Example 11 with InfoTypeAndValue
use of org.bouncycastle.asn1.cmp.InfoTypeAndValue in project xipki by xipki.
the class X509CmpRequestor method buildCertConfirmRequest.
// method requestCertificate0
private PKIMessage buildCertConfirmRequest(ASN1OctetString tid, CertificateConfirmationContentBuilder certConfirmBuilder) throws CmpRequestorException {
PKIHeader header = buildPkiHeader(implicitConfirm, tid, null, (InfoTypeAndValue[]) null);
CertificateConfirmationContent certConfirm;
try {
certConfirm = certConfirmBuilder.build(DIGEST_CALCULATOR_PROVIDER);
} catch (CMPException ex) {
throw new CmpRequestorException(ex.getMessage(), ex);
}
PKIBody body = new PKIBody(PKIBody.TYPE_CERT_CONFIRM, certConfirm.toASN1Structure());
return new PKIMessage(header, body);
}
Also used :
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
CertificateConfirmationContent(org.bouncycastle.cert.cmp.CertificateConfirmationContent)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
CMPException(org.bouncycastle.cert.cmp.CMPException)
InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)
Example 12 with InfoTypeAndValue
use of org.bouncycastle.asn1.cmp.InfoTypeAndValue in project xipki by xipki.
the class CmpCaClient method cmpCaCerts.
private Certificate[] cmpCaCerts() throws Exception {
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
builder.setMessageTime(new Date());
builder.setTransactionID(randomTransactionId());
builder.setSenderNonce(randomSenderNonce());
InfoTypeAndValue itv = new InfoTypeAndValue(id_xipki_cmp);
PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, new GenMsgContent(itv));
builder.setBody(body);
ProtectedPKIMessage request = builder.build(requestorSigner);
PKIMessage response = transmit(request);
ASN1Encodable asn1Value = extractGeneralRepContent(response, id_xipki_cmp.getId());
ASN1Sequence seq = ASN1Sequence.getInstance(asn1Value);
final int size = seq.size();
Certificate[] caCerts = new Certificate[size];
for (int i = 0; i < size; i++) {
caCerts[i] = CMPCertificate.getInstance(seq.getObjectAt(i)).getX509v3PKCert();
}
return caCerts;
}
Also used :
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
GenMsgContent(org.bouncycastle.asn1.cmp.GenMsgContent)
InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
CMPCertificate(org.bouncycastle.asn1.cmp.CMPCertificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 13 with InfoTypeAndValue
use of org.bouncycastle.asn1.cmp.InfoTypeAndValue in project xipki by xipki.
the class CmpCaClient method requestCertViaCrmf.
public X509Certificate requestCertViaCrmf(String certProfile, PrivateKey privateKey, SubjectPublicKeyInfo publicKeyInfo, String subject) throws Exception {
CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
certTemplateBuilder.setSubject(new X500Name(subject));
certTemplateBuilder.setPublicKey(publicKeyInfo);
CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq);
ContentSigner popoSigner = buildSigner(privateKey);
POPOSigningKey popoSk = popoBuilder.build(popoSigner);
ProofOfPossession popo = new ProofOfPossession(popoSk);
AttributeTypeAndValue certprofileInfo = new AttributeTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + certProfile + "%"));
AttributeTypeAndValue[] atvs = { certprofileInfo };
CertReqMsg certReqMsg = new CertReqMsg(certReq, popo, atvs);
PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsg));
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
builder.setMessageTime(new Date());
builder.setTransactionID(randomTransactionId());
builder.setSenderNonce(randomSenderNonce());
builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
builder.setBody(body);
ProtectedPKIMessage request = builder.build(requestorSigner);
PKIMessage response = transmit(request);
return parseEnrollCertResult(response);
}
Also used :
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
CertReqMessages(org.bouncycastle.asn1.crmf.CertReqMessages)
CertReqMsg(org.bouncycastle.asn1.crmf.CertReqMsg)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession)
X500Name(org.bouncycastle.asn1.x500.X500Name)
AttributeTypeAndValue(org.bouncycastle.asn1.crmf.AttributeTypeAndValue)
Date(java.util.Date)
CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder)
CertRequest(org.bouncycastle.asn1.crmf.CertRequest)
InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)
ProofOfPossessionSigningKeyBuilder(org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder)
ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)
POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey)
Example 14 with InfoTypeAndValue
use of org.bouncycastle.asn1.cmp.InfoTypeAndValue in project xipki by xipki.
the class CmpUtil method addProtection.
public static PKIMessage addProtection(PKIMessage pkiMessage, ConcurrentContentSigner signer, GeneralName signerName, boolean addSignerCert) throws CMPException, NoIdleSignerException {
ParamUtil.requireNonNull("pkiMessage", pkiMessage);
ParamUtil.requireNonNull("signer", signer);
final GeneralName tmpSignerName;
if (signerName != null) {
tmpSignerName = signerName;
} else {
if (signer.getCertificate() == null) {
throw new IllegalArgumentException("signer without certificate is not allowed");
}
X500Name x500Name = X500Name.getInstance(signer.getCertificate().getSubjectX500Principal().getEncoded());
tmpSignerName = new GeneralName(x500Name);
}
PKIHeader header = pkiMessage.getHeader();
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(tmpSignerName, header.getRecipient());
PKIFreeText freeText = header.getFreeText();
if (freeText != null) {
builder.setFreeText(freeText);
}
InfoTypeAndValue[] generalInfo = header.getGeneralInfo();
if (generalInfo != null) {
for (InfoTypeAndValue gi : generalInfo) {
builder.addGeneralInfo(gi);
}
}
ASN1OctetString octet = header.getRecipKID();
if (octet != null) {
builder.setRecipKID(octet.getOctets());
}
octet = header.getRecipNonce();
if (octet != null) {
builder.setRecipNonce(octet.getOctets());
}
octet = header.getSenderKID();
if (octet != null) {
builder.setSenderKID(octet.getOctets());
}
octet = header.getSenderNonce();
if (octet != null) {
builder.setSenderNonce(octet.getOctets());
}
octet = header.getTransactionID();
if (octet != null) {
builder.setTransactionID(octet.getOctets());
}
if (header.getMessageTime() != null) {
builder.setMessageTime(new Date());
}
builder.setBody(pkiMessage.getBody());
if (addSignerCert) {
X509CertificateHolder signerCert = signer.getBcCertificate();
builder.addCMPCertificate(signerCert);
}
ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
ProtectedPKIMessage signedMessage;
try {
signedMessage = builder.build(signer0.value());
} finally {
signer.requiteSigner(signer0);
}
return signedMessage.toASN1Structure();
}
Also used :
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner)
Date(java.util.Date)
PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)
Aggregations
InfoTypeAndValue (org.bouncycastle.asn1.cmp.InfoTypeAndValue)14
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)11
Date (java.util.Date)6
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)6
ProtectedPKIMessage (org.bouncycastle.cert.cmp.ProtectedPKIMessage)6
GeneralPKIMessage (org.bouncycastle.cert.cmp.GeneralPKIMessage)5
GenMsgContent (org.bouncycastle.asn1.cmp.GenMsgContent)4
GenRepContent (org.bouncycastle.asn1.cmp.GenRepContent)4
PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)4
ProtectedPKIMessageBuilder (org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)4
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)3
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)3
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3
ErrorMsgContent (org.bouncycastle.asn1.cmp.ErrorMsgContent)3
CRLException (java.security.cert.CRLException)2
X509CRL (java.security.cert.X509CRL)2
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)2
ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)2
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)2
