本文整理汇总了Java中org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers类的典型用法代码示例。如果您正苦于以下问题:Java OCSPObjectIdentifiers类的具体用法?Java OCSPObjectIdentifiers怎么用?Java OCSPObjectIdentifiers使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
OCSPObjectIdentifiers类属于org.bouncycastle.asn1.ocsp包,在下文中一共展示了OCSPObjectIdentifiers类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generateOCSPRequest
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
/**
* Generates an OCSP request using BouncyCastle.
* @param issuerCert certificate of the issues
* @param serialNumber serial number
* @return an OCSP request
* @throws OCSPException
* @throws IOException
*/
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException {
//Add provider BC
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build();
DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1);
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(digestCalculator, new JcaX509CertificateHolder(issuerCert), serialNumber);
// basic request generation with nonce
OCSPReqBuilder gen = new OCSPReqBuilder();
gen.addRequest(id);
// create details for nonce extension
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()));
gen.setRequestExtensions(new Extensions(new Extension[]{ext}));
return gen.build();
}
示例2: GenOcspReq
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
public static OCSPReq GenOcspReq(X509Certificate nextCert,
X509Certificate nextIssuer) throws OCSPException {
OCSPReqGenerator ocspRequestGenerator = new OCSPReqGenerator();
CertificateID certId = new CertificateID(CertificateID.HASH_SHA1,
nextIssuer, nextCert.getSerialNumber());
ocspRequestGenerator.addRequest(certId);
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
Vector<X509Extension> values = new Vector<X509Extension>();
oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
values.add(new X509Extension(false, new DEROctetString(nonce
.toByteArray())));
ocspRequestGenerator.setRequestExtensions(new X509Extensions(oids,
values));
return ocspRequestGenerator.generate();
}
示例3: getResponseObject
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
public Object getResponseObject()
throws OCSPException
{
ResponseBytes rb = this.resp.getResponseBytes();
if (rb == null)
{
return null;
}
if (rb.getResponseType().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic))
{
try
{
ASN1Primitive obj = ASN1Primitive.fromByteArray(rb.getResponse().getOctets());
return new BasicOCSPResp(BasicOCSPResponse.getInstance(obj));
}
catch (Exception e)
{
throw new OCSPException("problem decoding object: " + e, e);
}
}
return rb.getResponse();
}
示例4: generateOcspRequest
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
private OCSPReq generateOcspRequest(X509Certificate issuerCert,
BigInteger serialNumber) throws OCSPException, CertificateEncodingException, OperatorCreationException, IOException {
BcDigestCalculatorProvider util = new BcDigestCalculatorProvider();
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(util.get( CertificateID.HASH_SHA1),
new X509CertificateHolder(issuerCert.getEncoded()), serialNumber);
OCSPReqBuilder ocspGen = new OCSPReqBuilder();
ocspGen.addRequest(id);
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray()));
ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext }));
return ocspGen.build();
}
示例5: isNonceMatch
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
private boolean isNonceMatch(final BasicOCSPResp basicOCSPResp, BigInteger expectedNonceValue) {
Extension extension = basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
ASN1OctetString extnValue = extension.getExtnValue();
ASN1Primitive value;
try {
value = ASN1Primitive.fromByteArray(extnValue.getOctets());
} catch (IOException ex) {
LOG.warn("Invalid encoding of nonce extension value in OCSP response", ex);
return false;
}
if (value instanceof DEROctetString) {
BigInteger receivedNonce = new BigInteger(((DEROctetString) value).getOctets());
return expectedNonceValue.equals(receivedNonce);
} else {
LOG.warn("Nonce extension value in OCSP response is not an OCTET STRING");
return false;
}
}
示例6: build
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
public OCSPResp build(
int status,
Object response)
throws OCSPException
{
if (response == null)
{
