List of usage examples for org.bouncycastle.asn1.cmp PKIBody TYPE_CERT_REQ
int TYPE_CERT_REQ
To view the source code for org.bouncycastle.asn1.cmp PKIBody TYPE_CERT_REQ.
Click Source Link
From source file:org.cryptable.pki.communication.PKICMPMessages.java
License:Open Source License
/** * Creates a certification request with local key generation * * @param distinguishedName the distinguished name for the certificate * @param keyPair the key pair to certify, you have to remove the private key so the CA won't archive it * @return return the binary ASN.1 message for a certification request * @throws CertificateEncodingException/*from w w w . j a v a2 s. c om*/ * @throws CMSException * @throws CRMFException * @throws OperatorCreationException * @throws CMPException * @throws IOException */ public byte[] createCertificateMessageWithLocalKey(String distinguishedName, KeyPair keyPair) throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException, CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException { return createCertificateMessage(distinguishedName, keyPair, PKIBody.TYPE_CERT_REQ); }
From source file:org.cryptable.pki.communication.PKICMPMessages.java
License:Open Source License
/** * Creates a certification request with local key generation * * @param distinguishedName the distinguished name for the certificate * @return return the binary ASN.1 message for a certification request * @throws CertificateEncodingException/* w w w . java 2 s . c o m*/ * @throws CMSException * @throws CRMFException * @throws OperatorCreationException * @throws CMPException * @throws IOException */ public byte[] createCertificateMessageWithRemoteKey(String distinguishedName) throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException, CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException { return createCertificateMessage(distinguishedName, null, PKIBody.TYPE_CERT_REQ); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the basic certification request message * * @throws OperatorCreationException/*from ww w . j av a 2 s .c om*/ * @throws CertificateEncodingException * @throws IOException * @throws CRMFException * @throws CMPException * @throws CMSException */ @Test public void testCertification() throws OperatorCreationException, CertificateEncodingException, IOException, CRMFException, CMPException, CMSException, ParseException, PKICMPMessageException, NoSuchProviderException, NoSuchAlgorithmException, NoSuchFieldException, IllegalAccessException { String distinguishedName = pki.getTestUser1Cert().getSubjectX500Principal().getName(); KeyPair keyPair = new KeyPair(pki.getTestUser1Cert().getPublicKey(), pki.getTestUser1CertPrivateKey()); PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); byte[] result = pkiMessages.createCertificateMessageWithLocalKey(distinguishedName, keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // Header verification Assert.assertEquals(pkiMessage.getHeader().getPvno().getValue(), BigInteger.valueOf(2)); Assert.assertEquals(pkiKeyStoreRA.getRecipientCertificate().getSubjectDN().getName(), pkiMessage.getHeader().getRecipient().getName().toString()); Assert.assertEquals(pkiKeyStoreRA.getSenderCertificate().getSubjectDN().getName(), pkiMessage.getHeader().getSender().getName().toString()); Assert.assertNotNull(pkiMessage.getHeader().getSenderNonce()); Assert.assertNotNull(pkiMessage.getHeader().getTransactionID()); Assert.assertNotNull(pkiMessage.getHeader().getMessageTime().getDate()); // check the body // Check the tests in Bouncycastle for decoding cert request Assert.assertEquals(PKIBody.TYPE_CERT_REQ, pkiMessage.getBody().getType()); CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); Assert.assertEquals(BigInteger.ZERO.toString(), certReqMsgs[0].getCertReq().getCertReqId().toString()); Assert.assertEquals(distinguishedName, certReqMsgs[0].getCertReq().getCertTemplate().getSubject().toString()); Assert.assertArrayEquals(keyPair.getPublic().getEncoded(), certReqMsgs[0].getCertReq().getCertTemplate().getPublicKey().getEncoded()); AttributeTypeAndValue[] attributeTypeAndValue = certReqMsgs[0].getCertReq().getControls() .toAttributeTypeAndValueArray(); Assert.assertEquals(CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions, attributeTypeAndValue[0].getType()); // Check