@Override public boolean verifyPopo(PKCS10CertificationRequest csr, AlgorithmValidator algoValidator) { if (algoValidator != null) { AlgorithmIdentifier algId = csr.getSignatureAlgorithm(); if (!algoValidator.isAlgorithmPermitted(algId)) { String algoName; try { algoName = AlgorithmUtil.getSignatureAlgoName(algId); } catch (NoSuchAlgorithmException ex) { algoName = algId.getAlgorithm().getId(); } LOG.error("POPO signature algorithm {} not permitted", algoName); return false; } } try { SubjectPublicKeyInfo pkInfo = csr.getSubjectPublicKeyInfo(); PublicKey pk = KeyUtil.generatePublicKey(pkInfo); ContentVerifierProvider cvp = getContentVerifierProvider(pk); return csr.isSignatureValid(cvp); } catch (InvalidKeyException | PKCSException | NoSuchAlgorithmException | InvalidKeySpecException ex) { LogUtil.error(LOG, ex, "could not validate POPO of CSR"); return false; } }
@Override public boolean verifyPopo(final PKCS10CertificationRequest csr, final AlgorithmValidator algoValidator) { if (algoValidator != null) { AlgorithmIdentifier algId = csr.getSignatureAlgorithm(); if (!algoValidator.isAlgorithmPermitted(algId)) { String algoName; try { algoName = AlgorithmUtil.getSignatureAlgoName(algId); } catch (NoSuchAlgorithmException ex) { algoName = algId.getAlgorithm().getId(); } LOG.error("POPO signature algorithm {} not permitted", algoName); return false; } } try { SubjectPublicKeyInfo pkInfo = csr.getSubjectPublicKeyInfo(); PublicKey pk = KeyUtil.generatePublicKey(pkInfo); ContentVerifierProvider cvp = getContentVerifierProvider(pk); return csr.isSignatureValid(cvp); } catch (InvalidKeyException | PKCSException | NoSuchAlgorithmException | InvalidKeySpecException ex) { LogUtil.error(LOG, ex, "could not validate POPO of CSR"); return false; } }
AlgorithmIdentifier popoAlgId = popoSign.getAlgorithmIdentifier(); AlgorithmValidator algoValidator = getCmpControl().getPopoAlgoValidator(); if (!algoValidator.isAlgorithmPermitted(popoAlgId)) { String algoName; try {
macValid ? ProtectionResult.MAC_VALID : ProtectionResult.MAC_INVALID); } else { if (!cmpControl.getSigAlgoValidator().isAlgorithmPermitted(protectionAlg)) { LOG.warn("SIG_ALGO_FORBIDDEN: {}", pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
(Responder.SignaturetCmpResponder) responder; AlgorithmIdentifier protectionAlgo = protectedMsg.getHeader().getProtectionAlg(); if (!sigResponder.getSigAlgoValidator().isAlgorithmPermitted(protectionAlgo)) { String algoName; try {