Search in sources :

Example 1 with DigitallySigned

use of org.xipki.security.ctlog.CtLog.DigitallySigned in project xipki by xipki.

the class CtLogServlet method doPost.

@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    try {
        AddPreChainRequest req0 = parse(req.getInputStream(), AddPreChainRequest.class);
        List<byte[]> chain = req0.getChain();
        if (chain == null || chain.size() < 2) {
            String msg = "chain has less than two certificates";
            LOG.warn(msg);
            resp.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
            return;
        }
        Certificate cert = Certificate.getInstance(chain.get(0));
        Certificate caCert = Certificate.getInstance(chain.get(1));
        byte[] issuerKeyHash = HashAlgo.SHA256.hash(caCert.getSubjectPublicKeyInfo().getEncoded());
        byte[] preCertTbsCert = CtLog.getPreCertTbsCert(cert.getTBSCertificate());
        byte sctVersion = 0;
        long timestamp = System.currentTimeMillis();
        byte[] sctExtensions = null;
        Signature sig = Signature.getInstance(signatureAlgo);
        sig.initSign(signingKey);
        CtLog.update(sig, sctVersion, timestamp, sctExtensions, issuerKeyHash, preCertTbsCert);
        byte[] signature = sig.sign();
        AddPreChainResponse resp0 = new AddPreChainResponse();
        resp0.setSct_version(sctVersion);
        resp0.setId(logId);
        resp0.setTimestamp(timestamp);
        DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);
        resp0.setSignature(digitallySigned.getEncoded());
        byte[] respContent = JSON.toJSONBytes(resp0);
        resp.setContentType("application/json");
        resp.setContentLengthLong(respContent.length);
        resp.getOutputStream().write(respContent);
        resp.setStatus(HttpServletResponse.SC_OK);
    } catch (Exception ex) {
        LogUtil.error(LOG, ex);
        throw new ServletException(ex.getMessage(), ex);
    }
}
Also used : ServletException(javax.servlet.ServletException) DigitallySigned(org.xipki.security.ctlog.CtLog.DigitallySigned) Signature(java.security.Signature) AddPreChainRequest(org.xipki.security.ctlog.CtLogMessages.AddPreChainRequest) AddPreChainResponse(org.xipki.security.ctlog.CtLogMessages.AddPreChainResponse) ServletException(javax.servlet.ServletException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Certificate(org.bouncycastle.asn1.x509.Certificate)

Aggregations

IOException (java.io.IOException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 Signature (java.security.Signature)1 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1 ServletException (javax.servlet.ServletException)1 Certificate (org.bouncycastle.asn1.x509.Certificate)1 DigitallySigned (org.xipki.security.ctlog.CtLog.DigitallySigned)1 AddPreChainRequest (org.xipki.security.ctlog.CtLogMessages.AddPreChainRequest)1 AddPreChainResponse (org.xipki.security.ctlog.CtLogMessages.AddPreChainResponse)1