the signature GeneralPKIMessage generalPKIMessage = new GeneralPKIMessage(result); Assert.assertTrue(generalPKIMessage.hasProtection()); ProtectedPKIMessage pkiMsg = new ProtectedPKIMessage(generalPKIMessage); ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder() .setProvider(pkiKeyStoreRA.getProvider()) .build(pkiKeyStoreRA.getSenderCertificate().getPublicKey()); Assert.assertTrue(pkiMsg.verify(verifierProvider)); }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildPKIMessage(final EnrollCertRequestType req, final String username) { PKIHeader header = buildPKIHeader(implicitConfirm, null, username); List<EnrollCertRequestEntryType> reqEntries = req.getRequestEntries(); CertReqMsg[] certReqMsgs = new CertReqMsg[reqEntries.size()]; for (int i = 0; i < reqEntries.size(); i++) { EnrollCertRequestEntryType reqEntry = reqEntries.get(i); CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERT_PROFILE, reqEntry.getCertprofile()); AttributeTypeAndValue certprofileInfo = CmpUtil.buildAttributeTypeAndValue(utf8Pairs); certReqMsgs[i] = new CertReqMsg(reqEntry.getCertReq(), reqEntry.getPopo(), (certprofileInfo == null) ? null : new AttributeTypeAndValue[] { certprofileInfo }); }//from w w w . j a va 2s .c om int bodyType; switch (req.getType()) { case CERT_REQ: bodyType = PKIBody.TYPE_CERT_REQ; break; case KEY_UPDATE: bodyType = PKIBody.TYPE_KEY_UPDATE_REQ; break; default: bodyType = PKIBody.TYPE_CROSS_CERT_REQ; } PKIBody body = new PKIBody(bodyType, new CertReqMessages(certReqMsgs)); PKIMessage pkiMessage = new PKIMessage(header, body); return pkiMessage; }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildPKIMessage(final CertRequest req, final ProofOfPossession pop, final String profileName, final String username) { PKIHeader header = buildPKIHeader(implicitConfirm, null, username); CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERT_PROFILE, profileName); AttributeTypeAndValue certprofileInfo = CmpUtil.buildAttributeTypeAndValue(utf8Pairs); CertReqMsg[] certReqMsgs = new CertReqMsg[1]; certReqMsgs[0] = new CertReqMsg(req, pop, new AttributeTypeAndValue[] { certprofileInfo }); PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsgs)); return new PKIMessage(header, body); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
@Override protected PKIMessage intern_processPKIMessage(final RequestorInfo requestor, final String user, final ASN1OctetString tid, final GeneralPKIMessage message, final AuditEvent auditEvent) throws ConfigurationException { if (requestor instanceof CmpRequestorInfo == false) { throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName()); }/* w w w .j a va2s . c o m*/ CmpRequestorInfo _requestor = (CmpRequestorInfo) requestor; if (_requestor != null && auditEvent != null) { auditEvent.addEventData(new AuditEventData("requestor", _requestor.getCert().getSubject())); } PKIHeader reqHeader = message.getHeader(); PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender()); respHeader.setTransactionID(tid); PKIBody respBody; PKIBody reqBody = message.getBody(); final int type = reqBody.getType(); CmpControl cmpControl = getCmpControl(); try { switch (type) { case PKIBody.TYPE_CERT_REQ: case PKIBody.TYPE_KEY_UPDATE_REQ: case PKIBody.TYPE_P10_CERT_REQ: case PKIBody.TYPE_CROSS_CERT_REQ: { respBody = cmpEnrollCert(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CERT_CONFIRM: { addAutitEventType(auditEvent, "CERT_CONFIRM"); CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent(); respBody = confirmCertificates(tid, certConf); break; } case PKIBody.TYPE_REVOCATION_REQ: { respBody = cmpRevokeOrUnrevokeOrRemoveCertificates(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CONFIRM: { addAutitEventType(auditEvent, "CONFIRM"); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); } case PKIBody.TYPE_ERROR: { addAutitEventType(auditEvent, "ERROR"); revokePendingCertificates(tid); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; } case PKIBody.TYPE_GEN_MSG: { respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } default: { addAutitEventType(auditEvent, "PKIBody." + type); respBody = createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type); break; } } // end switch(type) } catch (InsuffientPermissionException e) { ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(e.