Search in sources :

Example 1 with CertRequest

use of com.github.zhenwei.pkix.util.asn1.crmf.CertRequest in project xipki by xipki.

the class CaLoadTestTemplateEnroll method nextCertRequests.

private Map<Integer, CertRequestWithProfile> nextCertRequests() {
    if (maxRequests > 0) {
        int num = processedRequests.getAndAdd(1);
        if (num >= maxRequests) {
            return null;
        }
    }
    Map<Integer, CertRequestWithProfile> certRequests = new HashMap<>();
    final int n = loadtestEntries.size();
    for (int i = 0; i < n; i++) {
        LoadTestEntry loadtestEntry = loadtestEntries.get(i);
        final int certId = i + 1;
        CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
        long thisIndex = index.getAndIncrement();
        certTempBuilder.setSubject(loadtestEntry.getX500Name(thisIndex));
        SubjectPublicKeyInfo spki = loadtestEntry.getSubjectPublicKeyInfo();
        certTempBuilder.setPublicKey(spki);
        CertTemplate certTemplate = certTempBuilder.build();
        CertRequest certRequest = new CertRequest(certId, certTemplate, null);
        CertRequestWithProfile requestWithCertprofile = new CertRequestWithProfile(loadtestEntry.getCertprofile(), certRequest);
        certRequests.put(certId, requestWithCertprofile);
    }
    return certRequests;
}
Also used : AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) HashMap(java.util.HashMap) EnrollCertRequest(org.xipki.ca.client.api.dto.EnrollCertRequest) CertRequest(org.bouncycastle.asn1.crmf.CertRequest) CertTemplate(org.bouncycastle.asn1.crmf.CertTemplate) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)

Example 2 with CertRequest

use of com.github.zhenwei.pkix.util.asn1.crmf.CertRequest in project LinLong-Java by zhenwei1108.

the class ProofOfPossessionSigningKeyBuilder method build.

public POPOSigningKey build(ContentSigner signer) {
    if (name != null && publicKeyMAC != null) {
        throw new IllegalStateException("name and publicKeyMAC cannot both be set.");
    }
    POPOSigningKeyInput popo;
    if (certRequest != null) {
        popo = null;
        CRMFUtil.derEncodeToStream(certRequest, signer.getOutputStream());
    } else if (name != null) {
        popo = new POPOSigningKeyInput(name, pubKeyInfo);
        CRMFUtil.derEncodeToStream(popo, signer.getOutputStream());
    } else {
        popo = new POPOSigningKeyInput(publicKeyMAC, pubKeyInfo);
        CRMFUtil.derEncodeToStream(popo, signer.getOutputStream());
    }
    return new POPOSigningKey(popo, signer.getAlgorithmIdentifier(), new DERBitString(signer.getSignature()));
}
Also used : POPOSigningKeyInput(com.github.zhenwei.pkix.util.asn1.crmf.POPOSigningKeyInput) DERBitString(com.github.zhenwei.core.asn1.DERBitString) POPOSigningKey(com.github.zhenwei.pkix.util.asn1.crmf.POPOSigningKey)

Example 3 with CertRequest

use of com.github.zhenwei.pkix.util.asn1.crmf.CertRequest in project xipki by xipki.

the class CmpCaClient method requestCertViaCrmf.

public X509Certificate requestCertViaCrmf(String certProfile, PrivateKey privateKey, SubjectPublicKeyInfo publicKeyInfo, String subject) throws Exception {
    CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
    certTemplateBuilder.setSubject(new X500Name(subject));
    certTemplateBuilder.setPublicKey(publicKeyInfo);
    CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
    ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq);
    ContentSigner popoSigner = buildSigner(privateKey);
    POPOSigningKey popoSk = popoBuilder.build(popoSigner);
    ProofOfPossession popo = new ProofOfPossession(popoSk);
    AttributeTypeAndValue certprofileInfo = new AttributeTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + certProfile + "%"));
    AttributeTypeAndValue[] atvs = { certprofileInfo };
    CertReqMsg certReqMsg = new CertReqMsg(certReq, popo, atvs);
    PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsg));
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
    builder.setMessageTime(new Date());
    builder.setTransactionID(randomTransactionId());
    builder.setSenderNonce(randomSenderNonce());
    builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
    builder.setBody(body);
    ProtectedPKIMessage request = builder.build(requestorSigner);
    PKIMessage response = transmit(request);
    return parseEnrollCertResult(response);
}
Also used : ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) CertReqMessages(org.bouncycastle.asn1.crmf.CertReqMessages) CertReqMsg(org.bouncycastle.asn1.crmf.CertReqMsg) ContentSigner(org.bouncycastle.operator.ContentSigner) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession) X500Name(org.bouncycastle.asn1.x500.X500Name) AttributeTypeAndValue(org.bouncycastle.asn1.crmf.AttributeTypeAndValue) Date(java.util.Date) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) CertRequest(org.bouncycastle.asn1.crmf.CertRequest) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ProofOfPossessionSigningKeyBuilder(org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder) POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey)

