Example 1 with TransactionId
use of org.xipki.scep.transaction.TransactionId in project xipki by xipki.
the class ScepResponder method servicePkiOperation0.
private PkiMessage servicePkiOperation0(DecodedPkiMessage req, AuditEvent event) throws MessageDecodingException, CaException {
TransactionId tid = req.getTransactionId();
PkiMessage rep = new PkiMessage(tid, MessageType.CertRep, Nonce.randomNonce());
rep.setPkiStatus(PkiStatus.SUCCESS);
rep.setRecipientNonce(req.getSenderNonce());
if (req.getFailureMessage() != null) {
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badRequest);
}
Boolean bo = req.isSignatureValid();
if (bo != null && !bo.booleanValue()) {
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badMessageCheck);
}
bo = req.isDecryptionSuccessful();
if (bo != null && !bo.booleanValue()) {
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badRequest);
}
Date signingTime = req.getSigningTime();
if (maxSigningTimeBiasInMs > 0) {
boolean isTimeBad = false;
if (signingTime == null) {
isTimeBad = true;
} else {
long now = System.currentTimeMillis();
long diff = now - signingTime.getTime();
if (diff < 0) {
diff = -1 * diff;
}
isTimeBad = diff > maxSigningTimeBiasInMs;
}
if (isTimeBad) {
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badTime);
}
}
// check the digest algorithm
String oid = req.getDigestAlgorithm().getId();
ScepHashAlgo hashAlgo = ScepHashAlgo.forNameOrOid(oid);
if (hashAlgo == null) {
LOG.warn("tid={}: unknown digest algorithm {}", tid, oid);
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badAlg);
}
// end if
boolean supported = false;
if (hashAlgo == ScepHashAlgo.SHA1) {
if (caCaps.containsCapability(CaCapability.SHA1)) {
supported = true;
}
} else if (hashAlgo == ScepHashAlgo.SHA256) {
if (caCaps.containsCapability(CaCapability.SHA256)) {
supported = true;
}
} else if (hashAlgo == ScepHashAlgo.SHA512) {
if (caCaps.containsCapability(CaCapability.SHA512)) {
supported = true;
}
} else if (hashAlgo == ScepHashAlgo.MD5) {
if (control.isUseInsecureAlg()) {
supported = true;
}
}
if (!supported) {
LOG.warn("tid={}: unsupported digest algorithm {}", tid, oid);
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badAlg);
}
// end if
// check the content encryption algorithm
ASN1ObjectIdentifier encOid = req.getContentEncryptionAlgorithm();
if (CMSAlgorithm.DES_EDE3_CBC.equals(encOid)) {
if (!caCaps.containsCapability(CaCapability.DES3)) {
LOG.warn("tid={}: encryption with DES3 algorithm is not permitted", tid, encOid);
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badAlg);
}
} else if (AES_ENC_ALGS.contains(encOid)) {
if (!caCaps.containsCapability(CaCapability.AES)) {
LOG.warn("tid={}: encryption with AES algorithm {} is not permitted", tid, encOid);
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badAlg);
}
} else if (CMSAlgorithm.DES_CBC.equals(encOid)) {
if (!control.isUseInsecureAlg()) {
LOG.warn("tid={}: encryption with DES algorithm {} is not permitted", tid, encOid);
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badAlg);
}
} else {
LOG.warn("tid={}: encryption with algorithm {} is not permitted", tid, encOid);
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badAlg);
}
if (rep.getPkiStatus() == PkiStatus.FAILURE) {
return rep;
}
MessageType messageType = req.getMessageType();
switch(messageType) {
case PKCSReq:
boolean selfSigned = req.getSignatureCert().getIssuerX500Principal().equals(req.getSignatureCert().getIssuerX500Principal());
CertificationRequest csr = CertificationRequest.getInstance(req.getMessageData());
if (selfSigned) {
X500Name name = X500Name.getInstance(req.getSignatureCert().getSubjectX500Principal().getEncoded());
if (!name.equals(csr.getCertificationRequestInfo().getSubject())) {
LOG.warn("tid={}: self-signed cert.subject != CSR.subject", tid);
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badRequest);
}
}
String challengePwd = getChallengePassword(csr.getCertificationRequestInfo());
if (challengePwd == null || !control.getSecret().equals(challengePwd)) {
LOG.warn("challengePassword is not trusted");
return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badRequest);
}
Certificate cert;
try {
cert = caEmulator.generateCert(csr);
} catch (Exception ex) {
throw new CaException("system failure: " + ex.getMessage(), ex);
}
if (cert != null && control.isPendingCert()) {
rep.setPkiStatus(PkiStatus.PENDING);
} else if (cert != null) {
ContentInfo messageData = createSignedData(cert);
rep.setMessageData(messageData);
} else {
buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badCertId);
}
break;
case CertPoll:
IssuerAndSubject is = IssuerAndSubject.getInstance(req.getMessageData());
cert = caEmulator.pollCert(is.getIssuer(), is.getSubject());
if (cert != null) {
rep.setMessageData(createSignedData(cert));
} else {
buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badCertId);
}
break;
case GetCert:
IssuerAndSerialNumber isn = IssuerAndSerialNumber.getInstance(req.getMessageData());
cert = caEmulator.getCert(isn.getName(), isn.getSerialNumber().getValue());
if (cert != null) {
rep.setMessageData(createSignedData(cert));
} else {
buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badCertId);
}
break;
case RenewalReq:
if (!caCaps.containsCapability(CaCapability.Renewal)) {
buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badRequest);
} else {
csr = CertificationRequest.getInstance(req.getMessageData());
try {
cert = caEmulator.generateCert(csr);
} catch (Exception ex) {
throw new CaException("system failure: " + ex.getMessage(), ex);
}
if (cert != null) {
rep.setMessageData(createSignedData(cert));
} else {
rep.setPkiStatus(PkiStatus.FAILURE);
rep.setFailInfo(FailInfo.badCertId);
}
}
break;
case UpdateReq:
if (!caCaps.containsCapability(CaCapability.Update)) {
buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badRequest);
} else {
csr = CertificationRequest.getInstance(req.getMessageData());
try {
cert = caEmulator.generateCert(csr);
} catch (Exception ex) {
throw new CaException("system failure: " + ex.getMessage(), ex);
}
if (cert != null) {
rep.setMessageData(createSignedData(cert));
} else {
buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badCertId);
}
}
break;
case GetCRL:
isn = IssuerAndSerialNumber.getInstance(req.getMessageData());
CertificateList crl;
try {
crl = caEmulator.getCrl(isn.getName(), isn.getSerialNumber().getValue());
} catch (Exception ex) {
throw new CaException("system failure: " + ex.getMessage(), ex);
}
if (crl != null) {
rep.setMessageData(createSignedData(crl));
} else {
buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badCertId);
}
break;
default:
buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badRequest);
}
return rep;
}
Also used :
IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber)
ScepHashAlgo(org.xipki.scep.crypto.ScepHashAlgo)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
ASN1String(org.bouncycastle.asn1.ASN1String)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Date(java.util.Date)
CMSException(org.bouncycastle.cms.CMSException)
MessageDecodingException(org.xipki.scep.exception.MessageDecodingException)
CertificateException(java.security.cert.CertificateException)
IssuerAndSubject(org.xipki.scep.message.IssuerAndSubject)
TransactionId(org.xipki.scep.transaction.TransactionId)
DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage)
PkiMessage(org.xipki.scep.message.PkiMessage)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
MessageType(org.xipki.scep.transaction.MessageType)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 2 with TransactionId
use of org.xipki.scep.transaction.TransactionId in project xipki by xipki.
the class Client method scepCertPoll.
public EnrolmentResponse scepCertPoll(PrivateKey identityKey, X509Certificate identityCert, CertificationRequest csr, X500Name issuer) throws ScepClientException {
ScepUtil.requireNonNull("csr", csr);
TransactionId tid;
try {
tid = TransactionId.sha1TransactionId(csr.getCertificationRequestInfo().getSubjectPublicKeyInfo());
} catch (InvalidKeySpecException ex) {
throw new ScepClientException(ex.getMessage(), ex);
}
return scepCertPoll(identityKey, identityCert, tid, issuer, csr.getCertificationRequestInfo().getSubject());
}
Also used :
ScepClientException(org.xipki.scep.client.exception.ScepClientException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
TransactionId(org.xipki.scep.transaction.TransactionId)
Example 3 with TransactionId
use of org.xipki.scep.transaction.TransactionId in project xipki by xipki.
the class DecodedPkiMessage method decode.
