Package org.jscep.transport.response

Source Code of org.jscep.transport.response.GetCaCertResponseHandler

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package org.jscep.transport.response;

import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreParameters;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;

import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.jscep.util.SignedDataUtils;

/**
* This class handles responses to <code>GetCACert</code> requests.
*/
public final class GetCaCertResponseHandler implements
    ScepResponseHandler<CertStore> {
  private static final String RA_CERT = "application/x-x509-ca-ra-cert";
  private static final String CA_CERT = "application/x-x509-ca-cert";

  /**
   * {@inheritDoc}
   */
  public CertStore getResponse(byte[] content, String mimeType)
      throws ContentException {
    if (mimeType != null && mimeType.startsWith(CA_CERT)) {
      // http://tools.ietf.org/html/draft-nourse-scep-20#section-4.1.1.1
      CertificateFactory factory;
      try {
        factory = CertificateFactory.getInstance("X509");
      } catch (CertificateException e) {
        throw new RuntimeException(e);
      }
      try {
        X509Certificate ca = (X509Certificate) factory
            .generateCertificate(new ByteArrayInputStream(content));
        Collection<X509Certificate> caSet = Collections.singleton(ca);
        CertStoreParameters storeParams = new CollectionCertStoreParameters(
            caSet);

        return CertStore.getInstance("Collection", storeParams);
      } catch (GeneralSecurityException e) {
        throw new InvalidContentTypeException(e);
      }
    } else if (mimeType != null && mimeType.startsWith(RA_CERT)) {
      // If an RA is in use, a certificates-only PKCS#7 SignedData
      // with a certificate chain consisting of both RA and CA
      // certificates is
      // returned.
      // It should be in the order:
      // [0] RA
      // [1] CA
      if (content.length == 0) {
        throw new InvalidContentException(
            "Expected a SignedData object, but response was empty");
      }
      CMSSignedData sd;
      try {
        sd = new CMSSignedData(content);
      } catch (CMSException e) {
        throw new InvalidContentException(e);
      }
      return SignedDataUtils.fromSignedData(sd);
    } else {
      throw new InvalidContentTypeException(mimeType, CA_CERT, RA_CERT);
    }
  }
}
TOP

Related Classes of org.jscep.transport.response.GetCaCertResponseHandler

  • org.bouncycastle.cms.CMSSignedData
  • org.jscep.client.Client
  • org.jscep.server.ScepServletTest
  • java.security.cert.CertificateFactory
  • java.io.ByteArrayInputStream
  • java.security.cert.CertStoreParameters
  • java.security.cert.X509Certificate
  • java.security.cert.CollectionCertStoreParameters
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.