本文整理汇总了Java中org.bouncycastle.cert.ocsp.OCSPException类的典型用法代码示例。如果您正苦于以下问题:Java OCSPException类的具体用法?Java OCSPException怎么用?Java OCSPException使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
OCSPException类属于org.bouncycastle.cert.ocsp包,在下文中一共展示了OCSPException类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generateOCSPRequest
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
/**
* Generates an OCSP request using BouncyCastle.
* @param issuerCert certificate of the issues
* @param serialNumber serial number
* @return an OCSP request
* @throws OCSPException
* @throws IOException
*/
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException {
//Add provider BC
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build();
DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1);
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(digestCalculator, new JcaX509CertificateHolder(issuerCert), serialNumber);
// basic request generation with nonce
OCSPReqBuilder gen = new OCSPReqBuilder();
gen.addRequest(id);
// create details for nonce extension
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()));
gen.setRequestExtensions(new Extensions(new Extension[]{ext}));
return gen.build();
}
示例2: makeOcspResponsesID
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
/**
* make OcspResponsesID from BasicOCSPResp
*
* @param ocspResp
* @return OcspResponsesID
* @throws NoSuchAlgorithmException
* @throws OCSPException
* @throws IOException
*/
private OcspResponsesID makeOcspResponsesID(BasicOCSPResp ocspResp)
throws NoSuchAlgorithmException, OCSPException, IOException {
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
byte[] digestValue = digest.digest(ocspResp.getEncoded());
OtherHash hash = new OtherHash(digestValue);
OcspResponsesID ocsprespid = new OcspResponsesID(new OcspIdentifier(
ocspResp.getResponderId().toASN1Object(),
new DERGeneralizedTime(ocspResp.getProducedAt())), hash);
return ocsprespid;
}
示例3: generateOcspRequest
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
private OCSPReq generateOcspRequest(X509Certificate issuerCert,
BigInteger serialNumber) throws OCSPException, CertificateEncodingException, OperatorCreationException, IOException {
BcDigestCalculatorProvider util = new BcDigestCalculatorProvider();
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(util.get( CertificateID.HASH_SHA1),
new X509CertificateHolder(issuerCert.getEncoded()), serialNumber);
OCSPReqBuilder ocspGen = new OCSPReqBuilder();
ocspGen.addRequest(id);
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray()));
ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext }));
return ocspGen.build();
}
示例4: testGetOCSPCertificateIDAndMatch
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
@Test
public void testGetOCSPCertificateIDAndMatch() throws IOException, OCSPException {
CertificateToken certificate = DSSUtils.loadCertificate(new File("src/test/resources/citizen_ca.cer"));
CertificateToken issuer = DSSUtils.loadCertificate(new File("src/test/resources/belgiumrs2.crt"));
assertTrue(certificate.isSignedBy(issuer));
CertificateID certificateID = DSSRevocationUtils.getOCSPCertificateID(certificate, issuer);
