List of usage examples for org.bouncycastle.cert.cmp ProtectedPKIMessage hasPasswordBasedMacProtection
public boolean hasPasswordBasedMacProtection()
From source file:org.xipki.ca.client.impl.CmpRequestor.java
License:Open Source License
private ProtectionVerificationResult verifyProtection(final String tid, final GeneralPKIMessage pkiMessage, final X509Certificate cert) throws CMPException, InvalidKeyException, OperatorCreationException { ProtectedPKIMessage pMsg = new ProtectedPKIMessage(pkiMessage); if (pMsg.hasPasswordBasedMacProtection()) { LOG.warn("NOT_SIGNAUTRE_BASED: " + pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId()); return new ProtectionVerificationResult(null, ProtectionResult.NOT_SIGNATURE_BASED); }//from w ww . java2 s. c om PKIHeader h = pMsg.getHeader(); if (c14nRecipientName != null) { boolean authorizedResponder = true; if (h.getSender().getTagNo() != GeneralName.directoryName) { authorizedResponder = false; } else { String c14nMsgSender = getSortedRFC4519Name((X500Name) h.getSender().getName()); authorizedResponder = c14nRecipientName.equalsIgnoreCase(c14nMsgSender); } if (authorizedResponder == false) { LOG.warn("tid={}: not authorized responder '{}'", tid, h.getSender()); return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED); } } ContentVerifierProvider verifierProvider = securityFactory.getContentVerifierProvider(cert); if (verifierProvider == null) { LOG.warn("tid={}: not authorized responder '{}'", tid, h.getSender()); return new ProtectionVerificationResult(cert, ProtectionResult.SENDER_NOT_AUTHORIZED); } boolean signatureValid = pMsg.verify(verifierProvider); return new ProtectionVerificationResult(cert, signatureValid ? ProtectionResult.VALID : ProtectionResult.INVALID); }
From source file:org.xipki.ca.server.impl.CmpResponder.java
License:Open Source License
private ProtectionVerificationResult verifyProtection(final String tid, final GeneralPKIMessage pkiMessage, final CmpControl cmpControl) throws CMPException, InvalidKeyException, OperatorCreationException { ProtectedPKIMessage pMsg = new ProtectedPKIMessage(pkiMessage); if (pMsg.hasPasswordBasedMacProtection()) { LOG.warn("NOT_SIGNAUTRE_BASED: " + pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId()); return new ProtectionVerificationResult(null, ProtectionResult.NOT_SIGNATURE_BASED); }//from ww w . j a v a 2 s. c om PKIHeader h = pMsg.getHeader(); AlgorithmIdentifier protectionAlg = h.getProtectionAlg(); if (cmpControl.isSigAlgoPermitted(protectionAlg) == false) { LOG.warn("SIG_ALGO_FORBIDDEN: " + pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId()); return new ProtectionVerificationResult(null, ProtectionResult.SIGALGO_FORBIDDEN); } CmpRequestorInfo requestor = getRequestor(h); if (requestor == null) { LOG.warn("tid={}: not authorized requestor '{}'", tid, h.getSender()); return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED); } ContentVerifierProvider verifierProvider = securityFactory .getContentVerifierProvider(requestor.getCert().getCert()); if (verifierProvider == null) { LOG.warn("tid={}: not authorized requestor '{}'", tid, h.getSender()); return new ProtectionVerificationResult(requestor, ProtectionResult.SENDER_NOT_AUTHORIZED); } boolean signatureValid = pMsg.verify(verifierProvider); return new ProtectionVerificationResult(requestor, signatureValid ? ProtectionResult.VALID : ProtectionResult.INVALID); }
From source file:org.xipki.pki.ca.client.impl.CmpRequestor.java
License:Open Source License
