Example 1 with MessageEncodingException
use of org.xipki.scep.exception.MessageEncodingException in project xipki by xipki.
the class Client method encryptThenSign.
private ContentInfo encryptThenSign(PkiMessage request, PrivateKey identityKey, X509Certificate identityCert) throws ScepClientException {
ScepHashAlgo hashAlgo = caCaps.mostSecureHashAlgo();
if (hashAlgo == ScepHashAlgo.MD5 && !useInsecureAlgorithms) {
throw new ScepClientException("Scep server supports only MD5 but it not permitted in client");
}
String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(identityKey, hashAlgo);
ASN1ObjectIdentifier encAlgId;
if (caCaps.containsCapability(CaCapability.AES)) {
encAlgId = CMSAlgorithm.AES128_CBC;
} else if (caCaps.containsCapability(CaCapability.DES3)) {
encAlgId = CMSAlgorithm.DES_EDE3_CBC;
} else if (useInsecureAlgorithms) {
encAlgId = CMSAlgorithm.DES_CBC;
} else {
// no support of DES
throw new ScepClientException("DES will not be supported by this client");
}
try {
return request.encode(identityKey, signatureAlgorithm, identityCert, new X509Certificate[] { identityCert }, authorityCertStore.getEncryptionCert(), encAlgId);
} catch (MessageEncodingException ex) {
throw new ScepClientException(ex);
}
}
Also used :
ScepClientException(org.xipki.scep.client.exception.ScepClientException)
ScepHashAlgo(org.xipki.scep.crypto.ScepHashAlgo)
MessageEncodingException(org.xipki.scep.exception.MessageEncodingException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 2 with MessageEncodingException
use of org.xipki.scep.exception.MessageEncodingException in project xipki by xipki.
the class PkiMessage method encode.
public ContentInfo encode(ContentSigner signer, X509Certificate signerCert, X509Certificate[] cmsCertSet, X509Certificate recipientCert, ASN1ObjectIdentifier encAlgId) throws MessageEncodingException {
ScepUtil.requireNonNull("signer", signer);
ScepUtil.requireNonNull("signerCert", signerCert);
if (messageData != null) {
ScepUtil.requireNonNull("recipientCert", recipientCert);
ScepUtil.requireNonNull("encAlgId", encAlgId);
}
CMSTypedData content;
if (messageData == null) {
content = new CMSAbsentContent();
} else {
CMSEnvelopedData envelopedData = encrypt(recipientCert, encAlgId);
byte[] encoded;
try {
encoded = envelopedData.getEncoded();
} catch (IOException ex) {
throw new MessageEncodingException(ex);
}
content = new CMSProcessableByteArray(CMSObjectIdentifiers.envelopedData, encoded);
}
try {
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
// signerInfo
JcaSignerInfoGeneratorBuilder signerInfoBuilder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
signerInfoBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(getSignedAttributes()));
AttributeTable attrTable = getUnsignedAttributes();
if (attrTable != null) {
signerInfoBuilder.setUnsignedAttributeGenerator(new SimpleAttributeTableGenerator(attrTable));
}
// certificateSet
ScepUtil.addCmsCertSet(generator, cmsCertSet);
SignerInfoGenerator signerInfo;
try {
signerInfo = signerInfoBuilder.build(signer, signerCert);
} catch (Exception ex) {
throw new MessageEncodingException(ex);
}
generator.addSignerInfoGenerator(signerInfo);
CMSSignedData signedData = generator.generate(content, true);
return signedData.toASN1Structure();
} catch (CMSException ex) {
throw new MessageEncodingException(ex);
} catch (Exception ex) {
throw new MessageEncodingException(ex);
}
}
Also used :
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
CMSEnvelopedData(org.bouncycastle.cms.CMSEnvelopedData)
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
DefaultSignedAttributeTableGenerator(org.bouncycastle.cms.DefaultSignedAttributeTableGenerator)
CMSTypedData(org.bouncycastle.cms.CMSTypedData)
CMSAbsentContent(org.bouncycastle.cms.CMSAbsentContent)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
IOException(java.io.IOException)
MessageEncodingException(org.xipki.scep.exception.MessageEncodingException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
CMSException(org.bouncycastle.cms.CMSException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
MessageEncodingException(org.xipki.scep.exception.MessageEncodingException)
IOException(java.io.IOException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
SimpleAttributeTableGenerator(org.bouncycastle.cms.SimpleAttributeTableGenerator)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator)
CMSException(org.bouncycastle.cms.CMSException)
Example 3 with MessageEncodingException
use of org.xipki.scep.exception.MessageEncodingException in project xipki by xipki.
the class NextCaMessage method encode.
