use of org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder in project xipki by xipki.
the class CmpCaClient method requestCertViaCsr.
// method parseEnrollCertResult
public X509Certificate requestCertViaCsr(String certProfile, CertificationRequest csr) throws Exception {
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
builder.setMessageTime(new Date());
builder.setTransactionID(randomTransactionId());
builder.setSenderNonce(randomSenderNonce());
builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + certProfile + "%")));
builder.setBody(new PKIBody(PKIBody.TYPE_P10_CERT_REQ, csr));
ProtectedPKIMessage request = builder.build(requestorSigner);
PKIMessage response = transmit(request);
return parseEnrollCertResult(response);
}
use of org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder in project xipki by xipki.
the class CmpCaClient method cmpCaCerts.
private Certificate[] cmpCaCerts() throws Exception {
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
builder.setMessageTime(new Date());
builder.setTransactionID(randomTransactionId());
builder.setSenderNonce(randomSenderNonce());
InfoTypeAndValue itv = new InfoTypeAndValue(id_xipki_cmp);
PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, new GenMsgContent(itv));
builder.setBody(body);
ProtectedPKIMessage request = builder.build(requestorSigner);
PKIMessage response = transmit(request);
ASN1Encodable asn1Value = extractGeneralRepContent(response, id_xipki_cmp.getId());
ASN1Sequence seq = ASN1Sequence.getInstance(asn1Value);
final int size = seq.size();
Certificate[] caCerts = new Certificate[size];
for (int i = 0; i < size; i++) {
caCerts[i] = CMPCertificate.getInstance(seq.getObjectAt(i)).getX509v3PKCert();
}
return caCerts;
}
use of org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder in project xipki by xipki.
the class CmpCaClient method requestCertViaCrmf.
public X509Certificate requestCertViaCrmf(String certProfile, PrivateKey privateKey, SubjectPublicKeyInfo publicKeyInfo, String subject) throws Exception {
CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
certTemplateBuilder.setSubject(new X500Name(subject));
certTemplateBuilder.setPublicKey(publicKeyInfo);
CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq);
ContentSigner popoSigner = buildSigner(privateKey);
POPOSigningKey popoSk = popoBuilder.build(popoSigner);
ProofOfPossession popo = new ProofOfPossession(popoSk);
AttributeTypeAndValue certprofileInfo = new AttributeTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + certProfile + "%"));
AttributeTypeAndValue[] atvs = { certprofileInfo };
CertReqMsg certReqMsg = new CertReqMsg(certReq, popo, atvs);
PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsg));
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
builder.setMessageTime(new Date());
builder.setTransactionID(randomTransactionId());
builder.setSenderNonce(randomSenderNonce());
builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
builder.setBody(body);
ProtectedPKIMessage request = builder.build(requestorSigner);
PKIMessage response = transmit(request);
return parseEnrollCertResult(response);
}
use of org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder in project xipki by xipki.
the class CmpCaClient method revokeCert.
// method requestCerts
public boolean revokeCert(BigInteger serialNumber, CRLReason reason) throws Exception {
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
builder.setMessageTime(new Date());
builder.setTransactionID(randomTransactionId());
builder.setSenderNonce(randomSenderNonce());
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
certTempBuilder.setIssuer(caSubject);
certTempBuilder.setSerialNumber(new ASN1Integer(serialNumber));
AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(caSubjectKeyIdentifier);
byte[] encodedAki = aki.getEncoded();
Extension extAki = new Extension(Extension.authorityKeyIdentifier, false, encodedAki);
Extensions certTempExts = new Extensions(extAki);
certTempBuilder.setExtensions(certTempExts);
ASN1Enumerated asn1Reason = new ASN1Enumerated(reason.getValue().intValue());
Extensions exts = new Extensions(new Extension(Extension.reasonCode, true, new DEROctetString(asn1Reason.getEncoded())));
RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
RevReqContent content = new RevReqContent(revDetails);
builder.setBody(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content));
ProtectedPKIMessage request = builder.build(requestorSigner);
PKIMessage response = transmit(request);
return parseRevocationResult(response, serialNumber);
}
use of org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder in project xipki by xipki.
the class CmpUtil method addProtection.
public static PKIMessage addProtection(PKIMessage pkiMessage, ConcurrentContentSigner signer, GeneralName signerName, boolean addSignerCert) throws CMPException, NoIdleSignerException {
ParamUtil.requireNonNull("pkiMessage", pkiMessage);
ParamUtil.requireNonNull("signer", signer);
final GeneralName tmpSignerName;
if (signerName != null) {
tmpSignerName = signerName;
} else {
if (signer.getCertificate() == null) {
throw new IllegalArgumentException("signer without certificate is not allowed");
}
X500Name x500Name = X500Name.getInstance(signer.getCertificate().getSubjectX500Principal().getEncoded());
tmpSignerName = new GeneralName(x500Name);
}
PKIHeader header = pkiMessage.getHeader();
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(tmpSignerName, header.getRecipient());
PKIFreeText freeText = header.getFreeText();
if (freeText != null) {
builder.setFreeText(freeText);
}
InfoTypeAndValue[] generalInfo = header.getGeneralInfo();
if (generalInfo != null) {
for (InfoTypeAndValue gi : generalInfo) {
builder.addGeneralInfo(gi);
}
}
ASN1OctetString octet = header.getRecipKID();
if (octet != null) {
builder.setRecipKID(octet.getOctets());
}
octet = header.getRecipNonce();
if (octet != null) {
builder.setRecipNonce(octet.getOctets());
}
octet = header.getSenderKID();
if (octet != null) {
builder.setSenderKID(octet.getOctets());
}
octet = header.getSenderNonce();
if (octet != null) {
builder.setSenderNonce(octet.getOctets());
}
octet = header.getTransactionID();
if (octet != null) {
builder.setTransactionID(octet.getOctets());
}
if (header.getMessageTime() != null) {
builder.setMessageTime(new Date());
}
builder.setBody(pkiMessage.getBody());
if (addSignerCert) {
X509CertificateHolder signerCert = signer.getBcCertificate();
builder.addCMPCertificate(signerCert);
}
ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
ProtectedPKIMessage signedMessage;
try {
signedMessage = builder.build(signer0.value());
} finally {
signer.requiteSigner(signer0);
}
return signedMessage.toASN1Structure();
}
Aggregations