Search in sources :

Example 1 with CertTemplateBuilder

use of org.bouncycastle.asn1.crmf.CertTemplateBuilder in project xipki by xipki.

the class CaLoadTestTemplateEnroll method nextCertRequests.

private Map<Integer, CertRequestWithProfile> nextCertRequests() {
    if (maxRequests > 0) {
        int num = processedRequests.getAndAdd(1);
        if (num >= maxRequests) {
            return null;
        }
    }
    Map<Integer, CertRequestWithProfile> certRequests = new HashMap<>();
    final int n = loadtestEntries.size();
    for (int i = 0; i < n; i++) {
        LoadTestEntry loadtestEntry = loadtestEntries.get(i);
        final int certId = i + 1;
        CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
        long thisIndex = index.getAndIncrement();
        certTempBuilder.setSubject(loadtestEntry.getX500Name(thisIndex));
        SubjectPublicKeyInfo spki = loadtestEntry.getSubjectPublicKeyInfo();
        certTempBuilder.setPublicKey(spki);
        CertTemplate certTemplate = certTempBuilder.build();
        CertRequest certRequest = new CertRequest(certId, certTemplate, null);
        CertRequestWithProfile requestWithCertprofile = new CertRequestWithProfile(loadtestEntry.getCertprofile(), certRequest);
        certRequests.put(certId, requestWithCertprofile);
    }
    return certRequests;
}
Also used : AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) HashMap(java.util.HashMap) EnrollCertRequest(org.xipki.ca.client.api.dto.EnrollCertRequest) CertRequest(org.bouncycastle.asn1.crmf.CertRequest) CertTemplate(org.bouncycastle.asn1.crmf.CertTemplate) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)

Example 2 with CertTemplateBuilder

use of org.bouncycastle.asn1.crmf.CertTemplateBuilder in project xipki by xipki.

the class X509CmpRequestor method buildUnrevokeOrRemoveCertRequest.

// method buildRevokeCertRequest
private PKIMessage buildUnrevokeOrRemoveCertRequest(UnrevokeOrRemoveCertRequest request, int reasonCode) throws CmpRequestorException {
    PKIHeader header = buildPkiHeader(null);
    List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
    List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
    for (UnrevokeOrRemoveCertEntry requestEntry : requestEntries) {
        CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
        certTempBuilder.setIssuer(requestEntry.getIssuer());
        certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
        byte[] aki = requestEntry.getAuthorityKeyIdentifier();
        if (aki != null) {
            Extensions certTempExts = getCertTempExtensions(aki);
            certTempBuilder.setExtensions(certTempExts);
        }
        Extension[] extensions = new Extension[1];
        try {
            ASN1Enumerated reason = new ASN1Enumerated(reasonCode);
            extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
        } catch (IOException ex) {
            throw new CmpRequestorException(ex.getMessage(), ex);
        }
        Extensions exts = new Extensions(extensions);
        RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
        revDetailsArray.add(revDetails);
    }
    RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
    PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
    return new PKIMessage(header, body);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) ArrayList(java.util.ArrayList) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent) DEROctetString(org.bouncycastle.asn1.DEROctetString) Extension(org.bouncycastle.asn1.x509.Extension) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry) RevDetails(org.bouncycastle.asn1.cmp.RevDetails)

Example 3 with CertTemplateBuilder

use of org.bouncycastle.asn1.crmf.CertTemplateBuilder in project xipki by xipki.

the class X509CmpRequestor method buildRevokeCertRequest.

private PKIMessage buildRevokeCertRequest(RevokeCertRequest request) throws CmpRequestorException {
    PKIHeader header = buildPkiHeader(null);
    List<RevokeCertRequestEntry> requestEntries = request.getRequestEntries();
    List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
    for (RevokeCertRequestEntry requestEntry : requestEntries) {
        CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
        certTempBuilder.setIssuer(requestEntry.getIssuer());
        certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
        byte[] aki = requestEntry.getAuthorityKeyIdentifier();
        if (aki != null) {
            Extensions certTempExts = getCertTempExtensions(aki);
            certTempBuilder.setExtensions(certTempExts);
        }
        Date invalidityDate = requestEntry.getInvalidityDate();
        int idx = (invalidityDate == null) ? 1 : 2;
        Extension[] extensions = new Extension[idx];
        try {
            ASN1Enumerated reason = new ASN1Enumerated(requestEntry.getReason());
            extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
            if (invalidityDate != null) {
                ASN1GeneralizedTime time = new ASN1GeneralizedTime(invalidityDate);
                extensions[1] = new Extension(Extension.invalidityDate, true, new DEROctetString(time.getEncoded()));
            }
        } catch (IOException ex) {
            throw new CmpRequestorException(ex.getMessage(), ex);
        }
        Extensions exts = new Extensions(extensions);
        RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
        revDetailsArray.add(revDetails);
    }
    RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
    PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
    return new PKIMessage(header, body);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) RevokeCertRequestEntry(org.xipki.ca.client.api.dto.RevokeCertRequestEntry) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) ArrayList(java.util.ArrayList) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent) Date(java.util.Date) DEROctetString(org.bouncycastle.asn1.DEROctetString) Extension(org.bouncycastle.asn1.x509.Extension) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) RevDetails(org.bouncycastle.asn1.cmp.RevDetails)

