entry.setCmpControl(new CmpControl(cmpcontrol)); } catch (InvalidConfException ex) { throw new CaMgmtException("invalid CMP_CONTROL: " + cmpcontrol);
ps.setString(idx++, (cmpControl == null ? null : cmpControl.getConf()));
public CmpControl(String conf) throws InvalidConfException { ConfPairs pairs = new ConfPairs(Args.notNull(conf, "conf")); this.confirmCert = getBoolean(pairs, KEY_CONFIRM_CERT, false); this.sendCaCert = getBoolean(pairs, KEY_SEND_CA, false); this.sendResponderCert = getBoolean(pairs, KEY_SEND_RESPONDER, true); this.groupEnroll = getBoolean(pairs, KEY_GROUP_ENROLL, false); this.messageTimeRequired = getBoolean(pairs, KEY_MESSAGETIME_REQUIRED, true); this.messageTimeBias = getInt(pairs, KEY_MESSAGETIME_BIAS, DFLT_MESSAGE_TIME_BIAS); this.rrAkiRequired = getBoolean(pairs, KEY_RR_AKI_REQUIRED, false); this.confirmWaitTime = getInt(pairs, KEY_CONFIRM_WAITTIME, DFLT_CONFIRM_WAIT_TIME); if (this.confirmWaitTime < 0) { throw new InvalidConfException("invalid " + KEY_CONFIRM_WAITTIME); throw new InvalidConfException(key + " is not set"); Set<String> algos = splitAlgos(str); try { this.sigAlgoValidator = new CollectionAlgorithmValidator(algos); pairs.putPair(key, algosAsString(algos)); algos = splitAlgos(str); try { this.popoAlgoValidator = new CollectionAlgorithmValidator(algos); pairs.putPair(key, algosAsString(algos)); initPbm(pairs, listOwfAlgos, listMacAlgos, pbmIterationCount);
pairs.putPair(KEY_PROTECTION_SIGALGO, algosAsString(this.sigAlgoValidator.getAlgoNames())); pairs.putPair(KEY_POPO_SIGALGO, algosAsString(this.popoAlgoValidator.getAlgoNames())); initPbm(pairs, pbmOwfs, pbmMacs, pbmIterationCount); pairs.putPair(KEY_PROTECTION_PBM_OWF, algosAsString(pbmOwfs)); pairs.putPair(KEY_PROTECTION_PBM_MAC, algosAsString(pbmMacs));
PKIBody reqBody, CmpRequestorInfo requestor, ASN1OctetString tid, String msgId, AuditEvent event) throws InsuffientPermissionException { long confirmWaitTime = cmpControl.getConfirmWaitTime(); if (confirmWaitTime < 0) { confirmWaitTime *= -1; if (!cmpControl.isConfirmCert() && CmpUtil.isImplictConfirm(reqHeader)) { pendingCertPool.removeCertificates(tid.getOctets()); tv = CmpUtil.getImplictConfirmGeneralInfo();
X509Ca ca = getCa(); if (!securityFactory.verifyPopo(p10cr, getCmpControl().getPopoAlgoValidator())) { LOG.warn("could not validate POP for the pkcs#10 requst"); certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "invalid POP"); if (certGenerated && cmpControl.isSendCaCert()) { caPubs = new CMPCertificate[]{ca.getCaInfo().getCertInCmpFormat()};
private CertResponse postProcessCertInfo(ASN1Integer certReqId, CmpRequestorInfo requestor, CertificateInfo certInfo, ASN1OctetString tid, CmpControl cmpControl) { if (cmpControl.isConfirmCert()) { pendingCertPool.addCertificate(tid.getOctets(), certReqId.getPositiveValue(), certInfo, System.currentTimeMillis() + cmpControl.getConfirmWaitTimeMs());
statusText = "I am not the intended recipient"; } else if (messageTime == null) { if (cmpControl.isMessageTimeRequired()) { failureCode = PKIFailureInfo.missingTimeStamp; statusText = "missing time-stamp"; long messageTimeBias = cmpControl.getMessageTimeBias(); if (messageTimeBias < 0) { messageTimeBias *= -1;
public void checkCsr(CertificationRequest csr) throws OperationException { Args.notNull(csr, "csr"); if (!caManager.getSecurityFactory().verifyPopo(csr, getCmpControl().getPopoAlgoValidator())) { LOG.warn("could not validate POP for the pkcs#10 requst"); throw new OperationException(BAD_POP); } }
pairs.putPair(KEY_PROTECTION_PBM_OWF, algosAsString(canonicalizedAlgos)); pairs.putPair(KEY_PROTECTION_PBM_MAC, algosAsString(canonicalizedAlgos));
POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject()); AlgorithmIdentifier popoAlgId = popoSign.getAlgorithmIdentifier(); AlgorithmValidator algoValidator = getCmpControl().getPopoAlgoValidator(); if (!algoValidator.isAlgorithmPermitted(popoAlgId)) { String algoName;
entry.setCmpControl(new CmpControl(cmpControl));
new HashMap<>(new ConfPairs(entry.getCmpControl().getConf()).asMap()));
if (!securityFactory.verifyPopo(csr, cmpControl.getPopoAlgoValidator())) { throw new CaMgmtException("could not validate POP for the CSR");
rv.setCmpControl(new CmpControl(cmpControl));
cmpControl = caEntry.getCmpControl().getConf();
caEntry.setCmpControl(new CmpControl( new ConfPairs(ci.getCmpControl()).getEncoded()));