Example usage for org.bouncycastle.cert.crmf CertificateRequestMessage popRaVerified

List of usage examples for org.bouncycastle.cert.crmf CertificateRequestMessage popRaVerified

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.crmf.*
  5. CertificateRequestMessage
  6. popRaVerified

Introduction

In this page you can find the example usage for org.bouncycastle.cert.crmf CertificateRequestMessage popRaVerified.

Prototype

int popRaVerified

To view the source code for org.bouncycastle.cert.crmf CertificateRequestMessage popRaVerified.

Click Source Link

Usage

From source file:org.xipki.ca.server.impl.X509CACmpResponder.java

License:Open Source License

private boolean verifyPOP(final CertificateRequestMessage certRequest, final boolean allowRAPopo) {
    int popType = certRequest.getProofOfPossessionType();
    if (popType == CertificateRequestMessage.popRaVerified && allowRAPopo) {
        return true;
    }//w  w w . j a v  a 2 s.  c  o m

    if (popType != CertificateRequestMessage.popSigningKey) {
        LOG.error("unsupported POP type: " + popType);
        return false;
    }

    try {
        PublicKey publicKey = securityFactory.generatePublicKey(certRequest.getCertTemplate().getPublicKey());
        ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey);
        return certRequest.isValidSigningKeyPOP(cvp);
    } catch (InvalidKeyException | IllegalStateException | CRMFException e) {
        final String message = "verifyPOP";
        if (LOG.isErrorEnabled()) {
            LOG.error(LogUtil.buildExceptionLogFormat(message), e.getClass().getName(), e.getMessage());
        }
        LOG.debug(message, e);
    }
    return false;
}

From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java

License:Open Source License

private boolean verifyPopo(final CertificateRequestMessage certRequest, final boolean allowRaPopo) {
    int popType = certRequest.getProofOfPossessionType();
    if (popType == CertificateRequestMessage.popRaVerified && allowRaPopo) {
        return true;
    }/* w w  w.  jav  a 2 s  .  c  o  m*/

    if (popType != CertificateRequestMessage.popSigningKey) {
        LOG.error("unsupported POP type: " + popType);
        return false;
    }

    // check the POP signature algorithm
    ProofOfPossession pop = certRequest.toASN1Structure().getPopo();
    POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject());
    AlgorithmIdentifier popoAlgId = popoSign.getAlgorithmIdentifier();
    AlgorithmValidator algoValidator = getCmpControl().getPopoAlgoValidator();
    if (!algoValidator.isAlgorithmPermitted(popoAlgId)) {
        String algoName;
        try {
            algoName = AlgorithmUtil.getSignatureAlgoName(popoAlgId);
        } catch (NoSuchAlgorithmException ex) {
            algoName = popoAlgId.getAlgorithm().getId();
        }
        LOG.error("POPO signature algorithm {} not permitted", algoName);
        return false;
    }

    try {
        PublicKey publicKey = securityFactory.generatePublicKey(certRequest.getCertTemplate().getPublicKey());
        ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey);
        return certRequest.isValidSigningKeyPOP(cvp);
    } catch (InvalidKeyException | IllegalStateException | CRMFException ex) {
        LogUtil.error(LOG, ex);
    }
    return false;
}