public static DecodedPkiMessage decode(CMSSignedData pkiMessage, PrivateKey recipientKey, X509Certificate recipientCert, CollectionStore<X509CertificateHolder> certStore) throws MessageDecodingException { EnvelopedDataDecryptorInstance decInstance = new EnvelopedDataDecryptorInstance( recipientCert, recipientKey); EnvelopedDataDecryptor recipient = new EnvelopedDataDecryptor(decInstance); return decode(pkiMessage, recipient, certStore); }
private boolean isGutmannScep() { return caCaps.containsCapability(CaCapability.AES) || caCaps.containsCapability(CaCapability.Update); }
private static PkiMessage buildPkiMessage(PkiMessage message, PkiStatus status, FailInfo failInfo) { message.setPkiStatus(PkiStatus.FAILURE); message.setFailInfo(FailInfo.badRequest); return message; }
private ContentInfo encryptThenSign(PkiMessage request, PrivateKey identityKey, X509Certificate identityCert) throws ScepClientException { ScepHashAlgo hashAlgo = caCaps.mostSecureHashAlgo(); if (hashAlgo == ScepHashAlgo.MD5 && !useInsecureAlgorithms) { throw new ScepClientException("Scep server supports only MD5 but it not permitted in client"); } String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(identityKey, hashAlgo); ASN1ObjectIdentifier encAlgId; if (caCaps.containsCapability(CaCapability.AES)) { encAlgId = CMSAlgorithm.AES128_CBC; } else if (caCaps.containsCapability(CaCapability.DES3)) { encAlgId = CMSAlgorithm.DES_EDE3_CBC; } else if (useInsecureAlgorithms) { encAlgId = CMSAlgorithm.DES_CBC; } else { // no support of DES throw new ScepClientException("DES will not be supported by this client"); } try { return request.encode(identityKey, signatureAlgorithm, identityCert, new X509Certificate[]{identityCert}, authorityCertStore.getEncryptionCert(), encAlgId); } catch (MessageEncodingException ex) { throw new ScepClientException(ex); } }
public boolean isSuccess() { return pkcsRep.getPkiStatus() == PkiStatus.SUCCESS; }
public ScepResponder(CaCaps caCaps, CaEmulator caEmulator, RaEmulator raEmulator, NextCaAndRa nextCaAndRa, ScepControl control) throws Exception { this.caCaps = ScepUtil.requireNonNull("caCaps", caCaps); this.caEmulator = ScepUtil.requireNonNull("caEmulator", caEmulator); this.control = ScepUtil.requireNonNull("control", control); this.raEmulator = raEmulator; this.nextCaAndRa = nextCaAndRa; CaCaps caps = caCaps; if (nextCaAndRa == null) { caps.removeCapabilities(CaCapability.GetNextCACert); } else { caps.addCapabilities(CaCapability.GetNextCACert); } }
public FailInfo getFailInfo() { if (isFailure()) { return pkcsRep.getFailInfo(); } throw new IllegalStateException(); }
private static void assertSameNonce(PkiMessage request, PkiMessage response) throws ScepClientException { if (request.getSenderNonce().equals(response.getRecipientNonce())) { throw new ScepClientException("SenderNonce in request != RecipientNonce in response"); } }
public static IssuerAndSubject getInstance(Object obj) { if (obj instanceof IssuerAndSubject) { return (IssuerAndSubject) obj; } else if (obj != null) { return new IssuerAndSubject(ASN1Sequence.getInstance(obj)); } else { return null; } }
public CaCaps(Set<CaCapability> capabilities) { this.capabilities = ((capabilities == null || capabilities.isEmpty())) ? new HashSet<CaCapability>() : new HashSet<CaCapability>(capabilities); refresh(); }
@Override public String toString() { return toScepMessage(); }
public X509Certificate getCaCert() { return authorityCertStore == null ? null : authorityCertStore.getCaCert(); }
private void refresh() { if (capabilities != null) { this.bytes = toString().getBytes(); } }
private static Integer getIntegerPrintStringAttrValue(AttributeTable attrs, ASN1ObjectIdentifier type) throws MessageDecodingException { String str = getPrintableStringAttrValue(attrs, type); if (str == null) { return null; } try { return Integer.parseInt(str); } catch (NumberFormatException ex) { throw new MessageDecodingException("invalid integer '" + str + "'"); } }
/** * Returns <tt>true</tt> for a pending response, <tt>false</tt> otherwise. * * @return <tt>true</tt> for a pending response, <tt>false</tt> otherwise. */ public boolean isPending() { return pkcsRep.getPkiStatus() == PkiStatus.PENDING; }
public void addCapabilities(CaCapability... caps) { ScepUtil.requireNonNull("caps", caps); for (CaCapability m : caps) { capabilities.add(m); } refresh(); }
@Override public int hashCode() { return toScepMessage().hashCode(); }
public boolean isFailure() { return pkcsRep.getPkiStatus() == PkiStatus.FAILURE; }
public void removeCapabilities(CaCaps caCaps) { ScepUtil.requireNonNull("caCaps", caCaps); this.capabilities.retainAll(caCaps.capabilities); refresh(); }
public void removeCapabilities(CaCapability... caps) { ScepUtil.requireNonNull("caps", caps); for (CaCapability m : caps) { capabilities.remove(m); } refresh(); }