Example 56 with PKIMessage
use of org.bouncycastle.asn1.cmp.PKIMessage in project xipki by xipki.
the class ScepResponder method servicePkiOperation.
public ContentInfo servicePkiOperation(CMSSignedData requestContent, AuditEvent event) throws MessageDecodingException, CaException {
ScepUtil.requireNonNull("requestContent", requestContent);
PrivateKey recipientKey = (raEmulator != null) ? raEmulator.getRaKey() : caEmulator.getCaKey();
Certificate recipientCert = (raEmulator != null) ? raEmulator.getRaCert() : caEmulator.getCaCert();
X509Certificate recipientX509Obj;
try {
recipientX509Obj = ScepUtil.toX509Cert(recipientCert);
} catch (CertificateException ex) {
throw new MessageDecodingException("could not parse recipientCert " + recipientCert.getTBSCertificate().getSubject());
}
EnvelopedDataDecryptorInstance decInstance = new EnvelopedDataDecryptorInstance(recipientX509Obj, recipientKey);
EnvelopedDataDecryptor recipient = new EnvelopedDataDecryptor(decInstance);
DecodedPkiMessage req = DecodedPkiMessage.decode(requestContent, recipient, null);
PkiMessage rep = servicePkiOperation0(req, event);
event.putEventData(ScepAuditConstants.NAME_pkiStatus, rep.getPkiStatus());
if (rep.getPkiStatus() == PkiStatus.FAILURE) {
event.setLevel(AuditLevel.ERROR);
}
if (rep.getFailInfo() != null) {
event.putEventData(ScepAuditConstants.NAME_failInfo, rep.getFailInfo());
}
String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(getSigningKey(), ScepHashAlgo.forNameOrOid(req.getDigestAlgorithm().getId()));
try {
X509Certificate jceSignerCert = ScepUtil.toX509Cert(getSigningCert());
X509Certificate[] certs = control.isSendSignerCert() ? new X509Certificate[] { jceSignerCert } : null;
return rep.encode(getSigningKey(), signatureAlgorithm, jceSignerCert, certs, req.getSignatureCert(), req.getContentEncryptionAlgorithm());
} catch (Exception ex) {
throw new CaException(ex);
}
}
Also used :
EnvelopedDataDecryptor(org.xipki.scep.message.EnvelopedDataDecryptor)
PrivateKey(java.security.PrivateKey)
CertificateException(java.security.cert.CertificateException)
ASN1String(org.bouncycastle.asn1.ASN1String)
X509Certificate(java.security.cert.X509Certificate)
CMSException(org.bouncycastle.cms.CMSException)
MessageDecodingException(org.xipki.scep.exception.MessageDecodingException)
CertificateException(java.security.cert.CertificateException)
MessageDecodingException(org.xipki.scep.exception.MessageDecodingException)
EnvelopedDataDecryptorInstance(org.xipki.scep.message.EnvelopedDataDecryptorInstance)
DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage)
PkiMessage(org.xipki.scep.message.PkiMessage)
DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Aggregations
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)31
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)24
Date (java.util.Date)18
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)16
PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)16
IOException (java.io.IOException)14
ProtectedPKIMessage (org.bouncycastle.cert.cmp.ProtectedPKIMessage)13
X509Certificate (java.security.cert.X509Certificate)12
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)11
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)11
GeneralPKIMessage (org.bouncycastle.cert.cmp.GeneralPKIMessage)11
DEROctetString (org.bouncycastle.asn1.DEROctetString)10
InfoTypeAndValue (org.bouncycastle.asn1.cmp.InfoTypeAndValue)9
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)9
BigInteger (java.math.BigInteger)8
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)8
X500Name (org.bouncycastle.asn1.x500.X500Name)7
Extensions (org.bouncycastle.asn1.x509.Extensions)7
InvalidKeyException (java.security.InvalidKeyException)6
CertificateException (java.security.cert.CertificateException)6
