Example usage for org.bouncycastle.asn1.cmp PKIMessage PKIMessage

List of usage examples for org.bouncycastle.asn1.cmp PKIMessage PKIMessage

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.cmp.*
  5. PKIMessage
  6. PKIMessage

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.cmp PKIMessage PKIMessage.

Prototype

public PKIMessage(PKIHeader header, PKIBody body, DERBitString protection)

Source Link

Usage

From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java

License:Open Source License

protected static PKIMessage protectPKIMessage(PKIMessage msg, boolean badObjectId, String password,
        String keyId, int iterations)
        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
    // Create the PasswordBased protection of the message
    PKIHeaderBuilder head = CmpMessageHelper.getHeaderBuilder(msg.getHeader());
    if (keyId != null) {
        head.setSenderKID(new DEROctetString(keyId.getBytes()));
    }/*from  w ww . j  av a 2 s.c o m*/
    // SHA1
    AlgorithmIdentifier owfAlg = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26"));
    // 567 iterations
    int iterationCount = iterations;
    ASN1Integer iteration = new ASN1Integer(iterationCount);
    // HMAC/SHA1
    AlgorithmIdentifier macAlg = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.2.7"));
    byte[] salt = "foo123".getBytes();
    DEROctetString derSalt = new DEROctetString(salt);

    // Create the new protected return message
    String objectId = "1.2.840.113533.7.66.13";
    if (badObjectId) {
        objectId += ".7";
    }
    PBMParameter pp = new PBMParameter(derSalt, owfAlg, iteration, macAlg);
    AlgorithmIdentifier pAlg = new AlgorithmIdentifier(new ASN1ObjectIdentifier(objectId), pp);
    head.setProtectionAlg(pAlg);
    PKIHeader header = head.build();
    // Calculate the protection bits
    byte[] raSecret = password.getBytes();
    byte[] basekey = new byte[raSecret.length + salt.length];
    System.arraycopy(raSecret, 0, basekey, 0, raSecret.length);
    for (int i = 0; i < salt.length; i++) {
        basekey[raSecret.length + i] = salt[i];
    }
    // Construct the base key according to rfc4210, section 5.1.3.1
    MessageDigest dig = MessageDigest.getInstance(owfAlg.getAlgorithm().getId(), "BC");
    for (int i = 0; i < iterationCount; i++) {
        basekey = dig.digest(basekey);
        dig.reset();
    }
    // For HMAC/SHA1 there is another oid, that is not known in BC, but the
    // result is the same so...
    String macOid = macAlg.getAlgorithm().getId();
    PKIBody body = msg.getBody();
    byte[] protectedBytes = CmpMessageHelper.getProtectedBytes(header, body);
    Mac mac = Mac.getInstance(macOid, "BC");
    SecretKey key = new SecretKeySpec(basekey, macOid);
    mac.init(key);
    mac.reset();
    mac.update(protectedBytes, 0, protectedBytes.length);
    byte[] out = mac.doFinal();
    DERBitString bs = new DERBitString(out);

    return new PKIMessage(header, body, bs);
}

From source file:org.ejbca.ui.cmpclient.CmpClientMessageHelper.java

License:Open Source License

private PKIMessage protectPKIMessageWithHMAC(PKIMessage msg, boolean badObjectId, String password,
        int iterations) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
    // Create the PasswordBased protection of the message
    PKIHeaderBuilder head = getHeaderBuilder(msg.getHeader());
    // SHA1/*from   w  w  w  .ja v  a 2  s .  co  m*/
    AlgorithmIdentifier owfAlg = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26"));
    // 567 iterations
    int iterationCount = iterations;
    ASN1Integer iteration = new ASN1Integer(iterationCount);
    // HMAC/SHA1
    AlgorithmIdentifier macAlg = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.2.7"));
    byte[] salt = "foo123".getBytes();
    DEROctetString derSalt = new DEROctetString(salt);

    // Create the new protected return message
    String objectId = "1.2.840.113533.7.66.13";
    if (badObjectId) {
        objectId += ".7";
    }
    PBMParameter pp = new PBMParameter(derSalt, owfAlg, iteration, macAlg);
    AlgorithmIdentifier pAlg = new AlgorithmIdentifier(new ASN1ObjectIdentifier(objectId), pp);
    head.setProtectionAlg(pAlg);
    PKIHeader header = head.build();
    // Calculate the protection bits
    byte[] raSecret = password.getBytes();
    byte[] basekey = new byte[raSecret.length + salt.length];
    System.arraycopy(raSecret, 0, basekey, 0, raSecret.length);
    for (int i = 0; i < salt.length; i++) {
        basekey[raSecret.length + i] = salt[i];
    }
    // Construct the base key according to rfc4210, section 5.1.3.1
    MessageDigest dig = MessageDigest.getInstance(owfAlg.getAlgorithm().getId(), "BC");
    for (int i = 0; i < iterationCount; i++) {
        basekey = dig.digest(basekey);
        dig.reset();
    }
    // For HMAC/SHA1 there is another oid, that is not known in BC, but the
    // result is the same so...
    String macOid = macAlg.getAlgorithm().getId();
    PKIBody body = msg.getBody();
    byte[] protectedBytes = getProtectedBytes(header, body);
    Mac mac = Mac.getInstance(macOid, "BC");
    SecretKey key = new SecretKeySpec(basekey, macOid);
    mac.init(key);
    mac.reset();
    mac.update(protectedBytes, 0, protectedBytes.length);
    byte[] out = mac.doFinal();
    DERBitString bs = new DERBitString(out);

    return new PKIMessage(header, body, bs);
}