Example 4 with CertRequest

use of com.github.zhenwei.pkix.util.asn1.crmf.CertRequest in project xipki by xipki.

the class EnrollCertAction method execute0.

@Override
protected Object execute0() throws Exception {
    if (caName != null) {
        caName = caName.toLowerCase();
    }
    CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
    ConcurrentContentSigner signer = getSigner(new SignatureAlgoControl(rsaMgf1, dsaPlain, gm));
    X509CertificateHolder ssCert = signer.getBcCertificate();
    X500Name x500Subject = new X500Name(subject);
    certTemplateBuilder.setSubject(x500Subject);
    certTemplateBuilder.setPublicKey(ssCert.getSubjectPublicKeyInfo());
    if (StringUtil.isNotBlank(notBeforeS) || StringUtil.isNotBlank(notAfterS)) {
        Time notBefore = StringUtil.isNotBlank(notBeforeS) ? new Time(DateUtil.parseUtcTimeyyyyMMddhhmmss(notBeforeS)) : null;
        Time notAfter = StringUtil.isNotBlank(notAfterS) ? new Time(DateUtil.parseUtcTimeyyyyMMddhhmmss(notAfterS)) : null;
        OptionalValidity validity = new OptionalValidity(notBefore, notAfter);
        certTemplateBuilder.setValidity(validity);
    }
    if (needExtensionTypes == null) {
        needExtensionTypes = new LinkedList<>();
    }
    // SubjectAltNames
    List<Extension> extensions = new LinkedList<>();
    if (isNotEmpty(subjectAltNames)) {
        extensions.add(X509Util.createExtnSubjectAltName(subjectAltNames, false));
        needExtensionTypes.add(Extension.subjectAlternativeName.getId());
    }
    // SubjectInfoAccess
    if (isNotEmpty(subjectInfoAccesses)) {
        extensions.add(X509Util.createExtnSubjectInfoAccess(subjectInfoAccesses, false));
        needExtensionTypes.add(Extension.subjectInfoAccess.getId());
    }
    // Keyusage
    if (isNotEmpty(keyusages)) {
        Set<KeyUsage> usages = new HashSet<>();
        for (String usage : keyusages) {
            usages.add(KeyUsage.getKeyUsage(usage));
        }
        org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages);
        ASN1ObjectIdentifier extType = Extension.keyUsage;
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    }
    // ExtendedKeyusage
    if (isNotEmpty(extkeyusages)) {
        ExtendedKeyUsage extValue = X509Util.createExtendedUsage(textToAsn1ObjectIdentifers(extkeyusages));
        ASN1ObjectIdentifier extType = Extension.extendedKeyUsage;
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    }
    // QcEuLimitValue
    if (isNotEmpty(qcEuLimits)) {
        ASN1EncodableVector vec = new ASN1EncodableVector();
        for (String m : qcEuLimits) {
            StringTokenizer st = new StringTokenizer(m, ":");
            try {
                String currencyS = st.nextToken();
                String amountS = st.nextToken();
                String exponentS = st.nextToken();
                Iso4217CurrencyCode currency;
                try {
                    int intValue = Integer.parseInt(currencyS);
                    currency = new Iso4217CurrencyCode(intValue);
                } catch (NumberFormatException ex) {
                    currency = new Iso4217CurrencyCode(currencyS);
                }
                int amount = Integer.parseInt(amountS);
                int exponent = Integer.parseInt(exponentS);
                MonetaryValue monterayValue = new MonetaryValue(currency, amount, exponent);
                QCStatement statment = new QCStatement(ObjectIdentifiers.id_etsi_qcs_QcLimitValue, monterayValue);
                vec.add(statment);
            } catch (Exception ex) {
                throw new Exception("invalid qc-eu-limit '" + m + "'");
            }
        }
        ASN1ObjectIdentifier extType = Extension.qCStatements;
        ASN1Sequence extValue = new DERSequence(vec);
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    }
    // biometricInfo
    if (biometricType != null && biometricHashAlgo != null && biometricFile != null) {
        TypeOfBiometricData objBiometricType = StringUtil.isNumber(biometricType) ? new TypeOfBiometricData(Integer.parseInt(biometricType)) : new TypeOfBiometricData(new ASN1ObjectIdentifier(biometricType));
        ASN1ObjectIdentifier objBiometricHashAlgo = AlgorithmUtil.getHashAlg(biometricHashAlgo);
        byte[] biometricBytes = IoUtil.read(biometricFile);
        MessageDigest md = MessageDigest.getInstance(objBiometricHashAlgo.getId());
        md.reset();
        byte[] biometricDataHash = md.digest(biometricBytes);
        DERIA5String sourceDataUri = null;
        if (biometricUri != null) {
            sourceDataUri = new DERIA5String(biometricUri);
        }
