本文整理汇总了Java中org.bouncycastle.cert.ocsp.OCSPResp类的典型用法代码示例。如果您正苦于以下问题:Java OCSPResp类的具体用法?Java OCSPResp怎么用?Java OCSPResp使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
OCSPResp类属于org.bouncycastle.cert.ocsp包,在下文中一共展示了OCSPResp类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: sendOCSPReq
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
private OCSPResp sendOCSPReq(OCSPReq request, String url) throws IOException {
byte[] bytes = request.getEncoded();
HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
connection.setRequestProperty("Content-Type", "application/ocsp-request");
connection.setRequestProperty("Accept", "application/ocsp-response");
connection.setDoOutput(true);
this.log.debug("Sending OCSP request to <{}>", url);
DataOutputStream outputStream = new DataOutputStream(new BufferedOutputStream(connection.getOutputStream()));
outputStream.write(bytes);
outputStream.flush();
outputStream.close();
if (connection.getResponseCode() != 200) {
this.log.error("OCSP request has been failed (HTTP {}) - {}", connection.getResponseCode(),
connection.getResponseMessage());
}
try (InputStream in = (InputStream) connection.getContent()) {
return new OCSPResp(in);
}
}
示例2: generateOCSPResponse
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
private static OCSPResp generateOCSPResponse(PrivateKeyEntry server, PrivateKeyEntry issuer,
CertificateStatus status) throws CertificateException {
try {
X509Certificate serverCertJca = (X509Certificate) server.getCertificate();
X509Certificate caCertJca = (X509Certificate) issuer.getCertificate();
X509CertificateHolder caCert = new JcaX509CertificateHolder(caCertJca);
DigestCalculatorProvider digCalcProv = new BcDigestCalculatorProvider();
BasicOCSPRespBuilder basicBuilder = new BasicOCSPRespBuilder(
SubjectPublicKeyInfo.getInstance(caCertJca.getPublicKey().getEncoded()),
digCalcProv.get(CertificateID.HASH_SHA1));
CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1),
caCert, serverCertJca.getSerialNumber());
basicBuilder.addResponse(certId, status);
BasicOCSPResp resp = basicBuilder.build(
new JcaContentSignerBuilder("SHA256withRSA").build(issuer.getPrivateKey()),
null, new Date());
OCSPRespBuilder builder = new OCSPRespBuilder();
return builder.build(OCSPRespBuilder.SUCCESSFUL, resp);
} catch (Exception e) {
throw new CertificateException("cannot generate OCSP response", e);
}
}
示例3: addBasicOcspRespFrom_id_ri_ocsp_response
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
private void addBasicOcspRespFrom_id_ri_ocsp_response(final List<BasicOCSPResp> basicOCSPResps) {
final Store otherRevocationInfo = cmsSignedData.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response);
final Collection otherRevocationInfoMatches = otherRevocationInfo.getMatches(null);
for (final Object object : otherRevocationInfoMatches) {
if (object instanceof DERSequence) {
final DERSequence otherRevocationInfoMatch = (DERSequence) object;
final BasicOCSPResp basicOCSPResp;
if (otherRevocationInfoMatch.size() == 4) {
basicOCSPResp = CMSUtils.getBasicOcspResp(otherRevocationInfoMatch);
} else {
final OCSPResp ocspResp = CMSUtils.getOcspResp(otherRevocationInfoMatch);
basicOCSPResp = CMSUtils.getBasicOCSPResp(ocspResp);
}
addBasicOcspResp(basicOCSPResps, basicOCSPResp);
} else {
LOG.warn("Unsupported object type for id_ri_ocsp_response (SHALL be DER encoding) : " + object.getClass().getSimpleName());
}
}
}
示例4: extractOCSPsFromArray
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
private void extractOCSPsFromArray(PdfDict dict, String dictionaryName, String arrayName) {
PdfArray ocspArray = dict.getAsArray(arrayName);
if (ocspArray != null) {
LOG.debug("There are {} OCSPs in {} dictionary", ocspArray.size(), dictionaryName);
for (int ii = 0; ii < ocspArray.size(); ii++) {
try {
final byte[] stream = ocspArray.getBytes(ii);
final OCSPResp ocspResp = new OCSPResp(stream);
final BasicOCSPResp responseObject = (BasicOCSPResp) ocspResp.getResponseObject();
ocspList.add(responseObject);
} catch (Exception e) {
LOG.debug("Unable to read OCSP " + ii + " from " + dictionaryName + " dictionary : " + e.getMessage(), e);
}
}
} else {
LOG.debug("No OCSPs found in {} dictionary", dictionaryName);
}
}
示例5: testOcspResponseFound
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
@Test
public void testOcspResponseFound() throws Exception {
// setup
OCSPResp ocspResp = PKITestUtils.createOcspResp(this.certificate,
