+ private static void checkSPKAC(String csr, String spkacChallange) throws IOException, GigiApiException {
+ Process p = Runtime.getRuntime().exec(new String[] {
+ "openssl", "spkac", "-verify"
+ });
+ OutputStream outputStream = p.getOutputStream();
+ outputStream.write(csr.getBytes());
+ outputStream.flush();
+ outputStream.close();
+ BufferedReader br = new BufferedReader(new InputStreamReader(p.getInputStream(), "UTF-8"));
+ String line;
+ String challenge = null;
+ while ((line = br.readLine()) != null) {
+ line = line.trim();
+ String challengePrefix = "Challenge String: ";
+ if (line.startsWith(challengePrefix)) {
+ challenge = line.substring(challengePrefix.length());
+ }
+ }
+ GigiApiException gae = new GigiApiException();
+ if ( !spkacChallange.equals(challenge)) {
+ gae.mergeInto(new GigiApiException("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest."));
+ }
+ try {
+ if (p.waitFor() != 0) {
+ gae.mergeInto(new GigiApiException("The signature of your certificate request is invalid. Can't continue with certificaterequest."));
+ }
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ if ( !gae.isEmpty()) {
+ throw gae;
+ }
+ }
+