Package com.novosec.pkix.asn1.crmf

Examples of com.novosec.pkix.asn1.crmf.CertReqMsg


  public boolean create() throws IOException, InvalidKeyException,
      NoSuchAlgorithmException, NoSuchProviderException,
      SignRequestException, NotFoundException {
    X509Name sender = X509Name.getInstance(getSender().getName());
    X509Name recipient = X509Name.getInstance(getRecipient().getName());
    PKIHeader myPKIHeader = CmpMessageHelper.createPKIHeader(sender, recipient, getSenderNonce(), getRecipientNonce(), getTransactionId());
    PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(new DERInteger(2)); // 2 = rejection
    if (failInfo != null) {
      myPKIStatusInfo.setFailInfo(failInfo.getAsBitString());     
    }
    if (failText != null) {   
View Full Code Here


      log.error(eMsg, t);
      // If we could not read the message, we should return an error BAD_REQUEST
      return CmpMessageHelper.createUnprotectedErrorMessage(null, ResponseStatus.FAILURE, FailInfo.BAD_REQUEST, eMsg);
    }
    try {
      PKIHeader header = req.getHeader();
      PKIBody body = req.getBody();
     
      int tagno = body.getTagNo();
      if (log.isDebugEnabled()) {
        log.debug("Received CMP message with pvno="+header.getPvno()+", sender="+header.getSender().toString()+", recipient="+header.getRecipient().toString());
        log.debug("Body is of type: "+tagno);
        log.debug(req);
        //log.debug(ASN1Dump.dumpAsString(req));       
      }
      BaseCmpMessage cmpMessage = null;
View Full Code Here

              }
              break;
            case CertificateRequestRequest.REQUEST_TYPE_CRMF:
              // Extract request in a format that EJBCA can process
          CertReqMessages certReqMessages = CertReqMessages.getInstance(new ASN1InputStream(submessage.getRequestData()).readObject());
          PKIMessage msg = new PKIMessage(new PKIHeader(
              new DERInteger(2), new GeneralName(new X509Name("CN=unused")), new GeneralName(new X509Name("CN=unused"))),
              new PKIBody(certReqMessages, 2)); // [2] CertReqMessages --Certification Request
              CrmfRequestMessage crmfReq = new CrmfRequestMessage(msg, null, true, null);
              crmfReq.setUsername(submessage.getUsername());
              crmfReq.setPassword(submessage.getPassword());
View Full Code Here

        CertReqMessages myCertReqMessages = new CertReqMessages(myCertReqMsg);
        // myCertReqMessages.addCertReqMsg(myCertReqMsg);

        // log.debug("CAcert subject name: "+cacert.getSubjectDN().getName());
        PKIHeader myPKIHeader = new PKIHeader(new DERInteger(2), new GeneralName(new X509Name(userDN)), new GeneralName(new X509Name(((X509Certificate)cacert).getSubjectDN()
                .getName())));
        myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
        // senderNonce
        myPKIHeader.setSenderNonce(new DEROctetString(nonce));
        // TransactionId
        myPKIHeader.setTransactionID(new DEROctetString(transid));
        // myPKIHeader.setRecipNonce(new DEROctetString(new
        // String("RecipNonce").getBytes()));
        // PKIFreeText myPKIFreeText = new PKIFreeText(new
        // DERUTF8String("hello"));
        // myPKIFreeText.addString(new DERUTF8String("free text string"));
View Full Code Here

            myRevDetails.setCrlEntryDetails(new X509Extensions(ht));
        }

        RevReqContent myRevReqContent = new RevReqContent(myRevDetails);

        PKIHeader myPKIHeader = new PKIHeader(new DERInteger(2), new GeneralName(new X509Name(userDN)), new GeneralName(new X509Name(((X509Certificate)cacert).getSubjectDN()
                .getName())));
        myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
        // senderNonce
        myPKIHeader.setSenderNonce(new DEROctetString(nonce));
        // TransactionId
        myPKIHeader.setTransactionID(new DEROctetString(transid));

        PKIBody myPKIBody = new PKIBody(myRevReqContent, 11); // revocation
                                                              // request
        PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody);
        return myPKIMessage;
View Full Code Here

