收录日期:2020/10/28 10:49:16 时间:2010-09-07 01:59:33 标签:java,certificate,pki

Recently I've begun looking into developing a simple CA/SCEP server. While the CA wasn't much of a problem (not much of a CA either), the SCEP server has thrown me for a bit of a loop at one particular place.

So far I respond to the "GetCACert" and "GetCACaps" requests correctly. Now I'm attempting to respond to the "PKIOperation" request. I'm actually able to create a cert with the request, sign it and all the good stuff. The problem is that I have to add some "attributes" to the response...

gen1.addSigner(this.rootKeyPair.getPrivate(), this.getRootCertificate(), CMSSignedGenerator.DIGEST_SHA1, new AttributeTable(attributes), null);
CMSSignedData finalData = gen1.generate(msg, true, new BouncyCastleProvider());

Specifically recipientNonce.

The problem is that I'm struggling to get the attributes out of the initial request. Since the reciepientNonce should be a copy of the senderNonce, I've been attempting to pull that specific attribute out of the PKIOperation message. Here's my code so far...

Base64 base64 = new Base64();
ASN1Object object = ASN1Object.fromByteArray(base64.decode(request));
//The "request" is the "message" from scep 
ASN1Sequence sequence = ASN1Sequence.getInstance(object);
//   PKIMessage.getInstance(sequence);
//   PKIHeader.getInstance(sequence);
//   PKIConfirmContent.getInstance(sequence);
//   PKIBody.getInstance(sequence);
//   PKIStatusInfo.getInstance(sequence);
//   PKIFreeText.getInstance(sequence);
//   PKIFailureInfo.getInstance(sequence);
//   PKIStatus.getInstance(sequence);

The sequence is valid, but all the commented out lines all fail. Any thoughts?

Thanks!

Found it. JSCEP has a class called "PKIMessage" that does all the parsing for you.