本文整理汇总了Java中org.bouncycastle.cert.ocsp.BasicOCSPResp类的典型用法代码示例。如果您正苦于以下问题:Java BasicOCSPResp类的具体用法?Java BasicOCSPResp怎么用?Java BasicOCSPResp使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
BasicOCSPResp类属于org.bouncycastle.cert.ocsp包,在下文中一共展示了BasicOCSPResp类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: verifyOcspCertificates
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
/**
* Verifies an OCSP response against a KeyStore.
* @param ocsp the OCSP response
* @param keystore the <CODE>KeyStore</CODE>
* @param provider the provider or <CODE>null</CODE> to use the BouncyCastle provider
* @return <CODE>true</CODE> is a certificate was found
* @since 2.1.6
*/
public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) {
if (provider == null)
provider = "BC";
try {
for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
try {
String alias = (String)aliases.nextElement();
if (!keystore.isCertificateEntry(alias))
continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
if (ocsp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(provider).build(certStoreX509.getPublicKey())))
return true;
}
catch (Exception ex) {
}
}
}
catch (Exception e) {
}
return false;
}
示例2: generateOCSPResponse
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
private static OCSPResp generateOCSPResponse(PrivateKeyEntry server, PrivateKeyEntry issuer,
CertificateStatus status) throws CertificateException {
try {
X509Certificate serverCertJca = (X509Certificate) server.getCertificate();
X509Certificate caCertJca = (X509Certificate) issuer.getCertificate();
X509CertificateHolder caCert = new JcaX509CertificateHolder(caCertJca);
DigestCalculatorProvider digCalcProv = new BcDigestCalculatorProvider();
BasicOCSPRespBuilder basicBuilder = new BasicOCSPRespBuilder(
SubjectPublicKeyInfo.getInstance(caCertJca.getPublicKey().getEncoded()),
digCalcProv.get(CertificateID.HASH_SHA1));
CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1),
caCert, serverCertJca.getSerialNumber());
basicBuilder.addResponse(certId, status);
BasicOCSPResp resp = basicBuilder.build(
new JcaContentSignerBuilder("SHA256withRSA").build(issuer.getPrivateKey()),
null, new Date());
OCSPRespBuilder builder = new OCSPRespBuilder();
return builder.build(OCSPRespBuilder.SUCCESSFUL, resp);
} catch (Exception e) {
throw new CertificateException("cannot generate OCSP response", e);
}
}
示例3: makeOcspResponsesID
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
/**
* make OcspResponsesID from BasicOCSPResp
*
* @param ocspResp
* @return OcspResponsesID
* @throws NoSuchAlgorithmException
* @throws OCSPException
* @throws IOException
*/
private OcspResponsesID makeOcspResponsesID(BasicOCSPResp ocspResp)
throws NoSuchAlgorithmException, OCSPException, IOException {
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
byte[] digestValue = digest.digest(ocspResp.getEncoded());
OtherHash hash = new OtherHash(digestValue);
OcspResponsesID ocsprespid = new OcspResponsesID(new OcspIdentifier(
ocspResp.getResponderId().toASN1Object(),
new DERGeneralizedTime(ocspResp.getProducedAt())), hash);
return ocsprespid;
}
示例4: isNonceMatch
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
private boolean isNonceMatch(final BasicOCSPResp basicOCSPResp, BigInteger expectedNonceValue) {
Extension extension = basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
ASN1OctetString extnValue = extension.getExtnValue();
ASN1Primitive value;
try {
value = ASN1Primitive.fromByteArray(extnValue.getOctets());
} catch (IOException ex) {
LOG.warn("Invalid encoding of nonce extension value in OCSP response", ex);
return false;
}
if (value instanceof DEROctetString) {
BigInteger receivedNonce = new BigInteger(((DEROctetString) value).getOctets());
return expectedNonceValue.equals(receivedNonce);
} else {
