Package org.bouncycastle.ocsp

Examples of org.bouncycastle.ocsp.RespID


    OCSPCAServiceResponse response = OCSPUtil.createOCSPCAServiceResponse(ocspServiceReq, privKey, providerName, certChain);
    BasicOCSPResp basicResp = response.getBasicOCSPResp();
    X509Certificate[] respCerts = basicResp.getCerts("BC");
    assertEquals(3, respCerts.length); // Certificate chain included
    RespID respId = basicResp.getResponderId();
    RespID testKeyHash = new RespID(racert.getPublicKey());
    RespID testName = new RespID(racert.getSubjectX500Principal());
    assertEquals(respId, testKeyHash);
    assertFalse(respId.equals(testName));

    // Second check that the whole chain is NOT included and the responderId is Name
    ocspServiceReq = new OCSPCAServiceRequest(req, responseList, null, "SHA1WithRSA;SHA1WithDSA;SHA1WithECDSA", false);
View Full Code Here


        if (null == req) {
            throw new IllegalArgumentException();
        }
        BasicOCSPRespGenerator res = null;
        if (respIdType == OcspConfiguration.RESPONDERIDTYPE_NAME) {
          res = new BasicOCSPRespGenerator(new RespID(respondercert.getSubjectX500Principal()));
        } else {
          res = new BasicOCSPRespGenerator(respondercert.getPublicKey());
        }
        X509Extensions reqexts = req.getRequestExtensions();
        if (reqexts != null) {
View Full Code Here

      }

      returnval = basicRes.generate(sigAlg, signerKey, chain, new Date(), provider );
      if (m_log.isDebugEnabled()) {
        m_log.debug("Signing OCSP response with OCSP signer cert: " + signerCert.getSubjectDN().getName());
        RespID respId = null;
        if (respIdType == OcspConfiguration.RESPONDERIDTYPE_NAME) {
        respId = new RespID(signerCert.getSubjectX500Principal());         
        } else {
        respId = new RespID(signerCert.getPublicKey());         
        }
        if (!returnval.getResponderId().equals(respId)) {
          m_log.error("Response responderId does not match signer certificate responderId!");
        }
        boolean verify = returnval.verify(signerCert.getPublicKey(), "BC");
View Full Code Here

              ret.setErrorCode(OCSPUnidResponse.ERROR_INVALID_NONCE);
              return ret;
            }
      }

    final RespID id = brep.getResponderId();
    final DERTaggedObject to = (DERTaggedObject)id.toASN1Object().toASN1Object();
    final RespID respId;
        final X509Certificate[] chain = brep.getCerts("BC");
        final PublicKey signerPub = chain[0].getPublicKey();
    if (to.getTagNo() == 1) {
      // This is Name
      respId = new RespID(chain[0].getSubjectX500Principal());
    } else {
      // This is KeyHash
      respId = new RespID(signerPub);
    }
    if (!id.equals(respId)) {
      // Response responderId does not match signer certificate responderId!
      ret.setErrorCode(OCSPUnidResponse.ERROR_INVALID_SIGNERID);
    }
View Full Code Here

TOP

Related Classes of org.bouncycastle.ocsp.RespID

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.