Examples with SignerConf org.xipki.security.SignerConf used on opensource projects

Search in sources :

Example 1 with SignerConf

use of org.xipki.security.SignerConf in project xipki by xipki.

the class OcspServerImpl method initSigner.

private ResponderSigner initSigner(SignerType signerType) throws InvalidConfException {
    X509Certificate[] explicitCertificateChain = null;
    X509Certificate explicitResponderCert = null;
    if (signerType.getCert() != null) {
        explicitResponderCert = parseCert(signerType.getCert());
    }
    if (explicitResponderCert != null) {
        Set<X509Certificate> caCerts = null;
        if (signerType.getCaCerts() != null) {
            caCerts = new HashSet<>();
            for (FileOrValueType certConf : signerType.getCaCerts().getCaCert()) {
                caCerts.add(parseCert(certConf));
            }
        }
        explicitCertificateChain = X509Util.buildCertPath(explicitResponderCert, caCerts);
    }
    String responderSignerType = signerType.getType();
    String responderKeyConf = signerType.getKey();
    List<String> sigAlgos = signerType.getAlgorithms().getAlgorithm();
    List<ConcurrentContentSigner> singleSigners = new ArrayList<>(sigAlgos.size());
    for (String sigAlgo : sigAlgos) {
        try {
            ConcurrentContentSigner requestorSigner = securityFactory.createSigner(responderSignerType, new SignerConf("algo=" + sigAlgo + "," + responderKeyConf), explicitCertificateChain);
            singleSigners.add(requestorSigner);
        } catch (ObjectCreationException ex) {
            throw new InvalidConfException(ex.getMessage(), ex);
        }
    }
    try {
        return new ResponderSigner(singleSigners);
    } catch (CertificateException | IOException ex) {
        throw new InvalidConfException(ex.getMessage(), ex);
    }
}
Also used : FileOrValueType(org.xipki.ocsp.server.impl.jaxb.FileOrValueType) ArrayList(java.util.ArrayList) SignerConf(org.xipki.security.SignerConf) InvalidConfException(org.xipki.common.InvalidConfException) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ObjectCreationException(org.xipki.common.ObjectCreationException)

Example 2 with SignerConf

use of org.xipki.security.SignerConf in project xipki by xipki.

the class X509SelfSignedCertBuilder method generateSelfSigned.

public static GenerateSelfSignedResult generateSelfSigned(SecurityFactory securityFactory, String signerType, String signerConf, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException, InvalidConfException {
    ParamUtil.requireNonNull("securityFactory", securityFactory);
    ParamUtil.requireNonBlank("signerType", signerType);
    ParamUtil.requireNonNull("certprofile", certprofile);
    ParamUtil.requireNonNull("csr", csr);
    ParamUtil.requireNonNull("serialNumber", serialNumber);
    if (serialNumber.compareTo(BigInteger.ZERO) != 1) {
        throw new IllegalArgumentException("serialNumber must not be non-positive: " + serialNumber);
    }
    X509CertLevel level = certprofile.getCertLevel();
    if (X509CertLevel.RootCA != level) {
        throw new IllegalArgumentException("certprofile is not of level " + X509CertLevel.RootCA);
    }
    if (!securityFactory.verifyPopo(csr, null)) {
        throw new InvalidConfException("could not validate POP for the CSR");
    }
    if ("pkcs12".equalsIgnoreCase(signerType) || "jks".equalsIgnoreCase(signerType)) {
        ConfPairs keyValues = new ConfPairs(signerConf);
        String keystoreConf = keyValues.value("keystore");
        if (keystoreConf == null) {
            throw new InvalidConfException("required parameter 'keystore' for types PKCS12 and JKS, is not specified");
        }
    }
    ConcurrentContentSigner signer;
    try {
        List<String[]> signerConfs = CaEntry.splitCaSignerConfs(signerConf);
        List<String> restrictedSigAlgos = certprofile.getSignatureAlgorithms();
        String thisSignerConf = null;
        if (CollectionUtil.isEmpty(restrictedSigAlgos)) {
            thisSignerConf = signerConfs.get(0)[1];
        } else {
            for (String algo : restrictedSigAlgos) {
                for (String[] m : signerConfs) {
                    if (m[0].equals(algo)) {
                        thisSignerConf = m[1];
                        break;
                    }
                }
                if (thisSignerConf != null) {
                    break;
                }
            }
        }
        if (thisSignerConf == null) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CA does not support any signature algorithm restricted by the cert profile");
        }
        signer = securityFactory.createSigner(signerType, new SignerConf(thisSignerConf), (X509Certificate[]) null);
    } catch (XiSecurityException | ObjectCreationException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
    SubjectPublicKeyInfo publicKeyInfo;
    if (signer.getCertificate() != null) {
        // this cert is the dummy one which can be considered only as public key container
        Certificate bcCert;
        try {
            bcCert = Certificate.getInstance(signer.getCertificate().getEncoded());
        } catch (Exception ex) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, "could not reparse certificate: " + ex.getMessage());
        }
        publicKeyInfo = bcCert.getSubjectPublicKeyInfo();
    } else {
        PublicKey signerPublicKey = signer.getPublicKey();
        try {
            publicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signerPublicKey);
        } catch (InvalidKeyException ex) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, "cannot generate SubjectPublicKeyInfo from publicKey: " + ex.getMessage());
        }
    }
    X509Certificate newCert = generateCertificate(signer, certprofile, csr, serialNumber, publicKeyInfo, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
    return new GenerateSelfSignedResult(signerConf, newCert);
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) InvalidConfException(org.xipki.common.InvalidConfException) ConfPairs(org.xipki.common.ConfPairs) SignerConf(org.xipki.security.SignerConf) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ObjectCreationException(org.xipki.common.ObjectCreationException) InvalidKeyException(java.security.InvalidKeyException) XiSecurityException(org.xipki.security.exception.XiSecurityException) NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException) InvalidConfException(org.xipki.common.InvalidConfException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) OperationException(org.xipki.ca.api.OperationException) X509Certificate(java.security.cert.X509Certificate) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) XiSecurityException(org.xipki.security.exception.XiSecurityException) ObjectCreationException(org.xipki.common.ObjectCreationException) X509CertLevel(org.xipki.ca.api.profile.x509.X509CertLevel) OperationException(org.xipki.ca.api.OperationException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 3 with SignerConf

