Package org.bouncycastle.cert.cmp

Class ProtectedPKIMessageBuilder

  • public class ProtectedPKIMessageBuilder
extends java.lang.Object
    Builder for creating a protected PKI message.

    • Constructor Detail

      • ProtectedPKIMessageBuilder

        public ProtectedPKIMessageBuilder​(org.bouncycastle.asn1.x509.GeneralName sender,
                                  org.bouncycastle.asn1.x509.GeneralName recipient)
        Commence a message with the header version CMP_2000.
        Parameters:
        sender - message sender.
        recipient - intended recipient.

      • ProtectedPKIMessageBuilder

        public ProtectedPKIMessageBuilder​(int pvno,
                                  org.bouncycastle.asn1.x509.GeneralName sender,
                                  org.bouncycastle.asn1.x509.GeneralName recipient)
        Commence a message with a specific header type.
        Parameters:
        pvno - the version CMP_1999 or CMP_2000.
        sender - message sender.
        recipient - intended recipient.

    • Method Detail

      • setTransactionID

        public ProtectedPKIMessageBuilder setTransactionID​(byte[] tid)
        Set the identifier for the transaction the new message will belong to.
        Parameters:
        tid - the transaction ID.
        Returns:
        the current builder instance.

      • setFreeText

        public ProtectedPKIMessageBuilder setFreeText​(org.bouncycastle.asn1.cmp.PKIFreeText freeText)
        Include a human-readable message in the new message.
        Parameters:
        freeText - the contents of the human readable message,
        Returns:
        the current builder instance.

      • addGeneralInfo

        public ProtectedPKIMessageBuilder addGeneralInfo​(org.bouncycastle.asn1.cmp.InfoTypeAndValue genInfo)
        Add a generalInfo data record to the header of the new message.
        Parameters:
        genInfo - the generalInfo data to be added.
        Returns:
        the current builder instance.

      • setMessageTime

        public ProtectedPKIMessageBuilder setMessageTime​(java.util.Date time)
        Set the creation time for the new message.
        Parameters:
        time - the message creation time.
        Returns:
        the current builder instance.

      • setRecipKID

        public ProtectedPKIMessageBuilder setRecipKID​(byte[] kid)
        Set the recipient key identifier for the key to be used to verify the new message.
        Parameters:
        kid - a key identifier.
        Returns:
        the current builder instance.

      • setRecipNonce

        public ProtectedPKIMessageBuilder setRecipNonce​(byte[] nonce)
        Set the recipient nonce field on the new message.
        Parameters:
        nonce - a NONCE, typically copied from the sender nonce of the previous message.
        Returns:
        the current builder instance.

      • setSenderKID

        public ProtectedPKIMessageBuilder setSenderKID​(byte[] kid)
        Set the sender key identifier for the key used to protect the new message.
        Parameters:
        kid - a key identifier.
        Returns:
        the current builder instance.

      • setSenderNonce

        public ProtectedPKIMessageBuilder setSenderNonce​(byte[] nonce)
        Set the sender nonce field on the new message.
        Parameters:
        nonce - a NONCE, typically 128 bits of random data.
        Returns:
        the current builder instance.

      • setBody

        public ProtectedPKIMessageBuilder setBody​(org.bouncycastle.asn1.cmp.PKIBody body)
        Set the body for the new message
        Parameters:
        body - the message body.
        Returns:
        the current builder instance.

      • addCMPCertificate

        public ProtectedPKIMessageBuilder addCMPCertificate​(X509CertificateHolder extraCert)
        Add an "extra certificate" to the message.
        Parameters:
        extraCert - the extra certificate to add.
        Returns:
        the current builder instance.

      • build

        public ProtectedPKIMessage build​(org.bouncycastle.operator.MacCalculator macCalculator)
                          throws CMPException
        Build a protected PKI message which has MAC based integrity protection.
        Parameters:
        macCalculator - MAC calculator.
        Returns:
        the resulting protected PKI message.
        Throws:
        CMPException - if the protection MAC cannot be calculated.

      • build

        public ProtectedPKIMessage build​(org.bouncycastle.operator.ContentSigner signer)
                          throws CMPException
        Build a protected PKI message which has MAC based integrity protection.
        Parameters:
        signer - the ContentSigner to be used to calculate the signature.
        Returns:
        the resulting protected PKI message.
        Throws:
        CMPException - if the protection signature cannot be calculated.