Example usage for org.bouncycastle.asn1.cmp PKIBody PKIBody

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.cmp PKIBody PKIBody.

Prototype

public PKIBody(int type, ASN1Encodable content) 

Source Link

Document

Creates a new PKIBody.

Usage

From source file:org.cryptable.pki.communication.PKICMPMessages.java

License:Open Source License

/**
 * Creates a certification request// ww  w. j av  a  2s.c o  m
 *
 * @param distinguishedName the distinguished name for the certificate
 * @param keyPair the key pair to certify, you have to remove the private key so the CA won't archive it
 * @return return the binary ASN.1 message for a certification request
 * @throws CertificateEncodingException
 * @throws CMSException
 * @throws CRMFException
 * @throws OperatorCreationException
 * @throws CMPException
 * @throws IOException
 */
private byte[] createCertificateMessage(String distinguishedName, KeyPair keyPair, int requestType)
        throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException,
        CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException {

    JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ZERO);

    // Basic certificate requests
    certReqBuild.setSubject(new X500Name(distinguishedName));

    // Add key pair
    if (keyPair != null) {
        byte[] bRSAKey = keyPair.getPublic().getEncoded();
        certReqBuild.setPublicKey(new SubjectPublicKeyInfo(ASN1Sequence.getInstance(bRSAKey)));
        if (keyPair.getPrivate() != null) {
            certReqBuild.addControl(
                    new JcaPKIArchiveControlBuilder(keyPair.getPrivate(), new X500Principal(distinguishedName))
                            .addRecipientGenerator(
                                    new JceKeyTransRecipientInfoGenerator(pkiKeyStore.getRecipientCertificate())
                                            .setProvider(pkiKeyStore.getProvider()))
                            .build(new JceCMSContentEncryptorBuilder(
                                    new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.DES_EDE3_CBC))
                                            .setProvider(pkiKeyStore.getProvider()).build()));
        }
    }

    if (optionalValidity != null) {
        Field field = certReqBuild.getClass().getSuperclass().getDeclaredField("templateBuilder");
        field.setAccessible(true);
        CertTemplateBuilder certTemplateBuilder = (CertTemplateBuilder) field.get(certReqBuild);
        certTemplateBuilder.setValidity(optionalValidity);
    }

    if (extensions != null) {
        for (Extension extension : extensions)
            certReqBuild.addExtension(extension.getExtnId(), extension.isCritical(),
                    extension.getParsedValue());
    }

    CertReqMessages certReqMsgs = new CertReqMessages(certReqBuild.build().toASN1Structure());

    return createProtectedPKIMessage(new PKIBody(requestType, certReqMsgs));
}

---

From source file:org.cryptable.pki.communication.PKICMPMessages.java

License:Open Source License

/**
 * Update a certification request with local key generation
 *
 * @param certificate to be updated/*from  w  ww  . j  av  a2  s  . c  o m*/
 * @return return the binary ASN.1 message for a certification request
 * @throws CertificateEncodingException
 * @throws CMSException
 * @throws CRMFException
 * @throws OperatorCreationException
 * @throws CMPException
 * @throws IOException
 */
public byte[] createKeyUpdateMessageWithLocalKey(X509Certificate certificate, KeyPair keyPair)
        throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException,
        CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException {
    JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ZERO);
    X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder(certificate);

    certReqBuild.setSubject(x509CertificateHolder.getSubject());
    certReqBuild.setIssuer(x509CertificateHolder.getIssuer());
    certReqBuild.setSerialNumber(x509CertificateHolder.getSerialNumber());
    if (keyPair != null) {
        certReqBuild.setPublicKey(keyPair.getPublic());
        if (keyPair.getPrivate() != null) {
            certReqBuild.addControl(
                    new JcaPKIArchiveControlBuilder(keyPair.getPrivate(), x509CertificateHolder.getIssuer())
                            .addRecipientGenerator(
                                    new JceKeyTransRecipientInfoGenerator(pkiKeyStore.getRecipientCertificate())
                                            .setProvider(pkiKeyStore.getProvider()))
                            .build(new JceCMSContentEncryptorBuilder(
                                    new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.DES_EDE3_CBC))
                                            .setProvider(pkiKeyStore.getProvider()).build()));