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized))); respBody = new PKIBody(PKIBody.TYPE_ERROR, emc); } if (auditEvent != null) { if (respBody.getType() == PKIBody.TYPE_ERROR) { ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent(); AuditStatus auditStatus = AuditStatus.FAILED; org.xipki.ca.common.cmp.PKIStatusInfo pkiStatus = new org.xipki.ca.common.cmp.PKIStatusInfo( errorMsgContent.getPKIStatusInfo()); if (pkiStatus.getPkiFailureInfo() == PKIFailureInfo.systemFailure) { auditStatus = AuditStatus.FAILED; } auditEvent.setStatus(auditStatus); String statusString = pkiStatus.getStatusMessage(); if (statusString != null) { auditEvent.addEventData(new AuditEventData("message", statusString)); } } else if (auditEvent.getStatus() == null) { auditEvent.setStatus(AuditStatus.SUCCESSFUL); } } return new PKIMessage(respHeader.build(), respBody); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
private PKIBody cmpEnrollCert(final PKIHeaderBuilder respHeader, final CmpControl cmpControl, final PKIHeader reqHeader, final PKIBody reqBody, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final AuditEvent auditEvent) throws InsuffientPermissionException { long confirmWaitTime = cmpControl.getConfirmWaitTime(); if (confirmWaitTime < 0) { confirmWaitTime *= -1;//from w ww .j ava 2 s .c o m } confirmWaitTime *= 1000; // second to millisecond boolean sendCaCert = cmpControl.isSendCaCert(); PKIBody respBody; int type = reqBody.getType(); switch (type) { case PKIBody.TYPE_CERT_REQ: addAutitEventType(auditEvent, "CERT_REQ"); checkPermission(requestor, Permission.ENROLL_CERT); respBody = processCr(requestor, user, tid, reqHeader, (CertReqMessages) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; case PKIBody.TYPE_KEY_UPDATE_REQ: addAutitEventType(auditEvent, "KEY_UPDATE"); checkPermission(requestor, Permission.KEY_UPDATE); respBody = processKur(requestor, user, tid, reqHeader, (CertReqMessages) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; case PKIBody.TYPE_P10_CERT_REQ: addAutitEventType(auditEvent, "CERT_REQ"); checkPermission(requestor, Permission.ENROLL_CERT); respBody = processP10cr(requestor, user, tid, reqHeader, (CertificationRequest) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; case PKIBody.TYPE_CROSS_CERT_REQ: addAutitEventType(auditEvent, "CROSS_CERT_REQ"); checkPermission(requestor, Permission.CROSS_CERT_ENROLL); respBody = processCcp(requestor, user, tid, reqHeader, (CertReqMessages) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; default: throw new RuntimeException("should not reach here"); } // switch type InfoTypeAndValue tv = null; if (cmpControl.isConfirmCert() == false && CmpUtil.isImplictConfirm(reqHeader)) { pendingCertPool.removeCertificates(tid.getOctets()); tv = CmpUtil.getImplictConfirmGeneralInfo(); } else { Date now = new Date(); respHeader.setMessageTime(new ASN1GeneralizedTime(now)); tv = new InfoTypeAndValue(CMPObjectIdentifiers.it_confirmWaitTime, new ASN1GeneralizedTime(new Date(System.currentTimeMillis() + confirmWaitTime))); } respHeader.setGeneralInfo(tv); return respBody; }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildPkiMessage(final EnrollCertRequest req, final String username) { PKIHeader header = buildPkiHeader(implicitConfirm, null, username); List<EnrollCertRequestEntry> reqEntries = req.getRequestEntries(); CertReqMsg[] certReqMsgs = new CertReqMsg[reqEntries.size()]; for (int i = 0; i < reqEntries.size(); i++) { EnrollCertRequestEntry reqEntry = reqEntries.get(i); CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERT_PROFILE, reqEntry.getCertprofile()); AttributeTypeAndValue certprofileInfo = CmpUtil.buildAttributeTypeAndValue(utf8Pairs); AttributeTypeAndValue[] atvs = (certprofileInfo == null) ? null : new AttributeTypeAndValue[] { certprofileInfo }; certReqMsgs[i] = new CertReqMsg(reqEntry.getCertReq(), reqEntry.getPopo(), atvs); }/* w w w . j a v a 2s . c o m*/ int bodyType; switch (req.getType()) { case CERT_REQ: bodyType = PKIBody.TYPE_CERT_REQ; break; case