Example usage for org.bouncycastle.cert.crmf CertificateRequestMessage getProofOfPossessionType

List of usage examples for org.bouncycastle.cert.crmf CertificateRequestMessage getProofOfPossessionType

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.crmf.*
  5. CertificateRequestMessage
  6. getProofOfPossessionType

Introduction

In this page you can find the example usage for org.bouncycastle.cert.crmf CertificateRequestMessage getProofOfPossessionType.

Prototype

public int getProofOfPossessionType()

Source Link

Document

Return the type of the proof-of-possession this request message provides.

Usage

From source file:org.xipki.ca.server.impl.X509CACmpResponder.java

License:Open Source License

private boolean verifyPOP(final CertificateRequestMessage certRequest, final boolean allowRAPopo) {
    int popType = certRequest.getProofOfPossessionType();
    if (popType == CertificateRequestMessage.popRaVerified && allowRAPopo) {
        return true;
    }//  w w w . j a  va2 s.  c  o  m

    if (popType != CertificateRequestMessage.popSigningKey) {
        LOG.error("unsupported POP type: " + popType);
        return false;
    }

    try {
        PublicKey publicKey = securityFactory.generatePublicKey(certRequest.getCertTemplate().getPublicKey());
        ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey);
        return certRequest.isValidSigningKeyPOP(cvp);
    } catch (InvalidKeyException | IllegalStateException | CRMFException e) {
        final String message = "verifyPOP";
        if (LOG.isErrorEnabled()) {
            LOG.error(LogUtil.buildExceptionLogFormat(message), e.getClass().getName(), e.getMessage());
        }
        LOG.debug(message, e);
    }
    return false;
}

From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java

License:Open Source License

private boolean verifyPopo(final CertificateRequestMessage certRequest, final boolean allowRaPopo) {
    int popType = certRequest.getProofOfPossessionType();
    if (popType == CertificateRequestMessage.popRaVerified && allowRaPopo) {
        return true;
    }//from www .ja v  a2  s  . c  o m

    if (popType != CertificateRequestMessage.popSigningKey) {
        LOG.error("unsupported POP type: " + popType);
        return false;
    }

    // check the POP signature algorithm
    ProofOfPossession pop = certRequest.toASN1Structure().getPopo();
    POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject());
    AlgorithmIdentifier popoAlgId = popoSign.getAlgorithmIdentifier();
    AlgorithmValidator algoValidator = getCmpControl().getPopoAlgoValidator();
    if (!algoValidator.isAlgorithmPermitted(popoAlgId)) {
        String algoName;
        try {
            algoName = AlgorithmUtil.getSignatureAlgoName(popoAlgId);
        } catch (NoSuchAlgorithmException ex) {
            algoName = popoAlgId.getAlgorithm().getId();
        }
        LOG.error("POPO signature algorithm {} not permitted", algoName);
        return false;
    }

    try {
        PublicKey publicKey = securityFactory.generatePublicKey(certRequest.getCertTemplate().getPublicKey());
        ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey);
        return certRequest.isValidSigningKeyPOP(cvp);
    } catch (InvalidKeyException | IllegalStateException | CRMFException ex) {
        LogUtil.error(LOG, ex);
    }
    return false;
}