@SuppressWarnings("unchecked")
public static DecodedPkiMessage decode(CMSSignedData pkiMessage, EnvelopedDataDecryptor recipient, CollectionStore<X509CertificateHolder> certStore) throws MessageDecodingException {
ScepUtil.requireNonNull("pkiMessage", pkiMessage);
ScepUtil.requireNonNull("recipient", recipient);
SignerInformationStore signerStore = pkiMessage.getSignerInfos();
Collection<SignerInformation> signerInfos = signerStore.getSigners();
if (signerInfos.size() != 1) {
throw new MessageDecodingException("number of signerInfos is not 1, but " + signerInfos.size());
}
SignerInformation signerInfo = signerInfos.iterator().next();
SignerId sid = signerInfo.getSID();
Collection<?> signedDataCerts = null;
if (certStore != null) {
signedDataCerts = certStore.getMatches(sid);
}
if (signedDataCerts == null || signedDataCerts.isEmpty()) {
signedDataCerts = pkiMessage.getCertificates().getMatches(signerInfo.getSID());
}
if (signedDataCerts == null || signedDataCerts.size() != 1) {
throw new MessageDecodingException("could not find embedded certificate to verify the signature");
}
AttributeTable signedAttrs = signerInfo.getSignedAttributes();
if (signedAttrs == null) {
throw new MessageDecodingException("missing SCEP attributes");
}
Date signingTime = null;
// signingTime
ASN1Encodable attrValue = ScepUtil.getFirstAttrValue(signedAttrs, CMSAttributes.signingTime);
if (attrValue != null) {
signingTime = Time.getInstance(attrValue).getDate();
}
// transactionId
String str = getPrintableStringAttrValue(signedAttrs, ScepObjectIdentifiers.ID_TRANSACTION_ID);
if (str == null || str.isEmpty()) {
throw new MessageDecodingException("missing required SCEP attribute transactionId");
}
TransactionId transactionId = new TransactionId(str);
// messageType
Integer intValue = getIntegerPrintStringAttrValue(signedAttrs, ScepObjectIdentifiers.ID_MESSAGE_TYPE);
if (intValue == null) {
throw new MessageDecodingException("tid " + transactionId.getId() + ": missing required SCEP attribute messageType");
}
MessageType messageType;
try {
messageType = MessageType.forValue(intValue);
} catch (IllegalArgumentException ex) {
throw new MessageDecodingException("tid " + transactionId.getId() + ": invalid messageType '" + intValue + "'");
}
// senderNonce
Nonce senderNonce = getNonceAttrValue(signedAttrs, ScepObjectIdentifiers.ID_SENDER_NONCE);
if (senderNonce == null) {
throw new MessageDecodingException("tid " + transactionId.getId() + ": missing required SCEP attribute senderNonce");
}
DecodedPkiMessage ret = new DecodedPkiMessage(transactionId, messageType, senderNonce);
if (signingTime != null) {
ret.setSigningTime(signingTime);
}
Nonce recipientNonce = null;
try {
recipientNonce = getNonceAttrValue(signedAttrs, ScepObjectIdentifiers.ID_RECIPIENT_NONCE);
} catch (MessageDecodingException ex) {
ret.setFailureMessage("could not parse recipientNonce: " + ex.getMessage());
}
if (recipientNonce != null) {
ret.setRecipientNonce(recipientNonce);
}
PkiStatus pkiStatus = null;
FailInfo failInfo = null;
if (MessageType.CertRep == messageType) {
// pkiStatus
try {
intValue = getIntegerPrintStringAttrValue(signedAttrs, ScepObjectIdentifiers.ID_PKI_STATUS);
} catch (MessageDecodingException ex) {
ret.setFailureMessage("could not parse pkiStatus: " + ex.getMessage());
return ret;
}
if (intValue == null) {
ret.setFailureMessage("missing required SCEP attribute pkiStatus");
return ret;
}
try {
pkiStatus = PkiStatus.forValue(intValue);
} catch (IllegalArgumentException ex) {
ret.setFailureMessage("invalid pkiStatus '" + intValue + "'");
return ret;
}
ret.setPkiStatus(pkiStatus);
// failureInfo
if (pkiStatus == PkiStatus.FAILURE) {
try {
intValue = getIntegerPrintStringAttrValue(signedAttrs, ScepObjectIdentifiers.ID_FAILINFO);
} catch (MessageDecodingException ex) {
ret.setFailureMessage("could not parse failInfo: " + ex.getMessage());
return ret;
}
if (intValue == null) {
ret.setFailureMessage("missing required SCEP attribute failInfo");
return ret;
}
try {
failInfo = FailInfo.forValue(intValue);
} catch (IllegalArgumentException ex) {
ret.setFailureMessage("invalid failInfo '" + intValue + "'");
return ret;
}
ret.setFailInfo(failInfo);
}
// end if(pkiStatus == PkiStatus.FAILURE)
}
// end if (MessageType.CertRep == messageType)
// other signedAttributes
