+ /**
+ * Create a base key to use for verifying the PasswordBasedMac on a PKIMessage
+ *
+ * @param pbmParamSeq parameters recieved in PKIMessage used with password
+ * @param initAuthPassword password used to decrypt the basekey
+ * @return bytes representing the basekey
+ * @throws CmpClientException thrown if algorithem exceptions occur for the message digest
+ */
+ private static byte[] getBaseKeyFromPbmParameters(
+ PBMParameter pbmParamSeq, String initAuthPassword) throws CmpClientException {
+ final int iterationCount = pbmParamSeq.getIterationCount().getPositiveValue().intValue();
+ LOG.info("Iteration count is: {}", iterationCount);
+ final AlgorithmIdentifier owfAlg = pbmParamSeq.getOwf();
+ LOG.info("One Way Function type is: {}", owfAlg.getAlgorithm().getId());
+ final byte[] salt = pbmParamSeq.getSalt().getOctets();
+ final byte[] raSecret = initAuthPassword != null ? initAuthPassword.getBytes() : new byte[0];
+ byte[] basekey = new byte[raSecret.length + salt.length];
+ System.arraycopy(raSecret, 0, basekey, 0, raSecret.length);
+ System.arraycopy(salt, 0, basekey, raSecret.length, salt.length);
+ try {
+ final MessageDigest messageDigest =
+ MessageDigest.getInstance(
+ owfAlg.getAlgorithm().getId(), BouncyCastleProvider.PROVIDER_NAME);
+ for (int i = 0; i < iterationCount; i++) {
+ basekey = messageDigest.digest(basekey);
+ messageDigest.reset();
+ }
+ } catch (NoSuchAlgorithmException | NoSuchProviderException ex) {
+ LOG.error("ProtectionBytes don't match passwordBasedProtection, authentication failed");
+ throw new CmpClientException(
+ "ProtectionBytes don't match passwordBasedProtection, authentication failed", ex);
+ }
+ return basekey;
+ }
+
+ private static ASN1ObjectIdentifier getImplicitConfirm(InfoTypeAndValue[] info) {