bcgit
diff --git a/‎pkix/src/main/java/org/bouncycastle/cert/cmp/CertificateConfirmationContent.java‎
Lines changed: 29 additions & 0 deletions b/‎pkix/src/main/java/org/bouncycastle/cert/cmp/CertificateConfirmationContent.java‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎pkix/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessage.java‎
Lines changed: 19 additions & 2 deletions b/‎pkix/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessage.java‎
Lines changed: 19 additions & 2 deletions
diff --git a/‎pkix/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessageBuilder.java‎
Lines changed: 39 additions & 0 deletions b/‎pkix/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessageBuilder.java‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎pkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRepMessage.java‎
Lines changed: 109 additions & 0 deletions b/‎pkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRepMessage.java‎
Lines changed: 109 additions & 0 deletions
diff --git a/‎pkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRepMessageBuilder.java‎
Lines changed: 57 additions & 0 deletions b/‎pkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRepMessageBuilder.java‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎pkix/src/main/java/org/bouncycastle/cert/crmf/CertificateReqMessages.java‎
Lines changed: 56 additions & 0 deletions b/‎pkix/src/main/java/org/bouncycastle/cert/crmf/CertificateReqMessages.java‎
Lines changed: 56 additions & 0 deletions
@@ -2,6 +2,9 @@
 
 import org.bouncycastle.asn1.cmp.CertConfirmContent;
 import org.bouncycastle.asn1.cmp.CertStatus;
+import org.bouncycastle.asn1.cmp.PKIBody;
+import org.bouncycastle.asn1.crmf.CertReqMessages;
+import org.bouncycastle.cert.crmf.CertificateReqMessages;
 import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
 import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
 
@@ -21,6 +24,32 @@ public CertificateConfirmationContent(CertConfirmContent content, DigestAlgorith
         this.content = content;
     }
 
+    public static CertificateConfirmationContent fromPKIBody(PKIBody pkiBody)
+    {
+        return fromPKIBody(pkiBody, new DefaultDigestAlgorithmIdentifierFinder());
+    }
+
+    public static CertificateConfirmationContent fromPKIBody(PKIBody pkiBody, DigestAlgorithmIdentifierFinder digestAlgFinder)
+    {
+        if (!isCertificateConfirmationContent(pkiBody.getType()))
+        {
+            throw new IllegalArgumentException("content of PKIBody wrong type: " + pkiBody.getType());
+        }
+
+        return new CertificateConfirmationContent(CertConfirmContent.getInstance(pkiBody.getContent()), digestAlgFinder);
+    }
+
+    public static boolean isCertificateConfirmationContent(int bodyType)
+    {
+        switch (bodyType)
+        {
+        case PKIBody.TYPE_CERT_CONFIRM:
+            return true;
+        default:
+            return false;
+        }
+    }
+
     public CertConfirmContent toASN1Structure()
     {
         return content;
 
@@ -5,18 +5,24 @@
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.cmp.CMPCertificate;
 import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
 import org.bouncycastle.asn1.cmp.PKIBody;
 import org.bouncycastle.asn1.cmp.PKIHeader;
 import org.bouncycastle.asn1.cmp.PKIMessage;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.operator.ContentVerifier;
 import org.bouncycastle.operator.ContentVerifierProvider;
 import org.bouncycastle.operator.MacCalculator;
 import org.bouncycastle.operator.PBEMacCalculatorProvider;
 import org.bouncycastle.util.Arrays;
+import sun.security.x509.AlgorithmId;
 
 /**
  * Wrapper for a PKIMessage with protection attached to it.
@@ -81,14 +87,25 @@ public PKIMessage toASN1Structure()
     }
 
     /**
-     * Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[])
+     * Determine whether the message is protected by a the CMP password based MAC. Use verify(PBEMacCalculatorProvider, char[])
      * to verify the message if this method returns true.
      *
      * @return true if protection MAC PBE based, false otherwise.
      */
     public boolean hasPasswordBasedMacProtection()
     {
-        return pkiMessage.getHeader().getProtectionAlg().getAlgorithm().equals(CMPObjectIdentifiers.passwordBasedMac);
+        ASN1ObjectIdentifier procAlg = pkiMessage.getHeader().getProtectionAlg().getAlgorithm();
+        return procAlg.equals(CMPObjectIdentifiers.passwordBasedMac);
+    }
+
+    /**
+     * Return the message's protection algorithm.
+     *
+     * @return the algorithm ID for the message's protection algorithm.
+     */
+    public AlgorithmIdentifier getProtectionAlgorithm()
+    {
+        return pkiMessage.getHeader().getProtectionAlg();
     }
 
     /**
 
@@ -21,6 +21,9 @@
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.crmf.CertificateRepMessage;
+import org.bouncycastle.cert.crmf.CertificateReqMessages;
+import org.bouncycastle.cert.crmf.CertificateResponse;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.MacCalculator;
 
@@ -174,6 +177,42 @@ public ProtectedPKIMessageBuilder setBody(PKIBody body)
         return this;
     }
 
+    public ProtectedPKIMessageBuilder setBody(int bodyType, CertificateReqMessages certificateReqMessages)
+    {
+        if (!CertificateReqMessages.isCertificateRequestMessages(bodyType))
+        {
+            throw new IllegalArgumentException("body type " + bodyType + " does not match CMP type CertReqMessages");
+        }
+
+        this.body = new PKIBody(bodyType, certificateReqMessages.toASN1Structure());
+
+        return this;
+    }
+
+    public ProtectedPKIMessageBuilder setBody(int bodyType, CertificateRepMessage certificateRepMessage)
+    {
+        if (!CertificateRepMessage.isCertificateRepMessage(bodyType))
+        {
+            throw new IllegalArgumentException("body type " + bodyType + " does not match CMP type CertReqMessages");
+        }
+
+        this.body = new PKIBody(bodyType, certificateRepMessage.toASN1Structure());
+
+        return this;
+    }
+
+    public ProtectedPKIMessageBuilder setBody(int bodyType, CertificateConfirmationContent certificateConfirmationContent)
+    {
+        if (!CertificateConfirmationContent.isCertificateConfirmationContent(bodyType))
+        {
+            throw new IllegalArgumentException("body type " + bodyType + " does not match CMP type CertConfirmContent");
+        }
+
+        this.body = new PKIBody(bodyType, certificateConfirmationContent.toASN1Structure());
+
+        return this;
+    }
+
     /**
      * Add an "extra certificate" to the message.
      *
 
@@ -0,0 +1,109 @@
+package org.bouncycastle.cert.crmf;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.cmp.CMPCertificate;
+import org.bouncycastle.asn1.cmp.CertRepMessage;
+import org.bouncycastle.asn1.cmp.CertResponse;
+import org.bouncycastle.asn1.cmp.PKIBody;
+import org.bouncycastle.cert.X509CertificateHolder;
+
+public class CertificateRepMessage
+{
+    private final CertResponse[] resps;
+    private final CMPCertificate[] caCerts;
+
+    public CertificateRepMessage(CertRepMessage repMessage)
+    {
+        resps = repMessage.getResponse();
+        caCerts = repMessage.getCaPubs();
+    }
+
+    public static CertificateRepMessage fromPKIBody(PKIBody pkiBody)
+    {
+        if (!isCertificateRepMessage(pkiBody.getType()))
+        {
+            throw new IllegalArgumentException("content of PKIBody wrong type: " + pkiBody.getType());
+        }
+
+        return new CertificateRepMessage(CertRepMessage.getInstance(pkiBody.getContent()));
+    }
+
+    public static boolean isCertificateRepMessage(int bodyType)
+    {
+        switch (bodyType)
+        {
+        case PKIBody.TYPE_INIT_REP:
+        case PKIBody.TYPE_CERT_REP:
+        case PKIBody.TYPE_KEY_UPDATE_REP:
+        case PKIBody.TYPE_CROSS_CERT_REP:
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    public CertificateResponse[] getResponses()
+    {
+        CertificateResponse[] responses = new CertificateResponse[resps.length];
+        for (int i = 0; i != responses.length; i++)
+        {
+            responses[i] = new CertificateResponse(resps[i]);
+        }
+
+        return responses;
+    }
+
+    public X509CertificateHolder[] getX509Certificates()
+    {
+        List<X509CertificateHolder> certs = new ArrayList<X509CertificateHolder>();
+
+        for (int i = 0; i != caCerts.length; i++)
+        {
+            if (caCerts[i].isX509v3PKCert())
+            {
+                certs.add(new X509CertificateHolder(caCerts[i].getX509v3PKCert()));
+            }
+        }
+
+        return certs.toArray(new X509CertificateHolder[0]);
+    }
+
+    /**
+     * Return true if the message only contains X.509 public key certificates.
+     *
+     * @return true if only X.509 PK, false otherwise.
+     */
+    public boolean isOnlyX509PKCertificates()
+    {
+        boolean isOnlyX509 = true;
+
+        for (int i = 0; i != caCerts.length; i++)
+        {
+            isOnlyX509 &= caCerts[i].isX509v3PKCert();
+        }
+
+        return isOnlyX509;
+    }
+
+    /**
+     * Return the actual CMP certificates - useful if the array also contains non-X509 PK certificates.
+     *
+     * @return CMPCertificate array
+     */
+    public CMPCertificate[] getCMPCertificates()
+    {
+        CMPCertificate[] certs = new CMPCertificate[caCerts.length];
+
+        System.arraycopy(caCerts, 0, certs, 0, certs.length);
+
+        return certs;
+    }
+
+    public ASN1Encodable toASN1Structure()
+    {
+        return new CertRepMessage(caCerts, resps);
+    }
+}
@@ -0,0 +1,57 @@
+package org.bouncycastle.cert.crmf;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.bouncycastle.asn1.cmp.CMPCertificate;
+import org.bouncycastle.asn1.cmp.CertRepMessage;
+import org.bouncycastle.asn1.cmp.CertResponse;
+import org.bouncycastle.cert.X509CertificateHolder;
+
+/**
+ * Builder for a CertRepMessage.
+ */
+public class CertificateRepMessageBuilder
+{
+    private final List<CertResponse> responses = new ArrayList<CertResponse>();
+    private final CMPCertificate[] caCerts;
+
+    /**
+     * Base constructor which can accept 0 or more certificates representing the CA plus its chain.
+     *
+     * @param caCerts the CA public key and it's support certificates (optional)
+     */
+    public CertificateRepMessageBuilder(X509CertificateHolder... caCerts)
+    {
+        this.caCerts = new CMPCertificate[caCerts.length];
+
+        for (int i = 0; i != caCerts.length; i++)
+        {
+            this.caCerts[i] = new CMPCertificate(caCerts[i].toASN1Structure());
+        }
+    }
+    public CertificateRepMessageBuilder addCertificateResponse(CertificateResponse response)
+    {
+        responses.add(response.toASN1Structure());
+
+        return this;
+    }
+
+    public CertificateRepMessage build()
+    {
+        CertRepMessage repMessage;
+        if (caCerts.length != 0)
+        {
+            repMessage = new CertRepMessage(caCerts, (CertResponse[])responses.toArray(new CertResponse[0]));
+        }
+        else
+        {
+            // older versions of CertRepMessage need null if no caCerts.
+            repMessage = new CertRepMessage(null, (CertResponse[])responses.toArray(new CertResponse[0]));
+        }
+
+        responses.clear();
+
+        return new CertificateRepMessage(repMessage);
+    }
+}
@@ -0,0 +1,56 @@
+package org.bouncycastle.cert.crmf;
+
+import org.bouncycastle.asn1.cmp.PKIBody;
+import org.bouncycastle.asn1.crmf.CertReqMessages;
+import org.bouncycastle.asn1.crmf.CertReqMsg;
+
+public class CertificateReqMessages
+{
+    private final CertReqMsg[] reqs;
+
+    public CertificateReqMessages(CertReqMessages certReqMessages)
+    {
+        reqs = certReqMessages.toCertReqMsgArray();
+    }
+
+    public static CertificateReqMessages fromPKIBody(PKIBody pkiBody)
+    {
+        if (!isCertificateRequestMessages(pkiBody.getType()))
+        {
+            throw new IllegalArgumentException("content of PKIBody wrong type: " + pkiBody.getType());
+        }
+
+        return new CertificateReqMessages(CertReqMessages.getInstance(pkiBody.getContent()));
+    }
+
+    public static boolean isCertificateRequestMessages(int bodyType)
+    {
+        switch (bodyType)
+        {
+        case PKIBody.TYPE_INIT_REQ:
+        case PKIBody.TYPE_CERT_REQ:
+        case PKIBody.TYPE_KEY_UPDATE_REQ:
+        case PKIBody.TYPE_KEY_RECOVERY_REQ:
+        case PKIBody.TYPE_CROSS_CERT_REQ:
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    public CertificateRequestMessage[] getRequests()
+    {
+        CertificateRequestMessage[] requestMessages = new CertificateRequestMessage[reqs.length];
+        for (int i = 0; i != requestMessages.length; i++)
+        {
+            requestMessages[i] = new CertificateRequestMessage(reqs[i]);
+        }
+
+        return requestMessages;
+    }
+
+    public CertReqMessages toASN1Structure()
+    {
+        return new CertReqMessages(reqs);
+    }
+}