assertTrue("Response was of 0 length.", retMsg.length > 0);
boolean pbe = (pbeSecret!=null);
//
// Parse response message
//
PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
assertNotNull(respObject);
// The signer, i.e. the CA, check it's the right CA
PKIHeader header = respObject.getHeader();
// Check that the message is signed with the correct digest alg
if (signed) {
AlgorithmIdentifier algId = header.getProtectionAlg();
assertNotNull("The AlgorithmIdentifier in the response signature could not be read.", algId);
assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), algId.getObjectId().getId());
}
if (pbe) {
AlgorithmIdentifier algId = header.getProtectionAlg();
assertNotNull("Protection algorithm was null.", algId);
assertEquals("Protection algorithm id: " + algId.getObjectId().getId(), CMPObjectIdentifiers.passwordBasedMac.getId(), algId.getObjectId().getId()); //1.2.840.113549.1.1.5 - SHA-1 with RSA Encryption
}
// Check that the signer is the expected CA
assertEquals(header.getSender().getTagNo(), 4);
X509Name name = X509Name.getInstance(header.getSender().getName());
assertEquals(name.toString(), issuerDN);
if (signed) {
// Verify the signature
byte[] protBytes = respObject.getProtectedBytes();
DERBitString bs = respObject.getProtection();
Signature sig;
try {
sig = Signature.getInstance(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "BC");
sig.initVerify(cacert);
sig.update(protBytes);
boolean ret = sig.verify(bs.getBytes());
assertTrue(ret);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
assertTrue(false);
} catch (NoSuchProviderException e) {
e.printStackTrace();
assertTrue(false);
} catch (InvalidKeyException e) {
e.printStackTrace();
assertTrue(false);
} catch (SignatureException e) {
e.printStackTrace();
assertTrue(false);
}
}
if (pbe) {
DEROctetString os = header.getSenderKID();
assertNotNull(os);
String keyId = new String(os.getOctets());
log.debug("Found a sender keyId: " + keyId);
// Verify the PasswordBased protection of the message
byte[] protectedBytes = respObject.getProtectedBytes();
DERBitString protection = respObject.getProtection();
AlgorithmIdentifier pAlg = header.getProtectionAlg();
log.debug("Protection type is: " + pAlg.getObjectId().getId());
PBMParameter pp = PBMParameter.getInstance(pAlg.getParameters());
int iterationCount = pp.getIterationCount().getPositiveValue().intValue();
log.debug("Iteration count is: " + iterationCount);