if (!resp.getSignatureCert().equals(authorityCertStore.getSignatureCert())) { throw new ScepClientException("the signature certificate must not be trusted");
private ContentInfo encodeResponse(PkiMessage response, DecodedPkiMessage request) throws OperationException { Args.notNull(response, "response"); Args.notNull(request, "request"); String signatureAlgorithm = getSignatureAlgorithm(responderKey, request.getDigestAlgorithm()); ContentInfo ci; try { X509Certificate[] cmsCertSet = control.isIncludeSignerCert() ? new X509Certificate[]{responderCert} : null; ci = response.encode(responderKey, signatureAlgorithm, responderCert, cmsCertSet, request.getSignatureCert(), request.getContentEncryptionAlgorithm()); } catch (MessageEncodingException ex) { LogUtil.error(LOG, ex, "could not encode response"); throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex); } return ci; } // method encodeResponse
boolean selfSigned = req.getSignatureCert().getIssuerX500Principal() .equals(req.getSignatureCert().getIssuerX500Principal()); req.getSignatureCert().getSubjectX500Principal().getEncoded()); if (!name.equals(csr.getCertificationRequestInfo().getSubject())) { LOG.warn("tid={}: self-signed cert.subject != CSR.subject", tid);
X509Certificate reqSignatureCert = req.getSignatureCert(); X500Principal reqSigCertSubject = reqSignatureCert.getSubjectX500Principal();
req.getSignatureCert(), req.getContentEncryptionAlgorithm()); } catch (Exception ex) { throw new CaException(ex);