LOG.warn("Nonce extension value in OCSP response is not an OCTET STRING");
return false;
}
}
示例5: addBasicOcspRespFrom_id_ri_ocsp_response
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
private void addBasicOcspRespFrom_id_ri_ocsp_response(final List<BasicOCSPResp> basicOCSPResps) {
final Store otherRevocationInfo = cmsSignedData.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response);
final Collection otherRevocationInfoMatches = otherRevocationInfo.getMatches(null);
for (final Object object : otherRevocationInfoMatches) {
if (object instanceof DERSequence) {
final DERSequence otherRevocationInfoMatch = (DERSequence) object;
final BasicOCSPResp basicOCSPResp;
if (otherRevocationInfoMatch.size() == 4) {
basicOCSPResp = CMSUtils.getBasicOcspResp(otherRevocationInfoMatch);
} else {
final OCSPResp ocspResp = CMSUtils.getOcspResp(otherRevocationInfoMatch);
basicOCSPResp = CMSUtils.getBasicOCSPResp(ocspResp);
}
addBasicOcspResp(basicOCSPResps, basicOCSPResp);
} else {
LOG.warn("Unsupported object type for id_ri_ocsp_response (SHALL be DER encoding) : " + object.getClass().getSimpleName());
}
}
}
示例6: match
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
/**
* @param ocspResp
* @return
*/
public boolean match(final BasicOCSPResp ocspResp) {
if (digestAlgorithm == null) { // -444
return false;
}
try {
MessageDigest digest = DSSUtils.getMessageDigest(digestAlgorithm);
if (matchOnlyBasicOCSPResponse) {
digest.update(ocspResp.getEncoded());
} else {
digest.update(DSSRevocationUtils.fromBasicToResp(ocspResp).getEncoded());
}
byte[] computedValue = digest.digest();
if (LOG.isInfoEnabled()) {
LOG.info("Compare " + Utils.toHex(digestValue) + " to computed value " + Utils.toHex(computedValue) + " of " + "BasicOCSPResp produced at "
+ ocspResp.getProducedAt());
}
return Arrays.equals(digestValue, computedValue);
} catch (IOException e) {
throw new DSSException(e);
}
}
示例7: extractSigningCertificateFormResponderId
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
private void extractSigningCertificateFormResponderId(OCSPToken ocspToken) {
BasicOCSPResp basicOCSPResp = ocspToken.getBasicOCSPResp();
if (basicOCSPResp != null) {
final RespID responderId = basicOCSPResp.getResponderId();
final ResponderID responderIdAsASN1Object = responderId.toASN1Primitive();
final DERTaggedObject derTaggedObject = (DERTaggedObject) responderIdAsASN1Object.toASN1Primitive();
if (2 == derTaggedObject.getTagNo()) {
throw new DSSException("Certificate's key hash management not implemented yet!");
}
final ASN1Primitive derObject = derTaggedObject.getObject();
final byte[] derEncoded = DSSASN1Utils.getDEREncoded(derObject);
final X500Principal x500Principal_ = new X500Principal(derEncoded);
final X500Principal x500Principal = DSSUtils.getNormalizedX500Principal(x500Principal_);
final List<CertificateToken> certificateTokens = validationCertPool.get(x500Principal);
for (final CertificateToken issuerCertificateToken : certificateTokens) {
if (ocspToken.isSignedBy(issuerCertificateToken)) {
break;
}
}
}
}
示例8: extractOCSPsFromArray
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
private void extractOCSPsFromArray(PdfDict dict, String dictionaryName, String arrayName) {
PdfArray ocspArray = dict.getAsArray(arrayName);
if (ocspArray != null) {
LOG.debug("There are {} OCSPs in {} dictionary", ocspArray.size(), dictionaryName);
for (int ii = 0; ii < ocspArray.size(); ii++) {
try {
final byte[] stream = ocspArray.getBytes(ii);
final OCSPResp ocspResp = new OCSPResp(stream);
final BasicOCSPResp responseObject = (BasicOCSPResp) ocspResp.getResponseObject();
ocspList.add(responseObject);
} catch (Exception e) {
LOG.debug("Unable to read OCSP " + ii + " from " + dictionaryName + " dictionary : " + e.getMessage(), e);
}
}
} else {
LOG.debug("No OCSPs found in {} dictionary", dictionaryName);
}
}
示例9: testGetOCSPCertificateIDAndMatch