Attribute[] attrs = signedAttrs.toASN1Structure().getAttributes();
for (Attribute attr : attrs) {
ASN1ObjectIdentifier type = attr.getAttrType();
if (!SCEP_ATTR_TYPES.contains(type)) {
ret.addSignendAttribute(type, attr.getAttrValues().getObjectAt(0));
}
}
// unsignedAttributes
AttributeTable unsignedAttrs = signerInfo.getUnsignedAttributes();
attrs = (unsignedAttrs == null) ? null : unsignedAttrs.toASN1Structure().getAttributes();
if (attrs != null) {
for (Attribute attr : attrs) {
ASN1ObjectIdentifier type = attr.getAttrType();
ret.addUnsignendAttribute(type, attr.getAttrValues().getObjectAt(0));
}
}
ASN1ObjectIdentifier digestAlgOid = signerInfo.getDigestAlgorithmID().getAlgorithm();
ret.setDigestAlgorithm(digestAlgOid);
String sigAlgOid = signerInfo.getEncryptionAlgOID();
if (!PKCSObjectIdentifiers.rsaEncryption.getId().equals(sigAlgOid)) {
ASN1ObjectIdentifier tmpDigestAlgOid;
try {
tmpDigestAlgOid = ScepUtil.extractDigesetAlgorithmIdentifier(signerInfo.getEncryptionAlgOID(), signerInfo.getEncryptionAlgParams());
} catch (Exception ex) {
final String msg = "could not extract digest algorithm from signerInfo.signatureAlgorithm: " + ex.getMessage();
LOG.error(msg);
LOG.debug(msg, ex);
ret.setFailureMessage(msg);
return ret;
}
if (!digestAlgOid.equals(tmpDigestAlgOid)) {
ret.setFailureMessage("digestAlgorithm and encryptionAlgorithm do not use the same digestAlgorithm");
return ret;
}
// end if
}
// end if
X509CertificateHolder tmpSignerCert = (X509CertificateHolder) signedDataCerts.iterator().next();
X509Certificate signerCert;
try {
signerCert = ScepUtil.toX509Cert(tmpSignerCert.toASN1Structure());
} catch (CertificateException ex) {
final String msg = "could not construct X509Certificate: " + ex.getMessage();
LOG.error(msg);
LOG.debug(msg, ex);
ret.setFailureMessage(msg);
return ret;
}
ret.setSignatureCert(signerCert);
// validate the signature
SignerInformationVerifier verifier;
try {
verifier = new JcaSimpleSignerInfoVerifierBuilder().build(tmpSignerCert);
} catch (OperatorCreationException | CertificateException ex) {
final String msg = "could not build signature verifier: " + ex.getMessage();
LOG.error(msg);
LOG.debug(msg, ex);
ret.setFailureMessage(msg);
return ret;
}
boolean signatureValid;
try {
signatureValid = signerInfo.verify(verifier);
} catch (CMSException ex) {
final String msg = "could not verify the signature: " + ex.getMessage();
LOG.error(msg);
LOG.debug(msg, ex);
ret.setFailureMessage(msg);
return ret;
}
ret.setSignatureValid(signatureValid);
if (!signatureValid) {
return ret;
}
if (MessageType.CertRep == messageType && (pkiStatus == PkiStatus.FAILURE | pkiStatus == PkiStatus.PENDING)) {
return ret;
}
// MessageData
CMSTypedData signedContent = pkiMessage.getSignedContent();
ASN1ObjectIdentifier signedContentType = signedContent.getContentType();
if (!CMSObjectIdentifiers.envelopedData.equals(signedContentType)) {
// fall back: some SCEP client, such as JSCEP use id-data
if (!CMSObjectIdentifiers.data.equals(signedContentType)) {
ret.setFailureMessage("either id-envelopedData or id-data is excepted, but not '" + signedContentType.getId());
return ret;
}
}
CMSEnvelopedData envData;
try {
envData = new CMSEnvelopedData((byte[]) signedContent.getContent());
} catch (CMSException ex) {
final String msg = "could not create the CMSEnvelopedData: " + ex.getMessage();
LOG.error(msg);
LOG.debug(msg, ex);
ret.setFailureMessage(msg);
return ret;
}
ret.setContentEncryptionAlgorithm(envData.getContentEncryptionAlgorithm().getAlgorithm());
byte[] encodedMessageData;
try {
encodedMessageData = recipient.decrypt(envData);
} catch (MessageDecodingException ex) {
final String msg = "could not create the CMSEnvelopedData: " + ex.getMessage();
LOG.error(msg);
LOG.debug(msg, ex);
ret.setFailureMessage(msg);
ret.setDecryptionSuccessful(false);
return ret;
}
ret.setDecryptionSuccessful(true);
try {
if (MessageType.PKCSReq == messageType || MessageType.RenewalReq == messageType || MessageType.UpdateReq == messageType) {
CertificationRequest messageData = CertificationRequest.getInstance(encodedMessageData);
ret.setMessageData(messageData);
} else if (MessageType.CertPoll == messageType) {
IssuerAndSubject messageData = IssuerAndSubject.getInstance(encodedMessageData);
ret.setMessageData(messageData);
} else if (MessageType.GetCert == messageType || MessageType.GetCRL == messageType) {
