Package com.novosec.pkix.asn1.cmp

Examples of com.novosec.pkix.asn1.cmp.CertifiedKeyPair


          // If authentication was correct, we will now try to find the certificate to revoke
          PKIMessage pkimsg = msg.getMessage();
          PKIBody body = pkimsg.getBody();
          RevReqContent rr = body.getRr();
          RevDetails rd = rr.getRevDetails(0);
          CertTemplate ct = rd.getCertDetails();
          DERInteger serno = ct.getSerialNumber();
          X509Name issuer = ct.getIssuer();
          // Get the revocation reason.
          // For CMPv1 this can be a simple DERBitString or it can be a requested CRL Entry Extension
          // If there exists CRL Entry Extensions we will use that, because it's the only thing allowed in CMPv2
          int reason = RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED;
          DERBitString reasonbits = rd.getRevocationReason();
View Full Code Here


      na = new org.bouncycastle.asn1.x509.Time(notAfter);
    }
    myOptionalValidity.setNotBefore(nb);
    myOptionalValidity.setNotAfter(na);
   
    CertTemplate myCertTemplate = new CertTemplate();
    myCertTemplate.setValidity( myOptionalValidity );
    myCertTemplate.setIssuer(new X509Name(issuerDN));
    myCertTemplate.setSubject(new X509Name(userDN));
    byte[]                  bytes = keys.getPublic().getEncoded();
        ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
        ASN1InputStream         dIn = new ASN1InputStream(bIn);
        SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject());
    myCertTemplate.setPublicKey(keyInfo);
    // If we did not pass any extensions as parameter, we will create some of our own, standard ones
        X509Extensions exts = extensions;
        if (exts == null) {
          // SubjectAltName
        // Some altNames
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);
            Vector<X509Extension> values = new Vector<X509Extension>();
            Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
          if (altNames != null) {
                GeneralNames san = CertTools.getGeneralNamesFromAltName(altNames);
                dOut.writeObject(san);
                byte[] value = bOut.toByteArray();
                X509Extension sanext = new X509Extension(false, new DEROctetString(value));
                values.add(sanext);
                oids.add(X509Extensions.SubjectAlternativeName);
          }
            // KeyUsage
            int bcku = 0;
            bcku = X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment | X509KeyUsage.nonRepudiation;
            X509KeyUsage ku = new X509KeyUsage(bcku);
            bOut = new ByteArrayOutputStream();
            dOut = new DEROutputStream(bOut);
            dOut.writeObject(ku);
            byte[] value = bOut.toByteArray();
            X509Extension kuext = new X509Extension(false, new DEROctetString(value));
            values.add(kuext);
            oids.add(X509Extensions.KeyUsage);

            // Make the complete extension package
            exts = new X509Extensions(oids, values);
        }
        myCertTemplate.setExtensions(exts);
    if (customCertSerno != null) {
      // Add serialNumber to the certTemplate, it is defined as a MUST NOT be used in RFC4211, but we will use it anyway in order
      // to request a custom certificate serial number (something not standard anyway)
      myCertTemplate.setSerialNumber(new DERInteger(customCertSerno));
    }

        CertRequest myCertRequest = new CertRequest(new DERInteger(4), myCertTemplate);
        // myCertRequest.addControls(new
        // AttributeTypeAndValue(CRMFObjectIdentifiers.regInfo_utf8Pairs, new
View Full Code Here

        return myPKIMessage;
    }

    protected PKIMessage genRevReq(String issuerDN, String userDN, BigInteger serNo, Certificate cacert, byte[] nonce, byte[] transid,
            boolean crlEntryExtension) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidKeyException, SignatureException {
        CertTemplate myCertTemplate = new CertTemplate();
        myCertTemplate.setIssuer(new X509Name(issuerDN));
        myCertTemplate.setSubject(new X509Name(userDN));
        myCertTemplate.setSerialNumber(new DERInteger(serNo));

        RevDetails myRevDetails = new RevDetails(myCertTemplate);
        ReasonFlags reasonbits = new ReasonFlags(ReasonFlags.keyCompromise);
        myRevDetails.setRevocationReason(reasonbits);
        if (crlEntryExtension) {
View Full Code Here

