List of usage examples for org.bouncycastle.asn1.x500 X500Name getInstance
public static X500Name getInstance(Object obj)
From source file:org.xipki.pki.ca.client.api.dto.UnrevokeOrRemoveCertEntry.java
License:Open Source License
public UnrevokeOrRemoveCertEntry(final String id, final X509Certificate cert) { this(id, X500Name.getInstance(cert.getIssuerX500Principal().getEncoded()), cert.getSerialNumber()); }
From source file:org.xipki.pki.ca.client.impl.CaClientImpl.java
License:Open Source License
@Override public byte[] envelopeRevocation(final X509Certificate cert, final int reason) throws CaClientException { ParamUtil.requireNonNull("cert", cert); X500Name issuer = X500Name.getInstance(cert.getIssuerX500Principal().getEncoded()); return envelopeRevocation(issuer, cert.getSerialNumber(), reason); }
From source file:org.xipki.pki.ca.client.impl.CaConf.java
License:Open Source License
public void setCert(final X509Certificate cert) throws CertificateEncodingException { this.cert = cert; this.subject = (cert == null) ? null : X500Name.getInstance(cert.getSubjectX500Principal().getEncoded()); this.authorityKeyIdentifier = X509Util.extractAki(cert); }
From source file:org.xipki.pki.ca.client.impl.CmpRequestor.java
License:Open Source License
public CmpRequestor(final X509Certificate requestorCert, final CmpResponder responder, final SecurityFactory securityFactory) { ParamUtil.requireNonNull("requestorCert", requestorCert); this.responder = ParamUtil.requireNonNull("responder", responder); this.securityFactory = ParamUtil.requireNonNull("securityFactory", securityFactory); this.requestor = null; this.signRequest = false; X500Name x500Name = X500Name.getInstance(requestorCert.getSubjectX500Principal().getEncoded()); this.sender = new GeneralName(x500Name); X500Name subject = X500Name.getInstance(responder.getCert().getSubjectX500Principal().getEncoded()); this.recipient = new GeneralName(subject); this.recipientName = subject; }
From source file:org.xipki.pki.ca.client.impl.CmpRequestor.java
License:Open Source License
public CmpRequestor(ConcurrentContentSigner requestor, final CmpResponder responder, final SecurityFactory securityFactory, final boolean signRequest) { this.requestor = ParamUtil.requireNonNull("requestor", requestor); if (requestor.getCertificate() == null) { throw new IllegalArgumentException("requestor without certificate is not allowed"); }/* ww w. j a va 2 s . co m*/ this.responder = ParamUtil.requireNonNull("responder", responder); this.securityFactory = ParamUtil.requireNonNull("securityFactory", securityFactory); this.signRequest = signRequest; X500Name x500Name = X500Name.getInstance(requestor.getCertificate().getSubjectX500Principal().getEncoded()); this.sender = new GeneralName(x500Name); X500Name subject = X500Name.getInstance(responder.getCert().getSubjectX500Principal().getEncoded()); this.recipient = new GeneralName(subject); this.recipientName = subject; }
From source file:org.xipki.pki.ca.client.impl.CmpRequestor.java
License:Open Source License
private ProtectionVerificationResult verifyProtection(final String tid, final GeneralPKIMessage pkiMessage) throws CMPException, InvalidKeyException, OperatorCreationException { ProtectedPKIMessage protectedMsg = new ProtectedPKIMessage(pkiMessage); if (protectedMsg.hasPasswordBasedMacProtection()) { LOG.warn("NOT_SIGNAUTRE_BASED: " + pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId()); return new ProtectionVerificationResult(null, ProtectionResult.NOT_SIGNATURE_BASED); }//from w w w.j av a 2 s .com PKIHeader header = protectedMsg.getHeader(); if (recipientName != null) { boolean authorizedResponder = true; if (header.getSender().getTagNo() != GeneralName.directoryName) { authorizedResponder = false; } else { X500Name msgSender = X500Name.getInstance(header.getSender().getName()); authorizedResponder = recipientName.equals(msgSender); } if (!authorizedResponder) { LOG.warn("tid={}: not authorized responder '{}'", tid, header.getSender()); return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED); } } AlgorithmIdentifier protectionAlgo = protectedMsg.getHeader().getProtectionAlg(); if (!responder.getSigAlgoValidator().isAlgorithmPermitted(protectionAlgo)) { String algoName; try { algoName = AlgorithmUtil.getSignatureAlgoName(protectionAlgo); } catch (NoSuchAlgorithmException ex) { algoName = protectionAlgo.getAlgorithm().getId(); } LOG.warn("tid={}: response protected by untrusted protection algorithm '{}'", tid, algoName); return new ProtectionVerificationResult(null, ProtectionResult.INVALID); } X509Certificate cert = responder.getCert(); ContentVerifierProvider verifierProvider = securityFactory.getContentVerifierProvider(cert); if (verifierProvider == null) { LOG.warn("tid={}: not authorized responder '{}'", tid, header.getSender()); return new ProtectionVerificationResult(cert, ProtectionResult.SENDER_NOT_AUTHORIZED); } boolean signatureValid = protectedMsg.verify(verifierProvider); ProtectionResult protRes = signatureValid ? ProtectionResult.VALID : ProtectionResult.INVALID; return new ProtectionVerificationResult(cert, protRes); }
