Example 26 with PKIMessage
use of org.bouncycastle.asn1.cmp.PKIMessage in project xipki by xipki.
the class X509CmpRequestor method retrieveCaInfo.
public CaInfo retrieveCaInfo(String caName, RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonBlank("caName", caName);
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new ASN1Integer(2));
ASN1Sequence acceptVersions = new DERSequence(vec);
int action = XiSecurityConstants.CMP_ACTION_GET_CAINFO;
PKIMessage request = buildMessageWithXipkAction(action, acceptVersions);
PkiResponse response = signAndSend(request, debug);
ASN1Encodable itvValue = extractXipkiActionRepContent(response, action);
DERUTF8String utf8Str = DERUTF8String.getInstance(itvValue);
String systemInfoStr = utf8Str.getString();
LOG.debug("CAInfo for CA {}: {}", caName, systemInfoStr);
Document doc;
try {
doc = xmlDocBuilder.parse(new ByteArrayInputStream(systemInfoStr.getBytes("UTF-8")));
} catch (SAXException | IOException ex) {
throw new CmpRequestorException("could not parse the returned systemInfo for CA " + caName + ": " + ex.getMessage(), ex);
}
final String namespace = null;
Element root = doc.getDocumentElement();
String str = root.getAttribute("version");
if (StringUtil.isBlank(str)) {
str = root.getAttributeNS(namespace, "version");
}
int version = StringUtil.isBlank(str) ? 1 : Integer.parseInt(str);
if (version == 2) {
// CACert
X509Certificate caCert;
String b64CaCert = XmlUtil.getValueOfFirstElementChild(root, namespace, "CACert");
try {
caCert = X509Util.parseBase64EncodedCert(b64CaCert);
} catch (CertificateException ex) {
throw new CmpRequestorException("could no parse the CA certificate", ex);
}
// CmpControl
ClientCmpControl cmpControl = null;
Element cmpCtrlElement = XmlUtil.getFirstElementChild(root, namespace, "cmpControl");
if (cmpCtrlElement != null) {
String tmpStr = XmlUtil.getValueOfFirstElementChild(cmpCtrlElement, namespace, "rrAkiRequired");
boolean required = (tmpStr == null) ? false : Boolean.parseBoolean(tmpStr);
cmpControl = new ClientCmpControl(required);
}
// certprofiles
Set<String> profileNames = new HashSet<>();
Element profilesElement = XmlUtil.getFirstElementChild(root, namespace, "certprofiles");
Set<CertprofileInfo> profiles = new HashSet<>();
if (profilesElement != null) {
List<Element> profileElements = XmlUtil.getElementChilden(profilesElement, namespace, "certprofile");
for (Element element : profileElements) {
String name = XmlUtil.getValueOfFirstElementChild(element, namespace, "name");
String type = XmlUtil.getValueOfFirstElementChild(element, namespace, "type");
String conf = XmlUtil.getValueOfFirstElementChild(element, namespace, "conf");
CertprofileInfo profile = new CertprofileInfo(name, type, conf);
profiles.add(profile);
profileNames.add(name);
LOG.debug("configured for CA {} certprofile (name={}, type={}, conf={})", caName, name, type, conf);
}
}
LOG.info("CA {} supports profiles {}", caName, profileNames);
return new CaInfo(caCert, cmpControl, profiles);
} else {
throw new CmpRequestorException("unknown CAInfo version " + version);
}
}
Also used :
PkiResponse(org.xipki.cmp.PkiResponse)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
Element(org.w3c.dom.Element)
CertificateException(java.security.cert.CertificateException)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Document(org.w3c.dom.Document)
SAXException(org.xml.sax.SAXException)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
HashSet(java.util.HashSet)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
CertprofileInfo(org.xipki.ca.client.api.CertprofileInfo)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Example 27 with PKIMessage
use of org.bouncycastle.asn1.cmp.PKIMessage in project xipki by xipki.
the class X509CmpRequestor method envelope.
public PKIMessage envelope(CertRequest req, ProofOfPossession pop, String profileName) throws CmpRequestorException {
ParamUtil.requireNonNull("req", req);
ParamUtil.requireNonNull("pop", pop);
ParamUtil.requireNonNull("profileName", profileName);
PKIMessage request = buildPkiMessage(req, pop, profileName);
return sign(request);
}
Also used :
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
Example 28 with PKIMessage
use of org.bouncycastle.asn1.cmp.PKIMessage in project xipki by xipki.
the class X509CmpRequestor method buildUnrevokeOrRemoveCertRequest.