public ContentInfo encode(PrivateKey signingKey, X509Certificate signerCert, X509Certificate[] cmsCertSet) throws MessageEncodingException {
ScepUtil.requireNonNull("signingKey", signingKey);
ScepUtil.requireNonNull("signerCert", signerCert);
try {
byte[] degenratedSignedDataBytes;
try {
CMSSignedDataGenerator degenerateSignedData = new CMSSignedDataGenerator();
degenerateSignedData.addCertificate(new X509CertificateHolder(caCert.getEncoded()));
if (raCerts != null && !raCerts.isEmpty()) {
for (X509Certificate m : raCerts) {
degenerateSignedData.addCertificate(new X509CertificateHolder(m.getEncoded()));
}
}
degenratedSignedDataBytes = degenerateSignedData.generate(new CMSAbsentContent()).getEncoded();
} catch (CertificateEncodingException ex) {
throw new MessageEncodingException(ex.getMessage(), ex);
}
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
// I don't known which hash algorithm is supported by the client, use SHA-1
String signatureAlgo = getSignatureAlgorithm(signingKey, ScepHashAlgo.SHA1);
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgo).build(signingKey);
// signerInfo
JcaSignerInfoGeneratorBuilder signerInfoBuilder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
signerInfoBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator());
SignerInfoGenerator signerInfo = signerInfoBuilder.build(signer, signerCert);
generator.addSignerInfoGenerator(signerInfo);
CMSTypedData cmsContent = new CMSProcessableByteArray(CMSObjectIdentifiers.signedData, degenratedSignedDataBytes);
// certificateSet
ScepUtil.addCmsCertSet(generator, cmsCertSet);
return generator.generate(cmsContent, true).toASN1Structure();
} catch (CMSException | CertificateEncodingException | IOException | OperatorCreationException ex) {
throw new MessageEncodingException(ex);
}
}
Also used :
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
DefaultSignedAttributeTableGenerator(org.bouncycastle.cms.DefaultSignedAttributeTableGenerator)
CMSTypedData(org.bouncycastle.cms.CMSTypedData)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
CMSAbsentContent(org.bouncycastle.cms.CMSAbsentContent)
ContentSigner(org.bouncycastle.operator.ContentSigner)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
MessageEncodingException(org.xipki.scep.exception.MessageEncodingException)
X509Certificate(java.security.cert.X509Certificate)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CMSException(org.bouncycastle.cms.CMSException)
Example 4 with MessageEncodingException
use of org.xipki.scep.exception.MessageEncodingException in project xipki by xipki.
the class ScepImpl method encodeResponse.
// method getCrl
private ContentInfo encodeResponse(PkiMessage response, DecodedPkiMessage request) throws OperationException {
ParamUtil.requireNonNull("response", response);
ParamUtil.requireNonNull("request", request);
String signatureAlgorithm = getSignatureAlgorithm(responderKey, request.getDigestAlgorithm());
ContentInfo ci;
try {
X509Certificate[] cmsCertSet = control.isIncludeSignerCert() ? new X509Certificate[] { responderCert } : null;
ci = response.encode(responderKey, signatureAlgorithm, responderCert, cmsCertSet, request.getSignatureCert(), request.getContentEncryptionAlgorithm());
} catch (MessageEncodingException ex) {
LogUtil.error(LOG, ex, "could not encode response");
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
return ci;
}
Also used :
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
MessageEncodingException(org.xipki.scep.exception.MessageEncodingException)
X509Certificate(java.security.cert.X509Certificate)
OperationException(org.xipki.ca.api.OperationException)
Example 5 with MessageEncodingException
use of org.xipki.scep.exception.MessageEncodingException in project xipki by xipki.
the class PkiMessage method encode.
public ContentInfo encode(PrivateKey signerKey, String signatureAlgorithm, X509Certificate signerCert, X509Certificate[] signerCertSet, X509Certificate recipientCert, ASN1ObjectIdentifier encAlgId) throws MessageEncodingException {
ScepUtil.requireNonNull("signerKey", signerKey);
ContentSigner signer;
try {
signer = new JcaContentSignerBuilder(signatureAlgorithm).build(signerKey);
} catch (OperatorCreationException ex) {
throw new MessageEncodingException(ex);
}
return encode(signer, signerCert, signerCertSet, recipientCert, encAlgId);
}
Also used :
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
MessageEncodingException(org.xipki.scep.exception.MessageEncodingException)
Aggregations
MessageEncodingException (org.xipki.scep.exception.MessageEncodingException)6
IOException (java.io.IOException)3
CertificateEncodingException (java.security.cert.CertificateEncodingException)3
CMSException (org.bouncycastle.cms.CMSException)3
CMSProcessableByteArray (org.bouncycastle.cms.CMSProcessableByteArray)3
CMSTypedData (org.bouncycastle.cms.CMSTypedData)3
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)3
X509Certificate (java.security.cert.X509Certificate)2
CMSAbsentContent (org.bouncycastle.cms.CMSAbsentContent)2
CMSEnvelopedData (org.bouncycastle.cms.CMSEnvelopedData)2
CMSSignedDataGenerator (org.bouncycastle.cms.CMSSignedDataGenerator)2
DefaultSignedAttributeTableGenerator (org.bouncycastle.cms.DefaultSignedAttributeTableGenerator)2
SignerInfoGenerator (org.bouncycastle.cms.SignerInfoGenerator)2
JcaSignerInfoGeneratorBuilder (org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)2
ContentSigner (org.bouncycastle.operator.ContentSigner)2
BcDigestCalculatorProvider (org.bouncycastle.operator.bc.BcDigestCalculatorProvider)2
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)2
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)1
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)1
