Example usage for org.bouncycastle.cert.crmf CertificateRequestMessage toASN1Structure

List of usage examples for org.bouncycastle.cert.crmf CertificateRequestMessage toASN1Structure

Introduction

In this page you can find the example usage for org.bouncycastle.cert.crmf CertificateRequestMessage toASN1Structure.

Prototype

public CertReqMsg toASN1Structure() 

Source Link

Document

Return the underlying ASN.1 object defining this CertificateRequestMessage object.

Usage

From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java

License:Open Source License

private boolean verifyPopo(final CertificateRequestMessage certRequest, final boolean allowRaPopo) {
    int popType = certRequest.getProofOfPossessionType();
    if (popType == CertificateRequestMessage.popRaVerified && allowRaPopo) {
        return true;
    }/* ww  w.  ja  v  a  2  s . c  o m*/

    if (popType != CertificateRequestMessage.popSigningKey) {
        LOG.error("unsupported POP type: " + popType);
        return false;
    }

    // check the POP signature algorithm
    ProofOfPossession pop = certRequest.toASN1Structure().getPopo();
    POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject());
    AlgorithmIdentifier popoAlgId = popoSign.getAlgorithmIdentifier();
    AlgorithmValidator algoValidator = getCmpControl().getPopoAlgoValidator();
    if (!algoValidator.isAlgorithmPermitted(popoAlgId)) {
        String algoName;
        try {
            algoName = AlgorithmUtil.getSignatureAlgoName(popoAlgId);
        } catch (NoSuchAlgorithmException ex) {
            algoName = popoAlgId.getAlgorithm().getId();
        }
        LOG.error("POPO signature algorithm {} not permitted", algoName);
        return false;
    }

    try {
        PublicKey publicKey = securityFactory.generatePublicKey(certRequest.getCertTemplate().getPublicKey());
        ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey);
        return certRequest.isValidSigningKeyPOP(cvp);
    } catch (InvalidKeyException | IllegalStateException | CRMFException ex) {
        LogUtil.error(LOG, ex);
    }
    return false;
}