Package org.bouncycastle.ocsp

Examples of org.bouncycastle.ocsp.BasicOCSPResp

405
406
407
408
409
410
411
        //
        BasicOCSPRespGenerator respGen = new BasicOCSPRespGenerator(signKP.getPublic());

        respGen.addResponse(id, CertificateStatus.GOOD);

        BasicOCSPResp resp = respGen.generate("SHA1withECDSA", signKP.getPrivate(), chain, new Date(), "BC");
    }
View Full Code Here
595
596
597
598
599
600
601
602
603
604
        //
        BasicOCSPRespGenerator respGen = new BasicOCSPRespGenerator(signKP.getPublic());

        respGen.addResponse(id, CertificateStatus.GOOD);

        BasicOCSPResp resp = respGen.generate("SHA1withRSA", signKP.getPrivate(), chain, new Date(), "BC");
        OCSPRespGenerator rGen = new OCSPRespGenerator();

        byte[] enc = rGen.generate(OCSPRespGenerator.SUCCESSFUL, resp).getEncoded();
    }
View Full Code Here
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
        if (response.getStatus() != 0)
        {
            fail("response status not zero.");
        }

        BasicOCSPResp brep = (BasicOCSPResp)response.getResponseObject();
        chain = brep.getCerts("BC");

        if (!brep.verify(chain[0].getPublicKey(), "BC"))
        {
            fail("response 1 failed to verify.");
        }

        //
        // test 2
        //
        SingleResp[] singleResp = brep.getResponses();

        response = new OCSPResp(new ByteArrayInputStream(testResp2));

        if (response.getStatus() != 0)
        {
            fail("response status not zero.");
        }

        brep = (BasicOCSPResp)response.getResponseObject();
        chain = brep.getCerts("BC");

        if (!brep.verify(chain[0].getPublicKey(), "BC"))
        {
            fail("response 2 failed to verify.");
        }

        singleResp = brep.getResponses();

        //
        // simple response generation
        //
        OCSPRespGenerator respGen = new OCSPRespGenerator();
View Full Code Here
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
        if (response.getStatus() != 0)
        {
            fail("response status not zero.");
        }

        BasicOCSPResp       brep = (BasicOCSPResp)response.getResponseObject();
        chain = brep.getCerts("BC");

        if (!brep.verify(chain[0].getPublicKey(), "BC"))
        {
            fail("response 1 failed to verify.");
        }

        //
        // test 2
        //
        SingleResp[]        singleResp = brep.getResponses();

        response = new OCSPResp(new ByteArrayInputStream(testResp2));

        if (response.getStatus() != 0)
        {
            fail("response status not zero.");
        }

        brep = (BasicOCSPResp)response.getResponseObject();
        chain = brep.getCerts("BC");

        if (!brep.verify(chain[0].getPublicKey(), "BC"))
        {
            fail("response 2 failed to verify.");
        }

        singleResp = brep.getResponses();
       
        //
        // simple response generation
        //
        OCSPRespGenerator respGen = new OCSPRespGenerator();
View Full Code Here
124
125
126
127
128
129
130
131
132
133
134
135
136
  public int getStatus() {
        if (resp == null) {
            return OCSPUnidResponse.OCSP_UNKNOWN;
        }
    try {
      BasicOCSPResp brep;
      brep = (BasicOCSPResp) resp.getResponseObject();
      SingleResp[] singleResps = brep.getResponses();
      SingleResp singleResp = singleResps[0];
      Object status = singleResp.getCertStatus();
      if (status == null) {
        return OCSPUnidResponse.OCSP_GOOD;
      }
View Full Code Here
821
822
823
824
825
826
827
828
829
830
831
        } // end of huge for loop
        if (cacert != null) {
          // Add responseExtensions
          X509Extensions exts = new X509Extensions(responseExtensions);
          // generate the signed response object
          BasicOCSPResp basicresp = signOCSPResponse(req, responseList, exts, cacert);
          ocspresp = res.generate(OCSPRespGenerator.SUCCESSFUL, basicresp);
          auditLogger.paramPut(IAuditLogger.STATUS, OCSPRespGenerator.SUCCESSFUL);
          transactionLogger.paramPut(ITransactionLogger.STATUS, OCSPRespGenerator.SUCCESSFUL);
        } else {
          // Only unknown CAs in requests and no default reponders cert
View Full Code Here
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
    // First check that the whole chain is included and the responderId is keyHash
    OCSPCAServiceRequest ocspServiceReq = new OCSPCAServiceRequest(req, responseList, null, "SHA1WithRSA;SHA1WithDSA;SHA1WithECDSA", true);
    ocspServiceReq.setRespIdType(OcspConfiguration.RESPONDERIDTYPE_KEYHASH);

    OCSPCAServiceResponse response = OCSPUtil.createOCSPCAServiceResponse(ocspServiceReq, privKey, providerName, certChain);
    BasicOCSPResp basicResp = response.getBasicOCSPResp();
    X509Certificate[] respCerts = basicResp.getCerts("BC");
    assertEquals(3, respCerts.length); // Certificate chain included
    RespID respId = basicResp.getResponderId();
    RespID testKeyHash = new RespID(racert.getPublicKey());
    RespID testName = new RespID(racert.getSubjectX500Principal());
    assertEquals(respId, testKeyHash);
    assertFalse(respId.equals(testName));