    }

    protected PKIMessage genCertConfirm(String userDN, Certificate cacert, byte[] nonce, byte[] transid, String hash, int certReqId)
            throws NoSuchAlgorithmException, NoSuchProviderException, IOException {

        PKIHeader myPKIHeader = new PKIHeader(new DERInteger(2), new GeneralName(new X509Name(userDN)), new GeneralName(new X509Name(((X509Certificate)cacert).getSubjectDN()
                .getName())));
        myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
        // senderNonce
        myPKIHeader.setSenderNonce(new DEROctetString(nonce));
        // TransactionId
        myPKIHeader.setTransactionID(new DEROctetString(transid));

        CertConfirmContent cc = new CertConfirmContent(new DEROctetString(hash.getBytes()), new DERInteger(certReqId));
        PKIBody myPKIBody = new PKIBody(cc, 24); // Cert Confirm
        PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody);
        return myPKIMessage;
View Full Code Here

    }

    protected PKIMessage protectPKIMessage(PKIMessage msg, boolean badObjectId, String password, String keyId, int iterations) throws NoSuchAlgorithmException,
            NoSuchProviderException, InvalidKeyException {
        // Create the PasswordBased protection of the message
        PKIHeader head = msg.getHeader();
        head.setSenderKID(new DEROctetString(keyId.getBytes()));
        // SHA1
        AlgorithmIdentifier owfAlg = new AlgorithmIdentifier("1.3.14.3.2.26");
        // 567 iterations
        int iterationCount = iterations;
        DERInteger iteration = new DERInteger(iterationCount);
        // HMAC/SHA1
        AlgorithmIdentifier macAlg = new AlgorithmIdentifier("1.2.840.113549.2.7");
        byte[] salt = "foo123".getBytes();
        DEROctetString derSalt = new DEROctetString(salt);

        // Create the new protected return message
        String objectId = "1.2.840.113533.7.66.13";
        if (badObjectId) {
            objectId += ".7";
        }
        PBMParameter pp = new PBMParameter(derSalt, owfAlg, iteration, macAlg);
        AlgorithmIdentifier pAlg = new AlgorithmIdentifier(new DERObjectIdentifier(objectId), pp);
        head.setProtectionAlg(pAlg);
        PKIBody body = msg.getBody();
        PKIMessage ret = new PKIMessage(head, body);

        // Calculate the protection bits
        byte[] raSecret = password.getBytes();
View Full Code Here

        //
        PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
        assertNotNull(respObject);

        // The signer, i.e. the CA, check it's the right CA
        PKIHeader header = respObject.getHeader();

        // Check that the message is signed with the correct digest alg
        if (signed) {
            AlgorithmIdentifier algId = header.getProtectionAlg();
            assertNotNull("The AlgorithmIdentifier in the response signature could not be read.", algId);
            assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), algId.getObjectId().getId());
        }
        if (pbe) {
            AlgorithmIdentifier algId = header.getProtectionAlg();
            assertNotNull("Protection algorithm was null.", algId);
            assertEquals("Protection algorithm id: " + algId.getObjectId().getId(), CMPObjectIdentifiers.passwordBasedMac.getId(), algId.getObjectId().getId())//1.2.840.113549.1.1.5 - SHA-1 with RSA Encryption
        }

        // Check that the signer is the expected CA
        assertEquals(header.getSender().getTagNo(), 4);
        X509Name name = X509Name.getInstance(header.getSender().getName());
        assertEquals(name.toString(), issuerDN);

        if (signed) {
            // Verify the signature
            byte[] protBytes = respObject.getProtectedBytes();
            DERBitString bs = respObject.getProtection();
            Signature sig;
            try {
                sig = Signature.getInstance(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "BC");
                sig.initVerify(cacert);
                sig.update(protBytes);
                boolean ret = sig.verify(bs.getBytes());
                assertTrue(ret);
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
                assertTrue(false);
            } catch (NoSuchProviderException e) {
                e.printStackTrace();
                assertTrue(false);
            } catch (InvalidKeyException e) {
                e.printStackTrace();
                assertTrue(false);
            } catch (SignatureException e) {
                e.printStackTrace();
                assertTrue(false);
            }
        }
        if (pbe) {
            DEROctetString os = header.getSenderKID();
            assertNotNull(os);
            String keyId = new String(os.getOctets());
            log.debug("Found a sender keyId: " + keyId);
            // Verify the PasswordBased protection of the message
            byte[] protectedBytes = respObject.getProtectedBytes();
            DERBitString protection = respObject.getProtection();
            AlgorithmIdentifier pAlg = header.getProtectionAlg();
            log.debug("Protection type is: " + pAlg.getObjectId().getId());
            PBMParameter pp = PBMParameter.getInstance(pAlg.getParameters());
            int iterationCount = pp.getIterationCount().getPositiveValue().intValue();
            log.debug("Iteration count is: " + iterationCount);
            AlgorithmIdentifier owfAlg = pp.getOwf();
            // Normal OWF alg is 1.3.14.3.2.26 - SHA1
            log.debug("Owf type is: " + owfAlg.getObjectId().getId());
            AlgorithmIdentifier macAlg = pp.getMac();
            // Normal mac alg is 1.3.6.1.5.5.8.1.2 - HMAC/SHA1
            log.debug("Mac type is: " + macAlg.getObjectId().getId());
            byte[] salt = pp.getSalt().getOctets();
            // log.info("Salt is: "+new String(salt));
            byte[] raSecret = pbeSecret.getBytes();
            byte[] basekey = new byte[raSecret.length + salt.length];
            for (int i = 0; i < raSecret.length; i++) {
                basekey[i] = raSecret[i];
            }
            for (int i = 0; i < salt.length; i++) {
                basekey[raSecret.length + i] = salt[i];
            }
            // Construct the base key according to rfc4210, section 5.1.3.1
            MessageDigest dig = MessageDigest.getInstance(owfAlg.getObjectId().getId(), "BC");
            for (int i = 0; i < iterationCount; i++) {
                basekey = dig.digest(basekey);
                dig.reset();
            }
            // HMAC/SHA1 os normal 1.3.6.1.5.5.8.1.2 or 1.2.840.113549.2.7
            String macOid = macAlg.getObjectId().getId();
            Mac mac = Mac.getInstance(macOid, "BC");
            SecretKey key = new SecretKeySpec(basekey, macOid);
            mac.init(key);
            mac.reset();
            mac.update(protectedBytes, 0, protectedBytes.length);
            byte[] out = mac.doFinal();
            // My out should now be the same as the protection bits
            byte[] pb = protection.getBytes();
            boolean ret = Arrays.equals(out, pb);
            assertTrue(ret);
        }

        // --SenderNonce
        // SenderNonce is something the server came up with, but it should be 16
        // chars
        byte[] nonce = header.getSenderNonce().getOctets();
        assertEquals(nonce.length, 16);

        // --Recipient Nonce
        // recipient nonce should be the same as we sent away as sender nonce
        nonce = header.getRecipNonce().getOctets();
        assertEquals(new String(nonce), new String(senderNonce));

        // --Transaction ID
        // transid should be the same as the one we sent
        nonce = header.getTransactionID().getOctets();
        assertEquals(new String(nonce), new String(transId));

    }
View Full Code Here

        //
        // Parse response message
        //
        PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
        assertNotNull(respObject);
        PKIHeader header = respObject.getHeader();
        assertEquals(header.getSender().getTagNo(), 4);
        X509Name name = X509Name.getInstance(header.getSender().getName());
        assertEquals(name.toString(), ((X509Certificate)cacert).getSubjectDN().getName());
        name = X509Name.getInstance(header.getRecipient().getName());
        assertEquals(name.toString(), userDN);

        PKIBody body = respObject.getBody();
        int tag = body.getTagNo();
        assertEquals(tag, 19);
View Full Code Here

        //
        // Parse response message
        //
        PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
        assertNotNull(respObject);
        PKIHeader header = respObject.getHeader();
        assertEquals(header.getSender().getTagNo(), 4);
        X509Name name = X509Name.getInstance(header.getSender().getName());
        assertEquals(name.toString(), ((X509Certificate)cacert).getSubjectDN().getName());
        name = X509Name.getInstance(header.getRecipient().getName());
        assertEquals(name.toString(), userDN);

        PKIBody body = respObject.getBody();
        int tag = body.getTagNo();
        assertEquals(tag, 12);
View Full Code Here

TOP

Related Classes of com.novosec.pkix.asn1.crmf.CertReqMsg

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.