.equals(req.getSignatureCert().getIssuerX500Principal()); CertificationRequest csr = CertificationRequest.getInstance(req.getMessageData()); IssuerAndSubject is = IssuerAndSubject.getInstance(req.getMessageData()); cert = caEmulator.pollCert(is.getIssuer(), is.getSubject()); if (cert != null) { IssuerAndSerialNumber isn = IssuerAndSerialNumber.getInstance(req.getMessageData()); cert = caEmulator.getCert(isn.getName(), isn.getSerialNumber().getValue()); buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badRequest); } else { csr = CertificationRequest.getInstance(req.getMessageData()); try { cert = caEmulator.generateCert(csr); buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badRequest); } else { csr = CertificationRequest.getInstance(req.getMessageData()); try { cert = caEmulator.generateCert(csr); isn = IssuerAndSerialNumber.getInstance(req.getMessageData()); CertificateList crl; try {
case RenewalReq: case UpdateReq: CertificationRequest csr = CertificationRequest.getInstance(req.getMessageData()); X500Name reqSubject = csr.getCertificationRequestInfo().getSubject(); if (LOG.isInfoEnabled()) { break; case CertPoll: IssuerAndSubject is = IssuerAndSubject.getInstance(req.getMessageData()); audit(event, CaAuditConstants.NAME_issuer, X509Util.getRfc4519Name(is.getIssuer())); audit(event, CaAuditConstants.NAME_subject, X509Util.getRfc4519Name(is.getSubject())); break; case GetCert: IssuerAndSerialNumber isn = IssuerAndSerialNumber.getInstance(req.getMessageData()); BigInteger serial = isn.getSerialNumber().getPositiveValue(); audit(event, CaAuditConstants.NAME_issuer, X509Util.getRfc4519Name(isn.getName())); break; case GetCRL: isn = IssuerAndSerialNumber.getInstance(req.getMessageData()); serial = isn.getSerialNumber().getPositiveValue(); audit(event, CaAuditConstants.NAME_issuer, X509Util.getRfc4519Name(isn.getName()));
public List<X509Certificate> scepGetCert(PrivateKey identityKey, X509Certificate identityCert, X500Name issuer, BigInteger serialNumber) throws ScepClientException { ScepUtil.requireNonNull("identityKey", identityKey); ScepUtil.requireNonNull("identityCert", identityCert); ScepUtil.requireNonNull("issuer", issuer); ScepUtil.requireNonNull("serialNumber", serialNumber); initIfNotInited(); PkiMessage request = new PkiMessage(TransactionId.randomTransactionId(), MessageType.GetCert); IssuerAndSerialNumber isn = new IssuerAndSerialNumber(issuer, serialNumber); request.setMessageData(isn); ContentInfo envRequest = encryptThenSign(request, identityKey, identityCert); ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest); CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes()); DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert); if (response.getPkiStatus() != PkiStatus.SUCCESS) { throw new ScepClientException("server returned " + response.getPkiStatus()); } ContentInfo messageData = ContentInfo.getInstance(response.getMessageData()); try { return ScepUtil.getCertsFromSignedData(SignedData.getInstance(messageData.getContent())); } catch (CertificateException ex) { throw new ScepClientException(ex.getMessage(), ex); } }