Search in sources :

Example 1 with EnvelopedDataDecryptor

use of org.xipki.scep.message.EnvelopedDataDecryptor in project xipki by xipki.

the class ScepResponder method servicePkiOperation.

public ContentInfo servicePkiOperation(CMSSignedData requestContent, AuditEvent event) throws MessageDecodingException, CaException {
    ScepUtil.requireNonNull("requestContent", requestContent);
    PrivateKey recipientKey = (raEmulator != null) ? raEmulator.getRaKey() : caEmulator.getCaKey();
    Certificate recipientCert = (raEmulator != null) ? raEmulator.getRaCert() : caEmulator.getCaCert();
    X509Certificate recipientX509Obj;
    try {
        recipientX509Obj = ScepUtil.toX509Cert(recipientCert);
    } catch (CertificateException ex) {
        throw new MessageDecodingException("could not parse recipientCert " + recipientCert.getTBSCertificate().getSubject());
    }
    EnvelopedDataDecryptorInstance decInstance = new EnvelopedDataDecryptorInstance(recipientX509Obj, recipientKey);
    EnvelopedDataDecryptor recipient = new EnvelopedDataDecryptor(decInstance);
    DecodedPkiMessage req = DecodedPkiMessage.decode(requestContent, recipient, null);
    PkiMessage rep = servicePkiOperation0(req, event);
    event.putEventData(ScepAuditConstants.NAME_pkiStatus, rep.getPkiStatus());
    if (rep.getPkiStatus() == PkiStatus.FAILURE) {
        event.setLevel(AuditLevel.ERROR);
    }
    if (rep.getFailInfo() != null) {
        event.putEventData(ScepAuditConstants.NAME_failInfo, rep.getFailInfo());
    }
    String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(getSigningKey(), ScepHashAlgo.forNameOrOid(req.getDigestAlgorithm().getId()));
    try {
        X509Certificate jceSignerCert = ScepUtil.toX509Cert(getSigningCert());
        X509Certificate[] certs = control.isSendSignerCert() ? new X509Certificate[] { jceSignerCert } : null;
        return rep.encode(getSigningKey(), signatureAlgorithm, jceSignerCert, certs, req.getSignatureCert(), req.getContentEncryptionAlgorithm());
    } catch (Exception ex) {
        throw new CaException(ex);
    }
}
Also used : EnvelopedDataDecryptor(org.xipki.scep.message.EnvelopedDataDecryptor) PrivateKey(java.security.PrivateKey) CertificateException(java.security.cert.CertificateException) ASN1String(org.bouncycastle.asn1.ASN1String) X509Certificate(java.security.cert.X509Certificate) CMSException(org.bouncycastle.cms.CMSException) MessageDecodingException(org.xipki.scep.exception.MessageDecodingException) CertificateException(java.security.cert.CertificateException) MessageDecodingException(org.xipki.scep.exception.MessageDecodingException) EnvelopedDataDecryptorInstance(org.xipki.scep.message.EnvelopedDataDecryptorInstance) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) PkiMessage(org.xipki.scep.message.PkiMessage) DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Aggregations

PrivateKey (java.security.PrivateKey)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 ASN1String (org.bouncycastle.asn1.ASN1String)1 Certificate (org.bouncycastle.asn1.x509.Certificate)1 CMSException (org.bouncycastle.cms.CMSException)1 MessageDecodingException (org.xipki.scep.exception.MessageDecodingException)1 DecodedPkiMessage (org.xipki.scep.message.DecodedPkiMessage)1 EnvelopedDataDecryptor (org.xipki.scep.message.EnvelopedDataDecryptor)1 EnvelopedDataDecryptorInstance (org.xipki.scep.message.EnvelopedDataDecryptorInstance)1 PkiMessage (org.xipki.scep.message.PkiMessage)1