assertNotNull(certificateID);
BasicOCSPResp basicOCSPResp = DSSRevocationUtils.loadOCSPBase64Encoded(
"MIIHOgoBAKCCBzMwggcvBgkrBgEFBQcwAQEEggcgMIIHHDCCATOhRDBCMQswCQYDVQQGEwJERTEaMBgGA1UECgwRQnVuZGVzbmV0emFnZW50dXIxFzAVBgNVBAMMDjE0Ui1PQ1NQIDEyOlBOGA8yMDE2MDQyNjA5NDE0M1owgbUwgbIwOzAJBgUrDgMCGgUABBRAEkWUqHsHRftOoCVj8/DhlIT7BwQU/fNQhDCO7COa9TOy44EH3eTvgK4CAgM0gAAYDzIwMTUwOTI5MDkwOTI4WqFgMF4wXAYFKyQIAw0EUzBRMA0GCWCGSAFlAwQCAwUABED48AGg2Q8uukS9H0fDCz8LSLzuISU1he4/rk1s7xipORuO0L4BCE/uPEuEU3903zxw5ZRsbqRBysQE1tL8afTaoSIwIDAeBgkrBgEFBQcwAQYEERgPMTk4NjA0MjYwMDAwMDBaMA0GCSqGSIb3DQEBDQUAA4IBAQB3zLgjV0NAApajfNyGk2ijwzAxlTo87ktHjZyv4ccyEWYQoQf26a2K3BMNwZE/6GCY8ElXd4S7pyt5APeHDxjSjxp68OjEctF4lgghVedvMhI2BN57judwZcK9ytdfgp/vTvwVljemdFI3cNX8o1w7J6BE5IHtVuxcQfuFI/HaibvB0hbr+JLj1r/cEwBrma0O486JzfJsMH+ImIlvnAj12KAi/TSVppxycJptCaKQINjQjtM0wRNjhWI5izk8EdZV8NJi8/v8eKXUqZTbCEpbfBPZ4X3N6jDMYYEw/uCMzdvgxQGLilzW0W/CvOdHvxUAPJO5ChD0CRc98DSfVc+ooIIEzTCCBMkwggTFMIIDraADAgECAgIDNTANBgkqhkiG9w0BAQ0FADA/MQswCQYDVQQGEwJERTEaMBgGA1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzE0Ui1DQSAxOlBOMB4XDTExMDcyNTEyMzI0OVoXDTE2MDcyNDEyMzExOVowQjELMAkGA1UEBhMCREUxGjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRcwFQYDVQQDDA4xNFItT0NTUCAxMjpQTjCCASMwDQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAI0NFH6AJeiimQQGaAHc+PYwUtabavb3XzTr9ACmuO5NzcMmyIBWhpa05FKB2N/0z1a6VmvvhvvH13rTEsGCybHfFhNGGBHI2CwghyL1P5s7R0K7hCzJ5r0IBJzNTEiJsU1ad/XvjL74NPravNGfNL7rKvhIWy8+JyqcT9U22fBC7lZmqyrHAIdrit0KJ3vWGOj85QaSqLfPYmyMfaJjT2Vxp1SiUDosCosDcSmc39R+41Xn8ljFeIIkVad03CZn6WldmJvKjR53tIZjk2t0BfFXyK2unEIXx7tetM35QLBIlkIuR6tPbIFDwcjCGpXBG3VYtgy/ME+2jq8ARyo3lTMCBEAAAIGjggHFMIIBwTATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCBkAwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGGLmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIwEgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRhcDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQFMAMBAQAwHwYDVR0jBBgwFoAU/fNQhDCO7COa9TOy44EH3eTvgK4wHQYDVR0OBBYEFBFllODWsNReIMI/MM3rQ3+rIEBEMA0GCSqGSIb3DQEBDQUAA4IBAQAt3sYpIcdAKClBtX5zPG1+c9qwGq5VW0Q3AqClqI00OxY/GuK840FNUTf5RDt+aOgbgkTVb8n1lJBS05aQddFowA3k4fnxHtgyiR6KygYO3Fsl2MeEJCKgYlRaB0bqiN1A3hzMKXq3S7+l6yUKPnkNg5Nci6PoztZSe7z/TbbUyu8dY+CVYnjgy85AcUhT1tJwoa527ZfgNVDq/6GLLF3ZQzUNNebF90aZlwsW+sFtk9xkxAWuFcSkRq+IaKz/hDhVYlSYaIBlpgjR8YIIaqtky9xakC8bs8KWdBh1DcRxgdAUfLCqHMd3PwkWEw2PmLpqLZeuHFJzb7zeAcXvvVkP");
SingleResp[] responses = basicOCSPResp.getResponses();
assertFalse(DSSRevocationUtils.matches(certificateID, responses[0]));
}
示例5: processOCSPRequest
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
/**
* Processes the OCSP request and catches any exceptions that occur to attempt to
* return an INTERNAL_ERROR response. If it still can't do that, 500s.
*
* @param ocspReq The OCSP request
* @return The OCSP response if possible
* @throws InternalServerErrorException if returning a proper OCSP response is not possible
*/
private OCSPResp processOCSPRequest(OCSPReq ocspReq) {
try {
return doProcessOCSPRequest(ocspReq);
} catch (OCSPException e) {
try {
// Try making an internal error response as a last ditch attempt.