private ProtectionVerificationResult verifyProtection(final String tid, final GeneralPKIMessage pkiMessage) throws CMPException, InvalidKeyException, OperatorCreationException { ProtectedPKIMessage protectedMsg = new ProtectedPKIMessage(pkiMessage); if (protectedMsg.hasPasswordBasedMacProtection()) { LOG.warn("NOT_SIGNAUTRE_BASED: " + pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId()); return new ProtectionVerificationResult(null, ProtectionResult.NOT_SIGNATURE_BASED); }/*from ww w.ja v a2s . com*/ PKIHeader header = protectedMsg.getHeader(); if (recipientName != null) { boolean authorizedResponder = true; if (header.getSender().getTagNo() != GeneralName.directoryName) { authorizedResponder = false; } else { X500Name msgSender = X500Name.getInstance(header.getSender().getName()); authorizedResponder = recipientName.equals(msgSender); } if (!authorizedResponder) { LOG.warn("tid={}: not authorized responder '{}'", tid, header.getSender()); return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED); } } AlgorithmIdentifier protectionAlgo = protectedMsg.getHeader().getProtectionAlg(); if (!responder.getSigAlgoValidator().isAlgorithmPermitted(protectionAlgo)) { String algoName; try { algoName = AlgorithmUtil.getSignatureAlgoName(protectionAlgo); } catch (NoSuchAlgorithmException ex) { algoName = protectionAlgo.getAlgorithm().getId(); } LOG.warn("tid={}: response protected by untrusted protection algorithm '{}'", tid, algoName); return new ProtectionVerificationResult(null, ProtectionResult.INVALID); } X509Certificate cert = responder.getCert(); ContentVerifierProvider verifierProvider = securityFactory.getContentVerifierProvider(cert); if (verifierProvider == null) { LOG.warn("tid={}: not authorized responder '{}'", tid, header.getSender()); return new ProtectionVerificationResult(cert, ProtectionResult.SENDER_NOT_AUTHORIZED); } boolean signatureValid = protectedMsg.verify(verifierProvider); ProtectionResult protRes = signatureValid ? ProtectionResult.VALID : ProtectionResult.INVALID; return new ProtectionVerificationResult(cert, protRes); }
From source file:org.xipki.pki.ca.server.impl.cmp.CmpResponder.java
License:Open Source License
private ProtectionVerificationResult verifyProtection(final String tid, final GeneralPKIMessage pkiMessage, final CmpControl cmpControl) throws CMPException, InvalidKeyException, OperatorCreationException { ProtectedPKIMessage protectedMsg = new ProtectedPKIMessage(pkiMessage); if (protectedMsg.hasPasswordBasedMacProtection()) { LOG.warn("NOT_SIGNAUTRE_BASED: {}", pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId()); return new ProtectionVerificationResult(null, ProtectionResult.NOT_SIGNATURE_BASED); }// w ww . ja va 2 s . c om PKIHeader header = protectedMsg.getHeader(); AlgorithmIdentifier protectionAlg = header.getProtectionAlg(); if (!cmpControl.getSigAlgoValidator().isAlgorithmPermitted(protectionAlg)) { LOG.warn("SIG_ALGO_FORBIDDEN: {}", pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId()); return new ProtectionVerificationResult(null, ProtectionResult.SIGALGO_FORBIDDEN); } CmpRequestorInfo requestor = getRequestor(header); if (requestor == null) { LOG.warn("tid={}: not authorized requestor '{}'", tid, header.getSender()); return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED); } ContentVerifierProvider verifierProvider = securityFactory .getContentVerifierProvider(requestor.getCert().getCert()); if (verifierProvider == null) { LOG.warn("tid={}: not authorized requestor '{}'", tid, header.getSender()); return new ProtectionVerificationResult(requestor, ProtectionResult.SENDER_NOT_AUTHORIZED); } boolean signatureValid = protectedMsg.verify(verifierProvider); return new ProtectionVerificationResult(requestor, signatureValid ? ProtectionResult.VALID : ProtectionResult.INVALID); }