Example usage for org.bouncycastle.cert.crmf CertificateRequestMessage isValidSigningKeyPOP

List of usage examples for org.bouncycastle.cert.crmf CertificateRequestMessage isValidSigningKeyPOP

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.crmf.*
  5. CertificateRequestMessage
  6. isValidSigningKeyPOP

Introduction

In this page you can find the example usage for org.bouncycastle.cert.crmf CertificateRequestMessage isValidSigningKeyPOP.

Prototype

public boolean isValidSigningKeyPOP(ContentVerifierProvider verifierProvider)
        throws CRMFException, IllegalStateException

Source Link

Document

Return whether or not a signing key proof-of-possession (POP) is valid.

Usage

From source file:org.xipki.ca.server.impl.X509CACmpResponder.java

License:Open Source License

private boolean verifyPOP(final CertificateRequestMessage certRequest, final boolean allowRAPopo) {
    int popType = certRequest.getProofOfPossessionType();
    if (popType == CertificateRequestMessage.popRaVerified && allowRAPopo) {
        return true;
    }//www  .ja v  a  2 s  .  com

    if (popType != CertificateRequestMessage.popSigningKey) {
        LOG.error("unsupported POP type: " + popType);
        return false;
    }

    try {
        PublicKey publicKey = securityFactory.generatePublicKey(certRequest.getCertTemplate().getPublicKey());
        ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey);
        return certRequest.isValidSigningKeyPOP(cvp);
    } catch (InvalidKeyException | IllegalStateException | CRMFException e) {
        final String message = "verifyPOP";
        if (LOG.isErrorEnabled()) {
            LOG.error(LogUtil.buildExceptionLogFormat(message), e.getClass().getName(), e.getMessage());
        }
        LOG.debug(message, e);
    }
    return false;
}

From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java

License:Open Source License

private boolean verifyPopo(final CertificateRequestMessage certRequest, final boolean allowRaPopo) {
    int popType = certRequest.getProofOfPossessionType();
    if (popType == CertificateRequestMessage.popRaVerified && allowRaPopo) {
        return true;
    }//from   w ww .ja  v a 2s.  c o  m

    if (popType != CertificateRequestMessage.popSigningKey) {
        LOG.error("unsupported POP type: " + popType);
        return false;
    }

    // check the POP signature algorithm
    ProofOfPossession pop = certRequest.toASN1Structure().getPopo();
    POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject());
    AlgorithmIdentifier popoAlgId = popoSign.getAlgorithmIdentifier();
    AlgorithmValidator algoValidator = getCmpControl().getPopoAlgoValidator();
    if (!algoValidator.isAlgorithmPermitted(popoAlgId)) {
        String algoName;
        try {
            algoName = AlgorithmUtil.getSignatureAlgoName(popoAlgId);
        } catch (NoSuchAlgorithmException ex) {
            algoName = popoAlgId.getAlgorithm().getId();
        }
        LOG.error("POPO signature algorithm {} not permitted", algoName);
        return false;
    }

    try {
        PublicKey publicKey = securityFactory.generatePublicKey(certRequest.getCertTemplate().getPublicKey());
        ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey);
        return certRequest.isValidSigningKeyPOP(cvp);
    } catch (InvalidKeyException | IllegalStateException | CRMFException ex) {
        LogUtil.error(LOG, ex);
    }
    return false;
}