    }

    public void testCrmfRequestMessageSerialization() throws IOException, ClassNotFoundException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
      // Create a bogus PKIMessage
    KeyPair keys = KeyTools.genKeys("1024", "RSA");
    OptionalValidity myOptionalValidity = new OptionalValidity();
    org.bouncycastle.asn1.x509.Time nb = new org.bouncycastle.asn1.x509.Time(new DERGeneralizedTime("20030211002120Z"));
    org.bouncycastle.asn1.x509.Time na = new org.bouncycastle.asn1.x509.Time(new Date());
    myOptionalValidity.setNotBefore(nb);
    myOptionalValidity.setNotAfter(na);
    CertTemplate myCertTemplate = new CertTemplate();
    myCertTemplate.setValidity( myOptionalValidity );
    myCertTemplate.setIssuer(new X509Name("CN=bogusIssuer"));
    myCertTemplate.setSubject(new X509Name("CN=bogusSubject"));
    byte[]                  bytes = keys.getPublic().getEncoded();
View Full Code Here

  protected PKIMessage genCertReq(String issuerDN, String userDN, KeyPair keys, Certificate cacert, byte[] nonce, byte[] transid, boolean raVerifiedPopo, X509Extensions extensions, Date notBefore, Date notAfter, BigInteger customCertSerno) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidKeyException, SignatureException {
    return genCertReq(issuerDN, userDN, "UPN=fooupn@bar.com,rfc822Name=fooemail@bar.com", keys, cacert, nonce, transid, raVerifiedPopo, extensions, notBefore, notAfter, customCertSerno);
  }
 
  protected PKIMessage genCertReq(String issuerDN, String userDN, String altNames, KeyPair keys, Certificate cacert, byte[] nonce, byte[] transid, boolean raVerifiedPopo, X509Extensions extensions, Date notBefore, Date notAfter, BigInteger customCertSerno) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidKeyException, SignatureException {
    OptionalValidity myOptionalValidity = new OptionalValidity();
    org.bouncycastle.asn1.x509.Time nb = new org.bouncycastle.asn1.x509.Time(new DERGeneralizedTime("20030211002120Z"));
    if (notBefore != null) {
      nb = new org.bouncycastle.asn1.x509.Time(notBefore);
    }
    org.bouncycastle.asn1.x509.Time na = new org.bouncycastle.asn1.x509.Time(new Date());
    if (notAfter != null) {
      na = new org.bouncycastle.asn1.x509.Time(notAfter);
    }
    myOptionalValidity.setNotBefore(nb);
    myOptionalValidity.setNotAfter(na);
   
    CertTemplate myCertTemplate = new CertTemplate();
    myCertTemplate.setValidity( myOptionalValidity );
    myCertTemplate.setIssuer(new X509Name(issuerDN));
    myCertTemplate.setSubject(new X509Name(userDN));
View Full Code Here

        // Create the new protected return message
        String objectId = "1.2.840.113533.7.66.13";
        if (badObjectId) {
            objectId += ".7";
        }
        PBMParameter pp = new PBMParameter(derSalt, owfAlg, iteration, macAlg);
        AlgorithmIdentifier pAlg = new AlgorithmIdentifier(new DERObjectIdentifier(objectId), pp);
        head.setProtectionAlg(pAlg);
        PKIBody body = msg.getBody();
        PKIMessage ret = new PKIMessage(head, body);
View Full Code Here

