private SignatureData getFromCmsSignature(
      SignatureVerificationRequest signatureVerificationRequest,
      SignatureVerificationResponse response)
      throws CMSException {
    String signature = signatureVerificationRequest.getSignature();
    byte[] decoded = Base64.decode(signature);
    CMSSignedData cmsSignedData = new CMSSignedData(decoded);
    String encodedSignedData = new String((byte[]) cmsSignedData.getSignedContent().getContent());

    // Fetch information about the issuers
    List<String> certInfos = new ArrayList<String>();
    Collection certificates = cmsSignedData.getCertificates().getMatches(null);
    for (Object certificate : certificates) {
      X509CertificateHolder holder = (X509CertificateHolder) certificate;
      certInfos.add(holder.getSubject().toString());
      CertificateInfo ci = new CertificateInfo();
      ci.setSubjectDn(holder.getSubject().toString());
      ci.setValidTo(simpleDateFormat.format(holder.getNotAfter()));
      response.getCertificateInfos().getCertificateInfo().add(ci);
    }

    // Fetch timestamp
    Date signingDate = findTimestamp(cmsSignedData);
    String dateString = simpleDateFormat.format(signingDate);
    response.setSignatureDate(dateString);

    // Create the SignatureData to be verified
    SignatureData signData = new SignatureData();
    signData.setEncodedTbs(encodedSignedData);
    signData.setSignature(signature);
    ELegType clientType = new ELegType("test", "test", PkiClient.NETMAKER_NETID_4);
    signData.setClientType(clientType);
    return signData;
  }
예제 #2
0
  @Override
  protected Object _doExecute() throws Exception {
    EnrollCertRequestType request = new EnrollCertRequestType(EnrollCertRequestType.Type.CERT_REQ);

    CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
    ConcurrentContentSigner signer =
        getSigner(hashAlgo, new SignatureAlgoControl(rsaMgf1, dsaPlain));
    X509CertificateHolder ssCert = signer.getCertificateAsBCObject();

    X500Name x500Subject = subject == null ? ssCert.getSubject() : new X500Name(subject);
    certTemplateBuilder.setSubject(x500Subject);
    certTemplateBuilder.setPublicKey(ssCert.getSubjectPublicKeyInfo());
    CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);

    ProofOfPossessionSigningKeyBuilder popoBuilder =
        new ProofOfPossessionSigningKeyBuilder(certReq);
    ContentSigner contentSigner = signer.borrowContentSigner();
    POPOSigningKey popoSk;
    try {
      popoSk = popoBuilder.build(contentSigner);
    } finally {
      signer.returnContentSigner(contentSigner);
    }

    ProofOfPossession popo = new ProofOfPossession(popoSk);

    EnrollCertRequestEntryType reqEntry =
        new EnrollCertRequestEntryType("id-1", profile, certReq, popo);
    request.addRequestEntry(reqEntry);

    EnrollCertResult result;
    RequestResponseDebug debug = getRequestResponseDebug();
    try {
      result = caClient.requestCerts(request, caName, user, debug);
    } finally {
      saveRequestResponse(debug);
    }

    X509Certificate cert = null;
    if (result != null) {
      String id = result.getAllIds().iterator().next();
      CertOrError certOrError = result.getCertificateOrError(id);
      cert = (X509Certificate) certOrError.getCertificate();
    }

    if (cert != null) {
      throw new CmdFailure("no certificate is excepted, but received one");
    }

    return null;
  }