Example 6 with ProtectedPKIMessage
use of org.bouncycastle.cert.cmp.ProtectedPKIMessage in project xipki by xipki.
the class CmpCaClient method requestCertViaCrmf.
public X509Certificate requestCertViaCrmf(String certProfile, PrivateKey privateKey, SubjectPublicKeyInfo publicKeyInfo, String subject) throws Exception {
CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
certTemplateBuilder.setSubject(new X500Name(subject));
certTemplateBuilder.setPublicKey(publicKeyInfo);
CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq);
ContentSigner popoSigner = buildSigner(privateKey);
POPOSigningKey popoSk = popoBuilder.build(popoSigner);
ProofOfPossession popo = new ProofOfPossession(popoSk);
AttributeTypeAndValue certprofileInfo = new AttributeTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + certProfile + "%"));
AttributeTypeAndValue[] atvs = { certprofileInfo };
CertReqMsg certReqMsg = new CertReqMsg(certReq, popo, atvs);
PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsg));
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
builder.setMessageTime(new Date());
builder.setTransactionID(randomTransactionId());
builder.setSenderNonce(randomSenderNonce());
builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
builder.setBody(body);
ProtectedPKIMessage request = builder.build(requestorSigner);
PKIMessage response = transmit(request);
return parseEnrollCertResult(response);
}
Also used :
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
CertReqMessages(org.bouncycastle.asn1.crmf.CertReqMessages)
CertReqMsg(org.bouncycastle.asn1.crmf.CertReqMsg)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession)
X500Name(org.bouncycastle.asn1.x500.X500Name)
AttributeTypeAndValue(org.bouncycastle.asn1.crmf.AttributeTypeAndValue)
Date(java.util.Date)
CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder)
CertRequest(org.bouncycastle.asn1.crmf.CertRequest)
InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)
ProofOfPossessionSigningKeyBuilder(org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder)
ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)
POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey)
Example 7 with ProtectedPKIMessage
use of org.bouncycastle.cert.cmp.ProtectedPKIMessage in project xipki by xipki.
the class CmpCaClient method revokeCert.
// method requestCerts
public boolean revokeCert(BigInteger serialNumber, CRLReason reason) throws Exception {
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
builder.setMessageTime(new Date());
builder.setTransactionID(randomTransactionId());
builder.setSenderNonce(randomSenderNonce());
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
certTempBuilder.setIssuer(caSubject);
certTempBuilder.setSerialNumber(new ASN1Integer(serialNumber));
AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(caSubjectKeyIdentifier);
byte[] encodedAki = aki.getEncoded();
Extension extAki = new Extension(Extension.authorityKeyIdentifier, false, encodedAki);
Extensions certTempExts = new Extensions(extAki);
certTempBuilder.setExtensions(certTempExts);
ASN1Enumerated asn1Reason = new ASN1Enumerated(reason.getValue().intValue());
Extensions exts = new Extensions(new Extension(Extension.reasonCode, true, new DEROctetString(asn1Reason.getEncoded())));
RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
RevReqContent content = new RevReqContent(revDetails);
builder.setBody(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content));
ProtectedPKIMessage request = builder.build(requestorSigner);
PKIMessage response = transmit(request);
return parseRevocationResult(response, serialNumber);
}
Also used :
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Extensions(org.bouncycastle.asn1.x509.Extensions)
RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent)
Date(java.util.Date)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Extension(org.bouncycastle.asn1.x509.Extension)
CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder)
ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated)
ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)
RevDetails(org.bouncycastle.asn1.cmp.RevDetails)
Example 8 with ProtectedPKIMessage
use of org.bouncycastle.cert.cmp.ProtectedPKIMessage in project xipki by xipki.
the class CmpUtil method addProtection.
public static PKIMessage addProtection(PKIMessage pkiMessage, ConcurrentContentSigner signer, GeneralName signerName, boolean addSignerCert) throws CMPException, NoIdleSignerException {
ParamUtil.requireNonNull("pkiMessage", pkiMessage);
ParamUtil.requireNonNull("signer", signer);
final GeneralName tmpSignerName;
if (signerName != null) {
tmpSignerName = signerName;
} else {
if (signer.getCertificate() == null) {
throw new IllegalArgumentException("signer without certificate is not allowed");
}
X500Name x500Name = X500Name.getInstance(signer.getCertificate().getSubjectX500Principal().getEncoded());
tmpSignerName = new GeneralName(x500Name);
}
PKIHeader header = pkiMessage.getHeader();
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(tmpSignerName, header.getRecipient());
PKIFreeText freeText = header.getFreeText();
if (freeText != null) {
builder.setFreeText(freeText);
}
InfoTypeAndValue[] generalInfo = header.getGeneralInfo();
if (generalInfo != null) {
for (InfoTypeAndValue gi : generalInfo) {
builder.addGeneralInfo(gi);
}
}
ASN1OctetString octet = header.getRecipKID();
if (octet != null) {
builder.setRecipKID(octet.getOctets());
}
octet = header.getRecipNonce();
if (octet != null) {
builder.setRecipNonce(octet.getOctets());
}
octet = header.getSenderKID();
if (octet != null) {
builder.setSenderKID(octet.getOctets());
}
octet = header.getSenderNonce();
if (octet != null) {
builder.setSenderNonce(octet.getOctets());
}
octet = header.getTransactionID();
if (octet != null) {
builder.setTransactionID(octet.getOctets());
}
if (header.getMessageTime() != null) {
builder.setMessageTime(new Date());
}
builder.setBody(pkiMessage.getBody());
if (addSignerCert) {
X509CertificateHolder signerCert = signer.getBcCertificate();
builder.addCMPCertificate(signerCert);
}
ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
ProtectedPKIMessage signedMessage;
try {
signedMessage = builder.build(signer0.value());
} finally {
signer.requiteSigner(signer0);
}
return signedMessage.toASN1Structure();
}
Also used :
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner)
Date(java.util.Date)
PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)
Aggregations
ProtectedPKIMessage (org.bouncycastle.cert.cmp.ProtectedPKIMessage)8
Date (java.util.Date)5
ProtectedPKIMessageBuilder (org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)5
InfoTypeAndValue (org.bouncycastle.asn1.cmp.InfoTypeAndValue)4
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)4
PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)4
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)4
GeneralPKIMessage (org.bouncycastle.cert.cmp.GeneralPKIMessage)4
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)3
DEROctetString (org.bouncycastle.asn1.DEROctetString)3
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3
X500Name (org.bouncycastle.asn1.x500.X500Name)3
ContentVerifierProvider (org.bouncycastle.operator.ContentVerifierProvider)3
X509Certificate (java.security.cert.X509Certificate)2
CertTemplateBuilder (org.bouncycastle.asn1.crmf.CertTemplateBuilder)2
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)2
ProtectionVerificationResult (org.xipki.cmp.ProtectionVerificationResult)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1
ASN1Enumerated (org.bouncycastle.asn1.ASN1Enumerated)1
