Package com.novosec.pkix.asn1.cmp

Examples of com.novosec.pkix.asn1.cmp.PKIHeader


        //
        // Parse response message
        //
        PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
        assertNotNull(respObject);
        PKIHeader header = respObject.getHeader();
        assertEquals(header.getSender().getTagNo(), 4);
        X509Name name = X509Name.getInstance(header.getSender().getName());
        assertEquals(name.toString(), sender);
        name = X509Name.getInstance(header.getRecipient().getName());
        assertEquals(name.toString(), recipient);

        PKIBody body = respObject.getBody();
        int tag = body.getTagNo();
        assertEquals(tag, 23);
View Full Code Here


            final AttributeTypeAndValue av = new AttributeTypeAndValue(CRMFObjectIdentifiers.regCtrl_regToken, new DERUTF8String("foo123"));
            myCertReqMsg.addRegInfo(av);

            final CertReqMessages myCertReqMessages = new CertReqMessages(myCertReqMsg);

            final PKIHeader myPKIHeader =
                new PKIHeader( new DERInteger(2),
                               new GeneralName(new X509Name(sessionData.getUserDN())),
                               new GeneralName(new X509Name(this.cacert.getSubjectDN().getName())) );
            myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
            myPKIHeader.setSenderNonce(new DEROctetString(sessionData.getNonce()));
            myPKIHeader.setTransactionID(new DEROctetString(sessionData.getTransId()));

            final PKIBody myPKIBody = new PKIBody(myCertReqMessages, 0); // initialization request
            return new PKIMessage(myPKIHeader, myPKIBody);  
        }
View Full Code Here

            final byte[] salt = "foo123".getBytes();
            final DEROctetString derSalt = new DEROctetString(salt);
            final PKIMessage ret;
            {
                // Create the PasswordBased protection of the message
                final PKIHeader head = msg.getHeader();
                head.setSenderKID(new DEROctetString(this.keyId.getBytes()));
                final DERInteger iteration = new DERInteger(iterationCount);

                // Create the new protected return message
                String objectId = "1.2.840.113533.7.66.13";
                if (badObjectId) {
                    objectId += ".7";
                }
                final PBMParameter pp = new PBMParameter(derSalt, owfAlg, iteration, macAlg);
                final AlgorithmIdentifier pAlg = new AlgorithmIdentifier(new DERObjectIdentifier(objectId), pp);
                head.setProtectionAlg(pAlg);

                final PKIBody body = msg.getBody();
                ret = new PKIMessage(head, body);
            }
            {
View Full Code Here

                StressTest.this.performanceTest.getLog().error("No command response message.");
                return false;
            }
           
            // The signer, i.e. the CA, check it's the right CA
            final PKIHeader header = respObject.getHeader();
            if ( header==null ) {
                StressTest.this.performanceTest.getLog().error("No header in response message.");
                return false;
            }
            // Check that the signer is the expected CA
            final X509Name name = X509Name.getInstance(header.getSender().getName());
            if ( header.getSender().getTagNo()!=4 || name==null || !name.equals(this.cacert.getSubjectDN()) ) {
                StressTest.this.performanceTest.getLog().error("Not signed by right issuer.");
            }

            if ( header.getSenderNonce().getOctets().length!=16 ) {
                StressTest.this.performanceTest.getLog().error("Wrong length of received sender nonce (made up by server). Is "+header.getSenderNonce().getOctets().length+" byte but should be 16.");
            }

            if ( !Arrays.equals(header.getRecipNonce().getOctets(), sessionData.getNonce()) ) {
                StressTest.this.performanceTest.getLog().error("recipient nonce not the same as we sent away as the sender nonce. Sent: "+Arrays.toString(sessionData.getNonce())+" Received: "+Arrays.toString(header.getRecipNonce().getOctets()));
            }