        BiometricData biometricData = new BiometricData(objBiometricType, new AlgorithmIdentifier(objBiometricHashAlgo), new DEROctetString(biometricDataHash), sourceDataUri);
        ASN1EncodableVector vec = new ASN1EncodableVector();
        vec.add(biometricData);
        ASN1ObjectIdentifier extType = Extension.biometricInfo;
        ASN1Sequence extValue = new DERSequence(vec);
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    } else if (biometricType == null && biometricHashAlgo == null && biometricFile == null) {
    // Do nothing
    } else {
        throw new Exception("either all of biometric triples (type, hash algo, file)" + " must be set or none of them should be set");
    }
    if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) {
        ExtensionExistence ee = new ExtensionExistence(textToAsn1ObjectIdentifers(needExtensionTypes), textToAsn1ObjectIdentifers(wantExtensionTypes));
        extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded()));
    }
    if (isNotEmpty(extensions)) {
        Extensions asn1Extensions = new Extensions(extensions.toArray(new Extension[0]));
        certTemplateBuilder.setExtensions(asn1Extensions);
    }
    CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
    ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq);
    ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
    POPOSigningKey popoSk;
    try {
        popoSk = popoBuilder.build(signer0.value());
    } finally {
        signer.requiteSigner(signer0);
    }
    ProofOfPossession popo = new ProofOfPossession(popoSk);
    EnrollCertRequestEntry reqEntry = new EnrollCertRequestEntry("id-1", profile, certReq, popo);
    EnrollCertRequest request = new EnrollCertRequest(EnrollCertRequest.Type.CERT_REQ);
    request.addRequestEntry(reqEntry);
    RequestResponseDebug debug = getRequestResponseDebug();
    EnrollCertResult result;
    try {
        result = caClient.requestCerts(caName, request, debug);
    } finally {
        saveRequestResponse(debug);
    }
    X509Certificate cert = null;
    if (result != null) {
        String id = result.getAllIds().iterator().next();
        CertOrError certOrError = result.getCertOrError(id);
        cert = (X509Certificate) certOrError.getCertificate();
    }
    if (cert == null) {
        throw new CmdFailure("no certificate received from the server");
    }
    File certFile = new File(outputFile);
    saveVerbose("saved certificate to file", certFile, cert.getEncoded());
    return null;
}
Also used : TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) BiometricData(org.bouncycastle.asn1.x509.qualified.BiometricData) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.xipki.security.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DERSequence(org.bouncycastle.asn1.DERSequence) EnrollCertRequestEntry(org.xipki.ca.client.api.dto.EnrollCertRequestEntry) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) MessageDigest(java.security.MessageDigest) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) HashSet(java.util.HashSet) RequestResponseDebug(org.xipki.common.RequestResponseDebug) ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate) OptionalValidity(org.bouncycastle.asn1.crmf.OptionalValidity) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ProofOfPossessionSigningKeyBuilder(org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder) File(java.io.File) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement) EnrollCertRequest(org.xipki.ca.client.api.dto.EnrollCertRequest) Time(org.bouncycastle.asn1.x509.Time) Extensions(org.bouncycastle.asn1.x509.Extensions) Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode) DERIA5String(org.bouncycastle.asn1.DERIA5String) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) CmdFailure(org.xipki.console.karaf.CmdFailure) EnrollCertResult(org.xipki.ca.client.api.EnrollCertResult) POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey) MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue) ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner) CertOrError(org.xipki.ca.client.api.CertOrError) ObjectCreationException(org.xipki.common.ObjectCreationException) InvalidOidOrNameException(org.xipki.security.exception.InvalidOidOrNameException) Extension(org.bouncycastle.asn1.x509.Extension) StringTokenizer(java.util.StringTokenizer) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ExtensionExistence(org.xipki.security.ExtensionExistence) EnrollCertRequest(org.xipki.ca.client.api.dto.EnrollCertRequest) CertRequest(org.bouncycastle.asn1.crmf.CertRequest) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) SignatureAlgoControl(org.xipki.security.SignatureAlgoControl)