// method buildRevokeCertRequest
private PKIMessage buildUnrevokeOrRemoveCertRequest(UnrevokeOrRemoveCertRequest request, int reasonCode) throws CmpRequestorException {
PKIHeader header = buildPkiHeader(null);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
for (UnrevokeOrRemoveCertEntry requestEntry : requestEntries) {
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
certTempBuilder.setIssuer(requestEntry.getIssuer());
certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
byte[] aki = requestEntry.getAuthorityKeyIdentifier();
if (aki != null) {
Extensions certTempExts = getCertTempExtensions(aki);
certTempBuilder.setExtensions(certTempExts);
}
Extension[] extensions = new Extension[1];
try {
ASN1Enumerated reason = new ASN1Enumerated(reasonCode);
extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
} catch (IOException ex) {
throw new CmpRequestorException(ex.getMessage(), ex);
}
Extensions exts = new Extensions(extensions);
RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
revDetailsArray.add(revDetails);
}
RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
return new PKIMessage(header, body);
}
Also used :
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
ArrayList(java.util.ArrayList)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Extension(org.bouncycastle.asn1.x509.Extension)
CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder)
ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated)
UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry)
RevDetails(org.bouncycastle.asn1.cmp.RevDetails)
Example 29 with PKIMessage
use of org.bouncycastle.asn1.cmp.PKIMessage in project xipki by xipki.
the class X509CmpRequestor method removeCertificate.
public RevokeCertResultType removeCertificate(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
PKIMessage reqMessage = buildUnrevokeOrRemoveCertRequest(request, XiSecurityConstants.CMP_CRL_REASON_REMOVE);
PkiResponse response = signAndSend(reqMessage, debug);
return parse(response, request.getRequestEntries());
}
Also used :
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
PkiResponse(org.xipki.cmp.PkiResponse)
Example 30 with PKIMessage
use of org.bouncycastle.asn1.cmp.PKIMessage in project xipki by xipki.
the class X509CmpRequestor method buildPkiMessage.
// method buildPkiMessage
private PKIMessage buildPkiMessage(CertRequest req, ProofOfPossession pop, String profileName) {
PKIHeader header = buildPkiHeader(implicitConfirm, null);
CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERTPROFILE, profileName);
AttributeTypeAndValue certprofileInfo = CmpUtil.buildAttributeTypeAndValue(utf8Pairs);
CertReqMsg[] certReqMsgs = new CertReqMsg[1];
certReqMsgs[0] = new CertReqMsg(req, pop, new AttributeTypeAndValue[] { certprofileInfo });
PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsgs));
return new PKIMessage(header, body);
}
Also used :
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
CertReqMessages(org.bouncycastle.asn1.crmf.CertReqMessages)
CmpUtf8Pairs(org.xipki.cmp.CmpUtf8Pairs)
CertReqMsg(org.bouncycastle.asn1.crmf.CertReqMsg)
AttributeTypeAndValue(org.bouncycastle.asn1.crmf.AttributeTypeAndValue)
Aggregations
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)31
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)24
Date (java.util.Date)18
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)16
PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)16
IOException (java.io.IOException)14
ProtectedPKIMessage (org.bouncycastle.cert.cmp.ProtectedPKIMessage)13
X509Certificate (java.security.cert.X509Certificate)12
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)11
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)11
GeneralPKIMessage (org.bouncycastle.cert.cmp.GeneralPKIMessage)11
DEROctetString (org.bouncycastle.asn1.DEROctetString)10
InfoTypeAndValue (org.bouncycastle.asn1.cmp.InfoTypeAndValue)9
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)9
BigInteger (java.math.BigInteger)8
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)8
X500Name (org.bouncycastle.asn1.x500.X500Name)7
Extensions (org.bouncycastle.asn1.x509.Extensions)7
InvalidKeyException (java.security.InvalidKeyException)6
CertificateException (java.security.cert.CertificateException)6
