public ContentInfo encode(PrivateKey signerKey, String signatureAlgorithm, X509Certificate signerCert, X509Certificate[] signerCertSet, X509Certificate recipientCert, ASN1ObjectIdentifier encAlgId) throws MessageEncodingException { ScepUtil.requireNonNull("signerKey", signerKey); ContentSigner signer; try { signer = new JcaContentSignerBuilder(signatureAlgorithm).build(signerKey); } catch (OperatorCreationException ex) { throw new MessageEncodingException(ex); } return encode(signer, signerCert, signerCertSet, recipientCert, encAlgId); }
private ContentInfo encryptThenSign(PkiMessage request, PrivateKey identityKey, X509Certificate identityCert) throws ScepClientException { ScepHashAlgo hashAlgo = caCaps.mostSecureHashAlgo(); if (hashAlgo == ScepHashAlgo.MD5 && !useInsecureAlgorithms) { throw new ScepClientException("Scep server supports only MD5 but it not permitted in client"); } String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(identityKey, hashAlgo); ASN1ObjectIdentifier encAlgId; if (caCaps.containsCapability(CaCapability.AES)) { encAlgId = CMSAlgorithm.AES128_CBC; } else if (caCaps.containsCapability(CaCapability.DES3)) { encAlgId = CMSAlgorithm.DES_EDE3_CBC; } else if (useInsecureAlgorithms) { encAlgId = CMSAlgorithm.DES_CBC; } else { // no support of DES throw new ScepClientException("DES will not be supported by this client"); } try { return request.encode(identityKey, signatureAlgorithm, identityCert, new X509Certificate[]{identityCert}, authorityCertStore.getEncryptionCert(), encAlgId); } catch (MessageEncodingException ex) { throw new ScepClientException(ex); } }
private ContentInfo encodeResponse(PkiMessage response, DecodedPkiMessage request) throws OperationException { Args.notNull(response, "response"); Args.notNull(request, "request"); String signatureAlgorithm = getSignatureAlgorithm(responderKey, request.getDigestAlgorithm()); ContentInfo ci; try { X509Certificate[] cmsCertSet = control.isIncludeSignerCert() ? new X509Certificate[]{responderCert} : null; ci = response.encode(responderKey, signatureAlgorithm, responderCert, cmsCertSet, request.getSignatureCert(), request.getContentEncryptionAlgorithm()); } catch (MessageEncodingException ex) { LogUtil.error(LOG, ex, "could not encode response"); throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex); } return ci; } // method encodeResponse
? new X509Certificate[]{jceSignerCert} : null; return rep.encode(getSigningKey(), signatureAlgorithm, jceSignerCert, certs, req.getSignatureCert(), req.getContentEncryptionAlgorithm()); } catch (Exception ex) {