Examples of BasicOCSPResp


Examples of org.bouncycastle.ocsp.BasicOCSPResp

        } // end of huge for loop
        if (cacert != null) {
          // Add responseExtensions
          X509Extensions exts = new X509Extensions(responseExtensions);
          // generate the signed response object
          BasicOCSPResp basicresp = signOCSPResponse(req, responseList, exts, cacert);
          ocspresp = res.generate(OCSPRespGenerator.SUCCESSFUL, basicresp);
          auditLogger.paramPut(IAuditLogger.STATUS, OCSPRespGenerator.SUCCESSFUL);
          transactionLogger.paramPut(ITransactionLogger.STATUS, OCSPRespGenerator.SUCCESSFUL);
        } else {
          // Only unknown CAs in requests and no default reponders cert
View Full Code Here

Examples of org.bouncycastle.ocsp.BasicOCSPResp

    // First check that the whole chain is included and the responderId is keyHash
    OCSPCAServiceRequest ocspServiceReq = new OCSPCAServiceRequest(req, responseList, null, "SHA1WithRSA;SHA1WithDSA;SHA1WithECDSA", true);
    ocspServiceReq.setRespIdType(OcspConfiguration.RESPONDERIDTYPE_KEYHASH);

    OCSPCAServiceResponse response = OCSPUtil.createOCSPCAServiceResponse(ocspServiceReq, privKey, providerName, certChain);
    BasicOCSPResp basicResp = response.getBasicOCSPResp();
    X509Certificate[] respCerts = basicResp.getCerts("BC");
    assertEquals(3, respCerts.length); // Certificate chain included
    RespID respId = basicResp.getResponderId();
    RespID testKeyHash = new RespID(racert.getPublicKey());
    RespID testName = new RespID(racert.getSubjectX500Principal());
    assertEquals(respId, testKeyHash);
    assertFalse(respId.equals(testName));

    // Second check that the whole chain is NOT included and the responderId is Name
    ocspServiceReq = new OCSPCAServiceRequest(req, responseList, null, "SHA1WithRSA;SHA1WithDSA;SHA1WithECDSA", false);
    ocspServiceReq.setRespIdType(OcspConfiguration.RESPONDERIDTYPE_NAME);
    response = OCSPUtil.createOCSPCAServiceResponse(ocspServiceReq, privKey, providerName, certChain);
    basicResp = response.getBasicOCSPResp();
    respCerts = basicResp.getCerts("BC");
    assertEquals(1, respCerts.length); // Certificate chain included
    respId = basicResp.getResponderId();
    assertFalse(respId.equals(testKeyHash));
    assertEquals(respId, testName);

    // Third do some verification
    basicResp.verify(racert.getPublicKey(), "BC");
    SingleResp[] responses = basicResp.getResponses();
    assertEquals(1, responses.length);
    SingleResp resp = responses[0];
    CertificateID myid = resp.getCertID();
    assertEquals(certId, myid);
  }
View Full Code Here

Examples of org.bouncycastle.ocsp.BasicOCSPResp

        return res;
    }
   
    public static BasicOCSPResp generateBasicOCSPResp(OCSPCAServiceRequest serviceReq, String sigAlg, X509Certificate signerCert, PrivateKey signerKey, String provider, X509Certificate[] chain, int respIdType)
    throws NotSupportedException, OCSPException, NoSuchProviderException, IllegalArgumentException {
      BasicOCSPResp returnval = null;
      BasicOCSPRespGenerator basicRes = null;
      basicRes = OCSPUtil.createOCSPResponse(serviceReq.getOCSPrequest(), signerCert, respIdType);
      ArrayList responses = serviceReq.getResponseList();
      if (responses != null) {
        Iterator iter = responses.iterator();
        while (iter.hasNext()) {
            OCSPResponseItem item = (OCSPResponseItem)iter.next();
              basicRes.addResponse(item.getCertID(), item.getCertStatus(), item.getThisUpdate(), item.getNextUpdate(), null);         
        }
      }
      X509Extensions exts = serviceReq.getExtensions();
      if (exts != null) {
        Enumeration oids = exts.oids();
        if (oids.hasMoreElements()) {
            basicRes.setResponseExtensions(exts);         
        }
      }

      returnval = basicRes.generate(sigAlg, signerKey, chain, new Date(), provider );
      if (m_log.isDebugEnabled()) {
        m_log.debug("Signing OCSP response with OCSP signer cert: " + signerCert.getSubjectDN().getName());
        RespID respId = null;
        if (respIdType == OcspConfiguration.RESPONDERIDTYPE_NAME) {
        respId = new RespID(signerCert.getSubjectX500Principal());         
        } else {
        respId = new RespID(signerCert.getPublicKey());         
        }
        if (!returnval.getResponderId().equals(respId)) {
          m_log.error("Response responderId does not match signer certificate responderId!");
        }
        boolean verify = returnval.verify(signerCert.getPublicKey(), "BC");
        if (verify) {
            m_log.debug("The OCSP response is verifying.");
        } else {
          m_log.error("The response is NOT verifying!");
        }
View Full Code Here

Examples of org.bouncycastle.ocsp.BasicOCSPResp

        chain = new X509Certificate[1];
        chain[0] = signerCert;
      }
      try {
        final int respIdType = ocspServiceReq.getRespIdType();
        final BasicOCSPResp ocspresp = OCSPUtil.generateBasicOCSPResp(ocspServiceReq, sigAlg, signerCert, privKey, providerName, chain, respIdType);
        final OCSPCAServiceResponse result = new OCSPCAServiceResponse(ocspresp, Arrays.asList(chain));
        isCertificateValid(signerCert);
        return result;
      } catch (OCSPException ocspe) {
        throw new ExtendedCAServiceRequestException(ocspe);
View Full Code Here

