Package org.bouncycastle.jce.netscape

Examples of org.bouncycastle.jce.netscape.NetscapeCertRequest


        ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(buffer));
        ASN1Sequence spkac = (ASN1Sequence) in.readObject();
        in.close();

        NetscapeCertRequest nscr = new NetscapeCertRequest(spkac);

        // Verify POPO, we don't care about the challenge, it's not important.
        nscr.setChallenge("challenge");

        if (nscr.verify("challenge") == false) {
            throw new SignRequestSignatureException(
                "Invalid signature in NetscapeCertRequest, popo-verification failed.");
        }
        if (log.isDebugEnabled()) {
          log.debug("POPO verification successful");
        }
        X509Certificate cert = (X509Certificate) signsession.createCertificate(administrator,
                username, password, nscr.getPublicKey());
        if (log.isDebugEnabled()) {
          log.debug("Created certificate for " + username);
        }
        if (debug != null) {
            debug.print("<h4>Generated certificate:</h4>");


            return null;
          }
          ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(buffer));
          ASN1Sequence spkacSeq = (ASN1Sequence) in.readObject();
          in.close();
          NetscapeCertRequest nscr = new NetscapeCertRequest(spkacSeq);
          // Verify POPO, we don't care about the challenge, it's not important.
          nscr.setChallenge("challenge");
          if (nscr.verify("challenge") == false) {
            log.debug("SPKAC POPO verification Failed");
            throw new SignRequestSignatureException("Invalid signature in NetscapeCertRequest, popo-verification failed.");
          }
          log.debug("POPO verification successful");
          PublicKey pubKey = nscr.getPublicKey();
          imsg = new SimpleRequestMessage(pubKey, username, password);
        }   
      } else if (reqType == REQTYPE_CRMF) {
        byte[] request = Base64.decode(req.getBytes());
        ASN1InputStream in = new ASN1InputStream(request);

      try {
        buf = Base64.decode(certificateRequest.getBytes());
            ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(buf));
            ASN1Sequence spkac = (ASN1Sequence) in.readObject();
            in.close();
            NetscapeCertRequest nscr = new NetscapeCertRequest(spkac);
            // Verify POPO, we don't care about the challenge, it's not important.
            nscr.setChallenge("challenge");
            if (nscr.verify("challenge") == false) {
          context.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, getMessage("enroll.invalidreqdata"), null));
          return;
            }
      } catch (Exception e) {
        log.error("",e);

              break;
            case CertificateRequestRequest.REQUEST_TYPE_SPKAC:
              ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(submessage.getRequestData()));
              ASN1Sequence spkac = (ASN1Sequence) in.readObject();
              in.close();
              NetscapeCertRequest nscr = new NetscapeCertRequest(spkac);
                cert = signSession.createCertificate(admin, submessage.getUsername(), submessage.getPassword(), nscr.getPublicKey());
              if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_CERTIFICATE) {
                result = cert.getEncoded();
              } else if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_PKCS7) { 
                result = signSession.createPKCS7(admin, cert, true);
              } else if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_PKCS7WITHCHAIN) {

            return null;
          }
          ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(buffer));
          ASN1Sequence spkacSeq = (ASN1Sequence) in.readObject();
          in.close();
          NetscapeCertRequest nscr = new NetscapeCertRequest(spkacSeq);
          // Verify POPO, we don't care about the challenge, it's not important.
          nscr.setChallenge("challenge");
          if (nscr.verify("challenge") == false) {
            log.debug("POPO verification Failed");
            throw new SignRequestSignatureException("Invalid signature in NetscapeCertRequest, popo-verification failed.");
          }
          log.debug("POPO verification successful");
          PublicKey pubKey = nscr.getPublicKey();
          imsg = new SimpleRequestMessage(pubKey, username, password);
        }   
      } else if (reqType == SecConst.CERT_REQ_TYPE_CRMF) {
        byte[] request = Base64.decode(req.getBytes());
        ASN1InputStream in = new ASN1InputStream(request);

    if (spkac == null) {
            log.warn("SPKAC parameter is null, should be checked before");
            return null;
        }
    try {
      NetscapeCertRequest certRequest = new NetscapeCertRequest(Base64.decode(spkac));
      DefaultCertificate cert = new DefaultCertificate(this);
      cert.setDefaultSerialisation(new DERSerialisation(cert));
      cert.setSubjectPublicKey(create(certRequest.getPublicKey()));
      return cert;
    } catch (IOException e) {
      log.warn("how can an IOError occur when reading a string?", e);
    }
    return null;

            ASN1InputStream    in = new ASN1InputStream (new ByteArrayInputStream(data));
            ASN1Sequence    spkac = (ASN1Sequence)in.readObject ();
            // System.out.println("SPKAC: \n"+DERDump.dumpAsString (spkac));


            NetscapeCertRequest nscr = new NetscapeCertRequest (spkac);

            if (!nscr.verify (challenge))
            {
                return new SimpleTestResult(false, getName() + ": 1 - not verified");
            }

            //now try to generate one
            KeyPairGenerator kpg =
                KeyPairGenerator.getInstance (nscr.getKeyAlgorithm().getObjectId ().getId(), "BC");

            kpg.initialize (1024);

            KeyPair kp = kpg.genKeyPair();

            nscr.setPublicKey (kp.getPublic());
            nscr.sign (kp.getPrivate());
           
            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            DEROutputStream deros = new DEROutputStream (baos);
            deros.writeObject (nscr);
            deros.close();

           
            ASN1InputStream     in2 =
                new ASN1InputStream (new ByteArrayInputStream(baos.toByteArray()));
            ASN1Sequence        spkac2 = (ASN1Sequence)in2.readObject ();

            // System.out.println("SPKAC2: \n"+DERDump.dumpAsString (spkac2));

            NetscapeCertRequest nscr2 = new NetscapeCertRequest (spkac2);

            if (!nscr2.verify (challenge))
            {
                return new SimpleTestResult(false, getName() + ": 2 - not verified");
            }

            //lets build it from scratch


            challenge = "try it";

            NetscapeCertRequest nscr3 =
                new NetscapeCertRequest (challenge,
                                         new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, null),
                                         kp.getPublic());
           
            nscr3.sign (kp.getPrivate());
           
            // System.out.println("SPKAC3: \n"+DERDump.dumpAsString (nscr3));
           
            if (nscr3.verify (challenge))
            {
                return new SimpleTestResult(true, getName() + ": Okay");
            }
            else
            {

                        try {
                            // NetscapeCertRequest throws java.lang.IllegalArgumentException
                            // when no BC provider allowed, with a message
                            // "java.security.NoSuchProviderException: no such provider: BC"
                            // instead of NoSuchProviderException.
                            cert = new NetscapeCertRequest(b2);
                            challenge = getRuntime().newString(cert.getChallenge());
                            return cert.getPublicKey();
                        } catch (IOException ioe) {
                            throw new GeneralSecurityException(ioe.getMessage(), ioe);
                        }

        try {
            // NetscapeCertRequest requires "BC" provider.
            OpenSSLReal.doWithBCProvider(new OpenSSLReal.Runnable() {

                public void run() throws GeneralSecurityException {
                    cert = new NetscapeCertRequest(challenge.toString(), new AlgorithmIdentifier(alg), ((PKey) public_key).getPublicKey());
                    cert.sign(((PKey) key).getPrivateKey());
                }
            });
        } catch (GeneralSecurityException gse) {
            throw newSPKIError(getRuntime(), gse.getMessage());

TOP

Related Classes of org.bouncycastle.jce.netscape.NetscapeCertRequest

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.