        }
    } else
        certReqBuild.setPublicKey(x509CertificateHolder.getSubjectPublicKeyInfo());

    if (extensions != null) {
        for (Extension extension : extensions)
            certReqBuild.addExtension(extension.getExtnId(), extension.isCritical(),
                    extension.getParsedValue());
    } else {
        if (x509CertificateHolder.getExtensions() != null) {
            for (ASN1ObjectIdentifier oid : x509CertificateHolder.getExtensions().getExtensionOIDs()) {
                certReqBuild.addExtension(oid,
                        x509CertificateHolder.getExtensions().getExtension(oid).isCritical(),
                        x509CertificateHolder.getExtensions().getExtensionParsedValue(oid));
            }
        }
    }

    OptionalValidity tempOptionalValidity;
    if (optionalValidity != null) {
        tempOptionalValidity = optionalValidity;
    } else {
        tempOptionalValidity = new OptionalValidity(new Time(x509CertificateHolder.getNotBefore()),
                new Time(x509CertificateHolder.getNotAfter()));
    }
    Field field = certReqBuild.getClass().getSuperclass().getDeclaredField("templateBuilder");
    field.setAccessible(true);
    CertTemplateBuilder certTemplateBuilder = (CertTemplateBuilder) field.get(certReqBuild);
    certTemplateBuilder.setValidity(tempOptionalValidity);

    CertReqMessages certReqMsgs = new CertReqMessages(certReqBuild.build().toASN1Structure());

    return createProtectedPKIMessage(new PKIBody(PKIBody.TYPE_KEY_UPDATE_REQ, certReqMsgs));
}

---

From source file:org.cryptable.pki.communication.PKICMPMessages.java

License:Open Source License

/**
 * Update a certification request with remote key generation
 *
 * @param certificate to be updated//from w  ww.j  ava 2  s  . c  o  m
 * @return return the binary ASN.1 message for a certification request
 * @throws CertificateEncodingException
 * @throws CMSException
 * @throws CRMFException
 * @throws OperatorCreationException
 * @throws CMPException
 * @throws IOException
 */
public byte[] createKeyUpdateMessageWithRemoteKey(X509Certificate certificate)
        throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException,
        CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException {
    JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ZERO);
    X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder(certificate);

    certReqBuild.setSubject(x509CertificateHolder.getSubject());
    certReqBuild.setIssuer(x509CertificateHolder.getIssuer());
    certReqBuild.setSerialNumber(x509CertificateHolder.getSerialNumber());

    if (extensions != null) {
        for (Extension extension : extensions)
            certReqBuild.addExtension(extension.getExtnId(), extension.isCritical(),
                    extension.getParsedValue());
    } else {
        if (x509CertificateHolder.getExtensions() != null) {
            for (ASN1ObjectIdentifier oid : x509CertificateHolder.getExtensions().getExtensionOIDs()) {
                certReqBuild.addExtension(oid,
                        x509CertificateHolder.getExtensions().getExtension(oid).isCritical(),
                        x509CertificateHolder.getExtensions().getExtensionParsedValue(oid));
            }
        }
    }

    OptionalValidity tempOptionalValidity;
    if (optionalValidity != null) {
        tempOptionalValidity = optionalValidity;
    } else {
        tempOptionalValidity = new OptionalValidity(new Time(x509CertificateHolder.getNotBefore()),
                new Time(x509CertificateHolder.getNotAfter()));
    }
    Field field = certReqBuild.getClass().getSuperclass().getDeclaredField("templateBuilder");
    field.setAccessible(true);
    CertTemplateBuilder certTemplateBuilder = (CertTemplateBuilder) field.get(certReqBuild);
    certTemplateBuilder.setValidity(tempOptionalValidity);

