Example usage for org.bouncycastle.cert.cmp ProtectedPKIMessage getCertificates

List of usage examples for org.bouncycastle.cert.cmp ProtectedPKIMessage getCertificates

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.cmp.*
  5. ProtectedPKIMessage
  6. getCertificates

Introduction

In this page you can find the example usage for org.bouncycastle.cert.cmp ProtectedPKIMessage getCertificates.

Prototype

public X509CertificateHolder[] getCertificates()

Source Link

Document

Return the extra certificates associated with this message.

Usage

From source file:org.cryptable.pki.communication.PKICMPMessages.java

License:Open Source License

/**
 * The message to decode a certification response
 *
 * @param message// w  w  w.  j  av a 2 s  .  co m
 * @return response message
 * @throws IOException
 * @throws PKICMPMessageException
 */
PKICMPResponse processResponse(byte[] message) throws IOException, PKICMPMessageException, CertificateException,
        OperatorCreationException, CMPException, PKIKeyStoreException, ParseException {
    CertificationResult certificationResult = new CertificationResult();

    ProtectedPKIMessage pkiMessage = new ProtectedPKIMessage(new GeneralPKIMessage(message));

    /* Verify Signature */
    ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder()
            .setProvider(pkiKeyStore.getProvider()).build(pkiKeyStore.getRecipientCertificate());

    if (!pkiMessage.verify(verifierProvider)) {
        throw new PKICMPMessageException("E: Verification failed this is an untrusted Message ["
                + pkiMessage.getHeader().getSender() + "]");
    }

    if (!Arrays.equals(senderNonce, pkiMessage.getHeader().getRecipNonce().getOctets()))
        throw new PKICMPMessageException(
                "E: Recipient Nonce in response does not correspond with Sender Nonce in request!");
    if (pkiMessage.getHeader().getMessageTime() != null) {
        pkiKeyStore.verifyCertificate(pkiKeyStore.getRecipientCertificate(),
                pkiMessage.getHeader().getMessageTime().getDate());
    } else {
        pkiKeyStore.verifyCertificate(pkiKeyStore.getRecipientCertificate(), new Date());
    }
    PKICMPResponse pkicmpResponse = new PKICMPResponse();

    pkicmpResponse.setPkiBody(pkiMessage.getBody());
    pkicmpResponse.setPkiHeader(pkiMessage.getHeader());

    X509CertificateHolder[] x509CertificateHolders = pkiMessage.getCertificates();
    JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
    for (X509CertificateHolder x509CertificateHolder : x509CertificateHolders) {
        pkicmpResponse.getX509CertifificateList()
                .add(jcaX509CertificateConverter.getCertificate(x509CertificateHolder));

    }
    return pkicmpResponse;
}