Java 类org.bouncycastle.asn1.cmp.CMPCertificate 实例源码

private ProtectedPKIMessage finaliseMessage(PKIHeader header, DERBitString protection)
{
    if (!extraCerts.isEmpty())
    {
        CMPCertificate[] cmpCerts = new CMPCertificate[extraCerts.size()];

        for (int i = 0; i != cmpCerts.length; i++)
        {
            cmpCerts[i] = new CMPCertificate(((X509CertificateHolder)extraCerts.get(i)).toASN1Structure());
        }

        return new ProtectedPKIMessage(new PKIMessage(header, body, protection, cmpCerts));
    }
    else
    {
        return new ProtectedPKIMessage(new PKIMessage(header, body, protection));
    }
}

/**
 * Return the extra certificates associated with this message.
 *
 * @return an array of extra certificates, zero length if none present.
 */
public X509CertificateHolder[] getCertificates()
{
    CMPCertificate[] certs = pkiMessage.getExtraCerts();

    if (certs == null)
    {
        return new X509CertificateHolder[0];
    }

    X509CertificateHolder[] res = new X509CertificateHolder[certs.length];
    for (int i = 0; i != certs.length; i++)
    {
        res[i] = new X509CertificateHolder(certs[i].getX509v3PKCert());
    }

    return res;
}

private ProtectedPKIMessage finaliseMessage(PKIHeader header, DERBitString protection)
{
    if (!extraCerts.isEmpty())
    {
        CMPCertificate[] cmpCerts = new CMPCertificate[extraCerts.size()];

        for (int i = 0; i != cmpCerts.length; i++)
        {
            cmpCerts[i] = new CMPCertificate(((X509CertificateHolder)extraCerts.get(i)).toASN1Structure());
        }

        return new ProtectedPKIMessage(new PKIMessage(header, body, protection, cmpCerts));
    }
    else
    {
        return new ProtectedPKIMessage(new PKIMessage(header, body, protection));
    }
}

/**
 * Return the extra certificates associated with this message.
 *
 * @return an array of extra certificates, zero length if none present.
 */
public X509CertificateHolder[] getCertificates()
{
    CMPCertificate[] certs = pkiMessage.getExtraCerts();

    if (certs == null)
    {
        return new X509CertificateHolder[0];
    }

    X509CertificateHolder[] res = new X509CertificateHolder[certs.length];
    for (int i = 0; i != certs.length; i++)
    {
        res[i] = new X509CertificateHolder(certs[i].getX509v3PKCert());
    }

    return res;
}

private ProtectedPKIMessage finaliseMessage(PKIHeader header, DERBitString protection)
{
    if (!extraCerts.isEmpty())
    {
        CMPCertificate[] cmpCerts = new CMPCertificate[extraCerts.size()];

        for (int i = 0; i != cmpCerts.length; i++)
        {
            cmpCerts[i] = new CMPCertificate(((X509CertificateHolder)extraCerts.get(i)).toASN1Structure());
        }

        return new ProtectedPKIMessage(new PKIMessage(header, body, protection, cmpCerts));
    }
    else
    {
        return new ProtectedPKIMessage(new PKIMessage(header, body, protection));
    }
}

/**
 * Return the extra certificates associated with this message.
 *
 * @return an array of extra certificates, zero length if none present.
 */
public X509CertificateHolder[] getCertificates()
{
    CMPCertificate[] certs = pkiMessage.getExtraCerts();

    if (certs == null)
    {
        return new X509CertificateHolder[0];
    }

    X509CertificateHolder[] res = new X509CertificateHolder[certs.length];
    for (int i = 0; i != certs.length; i++)
    {
        res[i] = new X509CertificateHolder(certs[i].getX509v3PKCert());
    }

    return res;
}

private ProtectedPKIMessage finaliseMessage(PKIHeader header, DERBitString protection)
{
    if (!extraCerts.isEmpty())
    {
        CMPCertificate[] cmpCerts = new CMPCertificate[extraCerts.size()];

        for (int i = 0; i != cmpCerts.length; i++)
        {
            cmpCerts[i] = new CMPCertificate(((X509CertificateHolder)extraCerts.get(i)).toASN1Structure());
        }

        return new ProtectedPKIMessage(new PKIMessage(header, body, protection, cmpCerts));
    }
    else
    {
        return new ProtectedPKIMessage(new PKIMessage(header, body, protection));
    }
}

/**
 * Return the extra certificates associated with this message.
 *
 * @return an array of extra certificates, zero length if none present.
 */
public X509CertificateHolder[] getCertificates()
{
    CMPCertificate[] certs = pkiMessage.getExtraCerts();

    if (certs == null)
    {
        return new X509CertificateHolder[0];
    }

    X509CertificateHolder[] res = new X509CertificateHolder[certs.length];
    for (int i = 0; i != certs.length; i++)
    {
        res[i] = new X509CertificateHolder(certs[i].getX509v3PKCert());
    }

    return res;
}

private ProtectedPKIMessage finaliseMessage(PKIHeader header, DERBitString protection)
{
    if (!extraCerts.isEmpty())
    {
        CMPCertificate[] cmpCerts = new CMPCertificate[extraCerts.size()];

        for (int i = 0; i != cmpCerts.length; i++)
        {
            cmpCerts[i] = new CMPCertificate(((X509CertificateHolder)extraCerts.get(i)).toASN1Structure());
        }

        return new ProtectedPKIMessage(new PKIMessage(header, body, protection, cmpCerts));
    }
    else
    {
        return new ProtectedPKIMessage(new PKIMessage(header, body, protection));
    }
}