    CertReqMessages certReqMsgs = new CertReqMessages(certReqBuild.build().toASN1Structure());

    return createProtectedPKIMessage(new PKIBody(PKIBody.TYPE_KEY_UPDATE_REQ, certReqMsgs));
}

---

From source file:org.cryptable.pki.communication.PKICMPMessages.java

License:Open Source License

/**
 * Revoke a certificate/* w w w  . j  av a  2  s .c o m*/
 *
 */
public byte[] createRevocationMessage(RevocationInput[] revocationInputs)
        throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException,
        CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException {
    List<RevDetails> revDetailsList = new ArrayList<RevDetails>(revocationInputs.length);

    for (RevocationInput revocationInput : revocationInputs) {
        List<Extension> extensions = new ArrayList<Extension>();
        X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder(
                revocationInput.getX509Certificate());
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();

        // Template to fill in
        certTemplateBuilder.setSubject(x509CertificateHolder.getSubject())
                .setIssuer(x509CertificateHolder.getIssuer())
                .setSerialNumber(new ASN1Integer(x509CertificateHolder.getSerialNumber()))
                .setPublicKey(x509CertificateHolder.getSubjectPublicKeyInfo());

        // Optional Revocation Extensions
        if (revocationInput.getReasonCode() != -1) {
            extensions.add(new Extension(Extension.reasonCode, false,
                    new ReasonFlags(revocationInput.getReasonCode()).getEncoded()));
        }
        if (revocationInput.getInvalidityDate() != null) {
            extensions.add(new Extension(Extension.invalidityDate, false,
                    new Time(revocationInput.getInvalidityDate()).getEncoded()));
        }
        if (extensions.size() == 0) {
            revDetailsList.add(new RevDetails(certTemplateBuilder.build()));
        } else {
            revDetailsList.add(new RevDetails(certTemplateBuilder.build(),
                    new Extensions(extensions.toArray(new Extension[extensions.size()]))));
        }
    }

    RevReqContent revReqContent = new RevReqContent(
            revDetailsList.toArray(new RevDetails[revDetailsList.size()]));
    return createProtectedPKIMessage(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, revReqContent));
}

---

From source file:org.cryptable.pki.communication.PKICMPMessages.java

License:Open Source License

/**
 * This creates a message to confirm a certification message
 *
 * @param x509Certificate the certificate to confirm
 * @return return the binary ASN.1 message to confirm certificate
 * @throws CertificateEncodingException/*  w  w w.  j a  va 2  s  . c  om*/
 * @throws IOException
 * @throws OperatorCreationException
 * @throws CMPException
 */
public byte[] createConfirmationMessage(X509Certificate x509Certificate, BigInteger certificateID)
        throws CertificateEncodingException, IOException, OperatorCreationException, CMPException,
        PKICMPMessageException {
    CertificateConfirmationContentBuilder certificateConfirmationContentBuilder = new CertificateConfirmationContentBuilder();
    X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(x509Certificate.getEncoded());
    certificateConfirmationContentBuilder.addAcceptedCertificate(x509CertificateHolder, certificateID);

    return createProtectedPKIMessage(
            new PKIBody(PKIBody.TYPE_CERT_CONFIRM, certificateConfirmationContentBuilder
                    .build(new JcaDigestCalculatorProviderBuilder().build()).toASN1Structure()));
}

---

From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java

License:Open Source License

private byte[] createInitializationRespons1(byte[] senderNonce, byte[] transactionId) throws CMPException,
        CertificateEncodingException, OperatorCreationException, PKICMPMessageException, IOException {
    X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder(pki.getTestUser3Cert());

    // Body/* ww  w  .  j  av  a2  s. c  o  m*/
    CertResponse certResponse = new CertResponse(new ASN1Integer(0), new PKIStatusInfo(PKIStatus.granted),
            new CertifiedKeyPair(
                    new CertOrEncCert(new CMPCertificate(x509CertificateHolder.toASN1Structure()))),
            null);
    CertResponse[] certResponses = new CertResponse[1];
    certResponses[0] = certResponse;