Example 4 with CertTemplateBuilder

use of org.bouncycastle.asn1.crmf.CertTemplateBuilder in project xipki by xipki.

the class CmpCaClient method requestCertViaCrmf.

public X509Certificate requestCertViaCrmf(String certProfile, PrivateKey privateKey, SubjectPublicKeyInfo publicKeyInfo, String subject) throws Exception {
    CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
    certTemplateBuilder.setSubject(new X500Name(subject));
    certTemplateBuilder.setPublicKey(publicKeyInfo);
    CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
    ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq);
    ContentSigner popoSigner = buildSigner(privateKey);
    POPOSigningKey popoSk = popoBuilder.build(popoSigner);
    ProofOfPossession popo = new ProofOfPossession(popoSk);
    AttributeTypeAndValue certprofileInfo = new AttributeTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + certProfile + "%"));
    AttributeTypeAndValue[] atvs = { certprofileInfo };
    CertReqMsg certReqMsg = new CertReqMsg(certReq, popo, atvs);
    PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsg));
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
    builder.setMessageTime(new Date());
    builder.setTransactionID(randomTransactionId());
    builder.setSenderNonce(randomSenderNonce());
    builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
    builder.setBody(body);
    ProtectedPKIMessage request = builder.build(requestorSigner);
    PKIMessage response = transmit(request);
    return parseEnrollCertResult(response);
}
Also used : ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) CertReqMessages(org.bouncycastle.asn1.crmf.CertReqMessages) CertReqMsg(org.bouncycastle.asn1.crmf.CertReqMsg) ContentSigner(org.bouncycastle.operator.ContentSigner) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession) X500Name(org.bouncycastle.asn1.x500.X500Name) AttributeTypeAndValue(org.bouncycastle.asn1.crmf.AttributeTypeAndValue) Date(java.util.Date) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) CertRequest(org.bouncycastle.asn1.crmf.CertRequest) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ProofOfPossessionSigningKeyBuilder(org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder) POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey)

Example 5 with CertTemplateBuilder

use of org.bouncycastle.asn1.crmf.CertTemplateBuilder in project xipki by xipki.

the class CmpCaClient method revokeCert.

// method requestCerts
public boolean revokeCert(BigInteger serialNumber, CRLReason reason) throws Exception {
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
    builder.setMessageTime(new Date());
    builder.setTransactionID(randomTransactionId());
    builder.setSenderNonce(randomSenderNonce());
    CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
    certTempBuilder.setIssuer(caSubject);
    certTempBuilder.setSerialNumber(new ASN1Integer(serialNumber));
    AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(caSubjectKeyIdentifier);
    byte[] encodedAki = aki.getEncoded();
    Extension extAki = new Extension(Extension.authorityKeyIdentifier, false, encodedAki);
    Extensions certTempExts = new Extensions(extAki);
    certTempBuilder.setExtensions(certTempExts);
    ASN1Enumerated asn1Reason = new ASN1Enumerated(reason.getValue().intValue());
    Extensions exts = new Extensions(new Extension(Extension.reasonCode, true, new DEROctetString(asn1Reason.getEncoded())));
    RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
    RevReqContent content = new RevReqContent(revDetails);
    builder.setBody(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content));
    ProtectedPKIMessage request = builder.build(requestorSigner);
    PKIMessage response = transmit(request);
    return parseRevocationResult(response, serialNumber);
}
Also used : ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) Extensions(org.bouncycastle.asn1.x509.Extensions) RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent) Date(java.util.Date) DEROctetString(org.bouncycastle.asn1.DEROctetString) Extension(org.bouncycastle.asn1.x509.Extension) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder) RevDetails(org.bouncycastle.asn1.cmp.RevDetails)

Aggregations

CertTemplateBuilder (org.bouncycastle.asn1.crmf.CertTemplateBuilder)7 DEROctetString (org.bouncycastle.asn1.DEROctetString)4 PKIBody (org.bouncycastle.asn1.cmp.PKIBody)4 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)4 CertRequest (org.bouncycastle.asn1.crmf.CertRequest)4 Extension (org.bouncycastle.asn1.x509.Extension)4 Extensions (org.bouncycastle.asn1.x509.Extensions)4 Date (java.util.Date)3 ASN1Enumerated (org.bouncycastle.asn1.ASN1Enumerated)3 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)3 RevDetails (org.bouncycastle.asn1.cmp.RevDetails)3 RevReqContent (org.bouncycastle.asn1.cmp.RevReqContent)3 EnrollCertRequest (org.xipki.ca.client.api.dto.EnrollCertRequest)3 IOException (java.io.IOException)2 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2 PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)2 POPOSigningKey (org.bouncycastle.asn1.crmf.POPOSigningKey)2 ProofOfPossession (org.bouncycastle.asn1.crmf.ProofOfPossession)2