            // Verify the PasswordBased protection of the message
            byte[] protectedBytes = respObject.getProtectedBytes();
            DERBitString protection = respObject.getProtection();
            AlgorithmIdentifier pAlg = header.getProtectionAlg();
            log.debug("Protection type is: " + pAlg.getObjectId().getId());
            PBMParameter pp = PBMParameter.getInstance(pAlg.getParameters());
            int iterationCount = pp.getIterationCount().getPositiveValue().intValue();
            log.debug("Iteration count is: " + iterationCount);
            AlgorithmIdentifier owfAlg = pp.getOwf();
            // Normal OWF alg is 1.3.14.3.2.26 - SHA1
            log.debug("Owf type is: " + owfAlg.getObjectId().getId());
            AlgorithmIdentifier macAlg = pp.getMac();
            // Normal mac alg is 1.3.6.1.5.5.8.1.2 - HMAC/SHA1
            log.debug("Mac type is: " + macAlg.getObjectId().getId());
            byte[] salt = pp.getSalt().getOctets();
            // log.info("Salt is: "+new String(salt));
            byte[] raSecret = pbeSecret.getBytes();
            byte[] basekey = new byte[raSecret.length + salt.length];
            for (int i = 0; i < raSecret.length; i++) {
                basekey[i] = raSecret[i];
View Full Code Here

            sig.initSign(keys.getPrivate());
            sig.update(popoProtectionBytes);

            DERBitString bs = new DERBitString(sig.sign());

            POPOSigningKey myPOPOSigningKey = new POPOSigningKey(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption), bs);
            // myPOPOSigningKey.setPoposkInput( myPOPOSigningKeyInput );
            myProofOfPossession = new ProofOfPossession(myPOPOSigningKey, 1);
        }

        myCertReqMsg.setPop(myProofOfPossession);
View Full Code Here

    values.add(kuext);
    oids.add(X509Extensions.KeyUsage);
        myCertTemplate.setExtensions(new X509Extensions(oids, values));
        CertRequest myCertRequest = new CertRequest(new DERInteger(4), myCertTemplate);
        CertReqMsg myCertReqMsg = new CertReqMsg(myCertRequest);
        ProofOfPossession myProofOfPossession = new ProofOfPossession(new DERNull(), 0);
        myCertReqMsg.setPop(myProofOfPossession);
        AttributeTypeAndValue av = new AttributeTypeAndValue(CRMFObjectIdentifiers.regCtrl_regToken, new DERUTF8String("foo123"));
        myCertReqMsg.addRegInfo(av);
        CertReqMessages myCertReqMessages = new CertReqMessages(myCertReqMsg);
        PKIHeader myPKIHeader = new PKIHeader(new DERInteger(2), new GeneralName(new X509Name("CN=bogusSubject")), new GeneralName(new X509Name("CN=bogusIssuer")));
View Full Code Here

         * POPOSigningKeyInput myPOPOSigningKeyInput = new POPOSigningKeyInput(
         * myPKMACValue, new SubjectPublicKeyInfo( new AlgorithmIdentifier(new
         * DERObjectIdentifier("9.3.3.9.2.2"), new DERBitString(new byte[] { 2,
         * 9, 7, 3 })), new byte[] { 7, 7, 7, 4, 5, 6, 7, 7, 7 }));
         */
        ProofOfPossession myProofOfPossession = null;
        if (raVerifiedPopo) {
            // raVerified POPO (meaning there is no POPO)
            myProofOfPossession = new ProofOfPossession(new DERNull(), 0);
        } else {
            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            DEROutputStream mout = new DEROutputStream(baos);
            mout.writeObject(myCertRequest);
            mout.close();
            byte[] popoProtectionBytes = baos.toByteArray();
            Signature sig = Signature.getInstance(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "BC");
            sig.initSign(keys.getPrivate());
            sig.update(popoProtectionBytes);

            DERBitString bs = new DERBitString(sig.sign());

            POPOSigningKey myPOPOSigningKey = new POPOSigningKey(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption), bs);
            // myPOPOSigningKey.setPoposkInput( myPOPOSigningKeyInput );
            myProofOfPossession = new ProofOfPossession(myPOPOSigningKey, 1);
        }

        myCertReqMsg.setPop(myProofOfPossession);
        // myCertReqMsg.addRegInfo(new AttributeTypeAndValue(new
        // DERObjectIdentifier("1.3.6.2.2.2.2.3.1"), new
View Full Code Here

TOP

Related Classes of com.novosec.pkix.asn1.cmp.CertifiedKeyPair

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.