    PKIBody pkiBody = new PKIBody(PKIBody.TYPE_INIT_REP,
            new CertRepMessage(pkiKeyStoreCA.getCMPCertificateChain(), certResponses));

    return createProtectedPKIMessage(senderNonce, transactionId, pkiBody);

}

---

From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java

License:Open Source License

private byte[] createInitializationRespons2(byte[] senderNonce, byte[] transactionId) throws CMPException,
        CertificateEncodingException, OperatorException, PKICMPMessageException, IOException, CRMFException {
    X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder(pki.getTestUser3Cert());

    //encrypt Private Key
    KeyWrapper keyWrapper = new JceAsymmetricKeyWrapper(pkiKeyStoreCA.getRecipientCertificate().getPublicKey())
            .setProvider("BC");
    OutputEncryptor encryptor = new JceCRMFEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider("BC")
            .build();//from www  . j a  v a2  s . c  om
    ByteArrayOutputStream bOut = new ByteArrayOutputStream();

    OutputStream eOut = encryptor.getOutputStream(bOut);
    eOut.write(pki.getTestUser3CertPrivateKey().getEncoded());
    eOut.close();

    AlgorithmIdentifier intendedAlg = null;
    AlgorithmIdentifier symmAlg = encryptor.getAlgorithmIdentifier();
    DERBitString encSymmKey;
    keyWrapper.generateWrappedKey(encryptor.getKey());
    encSymmKey = new DERBitString(keyWrapper.generateWrappedKey(encryptor.getKey()));

    AlgorithmIdentifier keyAlg = keyWrapper.getAlgorithmIdentifier();
    ASN1OctetString valueHint = null;
    DERBitString encValue = new DERBitString(bOut.toByteArray());

    EncryptedValue encryptedPrivateKey = new EncryptedValue(intendedAlg, symmAlg, encSymmKey, keyAlg, valueHint,
            encValue);

    // Body
    CertResponse certResponse = new CertResponse(new ASN1Integer(0), new PKIStatusInfo(PKIStatus.granted),
            new CertifiedKeyPair(new CertOrEncCert(new CMPCertificate(x509CertificateHolder.toASN1Structure())),
                    encryptedPrivateKey, null),
            null);
    CertResponse[] certResponses = new CertResponse[1];
    certResponses[0] = certResponse;

    PKIBody pkiBody = new PKIBody(PKIBody.TYPE_INIT_REP,
            new CertRepMessage(pkiKeyStoreCA.getCMPCertificateChain(), certResponses));

    return createProtectedPKIMessage(senderNonce, transactionId, pkiBody);

}

---

From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java

License:Open Source License

private byte[] createRevocationRespons1(byte[] senderNonce, byte[] transactionId)
        throws CRLException, CMPException, CertificateEncodingException, OperatorCreationException,
        PKICMPMessageException, IOException {

    RevRepContentBuilder revRepContentBuilder = new RevRepContentBuilder();
    revRepContentBuilder.add(new PKIStatusInfo(PKIStatus.granted),
            new CertId(new GeneralName(JcaX500NameUtil.getIssuer(pki.getRevokedCert())),
                    pki.getRevokedCert().getSerialNumber()));
    revRepContentBuilder.addCrl(new JcaX509CRLHolder(pki.getX509CRL()).toASN1Structure());

    PKIBody pkiBody = new PKIBody(PKIBody.TYPE_REVOCATION_REP, revRepContentBuilder.build());

    return createProtectedPKIMessage(senderNonce, transactionId, pkiBody);

