private SignatureData getFromCmsSignature(
SignatureVerificationRequest signatureVerificationRequest,
SignatureVerificationResponse response)
throws CMSException {
String signature = signatureVerificationRequest.getSignature();
byte[] decoded = Base64.decode(signature);
CMSSignedData cmsSignedData = new CMSSignedData(decoded);
String encodedSignedData = new String((byte[]) cmsSignedData.getSignedContent().getContent());
// Fetch information about the issuers
List<String> certInfos = new ArrayList<String>();
Collection certificates = cmsSignedData.getCertificates().getMatches(null);
for (Object certificate : certificates) {
X509CertificateHolder holder = (X509CertificateHolder) certificate;
certInfos.add(holder.getSubject().toString());
CertificateInfo ci = new CertificateInfo();
ci.setSubjectDn(holder.getSubject().toString());
ci.setValidTo(simpleDateFormat.format(holder.getNotAfter()));
response.getCertificateInfos().getCertificateInfo().add(ci);
}
// Fetch timestamp
Date signingDate = findTimestamp(cmsSignedData);
String dateString = simpleDateFormat.format(signingDate);
response.setSignatureDate(dateString);
// Create the SignatureData to be verified
SignatureData signData = new SignatureData();
signData.setEncodedTbs(encodedSignedData);
signData.setSignature(signature);
ELegType clientType = new ELegType("test", "test", PkiClient.NETMAKER_NETID_4);
signData.setClientType(clientType);
return signData;
}
@Override
protected Object _doExecute() throws Exception {
EnrollCertRequestType request = new EnrollCertRequestType(EnrollCertRequestType.Type.CERT_REQ);
CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
ConcurrentContentSigner signer =
getSigner(hashAlgo, new SignatureAlgoControl(rsaMgf1, dsaPlain));
X509CertificateHolder ssCert = signer.getCertificateAsBCObject();
X500Name x500Subject = subject == null ? ssCert.getSubject() : new X500Name(subject);
certTemplateBuilder.setSubject(x500Subject);
certTemplateBuilder.setPublicKey(ssCert.getSubjectPublicKeyInfo());
CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
ProofOfPossessionSigningKeyBuilder popoBuilder =
new ProofOfPossessionSigningKeyBuilder(certReq);
ContentSigner contentSigner = signer.borrowContentSigner();
POPOSigningKey popoSk;
try {
popoSk = popoBuilder.build(contentSigner);
} finally {
signer.returnContentSigner(contentSigner);
}
ProofOfPossession popo = new ProofOfPossession(popoSk);
EnrollCertRequestEntryType reqEntry =
new EnrollCertRequestEntryType("id-1", profile, certReq, popo);
request.addRequestEntry(reqEntry);
EnrollCertResult result;
RequestResponseDebug debug = getRequestResponseDebug();
try {
result = caClient.requestCerts(request, caName, user, debug);
} finally {
saveRequestResponse(debug);
}
X509Certificate cert = null;
if (result != null) {
String id = result.getAllIds().iterator().next();
CertOrError certOrError = result.getCertificateOrError(id);
cert = (X509Certificate) certOrError.getCertificate();
}
if (cert != null) {
throw new CmdFailure("no certificate is excepted, but received one");
}
return null;
}