public static void parsePkcs12Option(IdentityOpts identityOpts, String residual) { identityOpts.setCertFile(residual); identityOpts.setKeyFile(residual); }
public PkinitPreauth() { super(new PkinitPreauthMeta()); }
public static void loadCerts(IdentityOpts identityOpts, PrincipalName principal) { switch (identityOpts.getIdType()) { case FILE: loadCertsFromFile(identityOpts, principal); break; case DIR: loadCertsFromDir(identityOpts, principal); break; case PKCS11: loadCertsAsPkcs11(identityOpts, principal); break; case PKCS12: loadCertsAsPkcs12(identityOpts, principal); break; default: break; } }
public void updateRequestOpts(PluginOpts pluginOpts) { requestOpts.setRequireEku(pluginOpts.isRequireEku()); requestOpts.setAcceptSecondaryEku(pluginOpts.isAcceptSecondaryEku()); requestOpts.setAllowUpn(pluginOpts.isAllowUpn()); requestOpts.setUsingRsa(pluginOpts.isUsingRsa()); requestOpts.setRequireCrlChecking(pluginOpts.isRequireCrlChecking()); }
/** * Change the CMS message type to oid * @param cmsMsgType The CMS message type * @return oid */ public static String pkinitType2OID(CmsMessageType cmsMsgType) { switch (cmsMsgType) { case UNKNOWN: return null; case CMS_SIGN_CLIENT: return PkinitPlgCryptoContext.getIdPkinitAuthDataOID(); case CMS_SIGN_SERVER: return PkinitPlgCryptoContext.getIdPkinitDHKeyDataOID(); case CMS_ENVEL_SERVER: return PkinitPlgCryptoContext.getIdPkinitRkeyDataOID(); default: return null; } }
private byte[] signAuthPack(AuthPack authPack) throws KrbException { String oid = PkinitPlgCryptoContext.getIdPkinitAuthDataOID(); byte[] signedDataBytes = PkinitCrypto.eContentInfoCreate( KrbCodec.encode(authPack), oid); return signedDataBytes; }
/** * Check DH wellknown * @param cryptoctx The PkinitPlgCryptoContext * @param dhParameter The DhParameter * @param dhPrimeBits The dh prime bits * @return boolean * @throws KrbException e */ public static boolean checkDHWellknown(PkinitPlgCryptoContext cryptoctx, DhParameter dhParameter, int dhPrimeBits) throws KrbException { boolean valid = false; switch (dhPrimeBits) { case 1024: /* Oakley MODP group 2 */ case 2048: /* Oakley MODP group 14 */ case 4096: /* Oakley MODP group 16 */ valid = pkinitCheckDhParams(cryptoctx.createDHParameterSpec(dhPrimeBits), dhParameter); break; default: break; } return valid; }
public static List<PrincipalName> cryptoRetrieveCertSans(List<Certificate> certificates) throws KrbException { if (certificates.size() == 0) { LOG.info("no certificate!"); return null; } return cryptoRetrieveX509Sans(certificates); }
public static void loadCerts(IdentityOpts identityOpts, PrincipalName principal) { switch (identityOpts.getIdType()) { case FILE: loadCertsFromFile(identityOpts, principal); break; case DIR: loadCertsFromDir(identityOpts, principal); break; case PKCS11: loadCertsAsPkcs11(identityOpts, principal); break; case PKCS12: loadCertsAsPkcs12(identityOpts, principal); break; default: break; } }
public void updateRequestOpts(PluginOpts pluginOpts) { requestOpts.setRequireEku(pluginOpts.isRequireEku()); requestOpts.setAcceptSecondaryEku(pluginOpts.isAcceptSecondaryEku()); requestOpts.setAllowUpn(pluginOpts.isAllowUpn()); requestOpts.setUsingRsa(pluginOpts.isUsingRsa()); requestOpts.setRequireCrlChecking(pluginOpts.isRequireCrlChecking()); }
/** * Change the CMS message type to oid * @param cmsMsgType The CMS message type * @return oid */ public static String pkinitType2OID(CmsMessageType cmsMsgType) { switch (cmsMsgType) { case UNKNOWN: return null; case CMS_SIGN_CLIENT: return PkinitPlgCryptoContext.getIdPkinitAuthDataOID(); case CMS_SIGN_SERVER: return PkinitPlgCryptoContext.getIdPkinitDHKeyDataOID(); case CMS_ENVEL_SERVER: return PkinitPlgCryptoContext.getIdPkinitRkeyDataOID(); default: return null; } }
private byte[] signAuthPack(AuthPack authPack) throws KrbException { String oid = PkinitPlgCryptoContext.getIdPkinitAuthDataOID(); byte[] signedDataBytes = PkinitCrypto.eContentInfoCreate( KrbCodec.encode(authPack), oid); return signedDataBytes; }
public static void parsePkcs12Option(IdentityOpts identityOpts, String residual) { identityOpts.setCertFile(residual); identityOpts.setKeyFile(residual); }
public PkinitPreauth() { super(new PkinitPreauthMeta()); }
/** * Check DH wellknown * @param cryptoctx The PkinitPlgCryptoContext * @param dhParameter The DhParameter * @param dhPrimeBits The dh prime bits * @return boolean * @throws KrbException e */ public static boolean checkDHWellknown(PkinitPlgCryptoContext cryptoctx, DhParameter dhParameter, int dhPrimeBits) throws KrbException { boolean valid = false; switch (dhPrimeBits) { case 1024: /* Oakley MODP group 2 */ case 2048: /* Oakley MODP group 14 */ case 4096: /* Oakley MODP group 16 */ valid = pkinitCheckDhParams(cryptoctx.createDHParameterSpec(dhPrimeBits), dhParameter); break; default: break; } return valid; }
public static List<PrincipalName> cryptoRetrieveCertSans(List<Certificate> certificates) throws KrbException { if (certificates.size() == 0) { LOG.info("no certificate!"); return null; } return cryptoRetrieveX509Sans(certificates); }
public static void parseFileOption(IdentityOpts identityOpts, String residual) { String[] parts = residual.split(","); String certName = parts[0]; String keyName = null; if (parts.length > 1) { keyName = parts[1]; } identityOpts.setCertFile(certName); identityOpts.setKeyFile(keyName); }
public PkinitPreauth() { super(new PkinitPreauthMeta()); pkinitContexts = new HashMap<>(1); }
public static void parseFileOption(IdentityOpts identityOpts, String residual) { String[] parts = residual.split(","); String certName = parts[0]; String keyName = null; if (parts.length > 1) { keyName = parts[1]; } identityOpts.setCertFile(certName); identityOpts.setKeyFile(keyName); }
public PkinitPreauth() { super(new PkinitPreauthMeta()); pkinitContexts = new HashMap<>(1); }