ConcurrentContentSigner signer; try { signer = securityFactory.createSigner(caEntry.getSignerType(), signerConf, caEntry.getCert()); if (dfltSigner == null) {
PublicKey publicKey = securityFactory.generatePublicKey(spki); ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(publicKey); return certRequest.isValidSigningKeyPOP(cvp); } catch (InvalidKeyException | IllegalStateException | CRMFException ex) {
char[] password = securityFactory.getPasswordResolver().resolvePassword(passwordHint); ksBytes = securityFactory.extractMinimalKeyStore(keystoreType, ksBytes, keyLabel, password, certChain); } catch (KeyStoreException ex) {
throws ObjectCreationException { String str = conf.getConfValue("parallelism"); int parallelism = securityFactory.getDefaultSignerParallelism(); if (str != null) { try { password = null; } else { PasswordResolver passwordResolver = securityFactory.getPasswordResolver(); if (passwordResolver == null) { password = passwordHint.toCharArray(); securityFactory.getRandom4Sign()); } else { SoftTokenContentSignerBuilder signerBuilder = new SoftTokenContentSignerBuilder( securityFactory.getRandom4Sign());
int parallelism = securityFactory.getDfltSignerParallelism(); if (str != null) { try { password = null; } else { PasswordResolver passwordResolver = securityFactory.getPasswordResolver(); if (passwordResolver == null) { password = passwordHint.toCharArray(); type, keystoreStream, password, keyLabel, password); return signerBuilder.createSigner(macAlgId, parallelism, securityFactory.getRandom4Sign()); } else { P12ContentSignerBuilder signerBuilder = new P12ContentSignerBuilder( securityFactory.getRandom4Sign());
if (!securityFactory.verifyPopo(csr, null)) { throw new InvalidConfException("could not validate POP for the CSR"); signer = securityFactory.createSigner(signerType, new SignerConf(thisSignerConf), (X509Certificate[]) null); } catch (XiSecurityException | ObjectCreationException ex) {
ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(responderPubKey); boolean sigValid = basicResp.isSignatureValid(cvp);
private DataSourceWrapper loadDatasource(String datasourceName, String datasourceFile) throws CaMgmtException { try { DataSourceWrapper datasource = datasourceFactory.createDataSourceForFile( datasourceName, datasourceFile, securityFactory.getPasswordResolver()); // test the datasource Connection conn = datasource.getConnection(); datasource.returnConnection(conn); LOG.info("datasource.{}: {}", datasourceName, datasourceFile); return datasource; } catch (DataAccessException | PasswordResolverException | IOException | RuntimeException ex) { throw new CaMgmtException(concat(ex.getClass().getName(), " while parsing datasource ", datasourceFile, ": ", ex.getMessage()), ex); } }
private XiContentSigner createRSAContentSigner(AlgorithmIdentifier signatureAlgId) throws XiSecurityException, P11TokenException { if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(signatureAlgId.getAlgorithm())) { return new P11ContentSigner.RSAPSS(cryptService, identityId, signatureAlgId, securityFactory.getRandom4Sign()); } else { return new P11ContentSigner.RSA(cryptService, identityId, signatureAlgId); } }
keystoreBytes = securityFactory.extractMinimalKeyStore(keystoreType, keystoreBytes, keyLabel, password, null);
public void checkCsr(CertificationRequest csr) throws OperationException { Args.notNull(csr, "csr"); if (!caManager.getSecurityFactory().verifyPopo(csr, getCmpControl().getPopoAlgoValidator())) { LOG.warn("could not validate POP for the pkcs#10 requst"); throw new OperationException(BAD_POP); } }
int parallelism = securityFactory.getDfltSignerParallelism(); if (str != null) { try {
PublicKey responderPubKey = KeyUtil.generatePublicKey(respSigner.getSubjectPublicKeyInfo()); ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(responderPubKey); boolean sigValid = basicResp.isSignatureValid(cvp);
@Override public void changeRequestor(String name, String type, String conf) throws CaMgmtException { name = Args.toNonBlankLower(name, "name"); Args.notBlank(type, "type"); Args.notBlank(conf, "conf"); asssertMasterMode(); NameId ident = idNameMap.getRequestor(name); if (ident == null) { throw logAndCreateException(concat("unknown requestor ", name)); } RequestorEntryWrapper requestor = queryExecutor.changeRequestor(ident, type, conf, securityFactory.getPasswordResolver()); requestorDbEntries.remove(name); requestors.remove(name); requestorDbEntries.put(name, requestor.getDbEntry()); requestors.put(name, requestor); } // method changeRequestor
private XiContentSigner createRSAContentSigner(AlgorithmIdentifier signatureAlgId) throws XiSecurityException, P11TokenException { if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(signatureAlgId.getAlgorithm())) { return new P11RSAPSSContentSigner(cryptService, identityId, signatureAlgId, securityFactory.getRandom4Sign()); } else { return new P11RSAContentSigner(cryptService, identityId, signatureAlgId); } }
keystoreBytes = securityFactory.extractMinimalKeyStore(keystoreType, keystoreBytes, keyLabel, password, null);
@Override protected Object execute0() throws Exception { CertificationRequest csr = X509Util.parseCsr(IoUtil.read(csrFile)); String sigAlgo = AlgorithmUtil.getSignatureAlgoName(csr.getSignatureAlgorithm()); boolean bo = securityFactory.verifyPopo(csr, null); String txt = bo ? "valid" : "invalid"; println("The POP is " + txt + " (signature algorithm " + sigAlgo + ")."); return null; }
int parallelism = securityFactory.getDfltSignerParallelism(); if (str != null) { try {
for (String[] m : signerConfs) { SignerConf signerConf = new SignerConf(m[1]); signer = securityFactory.createSigner(caEntry.getSignerType(), signerConf, caEntry.getCert()); if (caEntry.getCert() == null) {
ContentVerifierProvider verifierProvider = securityFactory.getContentVerifierProvider( requestor.getCert().getCert()); if (verifierProvider == null) {