KEY_UPDATE: bodyType = PKIBody.TYPE_KEY_UPDATE_REQ; break; default: bodyType = PKIBody.TYPE_CROSS_CERT_REQ; } PKIBody body = new PKIBody(bodyType, new CertReqMessages(certReqMsgs)); return new PKIMessage(header, body); }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildPkiMessage(final CertRequest req, final ProofOfPossession pop, final String profileName, final String username) { PKIHeader header = buildPkiHeader(implicitConfirm, null, username); CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERT_PROFILE, profileName); AttributeTypeAndValue certprofileInfo = CmpUtil.buildAttributeTypeAndValue(utf8Pairs); CertReqMsg[] certReqMsgs = new CertReqMsg[1]; certReqMsgs[0] = new CertReqMsg(req, pop, new AttributeTypeAndValue[] { certprofileInfo }); PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsgs)); return new PKIMessage(header, body); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
@Override protected PKIMessage doProcessPkiMessage(PKIMessage request, final RequestorInfo requestor, final String user, final ASN1OctetString tid, final GeneralPKIMessage message, final String msgId, final AuditEvent event) { if (!(requestor instanceof CmpRequestorInfo)) { throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName()); }/*from ww w .j a va2 s . c o m*/ CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor; event.addEventData(CaAuditConstants.NAME_requestor, tmpRequestor.getName()); PKIHeader reqHeader = message.getHeader(); PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender()); respHeader.setTransactionID(tid); PKIBody respBody; PKIBody reqBody = message.getBody(); final int type = reqBody.getType(); CmpControl cmpControl = getCmpControl(); try { switch (type) { case PKIBody.TYPE_CERT_REQ: case PKIBody.TYPE_KEY_UPDATE_REQ: case PKIBody.TYPE_P10_CERT_REQ: case PKIBody.TYPE_CROSS_CERT_REQ: String eventType = null; if (PKIBody.TYPE_CERT_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_cr; } else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_kur; } else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_p10Cr; } else if (PKIBody.TYPE_CROSS_CERT_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_ccr; } if (eventType != null) { event.addEventType(eventType); } respBody = cmpEnrollCert(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, tid, msgId, event); break; case PKIBody.TYPE_CERT_CONFIRM: event.addEventType(CaAuditConstants.TYPE_CMP_certConf); CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent(); respBody = confirmCertificates(tid, certConf, msgId); break; case PKIBody.TYPE_REVOCATION_REQ: respBody = cmpUnRevokeRemoveCertificates(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, msgId, event); break; case PKIBody.TYPE_CONFIRM: event.addEventType(CaAuditConstants.TYPE_CMP_pkiConf); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; case PKIBody.TYPE_GEN_MSG: respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, tid, msgId, event); break; case PKIBody.TYPE_ERROR: event.addEventType(CaAuditConstants.TYPE_CMP_error); revokePendingCertificates(tid, msgId); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; default: event.addEventType("PKIBody." + type); respBody = buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type); break; } // end switch (type) } catch (InsuffientPermissionException ex) { ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(ex.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized))); respBody = new PKIBody(PKIBody.TYPE_ERROR, emc); } if (respBody.getType() == PKIBody.TYPE_ERROR) { ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent(); AuditStatus auditStatus = AuditStatus.FAILED; org.xipki.pki.ca.common.cmp.PkiStatusInfo pkiStatus = new org.xipki.pki.ca.common.cmp.PkiStatusInfo( errorMsgContent.getPKIStatusInfo()); if (pkiStatus.getPkiFailureInfo() == PKIFailureInfo.systemFailure) { auditStatus = AuditStatus.FAILED; } event.setStatus(auditStatus); String statusString = pkiStatus.getStatusMessage(); if (statusString != null) { event.addEventData(CaAuditConstants.NAME_message, statusString); } } else if (event.getStatus() == null) { event.setStatus(AuditStatus.SUCCESSFUL); } return new PKIMessage(respHeader.build(), respBody); }