public static PBMParameter getInstance(Object o) { if (o instanceof PBMParameter) { return (PBMParameter)o; } if (o != null) { return new PBMParameter(ASN1Sequence.getInstance(o)); } return null; }
PBMParameter.getInstance(pkiMessage.getHeader().getProtectionAlg().getParameters()); AlgorithmIdentifier algId = parameter.getOwf(); if (!cmpControl.isRequestPbmOwfPermitted(algId)) { LOG.warn("MAC_ALGO_FORBIDDEN (PBMParameter.owf: {})", algId.getAlgorithm().getId()); algId = parameter.getMac(); if (!cmpControl.isRequestPbmMacPermitted(algId)) { LOG.warn("MAC_ALGO_FORBIDDEN (PBMParameter.mac: {})", algId.getAlgorithm().getId()); int iterationCount = parameter.getIterationCount().getValue().intValue(); if (iterationCount < 1000) { LOG.warn("MAC_ALGO_FORBIDDEN (PBMParameter.iterationCount: {} < 1000)", iterationCount);
@Override protected boolean verifyProtection(GeneralPKIMessage pkiMessage) throws CMPException, InvalidKeyException { ProtectedPKIMessage protectedMsg = new ProtectedPKIMessage(pkiMessage); if (!protectedMsg.hasPasswordBasedMacProtection()) { LOG.warn("NOT_MAC_BASED: {}", pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId()); return false; } PBMParameter parameter = PBMParameter.getInstance(pkiMessage.getHeader().getProtectionAlg().getParameters()); ASN1ObjectIdentifier algOid = parameter.getOwf().getAlgorithm(); if (!trustedOwfOids.contains(algOid)) { LOG.warn("MAC_ALGO_FORBIDDEN (PBMParameter.owf: {})", algOid); return false; } algOid = parameter.getMac().getAlgorithm(); if (!trustedMacOids.contains(algOid)) { LOG.warn("MAC_ALGO_FORBIDDEN (PBMParameter.mac: {})", algOid); return false; } PKMACBuilder pkMacBuilder = new PKMACBuilder(new JcePKMACValuesCalculator()); return protectedMsg.verify(pkMacBuilder, password); }
PBMParameter.getInstance(pkiMessage.getHeader().getProtectionAlg().getParameters()); AlgorithmIdentifier algId = parameter.getOwf(); if (!macResponder.isPbmOwfPermitted(algId)) { LOG.warn("MAC_ALGO_FORBIDDEN (PBMParameter.owf: {})", algId.getAlgorithm().getId()); algId = parameter.getMac(); if (!macResponder.isPbmMacPermitted(algId)) { LOG.warn("MAC_ALGO_FORBIDDEN (PBMParameter.mac: {})", algId.getAlgorithm().getId());
public static PBMParameter getInstance(Object o) { if (o instanceof PBMParameter) { return (PBMParameter)o; } if (o != null) { return new PBMParameter(ASN1Sequence.getInstance(o)); } return null; }
public PBMParameter getParameter() { return new PBMParameter(randomSalt(), owf, iterationCount, mac); }
@Override protected ProtectedPKIMessage build(ProtectedPKIMessageBuilder builder) throws Exception { builder.setSenderKID(kid); byte[] salt = new byte[64]; new SecureRandom().nextBytes(salt); PBMParameter pbmParameter = new PBMParameter(salt, requestOwf, requestInterationCount, requestMac); try { PKMACBuilder pkMacBuilder = new PKMACBuilder(new JcePKMACValuesCalculator()); pkMacBuilder.setParameters(pbmParameter); return builder.build(pkMacBuilder.build(password)); } catch (CRMFException ex) { throw new CMPException(ex.getMessage(), ex); } }
private PKIMessage addProtection(PKIMessage pkiMessage, AuditEvent event, CmpRequestorInfo requestor) { CmpControl control = getCmpControl(); try { if (requestor.getCert() != null) { return CmpUtil.addProtection(pkiMessage, getSigner(), getSender(), control.isSendResponderCert()); } else { PBMParameter parameter = new PBMParameter(randomSalt(), control.getResponsePbmOwf(), control.getResponsePbmIterationCount(), control.getResponsePbmMac()); return CmpUtil.addProtection(pkiMessage, requestor.getPassword(), parameter, getSender(), requestor.getKeyId()); } } catch (Exception ex) { LogUtil.error(LOG, ex, "could not add protection to the PKI message"); PKIStatusInfo status = generateRejectionStatus( PKIFailureInfo.systemFailure, "could not sign the PKIMessage"); event.setLevel(AuditLevel.ERROR); event.setStatus(AuditStatus.FAILED); event.addEventData(CaAuditConstants.NAME_message, "could not sign the PKIMessage"); PKIBody body = new PKIBody(PKIBody.TYPE_ERROR, new ErrorMsgContent(status)); return new PKIMessage(pkiMessage.getHeader(), body); } } // method addProtection