retval.setId("_" + cert.getSerialNumber().toString(16));
retval.setValidityInterval(getValidityInterval(cert));
KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_KEYNAME)){
String keyName = cert.getSubjectDN().toString();
keyInfoType.getContent().add(sigFactory.createKeyName(keyName));
}
if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_KEYVALUE)){
if(cert.getPublicKey() instanceof RSAPublicKey){
RSAPublicKey pubKey = (RSAPublicKey) cert.getPublicKey();
RSAKeyValueType rSAKeyValueType = sigFactory.createRSAKeyValueType();
rSAKeyValueType.setModulus(pubKey.getModulus().toByteArray());
rSAKeyValueType.setExponent(pubKey.getPublicExponent().toByteArray());
KeyValueType keyValue = sigFactory.createKeyValueType();
keyValue.getContent().add(sigFactory.createRSAKeyValue(rSAKeyValueType));
keyInfoType.getContent().add(sigFactory.createKeyValue(keyValue));
}else{
log.error(intres.getLocalizedMessage("xkms.onlyrsakeysupported"));
resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
}
}
if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CERT) ||
req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CHAIN) ||
req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CRL)){
X509DataType x509DataType = sigFactory.createX509DataType();
if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CERT) && !req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CHAIN)){
try {
x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert.getEncoded()));
} catch (CertificateEncodingException e) {
log.error(intres.getLocalizedMessage("xkms.errordecodingcert"),e);
resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
}
}
if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CHAIN)){
int caid = CertTools.getIssuerDN(cert).hashCode();
try {
Iterator<Certificate> iter = caAdminSession.getCAInfo(pubAdmin, caid).getCertificateChain().iterator();
while(iter.hasNext()){
X509Certificate next = (X509Certificate) iter.next();
x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(next.getEncoded()));
}
x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert.getEncoded()));
} catch (Exception e) {
log.error(intres.getLocalizedMessage("xkms.errorfetchinglastcrl"),e);
resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
}
}
if(req.getRespondWith().contains(XKMSConstants.RESPONDWITH_X509CRL)){
byte[] crl = null;
try {
crl = createCrlSession.getLastCRL(pubAdmin, CertTools.getIssuerDN(cert), false);
} catch (Exception e) {
log.error(intres.getLocalizedMessage("xkms.errorfetchinglastcrl"),e);
resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
}
x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509CRL(crl));
}
keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType));
}
retval.setKeyInfo(keyInfoType);
retval.getKeyUsage().addAll(getCertKeyUsageSpec(cert));
try {