Search in sources :

Example 6 with PkiMessage

use of org.xipki.scep.message.PkiMessage in project xipki by xipki.

the class Client method scepCertPoll.

public EnrolmentResponse scepCertPoll(PrivateKey identityKey, X509Certificate identityCert, TransactionId transactionId, X500Name issuer, X500Name subject) throws ScepClientException {
    ScepUtil.requireNonNull("identityKey", identityKey);
    ScepUtil.requireNonNull("identityCert", identityCert);
    ScepUtil.requireNonNull("issuer", issuer);
    ScepUtil.requireNonNull("transactionId", transactionId);
    initIfNotInited();
    PkiMessage pkiMessage = new PkiMessage(transactionId, MessageType.CertPoll);
    IssuerAndSubject is = new IssuerAndSubject(issuer, subject);
    pkiMessage.setMessageData(is);
    ContentInfo envRequest = encryptThenSign(pkiMessage, identityKey, identityCert);
    ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest);
    CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
    DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert);
    assertSameNonce(pkiMessage, response);
    return new EnrolmentResponse(response);
}
Also used : DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) PkiMessage(org.xipki.scep.message.PkiMessage) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) CMSSignedData(org.bouncycastle.cms.CMSSignedData) IssuerAndSubject(org.xipki.scep.message.IssuerAndSubject)

Example 7 with PkiMessage

use of org.xipki.scep.message.PkiMessage in project xipki by xipki.

the class Client method enroll.

private EnrolmentResponse enroll(MessageType messageType, CertificationRequest csr, PrivateKey identityKey, X509Certificate identityCert) throws ScepClientException {
    TransactionId tid;
    try {
        tid = TransactionId.sha1TransactionId(csr.getCertificationRequestInfo().getSubjectPublicKeyInfo());
    } catch (InvalidKeySpecException ex) {
        throw new ScepClientException(ex.getMessage(), ex);
    }
    PkiMessage pkiMessage = new PkiMessage(tid, messageType);
    pkiMessage.setMessageData(csr);
    ContentInfo envRequest = encryptThenSign(pkiMessage, identityKey, identityCert);
    ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest);
    CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
    DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert);
    assertSameNonce(pkiMessage, response);
    return new EnrolmentResponse(response);
}
Also used : ScepClientException(org.xipki.scep.client.exception.ScepClientException) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) PkiMessage(org.xipki.scep.message.PkiMessage) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) TransactionId(org.xipki.scep.transaction.TransactionId)

Example 8 with PkiMessage

use of org.xipki.scep.message.PkiMessage in project xipki by xipki.

the class ScepResponder method servicePkiOperation.

public ContentInfo servicePkiOperation(CMSSignedData requestContent, AuditEvent event) throws MessageDecodingException, CaException {
    ScepUtil.requireNonNull("requestContent", requestContent);
    PrivateKey recipientKey = (raEmulator != null) ? raEmulator.getRaKey() : caEmulator.getCaKey();
    Certificate recipientCert = (raEmulator != null) ? raEmulator.getRaCert() : caEmulator.getCaCert();
    X509Certificate recipientX509Obj;
    try {
        recipientX509Obj = ScepUtil.toX509Cert(recipientCert);
    } catch (CertificateException ex) {
        throw new MessageDecodingException("could not parse recipientCert " + recipientCert.getTBSCertificate().getSubject());
    }
    EnvelopedDataDecryptorInstance decInstance = new EnvelopedDataDecryptorInstance(recipientX509Obj, recipientKey);
    EnvelopedDataDecryptor recipient = new EnvelopedDataDecryptor(decInstance);
    DecodedPkiMessage req = DecodedPkiMessage.decode(requestContent, recipient, null);
    PkiMessage rep = servicePkiOperation0(req, event);
    event.putEventData(ScepAuditConstants.NAME_pkiStatus, rep.getPkiStatus());
    if (rep.getPkiStatus() == PkiStatus.FAILURE) {
        event.setLevel(AuditLevel.ERROR);
    }
    if (rep.getFailInfo() != null) {
        event.putEventData(ScepAuditConstants.NAME_failInfo, rep.getFailInfo());
    }
    String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(getSigningKey(), ScepHashAlgo.forNameOrOid(req.getDigestAlgorithm().getId()));
    try {
        X509Certificate jceSignerCert = ScepUtil.toX509Cert(getSigningCert());
        X509Certificate[] certs = control.isSendSignerCert() ? new X509Certificate[] { jceSignerCert } : null;
        return rep.encode(getSigningKey(), signatureAlgorithm, jceSignerCert, certs, req.getSignatureCert(), req.getContentEncryptionAlgorithm());
    } catch (Exception ex) {
        throw new CaException(ex);
    }
}
Also used : EnvelopedDataDecryptor(org.xipki.scep.message.EnvelopedDataDecryptor) PrivateKey(java.security.PrivateKey) CertificateException(java.security.cert.CertificateException) ASN1String(org.bouncycastle.asn1.ASN1String) X509Certificate(java.security.cert.X509Certificate) CMSException(org.bouncycastle.cms.CMSException) MessageDecodingException(org.xipki.scep.exception.MessageDecodingException) CertificateException(java.security.cert.CertificateException) MessageDecodingException(org.xipki.scep.exception.MessageDecodingException) EnvelopedDataDecryptorInstance(org.xipki.scep.message.EnvelopedDataDecryptorInstance) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) PkiMessage(org.xipki.scep.message.PkiMessage) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Aggregations

DecodedPkiMessage (org.xipki.scep.message.DecodedPkiMessage)8 PkiMessage (org.xipki.scep.message.PkiMessage)8 ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)6 CMSSignedData (org.bouncycastle.cms.CMSSignedData)5 IssuerAndSerialNumber (org.bouncycastle.asn1.cms.IssuerAndSerialNumber)4 CertificateException (java.security.cert.CertificateException)3 X509Certificate (java.security.cert.X509Certificate)3 ScepClientException (org.xipki.scep.client.exception.ScepClientException)3 IssuerAndSubject (org.xipki.scep.message.IssuerAndSubject)3 Date (java.util.Date)2 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2 ASN1String (org.bouncycastle.asn1.ASN1String)2 CertificationRequest (org.bouncycastle.asn1.pkcs.CertificationRequest)2 X500Name (org.bouncycastle.asn1.x500.X500Name)2 Certificate (org.bouncycastle.asn1.x509.Certificate)2 CMSException (org.bouncycastle.cms.CMSException)2 OperationException (org.xipki.ca.api.OperationException)2 ScepHashAlgo (org.xipki.scep.crypto.ScepHashAlgo)2 MessageDecodingException (org.xipki.scep.exception.MessageDecodingException)2 MessageType (org.xipki.scep.transaction.MessageType)2