return new OCSPResp(new OCSPResponse(new OCSPResponseStatus(status), null));
}
if (response instanceof BasicOCSPResp)
{
BasicOCSPResp r = (BasicOCSPResp)response;
ASN1OctetString octs;
try
{
octs = new DEROctetString(r.getEncoded());
}
catch (IOException e)
{
throw new OCSPException("can't encode object.", e);
}
ResponseBytes rb = new ResponseBytes(
OCSPObjectIdentifiers.id_pkix_ocsp_basic, octs);
return new OCSPResp(new OCSPResponse(
new OCSPResponseStatus(status), rb));
}
throw new OCSPException("unknown response object");
}
示例7: GenOcspReq
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
public static OCSPReq GenOcspReq(X509Certificate nextCert,
X509Certificate nextIssuer) throws OCSPException, OperatorCreationException, CertificateEncodingException, IOException {
OCSPReqBuilder ocspRequestGenerator = new OCSPReqBuilder();
DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
// CertificateID certId = new CertificateID(
// CertificateID.HASH_SHA1,
// nextIssuer, nextCert.getSerialNumber()
// );
CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1),
new X509CertificateHolder (nextIssuer.getEncoded()), nextCert.getSerialNumber());
// CertificateID id = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1));
ocspRequestGenerator.addRequest(certId);
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce.toByteArray()));
ocspRequestGenerator.setRequestExtensions(new Extensions(new Extension[]{ext}));
return ocspRequestGenerator.build();
// Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
// Vector<X509Extension> values = new Vector<X509Extension>();
//
// oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
// values.add(new X509Extension(false, new DEROctetString(nonce
// .toByteArray())));
//
// ocspRequestGenerator.setRequestExtensions(new X509Extensions(oids,
// values));
// return ocspRequestGenerator.generate();
}
示例8: addBasicOcspRespFrom_id_pkix_ocsp_basic
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
private void addBasicOcspRespFrom_id_pkix_ocsp_basic(final List<BasicOCSPResp> basicOCSPResps) {
final Store otherRevocationInfo = cmsSignedData.getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic);
final Collection otherRevocationInfoMatches = otherRevocationInfo.getMatches(null);
for (final Object object : otherRevocationInfoMatches) {
if (object instanceof DERSequence) {
final DERSequence otherRevocationInfoMatch = (DERSequence) object;
final BasicOCSPResp basicOCSPResp = CMSUtils.getBasicOcspResp(otherRevocationInfoMatch);
addBasicOcspResp(basicOCSPResps, basicOCSPResp);
} else {
LOG.warn("Unsupported object type for id_pkix_ocsp_basic (SHALL be DER encoding) : " + object.getClass().getSimpleName());
}
}
}
示例9: hasIdPkixOcspNoCheckExtension
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
/**
* Indicates if the revocation data should be checked for an OCSP signing certificate.<br>
* http://www.ietf.org/rfc/rfc2560.txt?number=2560<br>
* A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate. The
* CA
* does so by including the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical extension. The value of
* the
* extension should be NULL.
*
* @return
*/
public static boolean hasIdPkixOcspNoCheckExtension(CertificateToken token) {
final byte[] extensionValue = token.getCertificate().getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId());
if (extensionValue != null) {
try {
final ASN1Primitive derObject = toASN1Primitive(extensionValue);
if (derObject instanceof DEROctetString) {
return isDEROctetStringNull((DEROctetString) derObject);
}
} catch (Exception e) {
LOG.debug("Exception when processing 'id_pkix_ocsp_no_check'", e);
}
}
return false;
}
示例10: extractArchiveCutOff
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
private void extractArchiveCutOff() {
Extension extension = basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_archive_cutoff);
if (extension != null) {
ASN1GeneralizedTime archiveCutOffAsn1 = (ASN1GeneralizedTime) extension.getParsedValue();
try {
archiveCutOff = archiveCutOffAsn1.getDate();
} catch (ParseException e) {
LOG.warn("Unable to extract id_pkix_ocsp_archive_cutoff : " + e.getMessage());
}
}
}
示例11: fromBasicToResp
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
/**
* Convert a BasicOCSPResp in OCSPResp (connection status is set to
* SUCCESSFUL).
