Search in sources :

Example 6 with ProtectedPKIMessage

use of org.bouncycastle.cert.cmp.ProtectedPKIMessage in project xipki by xipki.

the class CmpCaClient method requestCertViaCrmf.

public X509Certificate requestCertViaCrmf(String certProfile, PrivateKey privateKey, SubjectPublicKeyInfo publicKeyInfo, String subject) throws Exception {
    CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
    certTemplateBuilder.setSubject(new X500Name(subject));
    certTemplateBuilder.setPublicKey(publicKeyInfo);
    CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
    ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq);
    ContentSigner popoSigner = buildSigner(privateKey);
    POPOSigningKey popoSk = popoBuilder.build(popoSigner);
    ProofOfPossession popo = new ProofOfPossession(popoSk);
    AttributeTypeAndValue certprofileInfo = new AttributeTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + certProfile + "%"));
    AttributeTypeAndValue[] atvs = { certprofileInfo };
    CertReqMsg certReqMsg = new CertReqMsg(certReq, popo, atvs);
    PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsg));
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
    builder.setMessageTime(new Date());
    builder.setTransactionID(randomTransactionId());
    builder.setSenderNonce(randomSenderNonce());
    builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
    builder.setBody(body);
    ProtectedPKIMessage request = builder.build(requestorSigner);
    PKIMessage response = transmit(request);
    return parseEnrollCertResult(response);
}
Also used : ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) CertReqMessages(org.bouncycastle.asn1.crmf.CertReqMessages) CertReqMsg(org.bouncycastle.asn1.crmf.CertReqMsg) ContentSigner(org.bouncycastle.operator.ContentSigner) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession) X500Name(org.bouncycastle.asn1.x500.X500Name) AttributeTypeAndValue(org.bouncycastle.asn1.crmf.AttributeTypeAndValue) Date(java.util.Date) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) CertRequest(org.bouncycastle.asn1.crmf.CertRequest) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ProofOfPossessionSigningKeyBuilder(org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder) POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey)

Example 7 with ProtectedPKIMessage

use of org.bouncycastle.cert.cmp.ProtectedPKIMessage in project xipki by xipki.

the class CmpCaClient method revokeCert.

// method requestCerts
public boolean revokeCert(BigInteger serialNumber, CRLReason reason) throws Exception {
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
    builder.setMessageTime(new Date());
    builder.setTransactionID(randomTransactionId());
    builder.setSenderNonce(randomSenderNonce());
    CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
    certTempBuilder.setIssuer(caSubject);
    certTempBuilder.setSerialNumber(new ASN1Integer(serialNumber));
    AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(caSubjectKeyIdentifier);
    byte[] encodedAki = aki.getEncoded();
    Extension extAki = new Extension(Extension.authorityKeyIdentifier, false, encodedAki);
    Extensions certTempExts = new Extensions(extAki);
    certTempBuilder.setExtensions(certTempExts);
    ASN1Enumerated asn1Reason = new ASN1Enumerated(reason.getValue().intValue());
    Extensions exts = new Extensions(new Extension(Extension.reasonCode, true, new DEROctetString(asn1Reason.getEncoded())));
    RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
    RevReqContent content = new RevReqContent(revDetails);
    builder.setBody(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content));
    ProtectedPKIMessage request = builder.build(requestorSigner);
    PKIMessage response = transmit(request);
    return parseRevocationResult(response, serialNumber);
}
Also used : ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) Extensions(org.bouncycastle.asn1.x509.Extensions) RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent) Date(java.util.Date) DEROctetString(org.bouncycastle.asn1.DEROctetString) Extension(org.bouncycastle.asn1.x509.Extension) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder) RevDetails(org.bouncycastle.asn1.cmp.RevDetails)

Example 8 with ProtectedPKIMessage

use of org.bouncycastle.cert.cmp.ProtectedPKIMessage in project xipki by xipki.

the class CmpUtil method addProtection.

public static PKIMessage addProtection(PKIMessage pkiMessage, ConcurrentContentSigner signer, GeneralName signerName, boolean addSignerCert) throws CMPException, NoIdleSignerException {
    ParamUtil.requireNonNull("pkiMessage", pkiMessage);
    ParamUtil.requireNonNull("signer", signer);
    final GeneralName tmpSignerName;
    if (signerName != null) {
        tmpSignerName = signerName;
    } else {
        if (signer.getCertificate() == null) {
            throw new IllegalArgumentException("signer without certificate is not allowed");
        }
        X500Name x500Name = X500Name.getInstance(signer.getCertificate().getSubjectX500Principal().getEncoded());
        tmpSignerName = new GeneralName(x500Name);
    }
    PKIHeader header = pkiMessage.getHeader();
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(tmpSignerName, header.getRecipient());
    PKIFreeText freeText = header.getFreeText();
    if (freeText != null) {
        builder.setFreeText(freeText);
    }
    InfoTypeAndValue[] generalInfo = header.getGeneralInfo();
    if (generalInfo != null) {
        for (InfoTypeAndValue gi : generalInfo) {
            builder.addGeneralInfo(gi);
        }
    }
    ASN1OctetString octet = header.getRecipKID();
    if (octet != null) {
        builder.setRecipKID(octet.getOctets());
    }
    octet = header.getRecipNonce();
    if (octet != null) {
        builder.setRecipNonce(octet.getOctets());
    }
    octet = header.getSenderKID();
    if (octet != null) {
        builder.setSenderKID(octet.getOctets());
    }
    octet = header.getSenderNonce();
    if (octet != null) {
        builder.setSenderNonce(octet.getOctets());
    }
    octet = header.getTransactionID();
    if (octet != null) {
        builder.setTransactionID(octet.getOctets());
    }
    if (header.getMessageTime() != null) {
        builder.setMessageTime(new Date());
    }
    builder.setBody(pkiMessage.getBody());
    if (addSignerCert) {
        X509CertificateHolder signerCert = signer.getBcCertificate();
        builder.addCMPCertificate(signerCert);
    }
    ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
    ProtectedPKIMessage signedMessage;
    try {
        signedMessage = builder.build(signer0.value());
    } finally {
        signer.requiteSigner(signer0);
    }
    return signedMessage.toASN1Structure();
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) X500Name(org.bouncycastle.asn1.x500.X500Name) ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner) Date(java.util.Date) PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)

Aggregations

ProtectedPKIMessage (org.bouncycastle.cert.cmp.ProtectedPKIMessage)8 Date (java.util.Date)5 ProtectedPKIMessageBuilder (org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)5 InfoTypeAndValue (org.bouncycastle.asn1.cmp.InfoTypeAndValue)4 PKIBody (org.bouncycastle.asn1.cmp.PKIBody)4 PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)4 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)4 GeneralPKIMessage (org.bouncycastle.cert.cmp.GeneralPKIMessage)4 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)3 DEROctetString (org.bouncycastle.asn1.DEROctetString)3 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3 X500Name (org.bouncycastle.asn1.x500.X500Name)3 ContentVerifierProvider (org.bouncycastle.operator.ContentVerifierProvider)3 X509Certificate (java.security.cert.X509Certificate)2 CertTemplateBuilder (org.bouncycastle.asn1.crmf.CertTemplateBuilder)2 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)2 ProtectionVerificationResult (org.xipki.cmp.ProtectionVerificationResult)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1 ASN1Enumerated (org.bouncycastle.asn1.ASN1Enumerated)1