public List<X509Certificate> scepGetCert(PrivateKey identityKey, X509Certificate identityCert, X500Name issuer, BigInteger serialNumber) throws ScepClientException { ScepUtil.requireNonNull("identityKey", identityKey); ScepUtil.requireNonNull("identityCert", identityCert); ScepUtil.requireNonNull("issuer", issuer); ScepUtil.requireNonNull("serialNumber", serialNumber); initIfNotInited(); PkiMessage request = new PkiMessage(TransactionId.randomTransactionId(), MessageType.GetCert); IssuerAndSerialNumber isn = new IssuerAndSerialNumber(issuer, serialNumber); request.setMessageData(isn); ContentInfo envRequest = encryptThenSign(request, identityKey, identityCert); ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest); CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes()); DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert); if (response.getPkiStatus() != PkiStatus.SUCCESS) { throw new ScepClientException("server returned " + response.getPkiStatus()); } ContentInfo messageData = ContentInfo.getInstance(response.getMessageData()); try { return ScepUtil.getCertsFromSignedData(SignedData.getInstance(messageData.getContent())); } catch (CertificateException ex) { throw new ScepClientException(ex.getMessage(), ex); } }