private SignatureData getFromCmsSignature( SignatureVerificationRequest signatureVerificationRequest, SignatureVerificationResponse response) throws CMSException { String signature = signatureVerificationRequest.getSignature(); byte[] decoded = Base64.decode(signature); CMSSignedData cmsSignedData = new CMSSignedData(decoded); String encodedSignedData = new String((byte[]) cmsSignedData.getSignedContent().getContent()); // Fetch information about the issuers List<String> certInfos = new ArrayList<String>(); Collection certificates = cmsSignedData.getCertificates().getMatches(null); for (Object certificate : certificates) { X509CertificateHolder holder = (X509CertificateHolder) certificate; certInfos.add(holder.getSubject().toString()); CertificateInfo ci = new CertificateInfo(); ci.setSubjectDn(holder.getSubject().toString()); ci.setValidTo(simpleDateFormat.format(holder.getNotAfter())); response.getCertificateInfos().getCertificateInfo().add(ci); } // Fetch timestamp Date signingDate = findTimestamp(cmsSignedData); String dateString = simpleDateFormat.format(signingDate); response.setSignatureDate(dateString); // Create the SignatureData to be verified SignatureData signData = new SignatureData(); signData.setEncodedTbs(encodedSignedData); signData.setSignature(signature); ELegType clientType = new ELegType("test", "test", PkiClient.NETMAKER_NETID_4); signData.setClientType(clientType); return signData; }
@Override protected Object _doExecute() throws Exception { EnrollCertRequestType request = new EnrollCertRequestType(EnrollCertRequestType.Type.CERT_REQ); CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder(); ConcurrentContentSigner signer = getSigner(hashAlgo, new SignatureAlgoControl(rsaMgf1, dsaPlain)); X509CertificateHolder ssCert = signer.getCertificateAsBCObject(); X500Name x500Subject = subject == null ? ssCert.getSubject() : new X500Name(subject); certTemplateBuilder.setSubject(x500Subject); certTemplateBuilder.setPublicKey(ssCert.getSubjectPublicKeyInfo()); CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null); ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq); ContentSigner contentSigner = signer.borrowContentSigner(); POPOSigningKey popoSk; try { popoSk = popoBuilder.build(contentSigner); } finally { signer.returnContentSigner(contentSigner); } ProofOfPossession popo = new ProofOfPossession(popoSk); EnrollCertRequestEntryType reqEntry = new EnrollCertRequestEntryType("id-1", profile, certReq, popo); request.addRequestEntry(reqEntry); EnrollCertResult result; RequestResponseDebug debug = getRequestResponseDebug(); try { result = caClient.requestCerts(request, caName, user, debug); } finally { saveRequestResponse(debug); } X509Certificate cert = null; if (result != null) { String id = result.getAllIds().iterator().next(); CertOrError certOrError = result.getCertificateOrError(id); cert = (X509Certificate) certOrError.getCertificate(); } if (cert != null) { throw new CmdFailure("no certificate is excepted, but received one"); } return null; }