Examples of org.bouncycastle.ocsp.BasicOCSPResp.verify()

Class org.bouncycastle.ocsp.BasicOCSPResp

Examples of org.bouncycastle.ocsp.BasicOCSPResp.verify()

org.bouncycastle.ocsp.BasicOCSPResp.verify()
verify the signature against the tbsResponseData object we contain.

        assertTrue("RFC 5019 6.2: SHOULD be 'later than thisUpdate but earlier than nextUpdate'.", maxAge < (expires - lastModified) / 1000);
        // assertTrue("Response cannot be produced after it was sent.",
        // brep.getProducedAt().getTime() <= date); This might not hold on JBoss
        // AS due to the caching of the Date-header
        X509Certificate[] chain = brep.getCerts("BC");
        boolean verify = brep.verify(chain[0].getPublicKey(), "BC");
        assertTrue("Response failed to verify.", verify);
        assertNull("No nonce should be present.", brep.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId()));
        SingleResp[] singleResps = brep.getResponses();
        assertNotNull("SingleResps should not be null.", singleResps);
        assertTrue("Expected a single SingleResp in the repsonse.", singleResps.length == 1);

View Full Code Here

        assertTrue(con.getContentType().startsWith("application/ocsp-response"));
        OCSPResp response = new OCSPResp(new ByteArrayInputStream(OcspJunitHelper.inputStreamToBytes(con.getInputStream())));
        assertEquals("Response status not the expected.", 0, response.getStatus());
        BasicOCSPResp brep = (BasicOCSPResp) response.getResponseObject();
        X509Certificate[] chain = brep.getCerts("BC");
        boolean verify = brep.verify(chain[0].getPublicKey(), "BC");
        assertTrue("Response failed to verify.", verify);
        SingleResp[] singleResps = brep.getResponses();
        assertEquals("No of SingResps should be 1.", 1, singleResps.length);
        CertificateID certId = singleResps[0].getCertID();
        assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), ocspTestCert.getSerialNumber());

View Full Code Here

    }
    if (!id.equals(respId)) {
      // Response responderId does not match signer certificate responderId!
      ret.setErrorCode(OCSPUnidResponse.ERROR_INVALID_SIGNERID);
    }
        if (!brep.verify(signerPub, "BC")) {
          ret.setErrorCode(OCSPUnidResponse.ERROR_INVALID_SIGNATURE);
          return ret;
        }
        // Verify the certificate chain.
        for (int i=0; i<chain.length; i++) {

View Full Code Here

        assertTrue(con.getContentType().startsWith("application/ocsp-response"));
        OCSPResp response = new OCSPResp(new ByteArrayInputStream(OcspJunitHelper.inputStreamToBytes(con.getInputStream())));
        assertTrue("Response status not the expected.", response.getStatus() != 200);


        BasicOCSPResp brep = (BasicOCSPResp) response.getResponseObject();
        boolean verify = brep.verify(cacert.getPublicKey(), "BC");
        assertTrue("Signature verification", verify);
    }


    /**
     * Verify OCSP response for a malicious request. Uses nonsense payload.

View Full Code Here

            in = con.getInputStream();
            OCSPResp ocspResponse = new OCSPResp(in);
            BigInteger serialNumber = currCert.getSerialNumber();
            BasicOCSPResp brep = (BasicOCSPResp) ocspResponse.getResponseObject();
            try {
                if( ! brep.verify(responderCert.getPublicKey(),"BC")) {
                    throw new CertPathValidatorException("OCSP response is not verified");
                }
            } catch (NoSuchProviderException e) {
                throw new CertPathValidatorException("OCSP response could not be verified ("+e.getMessage()+")" ,null, cp, certIndex);
            }

View Full Code Here

0 1

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.