feat: add nested message support to CmpCaMock

CHANGELOG.md

@@ -130,4 +130,8 @@ feat:  implement configurable recipient
 
 fix: update some dependencies
 
+### 4.0.2 (Mar 26 2024)
+
+feat: add nested message support to CmpCaMock
+
 

pom.xml

@@ -7,7 +7,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.siemens.pki</groupId>
 	<artifactId>LightweightCmpRa</artifactId>
-	<version>4.0.1</version>
+	<version>4.0.2</version>
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<parent.basedir>.</parent.basedir>
@@ -251,4 +251,4 @@
 			<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
 		</license>
 	</licenses>
-</project>
+</project>

src/test/java/com/siemens/pki/lightweightcmpra/test/framework/CmpCaMock.java

@@ -25,6 +25,7 @@
 import com.siemens.pki.lightweightcmpra.test.EnrollmentTestcaseBase;
 import com.siemens.pki.lightweightcmpra.util.ConfigFileLoader;
 import java.io.File;
+import java.io.IOException;
 import java.math.BigInteger;
 import java.net.URL;
 import java.security.NoSuchAlgorithmException;
@@ -42,6 +43,7 @@
 import org.bouncycastle.asn1.cmp.PKIBody;
 import org.bouncycastle.asn1.cmp.PKIFailureInfo;
 import org.bouncycastle.asn1.cmp.PKIMessage;
+import org.bouncycastle.asn1.cmp.PKIMessages;
 import org.bouncycastle.asn1.cmp.PKIStatus;
 import org.bouncycastle.asn1.cmp.PKIStatusInfo;
 import org.bouncycastle.asn1.cmp.RevRepContentBuilder;
@@ -144,42 +146,7 @@ public CmpCaMock(final String servingUrl, final String enrollmentCredentials, fi
     @Override
     public byte[] apply(final byte[] receivedMessageAsByte) throws Exception {
         final PKIMessage receivedMessage = PKIMessage.getInstance(receivedMessageAsByte);
-        if (LOGGER.isDebugEnabled()) {
-            // avoid unnecessary call of MessageDumper.dumpPkiMessage, if debug isn't
-            // enabled
-            LOGGER.debug("CA: got:\n" + MessageDumper.dumpPkiMessage(receivedMessage));
-        }
-        lastReceivedMessages.addFirst(receivedMessage);
-        while (lastReceivedMessages.size() > MAX_LAST_RECEIVED) {
-            lastReceivedMessages.removeLast();
-        }
-        final PKIMessage ret;
-        switch (receivedMessage.getBody().getType()) {
-            case PKIBody.TYPE_INIT_REQ:
-            case PKIBody.TYPE_CERT_REQ:
-            case PKIBody.TYPE_KEY_UPDATE_REQ:
-                ret = handleCrmfCerticateRequest(receivedMessage);
-                break;
-            case PKIBody.TYPE_P10_CERT_REQ:
-                ret = handleP10CerticateRequest(receivedMessage);
-                break;
-            case PKIBody.TYPE_CERT_CONFIRM:
-                ret = handleCertConfirm(receivedMessage);
-                break;
-            case PKIBody.TYPE_REVOCATION_REQ:
-                ret = handleRevocationRequest(receivedMessage);
-                break;
-            default:
-                ret = generateError(
-                        receivedMessage,
-                        "unsuported message type " + receivedMessage.getBody().getType());
-        }
-        if (LOGGER.isDebugEnabled()) {
-            // avoid unnecessary call of MessageDumper.dumpPkiMessage, if debug isn't
-            // enabled
-            LOGGER.debug("CA: respond:\n" + MessageDumper.dumpPkiMessage(ret));
-        }
-        return ret.getEncoded();
+        return handlePkiMessage(receivedMessage).getEncoded();
     }
 
     private CMPCertificate createCertificate(
@@ -254,6 +221,12 @@ private PKIMessage handleCrmfCerticateRequest(final PKIMessage receivedMessage)
                 issuingChainForExtraCerts);
     }
 
+    private PKIMessage handleNested(PKIMessage receivedMessage) throws Exception {
+        final PKIMessages nestedMessages =
+                (PKIMessages) receivedMessage.getBody().getContent();
+        return handlePkiMessage(nestedMessages.toPKIMessageArray()[0]);
+    }
+
     private PKIMessage handleP10CerticateRequest(final PKIMessage receivedMessage) throws Exception {
         // get copy of enrollment chain
         final List<X509Certificate> issuingChain = enrollmentCredentials.getTrustChain();
@@ -278,6 +251,48 @@ private PKIMessage handleP10CerticateRequest(final PKIMessage receivedMessage) t
                 issuingChainForExtraCerts);
     }
 
+    private PKIMessage handlePkiMessage(final PKIMessage receivedMessage) throws Exception, IOException {
+        if (LOGGER.isDebugEnabled()) {
+            // avoid unnecessary call of MessageDumper.dumpPkiMessage, if debug isn't
+            // enabled
+            LOGGER.debug("CA: got:\n" + MessageDumper.dumpPkiMessage(receivedMessage));
+        }
+        lastReceivedMessages.addFirst(receivedMessage);
+        while (lastReceivedMessages.size() > MAX_LAST_RECEIVED) {
+            lastReceivedMessages.removeLast();
+        }
+        final PKIMessage ret;
+        switch (receivedMessage.getBody().getType()) {
+            case PKIBody.TYPE_INIT_REQ:
+            case PKIBody.TYPE_CERT_REQ:
+            case PKIBody.TYPE_KEY_UPDATE_REQ:
+                ret = handleCrmfCerticateRequest(receivedMessage);
+                break;
+            case PKIBody.TYPE_P10_CERT_REQ:
+                ret = handleP10CerticateRequest(receivedMessage);
+                break;
+            case PKIBody.TYPE_CERT_CONFIRM:
+                ret = handleCertConfirm(receivedMessage);
+                break;
+            case PKIBody.TYPE_REVOCATION_REQ:
+                ret = handleRevocationRequest(receivedMessage);
+                break;
+            case PKIBody.TYPE_NESTED:
+                ret = handleNested(receivedMessage);
+                break;
+            default:
+                ret = generateError(
+                        receivedMessage,
+                        "unsuported message type " + receivedMessage.getBody().getType());
+        }
+        if (LOGGER.isDebugEnabled()) {
+            // avoid unnecessary call of MessageDumper.dumpPkiMessage, if debug isn't
+            // enabled
+            LOGGER.debug("CA: respond:\n" + MessageDumper.dumpPkiMessage(ret));
+        }
+        return ret;
+    }
+
     private PKIMessage handleRevocationRequest(final PKIMessage receivedMessage) throws Exception {
         final RevRepContentBuilder rrcb = new RevRepContentBuilder();
         rrcb.add(new PKIStatusInfo(PKIStatus.granted));