LOG.error("Error processing OCSP Request!", e);
throw new InternalServerErrorException("Error processing OCSP Request",
Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(
new OCSPRespBuilder().build(OCSPRespBuilder.INTERNAL_ERROR, null)
).build(),
e);
} catch (OCSPException e1) {
LOG.error("Could not return a response!", e1);
throw new InternalServerErrorException("Could not build proper response", e1);
}
}
}
示例6: checkForValidRequest
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
/**
* Checks for a valid request and throws a BadRequestException with the OCSP response if not valid
*
* @param ocspReq The request
* @throws BadRequestException with the OCSP response if the request was malformed
*/
private void checkForValidRequest(OCSPReq ocspReq) throws OCSPException {
if (ocspReq == null) {
throw new BadRequestException("Could not find a request in the payload!",
Response.status(Response.Status.BAD_REQUEST).entity(
new OCSPRespBuilder().build(OCSPRespBuilder.MALFORMED_REQUEST, null)
).build()
);
}
// Check signature if present
if (ocspReq.isSigned() && !isSignatureValid(ocspReq)) {
throw new BadRequestException("Your signature was invalid!",
Response.status(Response.Status.BAD_REQUEST).entity(
new OCSPRespBuilder().build(OCSPRespBuilder.MALFORMED_REQUEST, null)
).build()
);
}
}
示例7: isSignatureValid
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
/**
* Checks to see if the signature in the OCSP request is valid.
*
* @param ocspReq The OCSP request.
* @return {@code true} if the signature is valid, {@code false} otherwise.
*/
private boolean isSignatureValid(OCSPReq ocspReq) throws OCSPException {
try {
return ocspReq.isSignatureValid(
new JcaContentVerifierProviderBuilder() // Can we reuse this builder?
.setProvider("BC")
.build(ocspReq.getCerts()[0])
);
} catch (CertificateException | OperatorCreationException e) {
LOG.warn("Could not read signature!", e);
return false;
}
}
示例8: generateOCSPRequest
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
private OCSPReq generateOCSPRequest(CertificateID certificateId) throws OCSPException, OperatorCreationException, CertificateEncodingException {
OCSPReqBuilder ocspReqGenerator = new OCSPReqBuilder();
ocspReqGenerator.addRequest(certificateId);
OCSPReq ocspReq = ocspReqGenerator.build();
return ocspReq;
}
示例9: generateCertificateIdForRequest
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
private CertificateID generateCertificateIdForRequest(BigInteger userCertSerialNumber, X509Certificate issuerCert)
throws OperatorCreationException, CertificateEncodingException, OCSPException {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
return new CertificateID(
new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1),
new JcaX509CertificateHolder(issuerCert), userCertSerialNumber);
}
示例10: GenOcspReq
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
public static OCSPReq GenOcspReq(X509Certificate nextCert,
X509Certificate nextIssuer) throws OCSPException, OperatorCreationException, CertificateEncodingException, IOException {
OCSPReqBuilder ocspRequestGenerator = new OCSPReqBuilder();
DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
// CertificateID certId = new CertificateID(
// CertificateID.HASH_SHA1,
// nextIssuer, nextCert.getSerialNumber()
// );
CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1),
new X509CertificateHolder (nextIssuer.getEncoded()), nextCert.getSerialNumber());
// CertificateID id = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1));
ocspRequestGenerator.addRequest(certId);
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce.toByteArray()));
ocspRequestGenerator.setRequestExtensions(new Extensions(new Extension[]{ext}));
return ocspRequestGenerator.build();
// Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
// Vector<X509Extension> values = new Vector<X509Extension>();
//
// oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
// values.add(new X509Extension(false, new DEROctetString(nonce
// .toByteArray())));
//
// ocspRequestGenerator.setRequestExtensions(new X509Extensions(oids,
// values));
// return ocspRequestGenerator.generate();
}
示例11: fromRespToBasic
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
/**
* Convert a OCSPResp in a BasicOCSPResp
*
* @param ocspResp
* @return
*/
public static final BasicOCSPResp fromRespToBasic(OCSPResp ocspResp) {
try {
return (BasicOCSPResp) ocspResp.getResponseObject();
} catch (OCSPException e) {
throw new DSSException(e);
}
}
示例12: getOCSPCertificateID
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
/**
* Returns the {@code CertificateID} for the given certificate and its
* issuer's certificate.
