List of usage examples for org.bouncycastle.cert.crmf CertificateRequestMessage toASN1Structure
public CertReqMsg toASN1Structure()
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
private boolean verifyPopo(final CertificateRequestMessage certRequest, final boolean allowRaPopo) { int popType = certRequest.getProofOfPossessionType(); if (popType == CertificateRequestMessage.popRaVerified && allowRaPopo) { return true; }/* ww w. ja v a 2 s . c o m*/ if (popType != CertificateRequestMessage.popSigningKey) { LOG.error("unsupported POP type: " + popType); return false; } // check the POP signature algorithm ProofOfPossession pop = certRequest.toASN1Structure().getPopo(); POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject()); AlgorithmIdentifier popoAlgId = popoSign.getAlgorithmIdentifier(); AlgorithmValidator algoValidator = getCmpControl().getPopoAlgoValidator(); if (!algoValidator.isAlgorithmPermitted(popoAlgId)) { String algoName; try { algoName = AlgorithmUtil.getSignatureAlgoName(popoAlgId); } catch (NoSuchAlgorithmException ex) { algoName = popoAlgId.getAlgorithm().getId(); } LOG.error("POPO signature algorithm {} not permitted", algoName); return false; } try { PublicKey publicKey = securityFactory.generatePublicKey(certRequest.getCertTemplate().getPublicKey()); ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey); return certRequest.isValidSigningKeyPOP(cvp); } catch (InvalidKeyException | IllegalStateException | CRMFException ex) { LogUtil.error(LOG, ex); } return false; }