Hi Dave,
I read the guide you sent me yesterday, but unfortunately my program
doesn't work.
Please can you take a look to my code? Thank you in advance.
Sergio
public class ScepClient implements CallbackHandler {
private java.security.PrivateKey key = null;
private java.security.cert.X509Certificate cert = null;
private URL server = null;
private Client client = null;
private String password = "secret";
private KeyPair keyPair = null;
public ScepClient() throws MalformedURLException,
GeneralSecurityException, IOException, Exception {
//Server Connection
server = new URL("
http://localhost/cgi-bin/pki/scep/
pkiclient.exe");
KeyPair keyPair =
KeyPairGenerator.getInstance("RSA").generateKeyPair();
X509Certificate cert = X509Util.createEphemeralCertificate(new
X500Principal("CN=sergio"), keyPair);
//Start a new SCEP Client
String profile = "PublicCA";
client = new Client(server, cert, this.keyPair.getPrivate(),
this, profile);
Capabilities caps = client.getCaCapabilities();
String digest = caps.getStrongestMessageDigest();
System.out.println("digest " + digest);
CertificationRequest csr =
this.getCsr(cert.getIssuerX500Principal(), this.keyPair.getPublic(),
this.keyPair.getPrivate(), this.password.toCharArray());
Transaction trs = client.enrol(csr);
System.out.println(PKCSObjectIdentifiers.data);
Transaction.State state = trs.send();
switch (state) {
case CERT_ISSUED:
CertStore store = trs.getCertStore();
try {
System.out.println(store.getCertificates(null));
} catch (CertStoreException ex) {
Logger.getLogger(ScepClient.class.getName()).log(Level.SEVERE, null,
ex);
}
break;
case CERT_REQ_PENDING:
System.out.println("Stato REQ_PENDING");
break;
case CERT_NON_EXISTANT:
System.out.println("Stato NON_EXISTANT");
break;
}
}
private char[] readPassword(InputStream in) throws IOException {
return "secret".toCharArray();
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof TextOutputCallback) {
// display the message according to the specified type
TextOutputCallback toc = (TextOutputCallback)
callbacks[i];
switch (toc.getMessageType()) {
case TextOutputCallback.INFORMATION:
System.out.println(toc.getMessage());
break;
case TextOutputCallback.ERROR:
System.out.println("ERROR: " +
toc.getMessage());
break;
case TextOutputCallback.WARNING:
System.out.println("WARNING: " +
toc.getMessage());
break;
default:
throw new IOException("Unsupported message
type: "
+ toc.getMessageType());
}
} else if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
System.err.print(nc.getPrompt());
System.err.flush();
nc.setName((new BufferedReader(new
InputStreamReader(System.in))).readLine());
} else if (callbacks[i] instanceof PasswordCallback) {
// prompt the user for sensitive information
PasswordCallback pc = (PasswordCallback) callbacks[i];
System.err.print(pc.getPrompt());
System.err.flush();
pc.setPassword(readPassword(System.in));
} else if (callbacks[i] instanceof
CertificateVerificationCallback) {
// Cast the callback
CertificateVerificationCallback callback =
(CertificateVerificationCallback) callbacks[i];
// Check the certificate
callback.setVerified(true);
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback " + callbacks[i].toString());
}
}
}
private CertificationRequest getCsr(X500Principal subject,
PublicKey pubKey, PrivateKey priKey, char[] password) throws
GeneralSecurityException, IOException {
AlgorithmIdentifier sha1withRsa = new
AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption);
ASN1Set cpSet = new DERSet(new DERPrintableString(new
String(password)));
Attribute challengePassword = new
Attribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, cpSet);
ASN1Set attrs = new DERSet(challengePassword);
SubjectPublicKeyInfo pkInfo = new
SubjectPublicKeyInfo((ASN1Sequence)
ASN1Object.fromByteArray(pubKey.getEncoded()));
X500Name name = new X500Name(subject.toString());
CertificationRequestInfo requestInfo = new
CertificationRequestInfo(name, pkInfo, attrs);
Signature signer = Signature.getInstance("SHA1withRSA");
signer.initSign(priKey);
signer.update(requestInfo.getEncoded());
byte[] signatureBytes = signer.sign();
DERBitString signature = new DERBitString(signatureBytes);
return new CertificationRequest(requestInfo, sha1withRsa,
signature);