- // package on purpose
-
- @Override
- public X509ChainWithIssuer sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {
- TimeTaken tt = trans.start("Generating CSR and Keys for New Certificate", Env.SUB);
- PKCS10CertificationRequest csr;
- try {
- csr = csrmeta.generateCSR(trans);
- if(trans.info().isLoggable()) {
- trans.info().log(BCFactory.toString(csr));
- }
- if(trans.info().isLoggable()) {
- trans.info().log(csr);
- }
- } finally {
- tt.done();
- }
-
- tt = trans.start("Enroll CSR", Env.SUB);
- Client client = null;
- Item item = null;
- for(int i=0; i<MAX_RETRY;++i) {
- try {
- item = clients.best();
- client = clients.get(item);
-
- EnrollmentResponse er = client.enrol(
- csrmeta.initialConversationCert(trans),
- csrmeta.keypair(trans).getPrivate(),
- csr,
- MS_PROFILE /* profile... MS can't deal with blanks*/);
-
- while(true) {
- if(er.isSuccess()) {
- trans.checkpoint("Cert from " + clients.info(item));
- X509Certificate x509 = null;
- for( Certificate cert : er.getCertStore().getCertificates(null)) {
- if(x509==null) {
- x509 = (X509Certificate)cert;
- break;
- }
- }
- X509ChainWithIssuer mxcwi = mxcwiC.get(client);
- return new X509ChainWithIssuer(mxcwi,x509);
+ // package on purpose
+
+ @Override
+ public X509ChainWithIssuer sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {
+ TimeTaken tt = trans.start("Generating CSR and Keys for New Certificate", Env.SUB);
+ PKCS10CertificationRequest csr;
+ try {
+ csr = csrmeta.generateCSR(trans);
+ if (trans.info().isLoggable()) {
+ trans.info().log(BCFactory.toString(csr));
+ }
+ if (trans.info().isLoggable()) {
+ trans.info().log(csr);
+ }
+ } finally {
+ tt.done();
+ }
+
+ tt = trans.start("Enroll CSR", Env.SUB);
+ Client client = null;
+ Item item = null;
+ for (int i=0; i<MAX_RETRY;++i) {
+ try {
+ item = clients.best();
+ client = clients.get(item);
+
+ EnrollmentResponse er = client.enrol(
+ csrmeta.initialConversationCert(trans),
+ csrmeta.keypair(trans).getPrivate(),
+ csr,
+ MS_PROFILE /* profile... MS can't deal with blanks*/);
+
+ while (true) {
+ if (er.isSuccess()) {
+ trans.checkpoint("Cert from " + clients.info(item));
+ X509Certificate x509 = null;
+ for ( Certificate cert : er.getCertStore().getCertificates(null)) {
+ if (x509==null) {
+ x509 = (X509Certificate)cert;
+ break;
+ }
+ }
+ X509ChainWithIssuer mxcwi = mxcwiC.get(client);
+ return new X509ChainWithIssuer(mxcwi,x509);