/**
 * Return the extra certificates associated with this message.
 *
 * @return an array of extra certificates, zero length if none present.
 */
public X509CertificateHolder[] getCertificates()
{
    CMPCertificate[] certs = pkiMessage.getExtraCerts();

    if (certs == null)
    {
        return new X509CertificateHolder[0];
    }

    X509CertificateHolder[] res = new X509CertificateHolder[certs.length];
    for (int i = 0; i != certs.length; i++)
    {
        res[i] = new X509CertificateHolder(certs[i].getX509v3PKCert());
    }

    return res;
}

public X509CaInfo(X509CaEntry caEntry, CertificateStore certStore) throws OperationException {
    this.caEntry = ParamUtil.requireNonNull("caEntry", caEntry);
    this.certStore = ParamUtil.requireNonNull("certStore", certStore);

    X509Certificate cert = caEntry.certificate();
    this.notBefore = cert.getNotBefore();
    this.notAfter = cert.getNotAfter();
    this.serialNumber = cert.getSerialNumber();
    this.selfSigned = cert.getIssuerX500Principal().equals(cert.getSubjectX500Principal());

    Certificate bcCert;
    try {
        byte[] encodedCert = cert.getEncoded();
        bcCert = Certificate.getInstance(encodedCert);
    } catch (CertificateEncodingException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE,
                "could not encode the CA certificate");
    }
    this.certInCmpFormat = new CMPCertificate(bcCert);

    this.publicCaInfo = new PublicCaInfo(cert,
            caEntry.cacertUris(),
            caEntry.ocspUris(),
            caEntry.crlUris(),
            caEntry.deltaCrlUris());

    this.noNewCertificateAfter =
            this.notAfter.getTime() - MS_PER_DAY * caEntry.expirationPeriod();

    this.randomSnGenerator = RandomSerialNumberGenerator.getInstance();
}

public CMPCertificate certInCmpFormat() {
    return certInCmpFormat;
}

/**
 * handle the PKI body with the choice {@code p10cr}<br/>
 * Since it is not possible to add attribute to the PKCS#10 request (CSR), the certificate
 * profile must be specified in the attribute regInfo-utf8Pairs (1.3.6.1.5.5.7.5.2.1) within
 * PKIHeader.generalInfo
 *
 */
private PKIBody processP10cr(PKIMessage request, CmpRequestorInfo requestor,
        ASN1OctetString tid, PKIHeader reqHeader, CertificationRequest p10cr,
        CmpControl cmpControl, String msgId, AuditEvent event) {
    // verify the POP first
    CertResponse certResp;
    ASN1Integer certReqId = new ASN1Integer(-1);

    boolean certGenerated = false;
    X509Ca ca = getCa();

    if (!securityFactory.verifyPopo(p10cr, getCmpControl().popoAlgoValidator())) {
        LOG.warn("could not validate POP for the pkcs#10 requst");
        certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "invalid POP");
    } else {
        CertificationRequestInfo certTemp = p10cr.getCertificationRequestInfo();
        Extensions extensions = CaUtil.getExtensions(certTemp);

        X500Name subject = certTemp.getSubject();
        SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();

        CmpUtf8Pairs keyvalues = CmpUtil.extract(reqHeader.getGeneralInfo());
        String certprofileName = null;
        Date notBefore = null;
        Date notAfter = null;

        if (keyvalues != null) {
            certprofileName = keyvalues.value(CmpUtf8Pairs.KEY_CERT_PROFILE);

            String str = keyvalues.value(CmpUtf8Pairs.KEY_NOT_BEFORE);
            if (str != null) {
                notBefore = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
            }

            str = keyvalues.value(CmpUtf8Pairs.KEY_NOT_AFTER);
            if (str != null) {
                notAfter = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
            }
        }

        if (certprofileName == null) {
            certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badCertTemplate,
                    "badCertTemplate", null);
        } else {
            certprofileName = certprofileName.toUpperCase();
            if (!requestor.isCertProfilePermitted(certprofileName)) {
                String msg = "certprofile " + certprofileName + " is not allowed";
                certResp = buildErrorCertResponse(certReqId,
                        PKIFailureInfo.notAuthorized, msg);
            } else {
                CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo,
                        notBefore, notAfter, extensions, certprofileName);

                certResp = generateCertificates(Arrays.asList(certTemplateData),
                        Arrays.asList(certReqId), requestor, tid, false, request,
                        cmpControl, msgId, event).get(0);
                certGenerated = true;
            }
        }
    }

    CMPCertificate[] caPubs = null;
    if (certGenerated && cmpControl.sendCaCert()) {
        caPubs = new CMPCertificate[]{ca.caInfo().certInCmpFormat()};
    }
    CertRepMessage repMessage = new CertRepMessage(caPubs, new CertResponse[]{certResp});

    return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage);
}