/*-
* ============LICENSE_START=======================================================
* Copyright (C) 2020 Nordix Foundation.
+ * Copyright (C) 2021 Nokia.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
package org.onap.oom.certservice.cmpv2client.impl;
-import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.createRandomBytes;
import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.createRandomInt;
import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.generatePkiHeader;
import java.util.Date;
import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
*/
class CreateCertRequest {
+ private PkiMessageProtection pkiMessageProtection;
private X500Name issuerDn;
private X500Name subjectDn;
private GeneralName[] sansArray;
private KeyPair subjectKeyPair;
private Date notBefore;
private Date notAfter;
- private String initAuthPassword;
private String senderKid;
- private static final int ITERATIONS = createRandomInt(1000);
- private static final byte[] SALT = createRandomBytes();
private final int certReqId = createRandomInt(Integer.MAX_VALUE);
private final AlgorithmIdentifier signingAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder()
.find("SHA256withRSA");
this.notAfter = notAfter;
}
- public void setInitAuthPassword(String initAuthPassword) {
- this.initAuthPassword = initAuthPassword;
+ public void setProtection(PkiMessageProtection pkiMessageProtection) {
+ this.pkiMessageProtection = pkiMessageProtection;
}
public void setSenderKid(String senderKid) {
generatePkiHeader(
subjectDn,
issuerDn,
- CmpMessageHelper.protectionAlgoIdentifier(ITERATIONS, SALT),
+ pkiMessageProtection.getAlgorithmIdentifier(),
senderKid);
final PKIBody pkiBody = new PKIBody(PKIBody.TYPE_INIT_REQ, certReqMessages);
- return CmpMessageHelper.protectPkiMessage(
- pkiHeader, pkiBody, initAuthPassword, ITERATIONS, SALT);
+ final DERBitString messageProtection = this.pkiMessageProtection.generatePkiMessageProtection(pkiHeader, pkiBody);
+ return new PKIMessage(pkiHeader, pkiBody, messageProtection);
}
}