*
* @param basicOCSPResp
* @return
*/
public static final OCSPResp fromBasicToResp(final byte[] basicOCSPResp) {
final OCSPResponseStatus responseStatus = new OCSPResponseStatus(OCSPResponseStatus.SUCCESSFUL);
final DEROctetString derBasicOCSPResp = new DEROctetString(basicOCSPResp);
final ResponseBytes responseBytes = new ResponseBytes(OCSPObjectIdentifiers.id_pkix_ocsp_basic, derBasicOCSPResp);
final OCSPResponse ocspResponse = new OCSPResponse(responseStatus, responseBytes);
final OCSPResp ocspResp = new OCSPResp(ocspResponse);
// !!! todo to be checked: System.out.println("===> RECREATED: " +
// ocspResp.hashCode());
return ocspResp;
}
示例12: doProcessOCSPRequest
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
/**
* Processes the OCSP request from the client.
*
* According to <a href="https://tools.ietf.org/html/rfc6960">RFC 6960 </a> the responder
* is tasked with the following checks and if any are not true, an error message is returned:
*
* 1. the message is well formed
* 2. the responder is configured to provide the requested service
* 3. the request contains the information needed by the responder.
*
* If we are at this point, number one is taken care of (we were able to parse it).
*
* This method will check the second and third conditions as well as do any additional
* validation on the request before returning an OCSP response.
*
* @param ocspReq The OCSP request
* @return The OCSP response
*/
private OCSPResp doProcessOCSPRequest(OCSPReq ocspReq) throws OCSPException {
BasicOCSPRespBuilder responseBuilder = new BasicOCSPRespBuilder(responderID);
checkForValidRequest(ocspReq);
// Add appropriate extensions
Collection<Extension> responseExtensions = new ArrayList<>();
//nonce
Extension nonceExtension = ocspReq.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
if (nonceExtension != null) {
responseExtensions.add(nonceExtension);
}
if (rejectUnknown) {
responseExtensions.add(
new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_extended_revoke, false, new byte[]{})
);
}
Extension[] extensions = responseExtensions.toArray(new Extension[responseExtensions.size()]);
responseBuilder.setResponseExtensions(new Extensions(extensions));
// Check that each request is valid and put the appropriate response in the builder
Req[] requests = ocspReq.getRequestList();
for (Req request : requests) {
addResponse(responseBuilder, request);
}
return buildAndSignResponse(responseBuilder);
}
示例13: addResponse
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
/**
* Adds response for specific cert OCSP request
*
* @param responseBuilder The builder containing the full response
* @param request The specific cert request
*/
private void addResponse(BasicOCSPRespBuilder responseBuilder, Req request) throws OCSPException{
CertificateID certificateID = request.getCertID();
// Build Extensions
Extensions extensions = new Extensions(new Extension[]{});
Extensions requestExtensions = request.getSingleRequestExtensions();
if (requestExtensions != null) {
Extension nonceExtension = requestExtensions.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
if (nonceExtension != null) {
extensions = new Extensions(nonceExtension);
}
}
// Check issuer
boolean matchesIssuer = certificateID.matchesIssuer(issuingCertificate, digestCalculatorProvider);
if (!matchesIssuer) {
addResponseForCertificateRequest(responseBuilder,
certificateID,
new OCSPCertificateStatusWrapper(getUnknownStatus(),
DateTime.now(),
DateTime.now().plusSeconds(certificateManager.getRefreshSeconds())),
extensions);
} else {
CertificateSummary certificateSummary = certificateManager.getSummary(certificateID.getSerialNumber());
addResponseForCertificateRequest(responseBuilder,
request.getCertID(),
getOCSPCertificateStatus(certificateSummary),
extensions);
}
}
示例14: buildNonceExtension
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
private Extension buildNonceExtension() {
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
return new Extension(
OCSPObjectIdentifiers.id_pkix_ocsp_nonce,
true,
new DEROctetString(nonce.toByteArray())
);
}
示例15: isOcspResponseValid
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //导入依赖的package包/类
private boolean isOcspResponseValid(BasicOCSPResp latestOcspResponse) {
Extension extension = latestOcspResponse.getExtension(
new ASN1ObjectIdentifier(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId()));
if (extension == null) {
logger.error("No valid OCSP extension found in signature: " + signature.getId());
return false;
}
return isOcspExtensionValid(extension);
}