Example 5 with CertRequest

use of com.github.zhenwei.pkix.util.asn1.crmf.CertRequest in project xipki by xipki.

the class CaLoadTestEnroll method nextCertRequests.

private Map<Integer, CertRequest> nextCertRequests() {
    if (maxRequests > 0) {
        int num = processedRequests.getAndAdd(1);
        if (num >= maxRequests) {
            return null;
        }
    }
    Map<Integer, CertRequest> certRequests = new HashMap<>();
    for (int i = 0; i < num; i++) {
        final int certId = i + 1;
        CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
        long thisIndex = index.getAndIncrement();
        certTempBuilder.setSubject(loadtestEntry.getX500Name(thisIndex));
        SubjectPublicKeyInfo spki = loadtestEntry.getSubjectPublicKeyInfo();
        certTempBuilder.setPublicKey(spki);
        CertTemplate certTemplate = certTempBuilder.build();
        CertRequest certRequest = new CertRequest(certId, certTemplate, null);
        certRequests.put(certId, certRequest);
    }
    return certRequests;
}
Also used : AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) HashMap(java.util.HashMap) CertRequest(org.bouncycastle.asn1.crmf.CertRequest) EnrollCertRequest(org.xipki.ca.client.api.dto.EnrollCertRequest) CertTemplate(org.bouncycastle.asn1.crmf.CertTemplate) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)

Aggregations

CertRequest (org.bouncycastle.asn1.crmf.CertRequest)4 CertTemplateBuilder (org.bouncycastle.asn1.crmf.CertTemplateBuilder)4 EnrollCertRequest (org.xipki.ca.client.api.dto.EnrollCertRequest)3 HashMap (java.util.HashMap)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2 CertTemplate (org.bouncycastle.asn1.crmf.CertTemplate)2 POPOSigningKey (org.bouncycastle.asn1.crmf.POPOSigningKey)2 ProofOfPossession (org.bouncycastle.asn1.crmf.ProofOfPossession)2 X500Name (org.bouncycastle.asn1.x500.X500Name)2 ProofOfPossessionSigningKeyBuilder (org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder)2 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)1 ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)1 DERBitString (com.github.zhenwei.core.asn1.DERBitString)1 DERSequence (com.github.zhenwei.core.asn1.DERSequence)1 DERTaggedObject (com.github.zhenwei.core.asn1.DERTaggedObject)1 SubjectPublicKeyInfo (com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)1 AttributeTypeAndValue (com.github.zhenwei.pkix.util.asn1.crmf.AttributeTypeAndValue)1 CertRequest (com.github.zhenwei.pkix.util.asn1.crmf.CertRequest)1 CertTemplate (com.github.zhenwei.pkix.util.asn1.crmf.CertTemplate)1 POPOSigningKey (com.github.zhenwei.pkix.util.asn1.crmf.POPOSigningKey)1