use of org.xipki.security.SignerConf in project xipki by xipki.

the class ResponderEntryWrapper method initSigner.

public void initSigner(SecurityFactory securityFactory) throws ObjectCreationException {
    ParamUtil.requireNonNull("securityFactory", securityFactory);
    if (signer != null) {
        return;
    }
    if (dbEntry == null) {
        throw new ObjectCreationException("dbEntry is null");
    }
    X509Certificate responderCert = dbEntry.getCertificate();
    dbEntry.setConfFaulty(true);
    signer = securityFactory.createSigner(dbEntry.getType(), new SignerConf(dbEntry.getConf()), responderCert);
    if (signer.getCertificate() == null) {
        throw new ObjectCreationException("signer without certificate is not allowed");
    }
    dbEntry.setConfFaulty(false);
    if (dbEntry.getBase64Cert() == null) {
        dbEntry.setCertificate(signer.getCertificate());
        subjectAsX500Name = X500Name.getInstance(signer.getBcCertificate().getSubject());
        subjectAsGeneralName = new GeneralName(subjectAsX500Name);
    }
}
Also used : ObjectCreationException(org.xipki.common.ObjectCreationException) SignerConf(org.xipki.security.SignerConf) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X509Certificate(java.security.cert.X509Certificate)

Example 4 with SignerConf

use of org.xipki.security.SignerConf in project xipki by xipki.

the class X509CaInfo method initSigner.

public boolean initSigner(SecurityFactory securityFactory) throws XiSecurityException {
    if (signers != null) {
        return true;
    }
    dfltSigner = null;
    List<String[]> signerConfs = CaEntry.splitCaSignerConfs(caEntry.getSignerConf());
    Map<String, ConcurrentContentSigner> tmpSigners = new HashMap<>();
    for (String[] m : signerConfs) {
        String algo = m[0];
        SignerConf signerConf = new SignerConf(m[1]);
        ConcurrentContentSigner signer;
        try {
            signer = securityFactory.createSigner(caEntry.getSignerType(), signerConf, caEntry.getCert());
            if (dfltSigner == null) {
                dfltSigner = signer;
            }
            tmpSigners.put(algo, signer);
        } catch (Throwable th) {
            for (ConcurrentContentSigner ccs : tmpSigners.values()) {
                ccs.shutdown();
            }
            tmpSigners.clear();
            throw new XiSecurityException("could not initialize the CA signer");
        }
    }
    this.signers = Collections.unmodifiableMap(tmpSigners);
    return true;
}
Also used : ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) XiSecurityException(org.xipki.security.exception.XiSecurityException) HashMap(java.util.HashMap) SignerConf(org.xipki.security.SignerConf)

Example 5 with SignerConf

use of org.xipki.security.SignerConf in project xipki by xipki.

the class P12CertUpdateCmd method assertMatch.

private void assertMatch(X509Certificate cert, String password) throws ObjectCreationException {
    ConfPairs pairs = new ConfPairs("keystore", "file:" + p12File);
    if (password != null) {
        pairs.putPair("password", new String(password));
    }
    SignerConf conf = new SignerConf(pairs.getEncoded(), HashAlgo.SHA256, null);
    securityFactory.createSigner("PKCS12", conf, cert);
}
Also used : ConfPairs(org.xipki.common.ConfPairs) SignerConf(org.xipki.security.SignerConf)

Aggregations

SignerConf (org.xipki.security.SignerConf)16 X509Certificate (java.security.cert.X509Certificate)13 ObjectCreationException (org.xipki.common.ObjectCreationException)11 IOException (java.io.IOException)8 ConcurrentContentSigner (org.xipki.security.ConcurrentContentSigner)7 CertificateException (java.security.cert.CertificateException)6 XiSecurityException (org.xipki.security.exception.XiSecurityException)6 CertificateEncodingException (java.security.cert.CertificateEncodingException)4 ConfPairs (org.xipki.common.ConfPairs)4 BigInteger (java.math.BigInteger)3 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)3 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3 InvalidKeyException (java.security.InvalidKeyException)2 HashMap (java.util.HashMap)2 NameId (org.xipki.ca.api.NameId)2 AddUserEntry (org.xipki.ca.server.mgmt.api.AddUserEntry)2 CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)2 CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)2 CertprofileEntry (org.xipki.ca.server.mgmt.api.CertprofileEntry)2 CmpControlEntry (org.xipki.ca.server.mgmt.api.CmpControlEntry)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial