Currently the POC for CMPv2 client is working based on the inputs below.
CMPv2 adapter properties:
Section holds all properties which are planned to be supported by CMPv2 adapter. Some parameters are planned to be processed before sending to CMPv2 client.
| Parameter name | Required | Syntax | Description |
|---|---|---|---|
| IP | Yes | IPv4 | |
| Port | Yes | Port number (1-65535) | |
| Path | Yes | ||
| Issuer DN | Yes | String | |
| Authentication data | Yes | ||
| CA Name | No | ||
| CA Mode | No |
Input Table for CMPV2 client:
Input Values | Input Type | Description | Usage |
|---|---|---|---|
| csrMeta | object | csrMeta object from aaf, would contain values needed for certificate request. any needed values that should be stored in the csrMeta will be mentioned below. | stores all pertinent values for certificate request - these will be detailed below, and should be set before being passed to the cmpv2 client. |
| csrMeta:IssuerDn | org.bouncycastle.asn1.x500.X500Name | distinguished name of the CA we're receiving certificate from. Cannot be null | used in the creation of the cert on EJBCA server |
| csrMeta: SubjectDn | org.bouncycastle.asn1.x500.X500Name | Distinguished name of the Entity the certificate is being issued to/ Certificate Requesting Entity. Cannot be null. | used in the creation of the cert on EJBCA server |
| csrMeta: KeyPair | java.security.KeyPair | KeyPair associated with the entity the certificate is being issued to. Cannot be null | used to create proof of possession for request to EJBCA server |
| csrMeta: Password | object which contains iak/rv? | secret password value shared by EJBCA server. Cannot be null | used to authenticate ourselves to the EJBCA serve |
csrMeta: CA Details | object | Certification Authority Details ( Http address, Port number and Path (which includes alias if used)). Cannot be null | used to Post Http request to External CA. |
.cer file | java.security.cert.Certificate | .cer (CSR) generated by Cert-man using Key-pair. Cannot be null. | used to validate response (.crt)/ certificate send from EJBCA server |
| caName | string | the name which is a general description of the external CA | used for debugging purposes |
| caMode | enum | string noting whether the server we are contacting will be operating in either client or RA mode | used for debugging purposes |
Relevant values in Certificate Request message to EJBCA:
Value | Description | Information Included |
|---|---|---|
| PKIHeader | Contains information common to many PKI messages. |
|
| PKIBody | contains message-specific information ie. certificate request message |
|
| PKIProtection | contains bits that protect PKImessage (Specifically the iak/rv) |