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
@Test
public void testGetOCSPCertificateIDAndMatch() throws IOException, OCSPException {
CertificateToken certificate = DSSUtils.loadCertificate(new File("src/test/resources/citizen_ca.cer"));
CertificateToken issuer = DSSUtils.loadCertificate(new File("src/test/resources/belgiumrs2.crt"));
assertTrue(certificate.isSignedBy(issuer));
CertificateID certificateID = DSSRevocationUtils.getOCSPCertificateID(certificate, issuer);
assertNotNull(certificateID);
BasicOCSPResp basicOCSPResp = DSSRevocationUtils.loadOCSPBase64Encoded(
"MIIHOgoBAKCCBzMwggcvBgkrBgEFBQcwAQEEggcgMIIHHDCCATOhRDBCMQswCQYDVQQGEwJERTEaMBgGA1UECgwRQnVuZGVzbmV0emFnZW50dXIxFzAVBgNVBAMMDjE0Ui1PQ1NQIDEyOlBOGA8yMDE2MDQyNjA5NDE0M1owgbUwgbIwOzAJBgUrDgMCGgUABBRAEkWUqHsHRftOoCVj8/DhlIT7BwQU/fNQhDCO7COa9TOy44EH3eTvgK4CAgM0gAAYDzIwMTUwOTI5MDkwOTI4WqFgMF4wXAYFKyQIAw0EUzBRMA0GCWCGSAFlAwQCAwUABED48AGg2Q8uukS9H0fDCz8LSLzuISU1he4/rk1s7xipORuO0L4BCE/uPEuEU3903zxw5ZRsbqRBysQE1tL8afTaoSIwIDAeBgkrBgEFBQcwAQYEERgPMTk4NjA0MjYwMDAwMDBaMA0GCSqGSIb3DQEBDQUAA4IBAQB3zLgjV0NAApajfNyGk2ijwzAxlTo87ktHjZyv4ccyEWYQoQf26a2K3BMNwZE/6GCY8ElXd4S7pyt5APeHDxjSjxp68OjEctF4lgghVedvMhI2BN57judwZcK9ytdfgp/vTvwVljemdFI3cNX8o1w7J6BE5IHtVuxcQfuFI/HaibvB0hbr+JLj1r/cEwBrma0O486JzfJsMH+ImIlvnAj12KAi/TSVppxycJptCaKQINjQjtM0wRNjhWI5izk8EdZV8NJi8/v8eKXUqZTbCEpbfBPZ4X3N6jDMYYEw/uCMzdvgxQGLilzW0W/CvOdHvxUAPJO5ChD0CRc98DSfVc+ooIIEzTCCBMkwggTFMIIDraADAgECAgIDNTANBgkqhkiG9w0BAQ0FADA/MQswCQYDVQQGEwJERTEaMBgGA1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzE0Ui1DQSAxOlBOMB4XDTExMDcyNTEyMzI0OVoXDTE2MDcyNDEyMzExOVowQjELMAkGA1UEBhMCREUxGjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRcwFQYDVQQDDA4xNFItT0NTUCAxMjpQTjCCASMwDQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAI0NFH6AJeiimQQGaAHc+PYwUtabavb3XzTr9ACmuO5NzcMmyIBWhpa05FKB2N/0z1a6VmvvhvvH13rTEsGCybHfFhNGGBHI2CwghyL1P5s7R0K7hCzJ5r0IBJzNTEiJsU1ad/XvjL74NPravNGfNL7rKvhIWy8+JyqcT9U22fBC7lZmqyrHAIdrit0KJ3vWGOj85QaSqLfPYmyMfaJjT2Vxp1SiUDosCosDcSmc39R+41Xn8ljFeIIkVad03CZn6WldmJvKjR53tIZjk2t0BfFXyK2unEIXx7tetM35QLBIlkIuR6tPbIFDwcjCGpXBG3VYtgy/ME+2jq8ARyo3lTMCBEAAAIGjggHFMIIBwTATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCBkAwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGGLmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIwEgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRhcDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQFMAMBAQAwHwYDVR0jBBgwFoAU/fNQhDCO7COa9TOy44EH3eTvgK4wHQYDVR0OBBYEFBFllODWsNReIMI/MM3rQ3+rIEBEMA0GCSqGSIb3DQEBDQUAA4IBAQAt3sYpIcdAKClBtX5zPG1+c9qwGq5VW0Q3AqClqI00OxY/GuK840FNUTf5RDt+aOgbgkTVb8n1lJBS05aQddFowA3k4fnxHtgyiR6KygYO3Fsl2MeEJCKgYlRaB0bqiN1A3hzMKXq3S7+l6yUKPnkNg5Nci6PoztZSe7z/TbbUyu8dY+CVYnjgy85AcUhT1tJwoa527ZfgNVDq/6GLLF3ZQzUNNebF90aZlwsW+sFtk9xkxAWuFcSkRq+IaKz/hDhVYlSYaIBlpgjR8YIIaqtky9xakC8bs8KWdBh1DcRxgdAUfLCqHMd3PwkWEw2PmLpqLZeuHFJzb7zeAcXvvVkP");
SingleResp[] responses = basicOCSPResp.getResponses();
assertFalse(DSSRevocationUtils.matches(certificateID, responses[0]));
}
示例10: addSigningTimeErrors
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
private void addSigningTimeErrors() {
XAdESSignature xAdESSignature = signature.getDssSignature();
List<TimestampToken> signatureTimestamps = xAdESSignature.getSignatureTimestamps();
if (signatureTimestamps == null || signatureTimestamps.isEmpty()) {
return;
}
Date timestamp = signatureTimestamps.get(0).getGenerationTime();
if (timestamp == null) {
return;
}
List<BasicOCSPResp> ocspResponses = xAdESSignature.getOCSPSource().getContainedOCSPResponses();
if (ocspResponses == null || ocspResponses.isEmpty()) {
return;
}
Date ocspTime = ocspResponses.get(0).getProducedAt();
if (ocspTime == null) {
return;
}
int TSandOCSPDelta = configuration.getAllowedTimestampAndOCSPResponseDeltaInMinutes();
