throws MessageDecodingException {
LOGGER.debug("Decoding pkiMessage");
validate(pkiMessage);
// The signed content is always an octet string
CMSProcessable signedContent = pkiMessage.getSignedContent();
SignerInformationStore signerStore = pkiMessage.getSignerInfos();
SignerInformation signerInfo = signerStore.get(new JcaSignerId(signer));
if (signerInfo == null) {
throw new MessageDecodingException("Could not for signerInfo for "
+ signer.getIssuerDN());
}
LOGGER.debug("pkiMessage digest algorithm: {}",
signerInfo.getDigestAlgorithmID().getAlgorithm());
LOGGER.debug("pkiMessage encryption algorithm: {}",
signerInfo.getEncryptionAlgOID());
Store store = pkiMessage.getCertificates();
Collection<?> certColl;
try {
certColl = store.getMatches(signerInfo.getSID());
} catch (StoreException e) {
throw new MessageDecodingException(e);
}
if (certColl.size() > 0) {
X509CertificateHolder cert = (X509CertificateHolder) certColl
.iterator().next();
LOGGER.debug(
"Verifying pkiMessage using key belonging to [issuer={}; serial={}]",
cert.getIssuer(), cert.getSerialNumber());
SignerInformationVerifier verifier;
try {
verifier = new JcaSimpleSignerInfoVerifierBuilder().build(cert);
signerInfo.verify(verifier);
LOGGER.debug("pkiMessage verified.");
} catch (Exception e) {
throw new MessageDecodingException(e);
}
} else {
LOGGER.warn("Unable to verify message because the signedData contained no certificates.");
}
Hashtable<DERObjectIdentifier, Attribute> attrTable = signerInfo
.getSignedAttributes().toHashtable();
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("pkiMessage has {} signed attributes:", signerInfo
.getSignedAttributes().size());
for (DERObjectIdentifier oid : attrTable.keySet()) {
LOGGER.debug(" {}: {}", oid.getId(), attrTable.get(oid)
.getAttrValues());
}
}
MessageType messageType = toMessageType(attrTable
.get(toOid(MESSAGE_TYPE)));
Nonce senderNonce = toNonce(attrTable.get(toOid(SENDER_NONCE)));
TransactionId transId = toTransactionId(attrTable.get(toOid(TRANS_ID)));
if (messageType == MessageType.CERT_REP) {
PkiStatus pkiStatus = toPkiStatus(attrTable.get(toOid(PKI_STATUS)));
Nonce recipientNonce = toNonce(attrTable
.get(toOid(RECIPIENT_NONCE)));
if (pkiStatus == PkiStatus.FAILURE) {
FailInfo failInfo = toFailInfo(attrTable.get(toOid(FAIL_INFO)));
LOGGER.debug("Finished decoding pkiMessage");
return new CertRep(transId, senderNonce, recipientNonce,
failInfo);
} else if (pkiStatus == PkiStatus.PENDING) {
LOGGER.debug("Finished decoding pkiMessage");
return new CertRep(transId, senderNonce, recipientNonce);
} else {
final CMSEnvelopedData ed = getEnvelopedData(signedContent
.getContent());
final byte[] envelopedContent = decoder.decode(ed);
CMSSignedData messageData;
try {
messageData = new CMSSignedData(envelopedContent);
} catch (CMSException e) {
throw new MessageDecodingException(e);
}
LOGGER.debug("Finished decoding pkiMessage");
return new CertRep(transId, senderNonce, recipientNonce,
messageData);
}
} else {
CMSEnvelopedData ed = getEnvelopedData(signedContent.getContent());
byte[] decoded = decoder.decode(ed);
if (messageType == MessageType.GET_CERT) {
IssuerAndSerialNumber messageData = IssuerAndSerialNumber
.getInstance(decoded);
LOGGER.debug("Finished decoding pkiMessage");