*
* @param cert
* {@code CertificateToken} for which the id is created
* @param issuerCert
* {@code CertificateToken} issuer certificate of the {@code cert}
* @return {@code CertificateID}
* @throws eu.europa.esig.dss.DSSException
*/
public static CertificateID getOCSPCertificateID(final CertificateToken cert, final CertificateToken issuerCert) throws DSSException {
try {
final BigInteger serialNumber = cert.getSerialNumber();
final DigestCalculator digestCalculator = getSHA1DigestCalculator();
final X509CertificateHolder x509CertificateHolder = DSSASN1Utils.getX509CertificateHolder(issuerCert);
final CertificateID certificateID = new CertificateID(digestCalculator, x509CertificateHolder, serialNumber);
return certificateID;
} catch (OCSPException e) {
throw new DSSException(e);
}
}
示例13: testRevocationOCSP
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
@Test
public void testRevocationOCSP() throws IOException, OCSPException {
BasicOCSPResp basicOCSPResp = DSSRevocationUtils.loadOCSPBase64Encoded(
"MIIHOgoBAKCCBzMwggcvBgkrBgEFBQcwAQEEggcgMIIHHDCCATOhRDBCMQswCQYDVQQGEwJERTEaMBgGA1UECgwRQnVuZGVzbmV0emFnZW50dXIxFzAVBgNVBAMMDjE0Ui1PQ1NQIDEyOlBOGA8yMDE2MDQyNjA5NDE0M1owgbUwgbIwOzAJBgUrDgMCGgUABBRAEkWUqHsHRftOoCVj8/DhlIT7BwQU/fNQhDCO7COa9TOy44EH3eTvgK4CAgM0gAAYDzIwMTUwOTI5MDkwOTI4WqFgMF4wXAYFKyQIAw0EUzBRMA0GCWCGSAFlAwQCAwUABED48AGg2Q8uukS9H0fDCz8LSLzuISU1he4/rk1s7xipORuO0L4BCE/uPEuEU3903zxw5ZRsbqRBysQE1tL8afTaoSIwIDAeBgkrBgEFBQcwAQYEERgPMTk4NjA0MjYwMDAwMDBaMA0GCSqGSIb3DQEBDQUAA4IBAQB3zLgjV0NAApajfNyGk2ijwzAxlTo87ktHjZyv4ccyEWYQoQf26a2K3BMNwZE/6GCY8ElXd4S7pyt5APeHDxjSjxp68OjEctF4lgghVedvMhI2BN57judwZcK9ytdfgp/vTvwVljemdFI3cNX8o1w7J6BE5IHtVuxcQfuFI/HaibvB0hbr+JLj1r/cEwBrma0O486JzfJsMH+ImIlvnAj12KAi/TSVppxycJptCaKQINjQjtM0wRNjhWI5izk8EdZV8NJi8/v8eKXUqZTbCEpbfBPZ4X3N6jDMYYEw/uCMzdvgxQGLilzW0W/CvOdHvxUAPJO5ChD0CRc98DSfVc+ooIIEzTCCBMkwggTFMIIDraADAgECAgIDNTANBgkqhkiG9w0BAQ0FADA/MQswCQYDVQQGEwJERTEaMBgGA1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzE0Ui1DQSAxOlBOMB4XDTExMDcyNTEyMzI0OVoXDTE2MDcyNDEyMzExOVowQjELMAkGA1UEBhMCREUxGjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRcwFQYDVQQDDA4xNFItT0NTUCAxMjpQTjCCASMwDQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAI0NFH6AJeiimQQGaAHc+PYwUtabavb3XzTr9ACmuO5NzcMmyIBWhpa05FKB2N/0z1a6VmvvhvvH13rTEsGCybHfFhNGGBHI2CwghyL1P5s7R0K7hCzJ5r0IBJzNTEiJsU1ad/XvjL74NPravNGfNL7rKvhIWy8+JyqcT9U22fBC7lZmqyrHAIdrit0KJ3vWGOj85QaSqLfPYmyMfaJjT2Vxp1SiUDosCosDcSmc39R+41Xn8ljFeIIkVad03CZn6WldmJvKjR53tIZjk2t0BfFXyK2unEIXx7tetM35QLBIlkIuR6tPbIFDwcjCGpXBG3VYtgy/ME+2jq8ARyo3lTMCBEAAAIGjggHFMIIBwTATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCBkAwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGGLmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIwEgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRhcDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQFMAMBAQAwHwYDVR0jBBgwFoAU/fNQhDCO7COa9TOy44EH3eTvgK4wHQYDVR0OBBYEFBFllODWsNReIMI/MM3rQ3+rIEBEMA0GCSqGSIb3DQEBDQUAA4IBAQAt3sYpIcdAKClBtX5zPG1+c9qwGq5VW0Q3AqClqI00OxY/GuK840FNUTf5RDt+aOgbgkTVb8n1lJBS05aQddFowA3k4fnxHtgyiR6KygYO3Fsl2MeEJCKgYlRaB0bqiN1A3hzMKXq3S7+l6yUKPnkNg5Nci6PoztZSe7z/TbbUyu8dY+CVYnjgy85AcUhT1tJwoa527ZfgNVDq/6GLLF3ZQzUNNebF90aZlwsW+sFtk9xkxAWuFcSkRq+IaKz/hDhVYlSYaIBlpgjR8YIIaqtky9xakC8bs8KWdBh1DcRxgdAUfLCqHMd3PwkWEw2PmLpqLZeuHFJzb7zeAcXvvVkP");
assertNotNull(basicOCSPResp);
OCSPResp ocspResp = DSSRevocationUtils.fromBasicToResp(basicOCSPResp);
assertNotNull(ocspResp);
BasicOCSPResp basicOCSPResp2 = DSSRevocationUtils.fromRespToBasic(ocspResp);
assertNotNull(basicOCSPResp2);
assertEquals(basicOCSPResp, basicOCSPResp2);
}
示例14: doProcessOCSPRequest
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
/**
* Processes the OCSP request from the client.
*
* According to <a href="https://tools.ietf.org/html/rfc6960">RFC 6960 </a> the responder
* is tasked with the following checks and if any are not true, an error message is returned:
*
* 1. the message is well formed
* 2. the responder is configured to provide the requested service
* 3. the request contains the information needed by the responder.
*
* If we are at this point, number one is taken care of (we were able to parse it).
*
* This method will check the second and third conditions as well as do any additional
* validation on the request before returning an OCSP response.
*
* @param ocspReq The OCSP request
* @return The OCSP response
*/
private OCSPResp doProcessOCSPRequest(OCSPReq ocspReq) throws OCSPException {
BasicOCSPRespBuilder responseBuilder = new BasicOCSPRespBuilder(responderID);
checkForValidRequest(ocspReq);
// Add appropriate extensions
Collection<Extension> responseExtensions = new ArrayList<>();
//nonce
Extension nonceExtension = ocspReq.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
if (nonceExtension != null) {
responseExtensions.add(nonceExtension);
}
if (rejectUnknown) {
responseExtensions.add(
new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_extended_revoke, false, new byte[]{})
);
}
Extension[] extensions = responseExtensions.toArray(new Extension[responseExtensions.size()]);
responseBuilder.setResponseExtensions(new Extensions(extensions));
// Check that each request is valid and put the appropriate response in the builder
Req[] requests = ocspReq.getRequestList();
for (Req request : requests) {
addResponse(responseBuilder, request);
}
return buildAndSignResponse(responseBuilder);
}
示例15: addResponse
import org.bouncycastle.cert.ocsp.OCSPException; //导入依赖的package包/类
/**
* Adds response for specific cert OCSP request
*
* @param responseBuilder The builder containing the full response
* @param request The specific cert request
*/
private void addResponse(BasicOCSPRespBuilder responseBuilder, Req request) throws OCSPException{
CertificateID certificateID = request.getCertID();
// Build Extensions
Extensions extensions = new Extensions(new Extension[]{});
Extensions requestExtensions = request.getSingleRequestExtensions();
if (requestExtensions != null) {
Extension nonceExtension = requestExtensions.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
if (nonceExtension != null) {
extensions = new Extensions(nonceExtension);
}
}
// Check issuer
boolean matchesIssuer = certificateID.matchesIssuer(issuingCertificate, digestCalculatorProvider);
if (!matchesIssuer) {
addResponseForCertificateRequest(responseBuilder,
certificateID,
new OCSPCertificateStatusWrapper(getUnknownStatus(),
DateTime.now(),
DateTime.now().plusSeconds(certificateManager.getRefreshSeconds())),
extensions);
} else {
CertificateSummary certificateSummary = certificateManager.getSummary(certificateID.getSerialNumber());
addResponseForCertificateRequest(responseBuilder,
request.getCertID(),
getOCSPCertificateStatus(certificateSummary),
extensions);
}
}