Examples of org.bouncycastle.ocsp.BasicOCSPResp

        assertEquals("Response status not the expected.", respCode, response.getStatus());
        if (respCode != 0) {
            assertNull("According to RFC 2560, responseBytes are not set on error.", (BasicOCSPResp) response.getResponseObject());
            return null; // it messes up testing of invalid signatures... but is needed for the unsuccessful responses
        }
        BasicOCSPResp brep = (BasicOCSPResp) response.getResponseObject();
        X509Certificate[] chain = brep.getCerts("BC");
        boolean verify = brep.verify(chain[0].getPublicKey(), "BC");
        assertTrue("Response failed to verify.", verify);
        // Check nonce (if we sent one)
        if (nonce != null) {
          byte[] noncerep = brep.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId());
          assertNotNull(noncerep);
          ASN1InputStream ain = new ASN1InputStream(noncerep);
          ASN1OctetString oct = ASN1OctetString.getInstance(ain.readObject());
          assertEquals(nonce, new String(oct.getOctets()));
        }
        SingleResp[] singleResps = brep.getResponses();
        return singleResps;
    }
View Full Code Here

Examples of org.bouncycastle.ocsp.BasicOCSPResp

        assertEquals("Response status not the expected.", respCode, response.getStatus());
        if (respCode != 0) {
            assertNull("According to RFC 2560, responseBytes are not set on error.", (BasicOCSPResp) response.getResponseObject());
            return null; // it messes up testing of invalid signatures... but is needed for the unsuccessful responses
        }
        BasicOCSPResp brep = (BasicOCSPResp) response.getResponseObject();
        X509Certificate[] chain = brep.getCerts("BC");
        boolean verify = brep.verify(chain[0].getPublicKey(), "BC");
        assertTrue("Response failed to verify.", verify);
        // Check nonce (if we sent one)
        if (nonce != null) {
          byte[] noncerep = brep.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId());
          assertNotNull(noncerep);
          ASN1InputStream ain = new ASN1InputStream(noncerep);
          ASN1OctetString oct = ASN1OctetString.getInstance(ain.readObject());
          assertEquals(nonce, new String(oct.getOctets()));
        }
        SingleResp[] singleResps = brep.getResponses();
        return singleResps;
    }
View Full Code Here

Examples of org.bouncycastle.ocsp.BasicOCSPResp

        baos.flush();
        in.close();
        byte[] respBytes = baos.toByteArray();
        OCSPResp response = new OCSPResp(new ByteArrayInputStream(respBytes));
        assertEquals("Response status not zero.", response.getStatus(), 0);
        BasicOCSPResp brep = (BasicOCSPResp) response.getResponseObject();
        X509Certificate[] chain = brep.getCerts("BC");
        boolean verify = brep.verify(chain[0].getPublicKey(), "BC");
        assertTrue("Response failed to verify.", verify);
        // Check nonce (if we sent one)
        if (nonce != null) {
          byte[] noncerep = brep.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId());
          assertNotNull(noncerep);
          ASN1InputStream ain = new ASN1InputStream(noncerep);
          ASN1OctetString oct = ASN1OctetString.getInstance(ain.readObject());
          assertEquals(nonce, new String(oct.getOctets()));
        }
        SingleResp[] singleResps = brep.getResponses();
        assertEquals("No of SingResps should be 1.", singleResps.length, 1);
        SingleResp singleResp = singleResps[0];
        return singleResp;
    }
View Full Code Here

Examples of org.bouncycastle.ocsp.BasicOCSPResp

        exts.put(FnrFromUnidExtension.FnrFromUnidOid, ext);
        gen.setRequestExtensions(new X509Extensions(exts));
        OCSPReq req = gen.generate();

        // Send the request and receive a BasicResponse
        BasicOCSPResp brep = sendOCSPPost(req.getEncoded(), true);
        assertEquals(getFnr(brep), "654321");
        SingleResp[] singleResps = brep.getResponses();
        assertEquals("No of SingResps should be 1.", singleResps.length, 1);
        SingleResp singleResp = singleResps[0];
       
        CertificateID certId = singleResp.getCertID();
        assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), ocspTestCert.getSerialNumber());
View Full Code Here

Examples of org.bouncycastle.ocsp.BasicOCSPResp

        exts.put(FnrFromUnidExtension.FnrFromUnidOid, ext);
        gen.setRequestExtensions(new X509Extensions(exts));
        OCSPReq req = gen.generate();

        // Send the request and receive a BasicResponse
        BasicOCSPResp brep = sendOCSPPost(req.getEncoded(), true);
        // When a certificate is revoked the FNR must not be returned
        assertEquals(getFnr(brep), null);
        SingleResp[] singleResps = brep.getResponses();
        assertEquals("No of SingResps should be 1.", singleResps.length, 1);
        SingleResp singleResp = singleResps[0];
       
        CertificateID certId = singleResp.getCertID();
        assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), ocspTestCert.getSerialNumber());
View Full Code Here

Examples of org.bouncycastle.ocsp.BasicOCSPResp

        exts.put(FnrFromUnidExtension.FnrFromUnidOid, ext);
        gen.setRequestExtensions(new X509Extensions(exts));
        OCSPReq req = gen.generate();

        // Send the request and receive a BasicResponse
        BasicOCSPResp brep = sendOCSPPost(req.getEncoded(), true);
        assertEquals(getFnr(brep), null);
        SingleResp[] singleResps = brep.getResponses();
        assertEquals("No of SingResps should be 1.", singleResps.length, 1);
        SingleResp singleResp = singleResps[0];
       
        CertificateID certId = singleResp.getCertID();
        assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), ocspTestCert.getSerialNumber());
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.