            if ( !Arrays.equals(header.getTransactionID().getOctets(), sessionData.getTransId()) ) {
                StressTest.this.performanceTest.getLog().error("transid is not the same as the one we sent");
            }
            {
                // Check that the message is signed with the correct digest alg
                final AlgorithmIdentifier algId = header.getProtectionAlg();
                if (algId==null || algId.getObjectId()==null || algId.getObjectId().getId()==null) {
                    if ( requireProtection ) {
                        StressTest.this.performanceTest.getLog().error("Not possible to get algorithm.");
                        return false;
                    }
                    return true;
                }
                final String id = algId.getObjectId().getId();
                if ( id.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()) ) {
                    if ( this.firstTime ) {
                        this.firstTime = false;
                        this.isSign = true;
                        StressTest.this.performanceTest.getLog().info("Signature protection used.");
                    } else if ( !this.isSign ) {
                        StressTest.this.performanceTest.getLog().error("Message password protected but should be signature protected.");
                    }
                } else if ( id.equals(CMPObjectIdentifiers.passwordBasedMac.getId()) ) {
                    if ( this.firstTime ) {
                        this.firstTime = false;
                        this.isSign = false;
                        StressTest.this.performanceTest.getLog().info("Password (PBE) protection used.");
                    } else if ( this.isSign ) {
                        StressTest.this.performanceTest.getLog().error("Message signature protected but should be password protected.");
                    }
                } else {
                    StressTest.this.performanceTest.getLog().error("No valid algorithm.");
                    return false;
                }
            }
            if ( this.isSign ) {
                // Verify the signature
                byte[] protBytes = respObject.getProtectedBytes();
                final DERBitString bs = respObject.getProtection();
                final Signature sig;
                try {
                    sig = Signature.getInstance(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId());
                    sig.initVerify(this.cacert);
                    sig.update(protBytes);
                    if ( !sig.verify(bs.getBytes()) ) {
                        StressTest.this.performanceTest.getLog().error("CA signature not verifying");
                    }
                } catch ( Exception e) {
                    StressTest.this.performanceTest.getLog().error("Not possible to verify signature.", e);
                }          
            } else {
                //final DEROctetString os = header.getSenderKID();
                //if ( os!=null )
                //    StressTest.this.performanceTest.getLog().info("Found a sender keyId: "+new String(os.getOctets()));
                // Verify the PasswordBased protection of the message
                final PBMParameter pp; {
                    final AlgorithmIdentifier pAlg = header.getProtectionAlg();
                    // StressTest.this.performanceTest.getLog().info("Protection type is: "+pAlg.getObjectId().getId());
                    pp = PBMParameter.getInstance(pAlg.getParameters());
                }
                final int iterationCount = pp.getIterationCount().getPositiveValue().intValue();
                // StressTest.this.performanceTest.getLog().info("Iteration count is: "+iterationCount);
View Full Code Here

            final PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
            if ( respObject==null ) {
                StressTest.this.performanceTest.getLog().error("Not possbile to get response message.");
                return false;
            }
            final PKIHeader header = respObject.getHeader();
            if ( header.getSender().getTagNo()!=4 ) {
                StressTest.this.performanceTest.getLog().error("Wrong tag in respnse message header. Is "+header.getSender().getTagNo()+" should be 4.");
                return false;
            }
            {
                final X509Name name = X509Name.getInstance(header.getSender().getName());
                if ( name.hashCode() != this.cacert.getSubjectDN().hashCode() ) {
                    StressTest.this.performanceTest.getLog().error("Wrong CA DN. Is '"+name+"' should be '"+this.cacert.getSubjectDN()+"'.");
                    return false;
                }
            }
            {
                final X509Name name = X509Name.getInstance(header.getRecipient().getName());
                if ( name.hashCode() != new X509Name(sessionData.userDN).hashCode() ) {
                    StressTest.this.performanceTest.getLog().error("Wrong recipient DN. Is '"+name+"' should be '"+sessionData.userDN+"'.");
                    return false;
                }
            }
View Full Code Here

            }
            return true;
        }
        private PKIMessage genCertConfirm(final SessionData sessionData, final String hash) {
           
            PKIHeader myPKIHeader =
                new PKIHeader(
                        new DERInteger(2),
                        new GeneralName(new X509Name(sessionData.getUserDN())),
                        new GeneralName(new X509Name(this.cacert.getSubjectDN().getName())));
            myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
            // senderNonce
            myPKIHeader.setSenderNonce(new DEROctetString(sessionData.getNonce()));
            // TransactionId
            myPKIHeader.setTransactionID(new DEROctetString(sessionData.getTransId()));
           
            CertConfirmContent cc = new CertConfirmContent(new DEROctetString(hash.getBytes()), new DERInteger(sessionData.getReqId()));
            PKIBody myPKIBody = new PKIBody(cc, 24); // Cert Confirm
            PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody);  
            return myPKIMessage;
View Full Code Here

      NoSuchAlgorithmException, NoSuchProviderException,
      SignRequestException, NotFoundException {

    X509Name sender = X509Name.getInstance(getSender().getName());
    X509Name recipient = X509Name.getInstance(getRecipient().getName());
    PKIHeader myPKIHeader = CmpMessageHelper.createPKIHeader(sender, recipient, getSenderNonce(), getRecipientNonce(), getTransactionId());

    PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(new DERInteger(0)); // 0 = accepted
    if (status != ResponseStatus.SUCCESS && status != ResponseStatus.GRANTED_WITH_MODS) {
      log.debug("Creating a rejection message");
      myPKIStatusInfo = new PKIStatusInfo(new DERInteger(2)); // 2 = rejection     
View Full Code Here

  private int iterationCount = 1024;
  private byte[] salt = null;
  private String lastUsedRaSecret = null;
 
  public CmpPbeVerifyer(PKIMessage msg) {
    PKIHeader head = msg.getHeader();
    protectedBytes = msg.getProtectedBytes();
    protection = msg.getProtection();
    pAlg = head.getProtectionAlg();
    LOG.debug("Protection type is: "+pAlg.getObjectId().getId());
    PBMParameter pp = PBMParameter.getInstance(pAlg.getParameters());
    iterationCount = pp.getIterationCount().getPositiveValue().intValue();
    LOG.debug("Iteration count is: "+iterationCount);
    AlgorithmIdentifier owfAlg = pp.getOwf();
View Full Code Here

    setMessage(msg);
  }

  private void init() {
    final PKIBody body = getPKIMessage().getBody();
    final PKIHeader header = getPKIMessage().getHeader();
    requestType = body.getTagNo();
    final CertReqMessages msgs = getCertReqFromTag(body, requestType);
    requestId = msgs.getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue();
    this.req = msgs.getCertReqMsg(0);
    DEROctetString os = header.getTransactionID();
    if (os != null) {
      byte[] val = os.getOctets();
      if (val != null) {
        setTransactionId(new String(Base64.encode(val)));             
      }
    }
    os = header.getSenderNonce();
    if (os != null) {
      byte[] val = os.getOctets();
      if (val != null) {
        setSenderNonce(new String(Base64.encode(val)));             
      }
    }
    setRecipient(header.getRecipient());
    setSender(header.getSender());
  }
View Full Code Here

      subject = "CN=fooSubject";
    }
   
    X509Name issuerName = new X509Name(issuer);
    X509Name subjectName = new X509Name(subject);
    PKIHeader myPKIHeader = CmpMessageHelper.createPKIHeader(issuerName, subjectName, senderNonce, recipientNonce, transactionId);

    try {
      if (status.equals(ResponseStatus.SUCCESS)) {
        if (cert != null) {
            if (log.isDebugEnabled()) {         
View Full Code Here

TOP

Related Classes of com.novosec.pkix.asn1.cmp.PKIHeader

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.