Examples with ProofOfPossession com.github.zhenwei.pkix.util.asn1.crmf.ProofOfPossession used on opensource projects

Search in sources :

Example 6 with ProofOfPossession

use of com.github.zhenwei.pkix.util.asn1.crmf.ProofOfPossession in project xipki by xipki.

the class BaseCmpResponder method verifyPop.

protected boolean verifyPop(CertificateRequestMessage certRequest, SubjectPublicKeyInfo spki, boolean allowRaPop) {
    int popType = certRequest.getProofOfPossessionType();
    if (popType == CertificateRequestMessage.popRaVerified && allowRaPop) {
        return true;
    }
    if (popType != CertificateRequestMessage.popSigningKey) {
        LOG.error("unsupported POP type: " + popType);
        return false;
    }
    // check the POP signature algorithm
    ProofOfPossession pop = certRequest.toASN1Structure().getPop();
    POPOSigningKey popSign = POPOSigningKey.getInstance(pop.getObject());
    SignAlgo popAlg;
    try {
        popAlg = SignAlgo.getInstance(popSign.getAlgorithmIdentifier());
    } catch (NoSuchAlgorithmException ex) {
        LogUtil.error(LOG, ex, "Cannot parse POP signature algorithm");
        return false;
    }
    AlgorithmValidator algoValidator = getCa().getPopAlgoValidator();
    if (!algoValidator.isAlgorithmPermitted(popAlg)) {
        LOG.error("POP signature algorithm {} not permitted", popAlg.getJceName());
        return false;
    }
    try {
        PublicKey publicKey = securityFactory.generatePublicKey(spki);
        PopControl popControl = getCa().getCaInfo().getPopControl();
        DHSigStaticKeyCertPair kaKeyAndCert = null;
        if (SignAlgo.DHPOP_X25519 == popAlg || SignAlgo.DHPOP_X448 == popAlg) {
            if (popControl != null) {
                DhSigStatic dhSigStatic = DhSigStatic.getInstance(popSign.getSignature().getBytes());
                IssuerAndSerialNumber isn = dhSigStatic.getIssuerAndSerial();
                ASN1ObjectIdentifier keyAlgOid = spki.getAlgorithm().getAlgorithm();
                kaKeyAndCert = popControl.getDhKeyCertPair(isn.getName(), isn.getSerialNumber().getValue(), EdECConstants.getName(keyAlgOid));
            }
            if (kaKeyAndCert == null) {
                return false;
            }
        }
        ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey, kaKeyAndCert);
        return certRequest.isValidSigningKeyPOP(cvp);
    } catch (InvalidKeyException | IllegalStateException | CRMFException ex) {
        LogUtil.error(LOG, ex);
    }
    return false;
}
Also used : IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession) DhSigStatic(org.bouncycastle.asn1.crmf.DhSigStatic) CRMFException(org.bouncycastle.cert.crmf.CRMFException) POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)

Example 7 with ProofOfPossession

use of com.github.zhenwei.pkix.util.asn1.crmf.ProofOfPossession in project LinLong-Java by zhenwei1108.

the class CertificateRequestMessageBuilder method build.

public CertificateRequestMessage build() throws CRMFException {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(new ASN1Integer(certReqId));
    if (!extGenerator.isEmpty()) {
        templateBuilder.setExtensions(extGenerator.generate());
    }
    v.add(templateBuilder.build());
    if (!controls.isEmpty()) {
        ASN1EncodableVector controlV = new ASN1EncodableVector();
        for (Iterator it = controls.iterator(); it.hasNext(); ) {
            Control control = (Control) it.next();
            controlV.add(new AttributeTypeAndValue(control.getType(), control.getValue()));
        }
        v.add(new DERSequence(controlV));
    }
    CertRequest request = CertRequest.getInstance(new DERSequence(v));
    v = new ASN1EncodableVector();
    v.add(request);
    if (popSigner != null) {
        CertTemplate template = request.getCertTemplate();
        if (template.getSubject() == null || template.getPublicKey() == null) {
            SubjectPublicKeyInfo pubKeyInfo = request.getCertTemplate().getPublicKey();
            ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(pubKeyInfo);
            if (sender != null) {
                builder.setSender(sender);
            } else {
                PKMACValueGenerator pkmacGenerator = new PKMACValueGenerator(pkmacBuilder);
                builder.setPublicKeyMac(pkmacGenerator, password);
            }
            v.add(new ProofOfPossession(builder.build(popSigner)));
        } else {
            ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(request);
            v.add(new ProofOfPossession(builder.build(popSigner)));
        }
    } else if (popoPrivKey != null) {
        v.add(new ProofOfPossession(popoType, popoPrivKey));
    } else if (agreeMAC != null) {
        v.add(new ProofOfPossession(ProofOfPossession.TYPE_KEY_AGREEMENT, POPOPrivKey.getInstance(new DERTaggedObject(false, POPOPrivKey.agreeMAC, agreeMAC))));
    } else if (popRaVerified != null) {
        v.add(new ProofOfPossession());
    }
    return new CertificateRequestMessage(CertReqMsg.getInstance(new DERSequence(v)));
}
Also used : DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject) ProofOfPossession(com.github.zhenwei.pkix.util.asn1.crmf.ProofOfPossession) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer) SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo) AttributeTypeAndValue(com.github.zhenwei.pkix.util.asn1.crmf.AttributeTypeAndValue) DERSequence(com.github.zhenwei.core.asn1.DERSequence) CertRequest(com.github.zhenwei.pkix.util.asn1.crmf.CertRequest) Iterator(java.util.Iterator) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) CertTemplate(com.github.zhenwei.pkix.util.asn1.crmf.CertTemplate)

Aggregations

POPOSigningKey (org.bouncycastle.asn1.crmf.POPOSigningKey)5 ProofOfPossession (org.bouncycastle.asn1.crmf.ProofOfPossession)5 CRMFException (org.bouncycastle.cert.crmf.CRMFException)3 ContentVerifierProvider (org.bouncycastle.operator.ContentVerifierProvider)3 ProofOfPossession (com.github.zhenwei.pkix.util.asn1.crmf.ProofOfPossession)2 ECPublicKey (java.security.interfaces.ECPublicKey)2 RSAPublicKey (java.security.interfaces.RSAPublicKey)2 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2 IssuerAndSerialNumber (org.bouncycastle.asn1.cms.IssuerAndSerialNumber)2 CertRequest (org.bouncycastle.asn1.crmf.CertRequest)2 CertTemplateBuilder (org.bouncycastle.asn1.crmf.CertTemplateBuilder)2 DhSigStatic (org.bouncycastle.asn1.crmf.DhSigStatic)2 X500Name (org.bouncycastle.asn1.x500.X500Name)2 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)2 ProofOfPossessionSigningKeyBuilder (org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder)2 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)1 ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)1 DERSequence (com.github.zhenwei.core.asn1.DERSequence)1 DERTaggedObject (com.github.zhenwei.core.asn1.DERTaggedObject)1 SubjectPublicKeyInfo (com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial