKey, identityCert);
    ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest);
    CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
    DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert);
    assertSameNonce(pkiMessage, response);
    return new EnrolmentResponse(response);
}
Also used : DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) PkiMessage(org.xipki.scep.message.PkiMessage) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) CMSSignedData(org.bouncycastle.cms.CMSSignedData) IssuerAndSubject(org.xipki.scep.message.IssuerAndSubject)

Example 43 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project xipki by xipki.

the class Client method enroll.

private EnrolmentResponse enroll(MessageType messageType, CertificationRequest csr, PrivateKey identityKey, X509Certificate identityCert) throws ScepClientException {
    TransactionId tid;
    try {
        tid = TransactionId.sha1TransactionId(csr.getCertificationRequestInfo().getSubjectPublicKeyInfo());
    } catch (InvalidKeySpecException ex) {
        throw new ScepClientException(ex.getMessage(), ex);
    }
    PkiMessage pkiMessage = new PkiMessage(tid, messageType);
    pkiMessage.setMessageData(csr);
    ContentInfo envRequest = encryptThenSign(pkiMessage, identityKey, identityCert);
    ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest);
    CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
    DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert);
    assertSameNonce(pkiMessage, response);
    return new EnrolmentResponse(response);
}
Also used : ScepClientException(org.xipki.scep.client.exception.ScepClientException) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) PkiMessage(org.xipki.scep.message.PkiMessage) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) TransactionId(org.xipki.scep.transaction.TransactionId)

Example 44 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project pdfbox by apache.

the class PublicKeySecurityHandler method createDERForRecipient.

private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException {
    String algorithm = PKCSObjectIdentifiers.RC2_CBC.getId();
    AlgorithmParameterGenerator apg;
    KeyGenerator keygen;
    Cipher cipher;
    try {
        Provider provider = SecurityProvider.getProvider();
        apg = AlgorithmParameterGenerator.getInstance(algorithm, provider);
        keygen = KeyGenerator.getInstance(algorithm, provider);
        cipher = Cipher.getInstance(algorithm, provider);
    } catch (NoSuchAlgorithmException e) {
        // happens when using the command line app .jar file
        throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + algorithm + "; possible reason: using an unsigned .jar file", e);
    } catch (NoSuchPaddingException e) {
        // should never happen, if this happens throw IOException instead
        throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
    }
    AlgorithmParameters parameters = apg.generateParameters();
    ASN1Primitive object;
    try (ASN1InputStream input = new ASN1InputStream(parameters.getEncoded("ASN.1"))) {
        object = input.readObject();
    }
    keygen.init(128);
    SecretKey secretkey = keygen.generateKey();
    cipher.init(1, secretkey, parameters);
    byte[] bytes = cipher.doFinal(in);
    KeyTransRecipientInfo recipientInfo = computeRecipientInfo(cert, secretkey.getEncoded());
    DERSet set = new DERSet(new RecipientInfo(recipientInfo));
    AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(algorithm), object);
    EncryptedContentInfo encryptedInfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmId, new DEROctetString(bytes));
    EnvelopedData enveloped = new EnvelopedData(null, set, encryptedInfo, (ASN1Set) null);
    ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, enveloped);
    return contentInfo.toASN1Primitive();
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo) AlgorithmParameterGenerator(java.security.AlgorithmParameterGenerator) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) DEROctetString(org.bouncycastle.asn1.DEROctetString) COSString(org.apache.pdfbox.cos.COSString) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) DERSet(org.bouncycastle.asn1.DERSet) DEROctetString(org.bouncycastle.asn1.DEROctetString) Provider(java.security.Provider) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) SecretKey(javax.crypto.SecretKey) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo) Cipher(javax.crypto.Cipher) KeyGenerator(javax.crypto.KeyGenerator) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo) RecipientInfo(org.bouncycastle.asn1.cms.RecipientInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) EnvelopedData(org.bouncycastle.asn1.cms.EnvelopedData) CMSEnvelopedData(org.bouncycastle.cms.CMSEnvelopedData) AlgorithmParameters(java.security.AlgorithmParameters) EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)

Example 45 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project xipki by xipki.

the class ScepResponder method encodeResponse.

// method getCrl
private ContentInfo encodeResponse(PkiMessage response, DecodedPkiMessage request) throws OperationException {
    notNull(response, "response");
    notNull(request, "request");
    String algorithm = responderKey.getAlgorithm();
    if (!"RSA".equalsIgnoreCase(algorithm)) {
        throw new UnsupportedOperationException("getSignatureAlgorithm() for non-RSA is not supported yet.");
    }
    HashAlgo hashAlgo = request.getDigestAlgorithm();
    ContentInfo ci;
    try {
        SignAlgo signatureAlgorithm = SignAlgo.getInstance(hashAlgo.getJceName() + "withRSA");
        X509Cert[] cmsCertSet = control.isIncludeSignerCert() ? new X509Cert[] { responderCert } : null;
        ci = response.encode(responderKey, signatureAlgorithm, responderCert, cmsCertSet, request.getSignatureCert(), request.getContentEncryptionAlgorithm());
    } catch (MessageEncodingException | NoSuchAlgorithmException ex) {
        LogUtil.error(LOG, ex, "could not encode response");
        throw new OperationException(SYSTEM_FAILURE, ex);
    }
    return ci;
}
Also used : SignAlgo(org.xipki.security.SignAlgo) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) HashAlgo(org.xipki.security.HashAlgo) X509Cert(org.xipki.security.X509Cert) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) OperationException(org.xipki.ca.api.OperationException)

Aggregations

ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)60 IOException (java.io.IOException)28 CMSSignedData (org.bouncycastle.cms.CMSSignedData)22 ContentInfo (com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)18 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)15 OutputStream (java.io.OutputStream)12 X509Certificate (java.security.cert.X509Certificate)12 ArrayList (java.util.ArrayList)12 SignedData (org.bouncycastle.asn1.cms.SignedData)12 Iterator (java.util.Iterator)11 ASN1Set (org.bouncycastle.asn1.ASN1Set)11 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)10 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)10 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)9 ByteArrayInputStream (java.io.ByteArrayInputStream)9 ByteArrayOutputStream (java.io.ByteArrayOutputStream)9 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)9 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)9 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)9 DERSet (org.bouncycastle.asn1.DERSet)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial