Search in sources :

Example 1 with ProtectedPKIMessageBuilder

use of org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder in project xipki by xipki.

the class CmpCaClient method requestCertViaCsr.

// method parseEnrollCertResult
public X509Certificate requestCertViaCsr(String certProfile, CertificationRequest csr) throws Exception {
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
    builder.setMessageTime(new Date());
    builder.setTransactionID(randomTransactionId());
    builder.setSenderNonce(randomSenderNonce());
    builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
    builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + certProfile + "%")));
    builder.setBody(new PKIBody(PKIBody.TYPE_P10_CERT_REQ, csr));
    ProtectedPKIMessage request = builder.build(requestorSigner);
    PKIMessage response = transmit(request);
    return parseEnrollCertResult(response);
}
Also used : ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder) Date(java.util.Date)

Example 2 with ProtectedPKIMessageBuilder

use of org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder in project xipki by xipki.

the class CmpCaClient method cmpCaCerts.

private Certificate[] cmpCaCerts() throws Exception {
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
    builder.setMessageTime(new Date());
    builder.setTransactionID(randomTransactionId());
    builder.setSenderNonce(randomSenderNonce());
    InfoTypeAndValue itv = new InfoTypeAndValue(id_xipki_cmp);
    PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, new GenMsgContent(itv));
    builder.setBody(body);
    ProtectedPKIMessage request = builder.build(requestorSigner);
    PKIMessage response = transmit(request);
    ASN1Encodable asn1Value = extractGeneralRepContent(response, id_xipki_cmp.getId());
    ASN1Sequence seq = ASN1Sequence.getInstance(asn1Value);
    final int size = seq.size();
    Certificate[] caCerts = new Certificate[size];
    for (int i = 0; i < size; i++) {
        caCerts[i] = CMPCertificate.getInstance(seq.getObjectAt(i)).getX509v3PKCert();
    }
    return caCerts;
}
Also used : ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) GenMsgContent(org.bouncycastle.asn1.cmp.GenMsgContent) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) CMPCertificate(org.bouncycastle.asn1.cmp.CMPCertificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 3 with ProtectedPKIMessageBuilder

use of org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder in project xipki by xipki.

the class CmpCaClient method requestCertViaCrmf.

public X509Certificate requestCertViaCrmf(String certProfile, PrivateKey privateKey, SubjectPublicKeyInfo publicKeyInfo, String subject) throws Exception {
    CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
    certTemplateBuilder.setSubject(new X500Name(subject));
    certTemplateBuilder.setPublicKey(publicKeyInfo);
    CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
    ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq);
    ContentSigner popoSigner = buildSigner(privateKey);
    POPOSigningKey popoSk = popoBuilder.build(popoSigner);
    ProofOfPossession popo = new ProofOfPossession(popoSk);
    AttributeTypeAndValue certprofileInfo = new AttributeTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + certProfile + "%"));
    AttributeTypeAndValue[] atvs = { certprofileInfo };
    CertReqMsg certReqMsg = new CertReqMsg(certReq, popo, atvs);
    PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsg));
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
    builder.setMessageTime(new Date());
    builder.setTransactionID(randomTransactionId());
    builder.setSenderNonce(randomSenderNonce());
    builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
    builder.setBody(body);
    ProtectedPKIMessage request = builder.build(requestorSigner);
    PKIMessage response = transmit(request);
    return parseEnrollCertResult(response);
}
Also used : ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) CertReqMessages(org.bouncycastle.asn1.crmf.CertReqMessages) CertReqMsg(org.bouncycastle.asn1.crmf.CertReqMsg) ContentSigner(org.bouncycastle.operator.ContentSigner) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession) X500Name(org.bouncycastle.asn1.x500.X500Name) AttributeTypeAndValue(org.bouncycastle.asn1.crmf.AttributeTypeAndValue) Date(java.util.Date) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) CertRequest(org.bouncycastle.asn1.crmf.CertRequest) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ProofOfPossessionSigningKeyBuilder(org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder) POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey)

Example 4 with ProtectedPKIMessageBuilder

use of org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder in project xipki by xipki.

the class CmpCaClient method revokeCert.

// method requestCerts
public boolean revokeCert(BigInteger serialNumber, CRLReason reason) throws Exception {
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
    builder.setMessageTime(new Date());
    builder.setTransactionID(randomTransactionId());
    builder.setSenderNonce(randomSenderNonce());
    CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
    certTempBuilder.setIssuer(caSubject);
    certTempBuilder.setSerialNumber(new ASN1Integer(serialNumber));
    AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(caSubjectKeyIdentifier);
    byte[] encodedAki = aki.getEncoded();
    Extension extAki = new Extension(Extension.authorityKeyIdentifier, false, encodedAki);
    Extensions certTempExts = new Extensions(extAki);
    certTempBuilder.setExtensions(certTempExts);
    ASN1Enumerated asn1Reason = new ASN1Enumerated(reason.getValue().intValue());
    Extensions exts = new Extensions(new Extension(Extension.reasonCode, true, new DEROctetString(asn1Reason.getEncoded())));
    RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
    RevReqContent content = new RevReqContent(revDetails);
    builder.setBody(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content));
    ProtectedPKIMessage request = builder.build(requestorSigner);
    PKIMessage response = transmit(request);
    return parseRevocationResult(response, serialNumber);
}
Also used : ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) Extensions(org.bouncycastle.asn1.x509.Extensions) RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent) Date(java.util.Date) DEROctetString(org.bouncycastle.asn1.DEROctetString) Extension(org.bouncycastle.asn1.x509.Extension) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder) RevDetails(org.bouncycastle.asn1.cmp.RevDetails)

Example 5 with ProtectedPKIMessageBuilder

use of org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder in project xipki by xipki.

the class CmpUtil method addProtection.

public static PKIMessage addProtection(PKIMessage pkiMessage, ConcurrentContentSigner signer, GeneralName signerName, boolean addSignerCert) throws CMPException, NoIdleSignerException {
    ParamUtil.requireNonNull("pkiMessage", pkiMessage);
    ParamUtil.requireNonNull("signer", signer);
    final GeneralName tmpSignerName;
    if (signerName != null) {
        tmpSignerName = signerName;
    } else {
        if (signer.getCertificate() == null) {
            throw new IllegalArgumentException("signer without certificate is not allowed");
        }
        X500Name x500Name = X500Name.getInstance(signer.getCertificate().getSubjectX500Principal().getEncoded());
        tmpSignerName = new GeneralName(x500Name);
    }
    PKIHeader header = pkiMessage.getHeader();
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(tmpSignerName, header.getRecipient());
    PKIFreeText freeText = header.getFreeText();
    if (freeText != null) {
        builder.setFreeText(freeText);
    }
    InfoTypeAndValue[] generalInfo = header.getGeneralInfo();
    if (generalInfo != null) {
        for (InfoTypeAndValue gi : generalInfo) {
            builder.addGeneralInfo(gi);
        }
    }
    ASN1OctetString octet = header.getRecipKID();
    if (octet != null) {
        builder.setRecipKID(octet.getOctets());
    }
    octet = header.getRecipNonce();
    if (octet != null) {
        builder.setRecipNonce(octet.getOctets());
    }
    octet = header.getSenderKID();
    if (octet != null) {
        builder.setSenderKID(octet.getOctets());
    }
    octet = header.getSenderNonce();
    if (octet != null) {
        builder.setSenderNonce(octet.getOctets());
    }
    octet = header.getTransactionID();
    if (octet != null) {
        builder.setTransactionID(octet.getOctets());
    }
    if (header.getMessageTime() != null) {
        builder.setMessageTime(new Date());
    }
    builder.setBody(pkiMessage.getBody());
    if (addSignerCert) {
        X509CertificateHolder signerCert = signer.getBcCertificate();
        builder.addCMPCertificate(signerCert);
    }
    ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
    ProtectedPKIMessage signedMessage;
    try {
        signedMessage = builder.build(signer0.value());
    } finally {
        signer.requiteSigner(signer0);
    }
    return signedMessage.toASN1Structure();
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) X500Name(org.bouncycastle.asn1.x500.X500Name) ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner) Date(java.util.Date) PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)

Aggregations

Date (java.util.Date)5 ProtectedPKIMessage (org.bouncycastle.cert.cmp.ProtectedPKIMessage)5 ProtectedPKIMessageBuilder (org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)5 InfoTypeAndValue (org.bouncycastle.asn1.cmp.InfoTypeAndValue)4 PKIBody (org.bouncycastle.asn1.cmp.PKIBody)4 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)4 GeneralPKIMessage (org.bouncycastle.cert.cmp.GeneralPKIMessage)4 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2 CertTemplateBuilder (org.bouncycastle.asn1.crmf.CertTemplateBuilder)2 X500Name (org.bouncycastle.asn1.x500.X500Name)2 X509Certificate (java.security.cert.X509Certificate)1 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1 ASN1Enumerated (org.bouncycastle.asn1.ASN1Enumerated)1 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)1 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)1 DEROctetString (org.bouncycastle.asn1.DEROctetString)1 CMPCertificate (org.bouncycastle.asn1.cmp.CMPCertificate)1 GenMsgContent (org.bouncycastle.asn1.cmp.GenMsgContent)1 PKIFreeText (org.bouncycastle.asn1.cmp.PKIFreeText)1