From source file:org.xipki.pki.ca.common.cmp.CmpUtil.java
License:Open Source License
public static PKIMessage addProtection(final PKIMessage pkiMessage, final ConcurrentContentSigner signer, final GeneralName signerName, final boolean addSignerCert) throws CMPException, NoIdleSignerException { ParamUtil.requireNonNull("pkiMessage", pkiMessage); ParamUtil.requireNonNull("signer", signer); final GeneralName tmpSignerName; if (signerName != null) { tmpSignerName = signerName;/*w w w. j av a 2 s . c o m*/ } else { if (signer.getCertificate() == null) { throw new IllegalArgumentException("signer without certificate is not allowed"); } X500Name x500Name = X500Name .getInstance(signer.getCertificate().getSubjectX500Principal().getEncoded()); tmpSignerName = new GeneralName(x500Name); } PKIHeader header = pkiMessage.getHeader(); ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(tmpSignerName, header.getRecipient()); PKIFreeText freeText = header.getFreeText(); if (freeText != null) { builder.setFreeText(freeText); } InfoTypeAndValue[] generalInfo = header.getGeneralInfo(); if (generalInfo != null) { for (InfoTypeAndValue gi : generalInfo) { builder.addGeneralInfo(gi); } } ASN1OctetString octet = header.getRecipKID(); if (octet != null) { builder.setRecipKID(octet.getOctets()); } octet = header.getRecipNonce(); if (octet != null) { builder.setRecipNonce(octet.getOctets()); } octet = header.getSenderKID(); if (octet != null) { builder.setSenderKID(octet.getOctets()); } octet = header.getSenderNonce(); if (octet != null) { builder.setSenderNonce(octet.getOctets()); } octet = header.getTransactionID(); if (octet != null) { builder.setTransactionID(octet.getOctets()); } if (header.getMessageTime() != null) { builder.setMessageTime(new Date()); } builder.setBody(pkiMessage.getBody()); if (addSignerCert) { X509CertificateHolder signerCert = signer.getCertificateAsBcObject(); builder.addCMPCertificate(signerCert); } ProtectedPKIMessage signedMessage = signer.build(builder); return signedMessage.toASN1Structure(); }
From source file:org.xipki.pki.ca.server.impl.CaManagerQueryExecutor.java
License:Open Source License
static String canonicalizName(final X500Principal prin) { ParamUtil.requireNonNull("prin", prin); X500Name x500Name = X500Name.getInstance(prin.getEncoded()); return X509Util.canonicalizName(x500Name); }
From source file:org.xipki.pki.ca.server.impl.cmp.CmpResponderEntryWrapper.java
License:Open Source License
public void setDbEntry(final CmpResponderEntry dbEntry) { this.dbEntry = ParamUtil.requireNonNull("dbEntry", dbEntry); signer = null;//from www. ja v a2 s. c om if (dbEntry.getCertificate() != null) { subjectAsX500Name = X500Name .getInstance(dbEntry.getCertificate().getSubjectX500Principal().getEncoded()); subjectAsGeneralName = new GeneralName(subjectAsX500Name); } }
From source file:org.xipki.pki.ca.server.impl.cmp.CmpResponderEntryWrapper.java
License:Open Source License
public void initSigner(final SecurityFactory securityFactory) throws ObjectCreationException { ParamUtil.requireNonNull("securityFactory", securityFactory); if (signer != null) { return;/* w w w. j ava 2s . co m*/ } if (dbEntry == null) { throw new ObjectCreationException("dbEntry is null"); } X509Certificate responderCert = dbEntry.getCertificate(); dbEntry.setConfFaulty(true); signer = securityFactory.createSigner(dbEntry.getType(), new SignerConf(dbEntry.getConf()), responderCert); if (signer.getCertificate() == null) { throw new ObjectCreationException("signer without certificate is not allowed"); } dbEntry.setConfFaulty(false); if (dbEntry.getBase64Cert() == null) { dbEntry.setCertificate(signer.getCertificate()); subjectAsX500Name = X500Name.getInstance(signer.getCertificateAsBcObject().getSubject()); subjectAsGeneralName = new GeneralName(subjectAsX500Name); } }