Examples with POPOSigningKey com.github.zhenwei.pkix.util.asn1.crmf.POPOSigningKey used on opensource projects

Search in sources :

Example 6 with POPOSigningKey

use of com.github.zhenwei.pkix.util.asn1.crmf.POPOSigningKey in project xipki by xipki.

the class BaseCmpResponder method verifyPopo.

protected boolean verifyPopo(CertificateRequestMessage certRequest, SubjectPublicKeyInfo spki, boolean allowRaPopo) {
    int popType = certRequest.getProofOfPossessionType();
    if (popType == CertificateRequestMessage.popRaVerified && allowRaPopo) {
        return true;
    }
    if (popType != CertificateRequestMessage.popSigningKey) {
        LOG.error("unsupported POP type: " + popType);
        return false;
    }
    // check the POP signature algorithm
    ProofOfPossession pop = certRequest.toASN1Structure().getPopo();
    POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject());
    SignAlgo popoAlg;
    try {
        popoAlg = SignAlgo.getInstance(popoSign.getAlgorithmIdentifier());
    } catch (NoSuchAlgorithmException ex) {
        LogUtil.error(LOG, ex, "Cannot parse POPO signature algorithm");
        return false;
    }
    AlgorithmValidator algoValidator = getCmpControl().getPopoAlgoValidator();
    if (!algoValidator.isAlgorithmPermitted(popoAlg)) {
        LOG.error("POPO signature algorithm {} not permitted", popoAlg.getJceName());
        return false;
    }
    try {
        PublicKey publicKey = securityFactory.generatePublicKey(spki);
        DhpocControl dhpocControl = getCa().getCaInfo().getDhpocControl();
        DHSigStaticKeyCertPair kaKeyAndCert = null;
        if (SignAlgo.DHPOP_X25519 == popoAlg || SignAlgo.DHPOP_X448 == popoAlg) {
            if (dhpocControl != null) {
                DhSigStatic dhSigStatic = DhSigStatic.getInstance(popoSign.getSignature().getBytes());
                IssuerAndSerialNumber isn = dhSigStatic.getIssuerAndSerial();
                ASN1ObjectIdentifier keyAlgOid = spki.getAlgorithm().getAlgorithm();
                kaKeyAndCert = dhpocControl.getKeyCertPair(isn.getName(), isn.getSerialNumber().getValue(), EdECConstants.getName(keyAlgOid));
            }
            if (kaKeyAndCert == null) {
                return false;
            }
        }
        ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey, kaKeyAndCert);
        return certRequest.isValidSigningKeyPOP(cvp);
    } catch (InvalidKeyException | IllegalStateException | CRMFException ex) {
        LogUtil.error(LOG, ex);
    }
    return false;
}
Also used : IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession) DhSigStatic(org.bouncycastle.asn1.crmf.DhSigStatic) CRMFException(org.bouncycastle.cert.crmf.CRMFException) DhpocControl(org.xipki.ca.server.DhpocControl) POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)

Example 7 with POPOSigningKey

use of com.github.zhenwei.pkix.util.asn1.crmf.POPOSigningKey in project xipki by xipki.

the class BaseCmpResponder method verifyPop.

protected boolean verifyPop(CertificateRequestMessage certRequest, SubjectPublicKeyInfo spki, boolean allowRaPop) {
    int popType = certRequest.getProofOfPossessionType();
    if (popType == CertificateRequestMessage.popRaVerified && allowRaPop) {
        return true;
    }
    if (popType != CertificateRequestMessage.popSigningKey) {
        LOG.error("unsupported POP type: " + popType);
        return false;
    }
    // check the POP signature algorithm
    ProofOfPossession pop = certRequest.toASN1Structure().getPop();
    POPOSigningKey popSign = POPOSigningKey.getInstance(pop.getObject());
    SignAlgo popAlg;
    try {
        popAlg = SignAlgo.getInstance(popSign.getAlgorithmIdentifier());
    } catch (NoSuchAlgorithmException ex) {
        LogUtil.error(LOG, ex, "Cannot parse POP signature algorithm");
        return false;
    }
    AlgorithmValidator algoValidator = getCa().getPopAlgoValidator();
    if (!algoValidator.isAlgorithmPermitted(popAlg)) {
        LOG.error("POP signature algorithm {} not permitted", popAlg.getJceName());
        return false;
    }
    try {
        PublicKey publicKey = securityFactory.generatePublicKey(spki);
        PopControl popControl = getCa().getCaInfo().getPopControl();
        DHSigStaticKeyCertPair kaKeyAndCert = null;
        if (SignAlgo.DHPOP_X25519 == popAlg || SignAlgo.DHPOP_X448 == popAlg) {
            if (popControl != null) {
                DhSigStatic dhSigStatic = DhSigStatic.getInstance(popSign.getSignature().getBytes());
                IssuerAndSerialNumber isn = dhSigStatic.getIssuerAndSerial();
                ASN1ObjectIdentifier keyAlgOid = spki.getAlgorithm().getAlgorithm();
                kaKeyAndCert = popControl.getDhKeyCertPair(isn.getName(), isn.getSerialNumber().getValue(), EdECConstants.getName(keyAlgOid));
            }
            if (kaKeyAndCert == null) {
                return false;
            }
        }
        ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey, kaKeyAndCert);
        return certRequest.isValidSigningKeyPOP(cvp);
    } catch (InvalidKeyException | IllegalStateException | CRMFException ex) {
        LogUtil.error(LOG, ex);
    }
    return false;
}
Also used : IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession) DhSigStatic(org.bouncycastle.asn1.crmf.DhSigStatic) CRMFException(org.bouncycastle.cert.crmf.CRMFException) POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)

Aggregations

POPOSigningKey (org.bouncycastle.asn1.crmf.POPOSigningKey)5 ProofOfPossession (org.bouncycastle.asn1.crmf.ProofOfPossession)5 CRMFException (org.bouncycastle.cert.crmf.CRMFException)3 ContentVerifierProvider (org.bouncycastle.operator.ContentVerifierProvider)3 POPOSigningKey (com.github.zhenwei.pkix.util.asn1.crmf.POPOSigningKey)2 ECPublicKey (java.security.interfaces.ECPublicKey)2 RSAPublicKey (java.security.interfaces.RSAPublicKey)2 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2 IssuerAndSerialNumber (org.bouncycastle.asn1.cms.IssuerAndSerialNumber)2 CertRequest (org.bouncycastle.asn1.crmf.CertRequest)2 CertTemplateBuilder (org.bouncycastle.asn1.crmf.CertTemplateBuilder)2 DhSigStatic (org.bouncycastle.asn1.crmf.DhSigStatic)2 X500Name (org.bouncycastle.asn1.x500.X500Name)2 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)2 ProofOfPossessionSigningKeyBuilder (org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder)2 DERBitString (com.github.zhenwei.core.asn1.DERBitString)1 PKMACValue (com.github.zhenwei.pkix.util.asn1.crmf.PKMACValue)1 POPOSigningKeyInput (com.github.zhenwei.pkix.util.asn1.crmf.POPOSigningKeyInput)1 ProofOfPossession (com.github.zhenwei.pkix.util.asn1.crmf.ProofOfPossession)1 File (java.io.File)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial