本文整理汇总了Java中org.bouncycastle.cert.ocsp.CertificateID类的典型用法代码示例。如果您正苦于以下问题:Java CertificateID类的具体用法?Java CertificateID怎么用?Java CertificateID使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
CertificateID类属于org.bouncycastle.cert.ocsp包,在下文中一共展示了CertificateID类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generateOCSPRequest
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
/**
* Generates an OCSP request using BouncyCastle.
* @param issuerCert certificate of the issues
* @param serialNumber serial number
* @return an OCSP request
* @throws OCSPException
* @throws IOException
*/
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException {
//Add provider BC
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build();
DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1);
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(digestCalculator, new JcaX509CertificateHolder(issuerCert), serialNumber);
// basic request generation with nonce
OCSPReqBuilder gen = new OCSPReqBuilder();
gen.addRequest(id);
// create details for nonce extension
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()));
gen.setRequestExtensions(new Extensions(new Extension[]{ext}));
return gen.build();
}
示例2: isRevocationValid
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
/**
* Checks if OCSP revocation refers to the document signing certificate.
* @return true if it checks false otherwise
* @since 2.1.6
*/
public boolean isRevocationValid() {
if (basicResp == null)
return false;
if (signCerts.size() < 2)
return false;
try {
X509Certificate[] cs = (X509Certificate[])getSignCertificateChain();
SingleResp sr = basicResp.getResponses()[0];
CertificateID cid = sr.getCertID();
X509Certificate sigcer = getSigningCertificate();
X509Certificate isscer = cs[1];
CertificateID tis = new CertificateID(
new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(isscer), sigcer.getSerialNumber());
return tis.equals(cid);
}
catch (Exception ex) {
}
return false;
}
示例3: generateOCSPResponse
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
private static OCSPResp generateOCSPResponse(PrivateKeyEntry server, PrivateKeyEntry issuer,
CertificateStatus status) throws CertificateException {
try {
X509Certificate serverCertJca = (X509Certificate) server.getCertificate();
X509Certificate caCertJca = (X509Certificate) issuer.getCertificate();
X509CertificateHolder caCert = new JcaX509CertificateHolder(caCertJca);
DigestCalculatorProvider digCalcProv = new BcDigestCalculatorProvider();
BasicOCSPRespBuilder basicBuilder = new BasicOCSPRespBuilder(
SubjectPublicKeyInfo.getInstance(caCertJca.getPublicKey().getEncoded()),
digCalcProv.get(CertificateID.HASH_SHA1));
CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1),
caCert, serverCertJca.getSerialNumber());
basicBuilder.addResponse(certId, status);
BasicOCSPResp resp = basicBuilder.build(
new JcaContentSignerBuilder("SHA256withRSA").build(issuer.getPrivateKey()),
null, new Date());
OCSPRespBuilder builder = new OCSPRespBuilder();
return builder.build(OCSPRespBuilder.SUCCESSFUL, resp);
} catch (Exception e) {
throw new CertificateException("cannot generate OCSP response", e);
}
}
示例4: generateOcspRequest
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
private OCSPReq generateOcspRequest(X509Certificate issuerCert,
BigInteger serialNumber) throws OCSPException, CertificateEncodingException, OperatorCreationException, IOException {
BcDigestCalculatorProvider util = new BcDigestCalculatorProvider();
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(util.get( CertificateID.HASH_SHA1),
new X509CertificateHolder(issuerCert.getEncoded()), serialNumber);
OCSPReqBuilder ocspGen = new OCSPReqBuilder();
ocspGen.addRequest(id);
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray()));
ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext }));
return ocspGen.build();
}
示例5: matches
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
/**
* fix for certId.equals methods that doesn't work very well.
*
* @param certId
* {@code CertificateID}
* @param singleResp
* {@code SingleResp}
* @return true if the certificate matches this included in
* {@code SingleResp}
*/
public static boolean matches(final CertificateID certId, final SingleResp singleResp) {
final CertificateID singleRespCertID = singleResp.getCertID();
final ASN1ObjectIdentifier singleRespCertIDHashAlgOID = singleRespCertID.getHashAlgOID();
final byte[] singleRespCertIDIssuerKeyHash = singleRespCertID.getIssuerKeyHash();
final byte[] singleRespCertIDIssuerNameHash = singleRespCertID.getIssuerNameHash();
final BigInteger singleRespCertIDSerialNumber = singleRespCertID.getSerialNumber();
final ASN1ObjectIdentifier certIdHashAlgOID = certId.getHashAlgOID();
final byte[] certIdIssuerKeyHash = certId.getIssuerKeyHash();
final byte[] certIdIssuerNameHash = certId.getIssuerNameHash();
final BigInteger certIdSerialNumber = certId.getSerialNumber();
// certId.equals fails in comparing the algoIdentifier because
// AlgoIdentifier params in null in one case and DERNull in another case
return singleRespCertIDHashAlgOID.equals(certIdHashAlgOID) && Arrays.equals(singleRespCertIDIssuerKeyHash, certIdIssuerKeyHash)
&& Arrays.equals(singleRespCertIDIssuerNameHash, certIdIssuerNameHash) && singleRespCertIDSerialNumber.equals(certIdSerialNumber);
}
示例6: testGetOCSPCertificateIDAndMatch
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
@Test
public void testGetOCSPCertificateIDAndMatch() throws IOException, OCSPException {
CertificateToken certificate = DSSUtils.loadCertificate(new File("src/test/resources/citizen_ca.cer"));
CertificateToken issuer = DSSUtils.loadCertificate(new File("src/test/resources/belgiumrs2.crt"));
assertTrue(certificate.isSignedBy(issuer));
CertificateID certificateID = DSSRevocationUtils.getOCSPCertificateID(certificate, issuer);
assertNotNull(certificateID);
BasicOCSPResp basicOCSPResp = DSSRevocationUtils.loadOCSPBase64Encoded(
"MIIHOgoBAKCCBzMwggcvBgkrBgEFBQcwAQEEggcgMIIHHDCCATOhRDBCMQswCQYDVQQGEwJERTEaMBgGA1UECgwRQnVuZGVzbmV0emFnZW50dXIxFzAVBgNVBAMMDjE0Ui1PQ1NQIDEyOlBOGA8yMDE2MDQyNjA5NDE0M1owgbUwgbIwOzAJBgUrDgMCGgUABBRAEkWUqHsHRftOoCVj8/DhlIT7BwQU/fNQhDCO7COa9TOy44EH3eTvgK4CAgM0gAAYDzIwMTUwOTI5MDkwOTI4WqFgMF4wXAYFKyQIAw0EUzBRMA0GCWCGSAFlAwQCAwUABED48AGg2Q8uukS9H0fDCz8LSLzuISU1he4/rk1s7xipORuO0L4BCE/uPEuEU3903zxw5ZRsbqRBysQE1tL8afTaoSIwIDAeBgkrBgEFBQcwAQYEERgPMTk4NjA0MjYwMDAwMDBaMA0GCSqGSIb3DQEBDQUAA4IBAQB3zLgjV0NAApajfNyGk2ijwzAxlTo87ktHjZyv4ccyEWYQoQf26a2K3BMNwZE/6GCY8ElXd4S7pyt5APeHDxjSjxp68OjEctF4lgghVedvMhI2BN57judwZcK9ytdfgp/vTvwVljemdFI3cNX8o1w7J6BE5IHtVuxcQfuFI/HaibvB0hbr+JLj1r/cEwBrma0O486JzfJsMH+ImIlvnAj12KAi/TSVppxycJptCaKQINjQjtM0wRNjhWI5izk8EdZV8NJi8/v8eKXUqZTbCEpbfBPZ4X3N6jDMYYEw/uCMzdvgxQGLilzW0W/CvOdHvxUAPJO5ChD0CRc98DSfVc+ooIIEzTCCBMkwggTFMIIDraADAgECAgIDNTANBgkqhkiG9w0BAQ0FADA/MQswCQYDVQQGEwJERTEaMBgGA1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzE0Ui1DQSAxOlBOMB4XDTExMDcyNTEyMzI0OVoXDTE2MDcyNDEyMzExOVowQjELMAkGA1UEBhMCREUxGjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRcwFQYDVQQDDA4xNFItT0NTUCAxMjpQTjCCASMwDQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAI0NFH6AJeiimQQGaAHc+PYwUtabavb3XzTr9ACmuO5NzcMmyIBWhpa05FKB2N/0z1a6VmvvhvvH13rTEsGCybHfFhNGGBHI2CwghyL1P5s7R0K7hCzJ5r0IBJzNTEiJsU1ad/XvjL74NPravNGfNL7rKvhIWy8+JyqcT9U22fBC7lZmqyrHAIdrit0KJ3vWGOj85QaSqLfPYmyMfaJjT2Vxp1SiUDosCosDcSmc39R+41Xn8ljFeIIkVad03CZn6WldmJvKjR53tIZjk2t0BfFXyK2unEIXx7tetM35QLBIlkIuR6tPbIFDwcjCGpXBG3VYtgy/ME+2jq8ARyo3lTMCBEAAAIGjggHFMIIBwTATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCBkAwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGGLmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIwEgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRhcDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQFMAMBAQAwHwYDVR0jBBgwFoAU/fNQhDCO7COa9TOy44EH3eTvgK4wHQYDVR0OBBYEFBFllODWsNReIMI/MM3rQ3+rIEBEMA0GCSqGSIb3DQEBDQUAA4IBAQAt3sYpIcdAKClBtX5zPG1+c9qwGq5VW0Q3AqClqI00OxY/GuK840FNUTf5RDt+aOgbgkTVb8n1lJBS05aQddFowA3k4fnxHtgyiR6KygYO3Fsl2MeEJCKgYlRaB0bqiN1A3hzMKXq3S7+l6yUKPnkNg5Nci6PoztZSe7z/TbbUyu8dY+CVYnjgy85AcUhT1tJwoa527ZfgNVDq/6GLLF3ZQzUNNebF90aZlwsW+sFtk9xkxAWuFcSkRq+IaKz/hDhVYlSYaIBlpgjR8YIIaqtky9xakC8bs8KWdBh1DcRxgdAUfLCqHMd3PwkWEw2PmLpqLZeuHFJzb7zeAcXvvVkP");
SingleResp[] responses = basicOCSPResp.getResponses();
assertFalse(DSSRevocationUtils.matches(certificateID, responses[0]));
}
示例7: getOCSPReqBuilder
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
private OCSPReqBuilder getOCSPReqBuilder(BigInteger serialNumber) throws Exception {
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(
new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1),
new X509CertificateHolder(issuingCertificate.getEncoded()),
serialNumber
);
OCSPReqBuilder requestBuilder = new OCSPReqBuilder();
requestBuilder.addRequest(id, new Extensions(new Extension[] { buildNonceExtension() }));
// create nonce extension
requestBuilder.setRequestExtensions(new Extensions(new Extension[] { buildNonceExtension() }));
return requestBuilder;
}
示例8: generateOCSPRequest
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
private OCSPReq generateOCSPRequest(CertificateID certificateId) throws OCSPException, OperatorCreationException, CertificateEncodingException {
OCSPReqBuilder ocspReqGenerator = new OCSPReqBuilder();
ocspReqGenerator.addRequest(certificateId);
OCSPReq ocspReq = ocspReqGenerator.build();
return ocspReq;
}
示例9: generateCertificateIdForRequest
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
private CertificateID generateCertificateIdForRequest(BigInteger userCertSerialNumber, X509Certificate issuerCert)
throws OperatorCreationException, CertificateEncodingException, OCSPException {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
return new CertificateID(
new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1),
new JcaX509CertificateHolder(issuerCert), userCertSerialNumber);
}
示例10: GenOcspReq
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
public static OCSPReq GenOcspReq(X509Certificate nextCert,
X509Certificate nextIssuer) throws OCSPException, OperatorCreationException, CertificateEncodingException, IOException {
OCSPReqBuilder ocspRequestGenerator = new OCSPReqBuilder();
DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
// CertificateID certId = new CertificateID(
// CertificateID.HASH_SHA1,
// nextIssuer, nextCert.getSerialNumber()
// );
CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1),
new X509CertificateHolder (nextIssuer.getEncoded()), nextCert.getSerialNumber());
// CertificateID id = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1));
ocspRequestGenerator.addRequest(certId);
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce.toByteArray()));
ocspRequestGenerator.setRequestExtensions(new Extensions(new Extension[]{ext}));
return ocspRequestGenerator.build();
// Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
// Vector<X509Extension> values = new Vector<X509Extension>();
//
// oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
// values.add(new X509Extension(false, new DEROctetString(nonce
// .toByteArray())));
//
// ocspRequestGenerator.setRequestExtensions(new X509Extensions(oids,
// values));
// return ocspRequestGenerator.generate();
}
示例11: getBestSingleResp
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
private SingleResp getBestSingleResp(final BasicOCSPResp basicOCSPResp, final CertificateID certId) {
Date bestUpdate = null;
SingleResp bestSingleResp = null;
SingleResp[] responses = getResponses(basicOCSPResp);
for (final SingleResp singleResp : responses) {
if (DSSRevocationUtils.matches(certId, singleResp)) {
final Date thisUpdate = singleResp.getThisUpdate();
if ((bestUpdate == null) || thisUpdate.after(bestUpdate)) {
bestSingleResp = singleResp;
bestUpdate = thisUpdate;
}
}
}
return bestSingleResp;
}
示例12: getOCSPToken
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
@Override
public final OCSPToken getOCSPToken(CertificateToken certificateToken, CertificateToken issuerCertificateToken) {
final List<BasicOCSPResp> containedOCSPResponses = getContainedOCSPResponses();
if (Utils.isCollectionEmpty(containedOCSPResponses)) {
return null;
}
if (LOG.isTraceEnabled()) {
final String dssIdAsString = certificateToken.getDSSIdAsString();
LOG.trace("--> OfflineOCSPSource queried for " + dssIdAsString + " contains: " + containedOCSPResponses.size() + " element(s).");
}
Date bestUpdate = null;
BasicOCSPResp bestBasicOCSPResp = null;
final CertificateID certId = DSSRevocationUtils.getOCSPCertificateID(certificateToken, issuerCertificateToken);
for (final BasicOCSPResp basicOCSPResp : containedOCSPResponses) {
for (final SingleResp singleResp : basicOCSPResp.getResponses()) {
if (DSSRevocationUtils.matches(certId, singleResp)) {
final Date thisUpdate = singleResp.getThisUpdate();
if ((bestUpdate == null) || thisUpdate.after(bestUpdate)) {
bestBasicOCSPResp = basicOCSPResp;
bestUpdate = thisUpdate;
}
}
}
}
if (bestBasicOCSPResp != null) {
OCSPToken ocspToken = new OCSPToken();
ocspToken.setCertId(certId);
ocspToken.setOrigin(RevocationOrigin.SIGNATURE);
ocspToken.setBasicOCSPResp(bestBasicOCSPResp);
return ocspToken;
}
return null;
}
示例13: getOCSPCertificateID
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
/**
* Returns the {@code CertificateID} for the given certificate and its
* issuer's certificate.
*
* @param cert
* {@code CertificateToken} for which the id is created
* @param issuerCert
* {@code CertificateToken} issuer certificate of the {@code cert}
* @return {@code CertificateID}
* @throws eu.europa.esig.dss.DSSException
*/
public static CertificateID getOCSPCertificateID(final CertificateToken cert, final CertificateToken issuerCert) throws DSSException {
try {
final BigInteger serialNumber = cert.getSerialNumber();
final DigestCalculator digestCalculator = getSHA1DigestCalculator();
final X509CertificateHolder x509CertificateHolder = DSSASN1Utils.getX509CertificateHolder(issuerCert);
final CertificateID certificateID = new CertificateID(digestCalculator, x509CertificateHolder, serialNumber);
return certificateID;
} catch (OCSPException e) {
throw new DSSException(e);
}
}
示例14: getSHA1DigestCalculator
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
public static DigestCalculator getSHA1DigestCalculator() throws DSSException {
try {
final DigestCalculatorProvider digestCalculatorProvider = jcaDigestCalculatorProviderBuilder.build();
final DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1);
return digestCalculator;
} catch (OperatorCreationException e) {
throw new DSSException(e);
}
}
示例15: addResponse
import org.bouncycastle.cert.ocsp.CertificateID; //导入依赖的package包/类
/**
* Adds response for specific cert OCSP request
*
* @param responseBuilder The builder containing the full response
* @param request The specific cert request
*/
private void addResponse(BasicOCSPRespBuilder responseBuilder, Req request) throws OCSPException{
CertificateID certificateID = request.getCertID();
// Build Extensions
Extensions extensions = new Extensions(new Extension[]{});
Extensions requestExtensions = request.getSingleRequestExtensions();
if (requestExtensions != null) {
Extension nonceExtension = requestExtensions.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
if (nonceExtension != null) {
extensions = new Extensions(nonceExtension);
}
}
// Check issuer
boolean matchesIssuer = certificateID.matchesIssuer(issuingCertificate, digestCalculatorProvider);
if (!matchesIssuer) {
addResponseForCertificateRequest(responseBuilder,
certificateID,
new OCSPCertificateStatusWrapper(getUnknownStatus(),
DateTime.now(),
DateTime.now().plusSeconds(certificateManager.getRefreshSeconds())),
extensions);
} else {
CertificateSummary certificateSummary = certificateManager.getSummary(certificateID.getSerialNumber());
addResponseForCertificateRequest(responseBuilder,
request.getCertID(),
getOCSPCertificateStatus(certificateSummary),
extensions);
}
}