int TSandRevocDelta = configuration.getRevocationAndTimestampDeltaInMinutes();
if (!DateUtils.isInRangeMinutes(timestamp, ocspTime, (TSandOCSPDelta > TSandRevocDelta? TSandOCSPDelta : TSandRevocDelta))) {
logger.error("The difference between the OCSP response production time and the signature time stamp is too large - " + String.valueOf(timestamp.getTime()-ocspTime.getTime()));
addValidationError(new TimestampAndOcspResponseTimeDeltaTooLargeException());
}
}
示例11: getLatestOcspResponse
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
private BasicOCSPResp getLatestOcspResponse(List<BasicOCSPResp> ocspResponses) {
if (ocspResponses.size() == 0) {
return null;
}
BasicOCSPResp basicOCSPResp = ocspResponses.get(0);
Date latestDate = basicOCSPResp.getProducedAt();
for (int i = 1; i < ocspResponses.size(); i++) {
BasicOCSPResp ocspResp = ocspResponses.get(i);
if (ocspResp.getProducedAt().after(latestDate)) {
latestDate = ocspResp.getProducedAt();
basicOCSPResp = ocspResp;
}
}
return basicOCSPResp;
}
示例12: getContainedOCSPResponses
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
@Override
public List<BasicOCSPResp> getContainedOCSPResponses() {
if (containedOCSPResponses == null) {
containedOCSPResponses = new ArrayList<BasicOCSPResp>();
containedOCSPResponses.addAll(getEncapsulatedOCSPValues());
containedOCSPResponses.addAll(getTimestampEncapsulatedOCSPValues());
}
return containedOCSPResponses;
}
示例13: getOCSPValues
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
private List<BasicOCSPResp> getOCSPValues(final String xPathQuery) {
List<BasicOCSPResp> list = new ArrayList<BasicOCSPResp>();
final NodeList nodeList = DomUtils.getNodeList(signatureElement, xPathQuery);
for (int ii = 0; ii < nodeList.getLength(); ii++) {
final Element certEl = (Element) nodeList.item(ii);
try {
list.add(DSSRevocationUtils.loadOCSPBase64Encoded(certEl.getTextContent()));
} catch (Exception e) {
LOG.warn("Cannot retrieve OCSP response from '" + certEl.getTextContent() + "' : " + e.getMessage(), e);
}
}
return list;
}
示例14: addBasicOcspRespFrom_id_pkix_ocsp_basic
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
private void addBasicOcspRespFrom_id_pkix_ocsp_basic(final List<BasicOCSPResp> basicOCSPResps) {
final Store otherRevocationInfo = cmsSignedData.getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic);
final Collection otherRevocationInfoMatches = otherRevocationInfo.getMatches(null);
for (final Object object : otherRevocationInfoMatches) {
if (object instanceof DERSequence) {
final DERSequence otherRevocationInfoMatch = (DERSequence) object;
final BasicOCSPResp basicOCSPResp = CMSUtils.getBasicOcspResp(otherRevocationInfoMatch);
addBasicOcspResp(basicOCSPResps, basicOCSPResp);
} else {
LOG.warn("Unsupported object type for id_pkix_ocsp_basic (SHALL be DER encoding) : " + object.getClass().getSimpleName());
}
}
}
示例15: addReferencesFromOfflineOCSPSource
import org.bouncycastle.cert.ocsp.BasicOCSPResp; //导入依赖的package包/类
/**
* This method adds references to retrieved OCSP responses from LT level. With LTA level, we have a proof of
* existence
*
* @param references
*/
protected void addReferencesFromOfflineOCSPSource(List<TimestampReference> references) {
OfflineOCSPSource ocspSource = getOCSPSource();
if (ocspSource != null) {
List<BasicOCSPResp> containedOCSPResponses = ocspSource.getContainedOCSPResponses();
if (Utils.isCollectionNotEmpty(containedOCSPResponses)) {
usedCertificatesDigestAlgorithms.add(DigestAlgorithm.SHA1);
for (BasicOCSPResp basicOCSPResp : containedOCSPResponses) {
OCSPResp ocspResp = DSSRevocationUtils.fromBasicToResp(basicOCSPResp);
final byte[] digest = DSSUtils.digest(DigestAlgorithm.SHA1, DSSRevocationUtils.getEncoded(ocspResp));
references.add(new TimestampReference(DigestAlgorithm.SHA1, Utils.toBase64(digest), TimestampedObjectType.REVOCATION));
}
}
}
}