Package org.ejbca.core.model.ca.caadmin.extendedcaservices

Examples of org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest


  private BasicOCSPResp signOCSPResponse(OCSPReq req, ArrayList responseList, X509Extensions exts, X509Certificate cacert)
  throws CADoesntExistsException, ExtendedCAServiceRequestException, ExtendedCAServiceNotActiveException, IllegalExtendedCAServiceRequestException {

      // Call extended CA services to get our OCSP stuff
      OCSPCAServiceRequest ocspservicerequest = new OCSPCAServiceRequest(req, responseList, exts, m_sigAlg, m_includeChain);
      ocspservicerequest.setRespIdType(m_respIdType);
      OCSPCAServiceResponse caserviceresp = extendedService(this.data.m_adm, this.data.getCaid(cacert), ocspservicerequest);
      // Now we can use the returned OCSPServiceResponse to get private key and cetificate chain to sign the ocsp response
      if (m_log.isDebugEnabled()) {
          Collection coll = caserviceresp.getOCSPSigningCertificateChain();
          m_log.debug("Cert chain for OCSP signing is of size " + coll.size());             
View Full Code Here


    ArrayList responseList = new ArrayList();
    CertificateID certId = req.getRequestList()[0].getCertID();
    responseList.add(new OCSPResponseItem(certId, new UnknownStatus(), 0));

    // First check that the whole chain is included and the responderId is keyHash
    OCSPCAServiceRequest ocspServiceReq = new OCSPCAServiceRequest(req, responseList, null, "SHA1WithRSA;SHA1WithDSA;SHA1WithECDSA", true);
    ocspServiceReq.setRespIdType(OcspConfiguration.RESPONDERIDTYPE_KEYHASH);

    OCSPCAServiceResponse response = OCSPUtil.createOCSPCAServiceResponse(ocspServiceReq, privKey, providerName, certChain);
    BasicOCSPResp basicResp = response.getBasicOCSPResp();
    X509Certificate[] respCerts = basicResp.getCerts("BC");
    assertEquals(3, respCerts.length); // Certificate chain included
    RespID respId = basicResp.getResponderId();
    RespID testKeyHash = new RespID(racert.getPublicKey());
    RespID testName = new RespID(racert.getSubjectX500Principal());
    assertEquals(respId, testKeyHash);
    assertFalse(respId.equals(testName));

    // Second check that the whole chain is NOT included and the responderId is Name
    ocspServiceReq = new OCSPCAServiceRequest(req, responseList, null, "SHA1WithRSA;SHA1WithDSA;SHA1WithECDSA", false);
    ocspServiceReq.setRespIdType(OcspConfiguration.RESPONDERIDTYPE_NAME);
    response = OCSPUtil.createOCSPCAServiceResponse(ocspServiceReq, privKey, providerName, certChain);
    basicResp = response.getBasicOCSPResp();
    respCerts = basicResp.getCerts("BC");
    assertEquals(1, respCerts.length); // Certificate chain included
    respId = basicResp.getResponderId();
View Full Code Here

   */
  public ExtendedCAServiceResponse extendedService(ExtendedCAServiceRequest request)
    throws ExtendedCAServiceRequestException, IllegalExtendedCAServiceRequestException, ExtendedCAServiceNotActiveException{
          ExtendedCAServiceResponse returnval = null;
          if(request instanceof OCSPCAServiceRequest) {
            OCSPCAServiceRequest ocspServiceReq = (OCSPCAServiceRequest)request;
              try {
                ocspServiceReq.setPrivKey(getCAToken().getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN));
                ocspServiceReq.setPrivKeyProvider(getCAToken().getProvider());
                X509Certificate[] signerChain = (X509Certificate[])getCertificateChain().toArray(new X509Certificate[0]);
                List<X509Certificate> chain = Arrays.asList(signerChain);
                ocspServiceReq.setCertificateChain(chain);
                // Super class handles signing with the OCSP signing certificate
                log.debug("extendedService, with ca cert)");
              } catch (IllegalKeyStoreException ike) {
                throw new ExtendedCAServiceRequestException(ike);
              } catch (CATokenOfflineException ctoe) {
View Full Code Here

TOP

Related Classes of org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.