    // Second check that the whole chain is NOT included and the responderId is Name
    ocspServiceReq = new OCSPCAServiceRequest(req, responseList, null, "SHA1WithRSA;SHA1WithDSA;SHA1WithECDSA", false);
    ocspServiceReq.setRespIdType(OcspConfiguration.RESPONDERIDTYPE_NAME);
    response = OCSPUtil.createOCSPCAServiceResponse(ocspServiceReq, privKey, providerName, certChain);
    basicResp = response.getBasicOCSPResp();
    respCerts = basicResp.getCerts("BC");
    assertEquals(1, respCerts.length); // Certificate chain included
    respId = basicResp.getResponderId();
    assertFalse(respId.equals(testKeyHash));
    assertEquals(respId, testName);

    // Third do some verification
    basicResp.verify(racert.getPublicKey(), "BC");
    SingleResp[] responses = basicResp.getResponses();
    assertEquals(1, responses.length);
    SingleResp resp = responses[0];
    CertificateID myid = resp.getCertID();
    assertEquals(certId, myid);
  }
View Full Code Here
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
        return res;
    }
   
    public static BasicOCSPResp generateBasicOCSPResp(OCSPCAServiceRequest serviceReq, String sigAlg, X509Certificate signerCert, PrivateKey signerKey, String provider, X509Certificate[] chain, int respIdType)
    throws NotSupportedException, OCSPException, NoSuchProviderException, IllegalArgumentException {
      BasicOCSPResp returnval = null;
      BasicOCSPRespGenerator basicRes = null;
      basicRes = OCSPUtil.createOCSPResponse(serviceReq.getOCSPrequest(), signerCert, respIdType);
      ArrayList responses = serviceReq.getResponseList();
      if (responses != null) {
        Iterator iter = responses.iterator();
        while (iter.hasNext()) {
            OCSPResponseItem item = (OCSPResponseItem)iter.next();
              basicRes.addResponse(item.getCertID(), item.getCertStatus(), item.getThisUpdate(), item.getNextUpdate(), null);         
        }
      }
      X509Extensions exts = serviceReq.getExtensions();
      if (exts != null) {
        Enumeration oids = exts.oids();
        if (oids.hasMoreElements()) {
            basicRes.setResponseExtensions(exts);         
        }
      }

      returnval = basicRes.generate(sigAlg, signerKey, chain, new Date(), provider );
      if (m_log.isDebugEnabled()) {
        m_log.debug("Signing OCSP response with OCSP signer cert: " + signerCert.getSubjectDN().getName());
        RespID respId = null;
        if (respIdType == OcspConfiguration.RESPONDERIDTYPE_NAME) {
        respId = new RespID(signerCert.getSubjectX500Principal());         
        } else {
        respId = new RespID(signerCert.getPublicKey());         
        }
        if (!returnval.getResponderId().equals(respId)) {
          m_log.error("Response responderId does not match signer certificate responderId!");
        }
        boolean verify = returnval.verify(signerCert.getPublicKey(), "BC");
        if (verify) {
            m_log.debug("The OCSP response is verifying.");
        } else {
          m_log.error("The response is NOT verifying!");
        }
View Full Code Here
223
224
225
226
227
228
229
230
231
232
233
        chain = new X509Certificate[1];
        chain[0] = signerCert;
      }
      try {
        final int respIdType = ocspServiceReq.getRespIdType();
        final BasicOCSPResp ocspresp = OCSPUtil.generateBasicOCSPResp(ocspServiceReq, sigAlg, signerCert, privKey, providerName, chain, respIdType);
        final OCSPCAServiceResponse result = new OCSPCAServiceResponse(ocspresp, Arrays.asList(chain));
        isCertificateValid(signerCert);
        return result;
      } catch (OCSPException ocspe) {
        throw new ExtendedCAServiceRequestException(ocspe);
View Full Code Here
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
        assertEquals("Response status not the expected.", respCode, response.getStatus());
        if (respCode != 0) {
            assertNull("According to RFC 2560, responseBytes are not set on error.", (BasicOCSPResp) response.getResponseObject());
            return null; // it messes up testing of invalid signatures... but is needed for the unsuccessful responses
        }
        BasicOCSPResp brep = (BasicOCSPResp) response.getResponseObject();
        X509Certificate[] chain = brep.getCerts("BC");
        boolean verify = brep.verify(chain[0].getPublicKey(), "BC");
        assertTrue("Response failed to verify.", verify);
        // Check nonce (if we sent one)
        if (nonce != null) {
          byte[] noncerep = brep.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId());
          assertNotNull(noncerep);
          ASN1InputStream ain = new ASN1InputStream(noncerep);
          ASN1OctetString oct = ASN1OctetString.getInstance(ain.readObject());
          assertEquals(nonce, new String(oct.getOctets()));
        }
        SingleResp[] singleResps = brep.getResponses();
        return singleResps;
    }
View Full Code Here
TOP

Related Classes of org.bouncycastle.ocsp.BasicOCSPResp

  • com.itextpdf.text.pdf.OcspClientBouncyCastle
  • com.itextpdf.text.pdf.PdfPKCS7
  • com.lowagie.text.pdf.OcspClientBouncyCastle
  • com.lowagie.text.pdf.PdfPKCS7
  • org.bouncycastle.asn1.ASN1OutputStream
  • org.bouncycastle.asn1.ASN1Sequence
  • org.bouncycastle.asn1.DERObjectIdentifier
  • org.bouncycastle.asn1.DEROutputStream
  • org.bouncycastle.asn1.x509.X509Extension
  • org.bouncycastle.asn1.x509.X509Extensions
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.