IssuerAndSerialNumber messageData = IssuerAndSerialNumber.getInstance(encodedMessageData);
ret.setMessageData(messageData);
ret.setMessageData(messageData);
} else if (MessageType.CertRep == messageType) {
ContentInfo ci = ContentInfo.getInstance(encodedMessageData);
ret.setMessageData(ci);
} else {
throw new RuntimeException("should not reach here, unknown messageType " + messageType);
}
} catch (Exception ex) {
final String msg = "could not parse the messageData: " + ex.getMessage();
LOG.error(msg);
LOG.debug(msg, ex);
ret.setFailureMessage(msg);
return ret;
}
return ret;
}
Also used :
IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber)
Attribute(org.bouncycastle.asn1.cms.Attribute)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
SignerInformation(org.bouncycastle.cms.SignerInformation)
CertificateException(java.security.cert.CertificateException)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
FailInfo(org.xipki.scep.transaction.FailInfo)
SignerInformationVerifier(org.bouncycastle.cms.SignerInformationVerifier)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
MessageType(org.xipki.scep.transaction.MessageType)
PkiStatus(org.xipki.scep.transaction.PkiStatus)
CMSEnvelopedData(org.bouncycastle.cms.CMSEnvelopedData)
CMSTypedData(org.bouncycastle.cms.CMSTypedData)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
Date(java.util.Date)
CMSException(org.bouncycastle.cms.CMSException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
MessageDecodingException(org.xipki.scep.exception.MessageDecodingException)
CertificateException(java.security.cert.CertificateException)
X509Certificate(java.security.cert.X509Certificate)
TransactionId(org.xipki.scep.transaction.TransactionId)
Nonce(org.xipki.scep.transaction.Nonce)
MessageDecodingException(org.xipki.scep.exception.MessageDecodingException)
SignerId(org.bouncycastle.cms.SignerId)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
CMSException(org.bouncycastle.cms.CMSException)
Example 4 with TransactionId
use of org.xipki.scep.transaction.TransactionId in project xipki by xipki.
the class Client method enroll.
private EnrolmentResponse enroll(MessageType messageType, CertificationRequest csr, PrivateKey identityKey, X509Certificate identityCert) throws ScepClientException {
TransactionId tid;
try {
tid = TransactionId.sha1TransactionId(csr.getCertificationRequestInfo().getSubjectPublicKeyInfo());
} catch (InvalidKeySpecException ex) {
throw new ScepClientException(ex.getMessage(), ex);
}
PkiMessage pkiMessage = new PkiMessage(tid, messageType);
pkiMessage.setMessageData(csr);
ContentInfo envRequest = encryptThenSign(pkiMessage, identityKey, identityCert);
ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest);
CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert);
assertSameNonce(pkiMessage, response);
return new EnrolmentResponse(response);
}
Also used :
ScepClientException(org.xipki.scep.client.exception.ScepClientException)
DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage)
PkiMessage(org.xipki.scep.message.PkiMessage)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
TransactionId(org.xipki.scep.transaction.TransactionId)
Aggregations
TransactionId (org.xipki.scep.transaction.TransactionId)4
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)3
CertificateException (java.security.cert.CertificateException)2
X509Certificate (java.security.cert.X509Certificate)2
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)2
Date (java.util.Date)2
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2
IssuerAndSerialNumber (org.bouncycastle.asn1.cms.IssuerAndSerialNumber)2
CertificationRequest (org.bouncycastle.asn1.pkcs.CertificationRequest)2
CMSException (org.bouncycastle.cms.CMSException)2
ScepClientException (org.xipki.scep.client.exception.ScepClientException)2
MessageDecodingException (org.xipki.scep.exception.MessageDecodingException)2
DecodedPkiMessage (org.xipki.scep.message.DecodedPkiMessage)2
PkiMessage (org.xipki.scep.message.PkiMessage)2
MessageType (org.xipki.scep.transaction.MessageType)2
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1
ASN1String (org.bouncycastle.asn1.ASN1String)1
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)1
Attribute (org.bouncycastle.asn1.cms.Attribute)1
