use of org.bouncycastle.asn1.cmp.CMPCertificate in project xipki by xipki.
the class CaClientImpl method parseEnrollCertResult.
// method getHealthCheckResult
private EnrollCertResult parseEnrollCertResult(EnrollCertResultResp result) throws CaClientException {
Map<String, CertOrError> certOrErrors = new HashMap<>();
for (ResultEntry resultEntry : result.getResultEntries()) {
CertOrError certOrError;
if (resultEntry instanceof EnrollCertResultEntry) {
EnrollCertResultEntry entry = (EnrollCertResultEntry) resultEntry;
try {
java.security.cert.Certificate cert = getCertificate(entry.getCert());
certOrError = new CertOrError(cert);
} catch (CertificateException ex) {
throw new CaClientException(String.format("CertificateParsingException for request (id=%s): %s", entry.getId(), ex.getMessage()));
}
} else if (resultEntry instanceof ErrorResultEntry) {
certOrError = new CertOrError(((ErrorResultEntry) resultEntry).getStatusInfo());
} else {
certOrError = null;
}
certOrErrors.put(resultEntry.getId(), certOrError);
}
List<CMPCertificate> cmpCaPubs = result.getCaCertificates();
if (CollectionUtil.isEmpty(cmpCaPubs)) {
return new EnrollCertResult(null, certOrErrors);
}
List<java.security.cert.Certificate> caPubs = new ArrayList<>(cmpCaPubs.size());
for (CMPCertificate cmpCaPub : cmpCaPubs) {
try {
caPubs.add(getCertificate(cmpCaPub));
} catch (CertificateException ex) {
LogUtil.error(LOG, ex, "could not extract the caPub from CMPCertificate");
}
}
java.security.cert.Certificate caCert = null;
for (CertOrError certOrError : certOrErrors.values()) {
java.security.cert.Certificate cert = certOrError.getCertificate();
if (cert == null) {
continue;
}
for (java.security.cert.Certificate caPub : caPubs) {
if (verify(caPub, cert)) {
caCert = caPub;
break;
}
}
if (caCert != null) {
break;
}
}
if (caCert == null) {
return new EnrollCertResult(null, certOrErrors);
}
for (CertOrError certOrError : certOrErrors.values()) {
java.security.cert.Certificate cert = certOrError.getCertificate();
if (cert == null) {
continue;
}
if (!verify(caCert, cert)) {
LOG.warn("not all certificates are issued by CA embedded in caPubs, ignore the caPubs");
return new EnrollCertResult(null, certOrErrors);
}
}
return new EnrollCertResult(caCert, certOrErrors);
}
Aggregations