CMSSignedDataGenerator gen1 = new CMSSignedDataGenerator();
// add authenticated attributes...status, transactionId, sender- and recipientNonce and more...
Hashtable attributes = new Hashtable();
DERObjectIdentifier oid;
Attribute attr;
DERSet value;
// Content Type
/* Added automagically by CMSSignedDataGenerator
oid = PKCSObjectIdentifiers.pkcs_9_at_contentType;
value = new DERSet(PKCSObjectIdentifiers.data);
attr = new Attribute(oid, value);
attributes.put(attr.getAttrType(), attr);
*/
// Message digest
/* Added automagically by CMSSignedDataGenerator
byte[] digest = null;
if (s != null) {
MessageDigest md = MessageDigest.getInstance("SHA1");
digest = md.digest(s.getEncoded());
} else {
digest = new byte[]{0};
}
oid = PKCSObjectIdentifiers.pkcs_9_at_messageDigest;
value = new DERSet(new DEROctetString(digest));
attr = new Attribute(oid, value);
attributes.put(attr.getAttrType(), attr);
*/
// Message type (certrep)
oid = new DERObjectIdentifier(ScepRequestMessage.id_messageType);
value = new DERSet(new DERPrintableString("3"));
attr = new Attribute(oid, value);
attributes.put(attr.getAttrType(), attr);
// TransactionId
if (transactionId != null) {
oid = new DERObjectIdentifier(ScepRequestMessage.id_transId);
log.debug("Added transactionId: " + transactionId);
value = new DERSet(new DERPrintableString(transactionId));
attr = new Attribute(oid, value);
attributes.put(attr.getAttrType(), attr);
}
// status
oid = new DERObjectIdentifier(ScepRequestMessage.id_pkiStatus);
value = new DERSet(new DERPrintableString(status.getValue()));
attr = new Attribute(oid, value);
attributes.put(attr.getAttrType(), attr);
if (status.equals(ResponseStatus.FAILURE)) {
oid = new DERObjectIdentifier(ScepRequestMessage.id_failInfo);
log.debug("Added failInfo: " + failInfo.getValue());
value = new DERSet(new DERPrintableString(failInfo.getValue()));
attr = new Attribute(oid, value);
attributes.put(attr.getAttrType(), attr);
}
// senderNonce
if (senderNonce != null) {
oid = new DERObjectIdentifier(ScepRequestMessage.id_senderNonce);
log.debug("Added senderNonce: " + senderNonce);
value = new DERSet(new DEROctetString(Base64.decode(senderNonce.getBytes())));
attr = new Attribute(oid, value);
attributes.put(attr.getAttrType(), attr);
}
// recipientNonce
if (recipientNonce != null) {
oid = new DERObjectIdentifier(ScepRequestMessage.id_recipientNonce);
log.debug("Added recipientNonce: " + recipientNonce);
value = new DERSet(new DEROctetString(Base64.decode(recipientNonce.getBytes())));
attr = new Attribute(oid, value);
attributes.put(attr.getAttrType(), attr);
}
// Add our signer info and sign the message
log.debug("Signing SCEP message with cert: "+CertTools.getSubjectDN(signCert));
gen1.addSigner(signKey, (X509Certificate)signCert, digestAlg, new AttributeTable(attributes), null);