private PKIMessage addProtection(PKIMessage pkiMessage, AuditEvent event,
CmpRequestorInfo requestor) {
CmpControl control = getCmpControl();
try {
if (requestor.getCert() != null) {
return CmpUtil.addProtection(pkiMessage, getSigner(), getSender(),
control.isSendResponderCert());
} else {
PBMParameter parameter = new PBMParameter(randomSalt(), control.getResponsePbmOwf(),
control.getResponsePbmIterationCount(), control.getResponsePbmMac());
return CmpUtil.addProtection(pkiMessage, requestor.getPassword(), parameter,
getSender(), requestor.getKeyId());
}
} catch (Exception ex) {
LogUtil.error(LOG, ex, "could not add protection to the PKI message");
PKIStatusInfo status = generateRejectionStatus(
PKIFailureInfo.systemFailure, "could not sign the PKIMessage");
event.setLevel(AuditLevel.ERROR);
event.setStatus(AuditStatus.FAILED);
event.addEventData(CaAuditConstants.NAME_message, "could not sign the PKIMessage");
PKIBody body = new PKIBody(PKIBody.TYPE_ERROR, new ErrorMsgContent(status));
return new PKIMessage(pkiMessage.getHeader(), body);
}
}