Example usage for org.bouncycastle.asn1.cmp CertRepMessage getInstance

List of usage examples for org.bouncycastle.asn1.cmp CertRepMessage getInstance

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.cmp.*
  5. CertRepMessage
  6. getInstance

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.cmp CertRepMessage getInstance.

Prototype

public static CertRepMessage getInstance(Object o)

Source Link

Usage

From source file:org.cryptable.pki.communication.PKICMPMessages.java

License:Open Source License

/**
 * Process the certification in the PKIBody content. This is used by the initialization process
 * certification and keyupdate process//from  w  w w.  jav  a 2  s  . c  o  m
 *
 * @param pkiBody
 * @return
 * @throws IOException
 * @throws CMSException
 * @throws CRMFException
 * @throws InvalidKeySpecException
 * @throws NoSuchAlgorithmException
 * @throws CertificateException
 */
CertificationResult processCertification(PKIBody pkiBody) throws IOException, CMSException, CRMFException,
        InvalidKeySpecException, NoSuchAlgorithmException, CertificateException {
    CertificationResult certificationResult = new CertificationResult();
    CertRepMessage certRepMessage = CertRepMessage.getInstance(pkiBody.getContent());
    CertResponse[] certResponses = certRepMessage.getResponse();
    certificationResult.setCertificateId(certResponses[0].getCertReqId().getValue());
    CMPCertificate certificate = certResponses[0].getCertifiedKeyPair().getCertOrEncCert().getCertificate();

    certificationResult.setX509Certificate(new JcaX509CertificateConverter()
            .getCertificate(new X509CertificateHolder(certificate.getX509v3PKCert())));

    EncryptedValue encPrivateKey = certResponses[0].getCertifiedKeyPair().getPrivateKey();
    if (encPrivateKey != null) {
        JceAsymmetricValueDecryptorGenerator jceAsymmetricValueDecryptorGenerator = new JceAsymmetricValueDecryptorGenerator(
                pkiKeyStore.getSenderPrivateKey());
        InputDecryptor decryptor = jceAsymmetricValueDecryptorGenerator.getValueDecryptor(
                encPrivateKey.getKeyAlg(), encPrivateKey.getSymmAlg(),
                encPrivateKey.getEncSymmKey().getBytes());
        InputStream dataIn = decryptor
                .getInputStream(new ByteArrayInputStream(encPrivateKey.getEncValue().getBytes()));
        byte[] data = Streams.readAll(dataIn);
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(data);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");

        certificationResult.setPrivateKey(keyFactory.generatePrivate(pkcs8EncodedKeySpec));
    }

    CMPCertificate[] caPubs = certRepMessage.getCaPubs();
    for (CMPCertificate cmpCertificate : caPubs) {
        certificationResult.addX509CertificateToChain(new JcaX509CertificateConverter()
                .getCertificate(new X509CertificateHolder(cmpCertificate.getX509v3PKCert())));
    }

    return certificationResult;
}

From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java

License:Open Source License

private EnrollCertResultResp internRequestCertificate(final PKIMessage reqMessage,
        final Map<BigInteger, String> reqIdIdMap, final int expectedBodyType, final RequestResponseDebug debug)
        throws CmpRequestorException, PkiErrorException {
    PkiResponse response = signAndSend(reqMessage, debug);
    checkProtection(response);/*from   w ww .ja va 2  s.c om*/

    PKIBody respBody = response.getPkiMessage().getBody();
    final int bodyType = respBody.getType();

    if (PKIBody.TYPE_ERROR == bodyType) {
        ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
        throw new PkiErrorException(content.getPKIStatusInfo());
    } else if (expectedBodyType != bodyType) {
        throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]",
                bodyType, expectedBodyType, PKIBody.TYPE_ERROR));
    }

    CertRepMessage certRep = CertRepMessage.getInstance(respBody.getContent());
    CertResponse[] certResponses = certRep.getResponse();

    EnrollCertResultResp result = new EnrollCertResultResp();

    // CA certificates
    CMPCertificate[] caPubs = certRep.getCaPubs();
    if (caPubs != null && caPubs.length > 0) {
        for (int i = 0; i < caPubs.length; i++) {
            if (caPubs[i] != null) {
                result.addCaCertificate(caPubs[i]);
            }
        }
    }

    CertificateConfirmationContentBuilder certConfirmBuilder = null;
    if (!CmpUtil.isImplictConfirm(response.getPkiMessage().getHeader())) {
        certConfirmBuilder = new CertificateConfirmationContentBuilder();
    }
    boolean requireConfirm = false;

    // We only accept the certificates which are requested.
    for (CertResponse certResp : certResponses) {
        PKIStatusInfo statusInfo = certResp.getStatus();
        int status = statusInfo.getStatus().intValue();
        BigInteger certReqId = certResp.getCertReqId().getValue();
        String thisId = reqIdIdMap.get(certReqId);
        if (thisId != null) {
            reqIdIdMap.remove(certReqId);
        } else if (reqIdIdMap.size() == 1) {
            thisId = reqIdIdMap.values().iterator().next();
            reqIdIdMap.clear();
        }

        if (thisId == null) {
            continue; // ignore it. this cert is not requested by me
        }

        ResultEntry resultEntry;
        if (status == PKIStatus.GRANTED || status == PKIStatus.GRANTED_WITH_MODS) {
            CertifiedKeyPair cvk = certResp.getCertifiedKeyPair();
            if (cvk == null) {
                return null;
            }

            CMPCertificate cmpCert = cvk.getCertOrEncCert().getCertificate();
            if (cmpCert == null) {
                return null;
            }

            resultEntry = new EnrollCertResultEntry(thisId, cmpCert, status);

            if (certConfirmBuilder != null) {
                requireConfirm = true;
                X509CertificateHolder certHolder = null;
                try {
                    certHolder = new X509CertificateHolder(cmpCert.getEncoded());
                } catch (IOException ex) {
                    resultEntry = new ErrorResultEntry(thisId, ClientErrorCode.PKISTATUS_RESPONSE_ERROR,
                            PKIFailureInfo.systemFailure, "could not decode the certificate");
                }

                if (certHolder != null) {
                    certConfirmBuilder.addAcceptedCertificate(certHolder, certReqId);
                }
            }
        } else {
            PKIFreeText statusString = statusInfo.getStatusString();
            String errorMessage = (statusString == null) ? null : statusString.getStringAt(0).getString();
            int failureInfo = statusInfo.getFailInfo().intValue();

            resultEntry = new ErrorResultEntry(thisId, status, failureInfo, errorMessage);
        }
        result.addResultEntry(resultEntry);
    }

    if (CollectionUtil.isNonEmpty(reqIdIdMap)) {
        for (BigInteger reqId : reqIdIdMap.keySet()) {
            ErrorResultEntry ere = new ErrorResultEntry(reqIdIdMap.get(reqId),
                    ClientErrorCode.PKISTATUS_NO_ANSWER);
            result.addResultEntry(ere);
        }
    }

    if (!requireConfirm) {
        return result;
    }

    PKIMessage confirmRequest = buildCertConfirmRequest(response.getPkiMessage().getHeader().getTransactionID(),
            certConfirmBuilder);

    response = signAndSend(confirmRequest, debug);
    checkProtection(response);

    return result;
}