Examples with DecodedNextCaMessage org.xipki.scep.message.DecodedNextCaMessage used on opensource projects

Search in sources :

Example 1 with DecodedNextCaMessage

use of org.xipki.scep.message.DecodedNextCaMessage in project xipki by xipki.

the class Client method retrieveNextCaAuthorityCertStore.

private AuthorityCertStore retrieveNextCaAuthorityCertStore(ScepHttpResponse httpResp) throws ScepClientException {
    String ct = httpResp.getContentType();
    if (!ScepConstants.CT_X509_NEXT_CA_CERT.equalsIgnoreCase(ct)) {
        throw new ScepClientException("invalid Content-Type '" + ct + "'");
    }
    CMSSignedData cmsSignedData;
    try {
        cmsSignedData = new CMSSignedData(httpResp.getContentBytes());
    } catch (CMSException ex) {
        throw new ScepClientException("invalid SignedData message: " + ex.getMessage(), ex);
    } catch (IllegalArgumentException ex) {
        throw new ScepClientException("invalid SignedData message: " + ex.getMessage(), ex);
    }
    DecodedNextCaMessage resp;
    try {
        resp = DecodedNextCaMessage.decode(cmsSignedData, responseSignerCerts);
    } catch (MessageDecodingException ex) {
        throw new ScepClientException("could not decode response: " + ex.getMessage(), ex);
    }
    if (resp.getFailureMessage() != null) {
        throw new ScepClientException("Error: " + resp.getFailureMessage());
    }
    Boolean bo = resp.isSignatureValid();
    if (bo != null && !bo.booleanValue()) {
        throw new ScepClientException("Signature is invalid");
    }
    Date signingTime = resp.getSigningTime();
    long maxSigningTimeBias = getMaxSigningTimeBiasInMs();
    if (maxSigningTimeBias > 0) {
        if (signingTime == null) {
            throw new ScepClientException("CMS signingTime attribute is not present");
        }
        long now = System.currentTimeMillis();
        long diff = now - signingTime.getTime();
        if (diff < 0) {
            diff = -1 * diff;
        }
        if (diff > maxSigningTimeBias) {
            throw new ScepClientException("CMS signingTime is out of permitted period");
        }
    }
    if (!resp.getSignatureCert().equals(authorityCertStore.getSignatureCert())) {
        throw new ScepClientException("the signature certificate must not be trusted");
    }
    return resp.getAuthorityCertStore();
}
Also used : DecodedNextCaMessage(org.xipki.scep.message.DecodedNextCaMessage) MessageDecodingException(org.xipki.scep.exception.MessageDecodingException) ScepClientException(org.xipki.scep.client.exception.ScepClientException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) Date(java.util.Date) CMSException(org.bouncycastle.cms.CMSException)

Aggregations

Date (java.util.Date)1 CMSException (org.bouncycastle.cms.CMSException)1 CMSSignedData (org.bouncycastle.cms.CMSSignedData)1 ScepClientException (org.xipki.scep.client.exception.ScepClientException)1 MessageDecodingException (org.xipki.scep.exception.MessageDecodingException)1 DecodedNextCaMessage (org.xipki.scep.message.DecodedNextCaMessage)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial