Examples of POPOSigningKey

com.novosec.pkix.asn1.crmf.POPOSigningKey

ASN.1 structure DER En/DeCoder.

 POPOSigningKey ::= SEQUENCE { poposkInput           [0] POPOSigningKeyInput OPTIONAL, algorithmIdentifier   AlgorithmIdentifier, signature             BIT STRING }                      -- The signature (using "algorithmIdentifier") is on the DER-encoded value of poposkInput.  NOTE: If the CertReqMsg -- certReq CertTemplate contains the subject and publicKey values, then poposkInput MUST be omitted and the signature MUST be -- computed on the DER-encoded value of CertReqMsg certReq.  If the CertReqMsg certReq CertTemplate does not contain the public -- key and subject values, then poposkInput MUST be present and MUST be signed.  This strategy ensures that the public key is -- not present in both the poposkInput and CertReqMsg certReq CertTemplate fields.

Examples of com.novosec.pkix.asn1.crmf.POPOSigningKey

            sig.initSign(keys.getPrivate());
            sig.update(popoProtectionBytes);


            DERBitString bs = new DERBitString(sig.sign());


            POPOSigningKey myPOPOSigningKey = new POPOSigningKey(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption), bs);
            // myPOPOSigningKey.setPoposkInput( myPOPOSigningKeyInput );
            myProofOfPossession = new ProofOfPossession(myPOPOSigningKey, 1);
        }


        myCertReqMsg.setPop(myProofOfPossession);

View Full Code Here

Examples of com.novosec.pkix.asn1.crmf.POPOSigningKey

                sig.initSign(this.keyPair.getPrivate());
                sig.update( popoProtectionBytes );


                final DERBitString bs = new DERBitString(sig.sign());


                final POPOSigningKey myPOPOSigningKey =
                    new POPOSigningKey(
                            new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption),
                            bs);
                //myPOPOSigningKey.setPoposkInput( myPOPOSigningKeyInput );
                myProofOfPossession = new ProofOfPossession(myPOPOSigningKey, 1);           
            }

View Full Code Here

Examples of com.novosec.pkix.asn1.crmf.POPOSigningKey

    }
    if ( allowRaVerifyPopo && (pop.getRaVerified() != null)) {
      ret = true;
    } else if (pop.getSignature() != null) {
      try {
        final POPOSigningKey sk = pop.getSignature();
        final POPOSigningKeyInput pski = sk.getPoposkInput();
        Object protObject = pski;
        // Use of POPOSigningKeyInput or not, as described in RFC4211, section 4.1.
        if (pski == null) {
          if (log.isDebugEnabled()) {
            log.debug("Using CertRequest as POPO input.");
          }
          protObject = getReq().getCertReq();
        } else {
          // Assume POPOSigningKeyInput with the public key and name, MUST be the same as in the request according to RFC4211
          if (log.isDebugEnabled()) {
            log.debug("Using POPOSigningKeyInput as POPO input.");
          }
          final CertRequest req = getReq().getCertReq();
          // If subject is present in cert template it must be the same as in POPOSigningKeyInput
          final X509Name subject = req.getCertTemplate().getSubject();
          if (subject != null && !subject.toString().equals(pski.getSender().getName().toString())) {
            log.info("Subject '"+subject.toString()+"̈́', is not equal to '"+pski.getSender().toString()+"'.");
            protObject = null;  // pski is not a valid protection object
          }
          // If public key is present in cert template it must be the same as in POPOSigningKeyInput
          final SubjectPublicKeyInfo pk = req.getCertTemplate().getPublicKey();
          if (pk != null && !Arrays.areEqual(pk.getEncoded(), pski.getPublicKey().getEncoded())) {
            log.info("Subject key in cert template, is not equal to subject key in POPOSigningKeyInput.");
            protObject = null;  // pski is not a valid protection object
          }
        }
        // If a protectObject is present we extract the bytes and verify it
        if (protObject != null) {
          final ByteArrayOutputStream bao = new ByteArrayOutputStream();
          new DEROutputStream(bao).writeObject(protObject);
          final byte[] protBytes = bao.toByteArray();
          final AlgorithmIdentifier algId = sk.getAlgorithmIdentifier();
          if (log.isDebugEnabled()) {
            log.debug("POP protection bytes length: "+protBytes != null ? protBytes.length : "null");
            log.debug("POP algorithm identifier is: "+algId.getObjectId().getId());
          }
          final Signature sig = Signature.getInstance(algId.getObjectId().getId(), "BC");
          sig.initVerify(getRequestPublicKey());
          sig.update(protBytes);
          final DERBitString bs = sk.getSignature();
          ret = sig.verify(bs.getBytes());          
        }
      } catch (IOException e) {
        log.error("Error encoding CertReqMsg: ", e);
      } catch (SignatureException e) {

View Full Code Here

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.