}

---

From source file:org.ejbca.core.protocol.cmp.CmpConfirmResponseMessage.java

License:Open Source License

@Override
public boolean create() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException {
    final PKIHeaderBuilder myPKIHeader = CmpMessageHelper.createPKIHeaderBuilder(getSender(), getRecipient(),
            getSenderNonce(), getRecipientNonce(), getTransactionId());
    final PKIBody myPKIBody = new PKIBody(19, DERNull.INSTANCE);
    PKIMessage myPKIMessage = null;//from ww w .  j a va2 s  .co m

    if ((getPbeDigestAlg() != null) && (getPbeMacAlg() != null) && (getPbeKeyId() != null)
            && (getPbeKey() != null)) {
        myPKIHeader.setProtectionAlg(new AlgorithmIdentifier(getPbeDigestAlg()));
        myPKIMessage = new PKIMessage(myPKIHeader.build(), myPKIBody);
        responseMessage = CmpMessageHelper.protectPKIMessageWithPBE(myPKIMessage, getPbeKeyId(), getPbeKey(),
                getPbeDigestAlg(), getPbeMacAlg(), getPbeIterationCount());
    } else {
        if ((signCertChain != null) && (signCertChain.size() > 0) && (signKey != null)) {
            try {
                myPKIHeader.setProtectionAlg(new AlgorithmIdentifier(digestAlg));
                myPKIMessage = new PKIMessage(myPKIHeader.build(), myPKIBody);
                responseMessage = CmpMessageHelper.signPKIMessage(myPKIMessage, signCertChain, signKey,
                        digestAlg, provider);
            } catch (CertificateEncodingException e) {
                log.error("Error creating CmpConfirmMessage: ", e);
            } catch (SecurityException e) {
                log.error("Error creating CmpConfirmMessage: ", e);
            } catch (SignatureException e) {
                log.error("Error creating CmpConfirmMessage: ", e);
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Not signing CMP Confirm Response, because signCert or signKey is not set.");
            }
        }
        // If we could not create the signed response message, create a non-protected one instead.
        if (responseMessage == null) {
            responseMessage = CmpMessageHelper.pkiMessageToByteArray(myPKIMessage);
        }
    }
    return true;
}

---

From source file:org.ejbca.core.protocol.cmp.CmpErrorResponseMessage.java

License:Open Source License

@Override
public boolean create() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException {
    final PKIHeaderBuilder myPKIHeaderBuilder = CmpMessageHelper.createPKIHeaderBuilder(getSender(),
            getRecipient(), getSenderNonce(), getRecipientNonce(), getTransactionId());
    boolean pbeProtected = (getPbeDigestAlg() != null) && (getPbeMacAlg() != null) && (getPbeKeyId() != null)
            && (getPbeKey() != null);
    if (pbeProtected) {
        myPKIHeaderBuilder.setProtectionAlg(new AlgorithmIdentifier(CMPObjectIdentifiers.passwordBasedMac));
    }// w  w w .  j  a  va  2  s  . c o  m
    final PKIHeader myPKIHeader = myPKIHeaderBuilder.build();

    PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(PKIStatus.rejection);
    if (failInfo != null && failText != null) {
        myPKIStatusInfo = new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(new DERUTF8String(failText)),
                CmpMessageHelper.getPKIFailureInfo(failInfo.intValue()));
    } else if (failText != null) {
        myPKIStatusInfo = new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(new DERUTF8String(failText)));
    }

    PKIBody myPKIBody = null;
    log.debug("Create error message from requestType: " + requestType);
    if (requestType == 0 || requestType == 2) {
        myPKIBody = CmpMessageHelper.createCertRequestRejectBody(myPKIStatusInfo, requestId, requestType);
    } else {
        ErrorMsgContent myErrorContent = new ErrorMsgContent(myPKIStatusInfo);
        myPKIBody = new PKIBody(23, myErrorContent); // 23 = error                  
    }
    PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody);
    if (pbeProtected) {
        responseMessage = CmpMessageHelper.protectPKIMessageWithPBE(myPKIMessage, getPbeKeyId(), getPbeKey(),
                getPbeDigestAlg(), getPbeMacAlg(), getPbeIterationCount());
    } else {
        responseMessage = CmpMessageHelper.pkiMessageToByteArray(myPKIMessage);
    }
    return true;
}

---

• «
• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• »