false, this.rootCertificate, this.rootCertificate,
this.rootKeyPair.getPrivate());
OfflineOcspRepository testedInstance = new OfflineOcspRepository(
Collections.singletonList(ocspResp.getEncoded()));
// operate
OCSPResp resultOcspResp = testedInstance.findOcspResponse(new URI(
"htpp://foo.org/bar"), this.certificate, this.rootCertificate,
new Date());
// verify
assertNotNull(resultOcspResp);
assertEquals(ocspResp, resultOcspResp);
}
示例6: testOcspResponseNotFound
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
@Test
public void testOcspResponseNotFound() throws Exception {
// setup
DateTime notBefore = new DateTime();
DateTime notAfter = notBefore.plusMonths(1);
KeyPair keyPair = PKITestUtils.generateKeyPair();
X509Certificate otherCertificate = PKITestUtils.generateCertificate(
keyPair.getPublic(), "CN=TestOther", notBefore, notAfter,
this.rootCertificate, this.rootKeyPair.getPrivate());
OCSPResp ocspResp = PKITestUtils.createOcspResp(otherCertificate,
false, this.rootCertificate, this.rootCertificate,
this.rootKeyPair.getPrivate());
OfflineOcspRepository testedInstance = new OfflineOcspRepository(
Collections.singletonList(ocspResp.getEncoded()));
// operate
OCSPResp resultOcspResp = testedInstance.findOcspResponse(new URI(
"htpp://foo.org/bar"), this.certificate, this.rootCertificate,
new Date());
// verify
assertNull(resultOcspResp);
}
示例7: testOcspResponse
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
@Test
public void testOcspResponse() throws Exception {
// setup
OcspResponderTestServlet.setResponseStatus(HttpServletResponse.SC_OK);
OcspResponderTestServlet.setContentType("application/ocsp-response");
OCSPResp ocspResp = PKITestUtils.createOcspResp(this.certificate,
false, this.rootCertificate, this.rootCertificate,
this.rootKeyPair.getPrivate());
OcspResponderTestServlet.setOcspData(ocspResp.getEncoded());
// operate
OCSPResp resultOcspResp = this.testedInstance.findOcspResponse(
this.ocspUri, this.certificate, this.rootCertificate,
new Date());
// verify
assertNotNull(resultOcspResp);
}
示例8: processOCSPRequest
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
/**
* Processes the OCSP request and catches any exceptions that occur to attempt to
* return an INTERNAL_ERROR response. If it still can't do that, 500s.
*
* @param ocspReq The OCSP request
* @return The OCSP response if possible
* @throws InternalServerErrorException if returning a proper OCSP response is not possible
*/
private OCSPResp processOCSPRequest(OCSPReq ocspReq) {
try {
return doProcessOCSPRequest(ocspReq);
} catch (OCSPException e) {
try {
// Try making an internal error response as a last ditch attempt.
LOG.error("Error processing OCSP Request!", e);
throw new InternalServerErrorException("Error processing OCSP Request",
Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(
new OCSPRespBuilder().build(OCSPRespBuilder.INTERNAL_ERROR, null)
).build(),
e);
} catch (OCSPException e1) {
LOG.error("Could not return a response!", e1);
throw new InternalServerErrorException("Could not build proper response", e1);
}
}
}
示例9: getWithBadDataIsMalformed
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
@Test
public void getWithBadDataIsMalformed() throws Exception {
try {
resources.client().target("/ocsp/").path("BAD_DATA").request().get(OCSPResp.class);
failBecauseExceptionWasNotThrown(BadRequestException.class);
} catch (BadRequestException e) {
assertThat(e).hasMessageEndingWith("HTTP 400 Bad Request");
Response response = e.getResponse();
assertThat(response.hasEntity()).isTrue();
assertThat(response.getEntity()).isInstanceOf(InputStream.class);
OCSPResp ocspResp = new OCSPResp((InputStream) response.getEntity());
assertThat(ocspResp.getStatus()).isEqualTo(OCSPRespBuilder.MALFORMED_REQUEST);
assertThat(ocspResp.getResponseObject()).isNull();
}
}
示例10: postWithBadPayloadIsMalformed
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
@Test
public void postWithBadPayloadIsMalformed() throws Exception {
try {
resources.client().target("/ocsp/").request()
.post(Entity.entity("BAD_DATA", "application/ocsp-request"), OCSPResp.class);
} catch (BadRequestException e) {
assertThat(e).hasMessageEndingWith("HTTP 400 Bad Request");
Response response = e.getResponse();
assertThat(response.hasEntity()).isTrue();
assertThat(response.getEntity()).isInstanceOf(InputStream.class);
OCSPResp ocspResp = new OCSPResp((InputStream) response.getEntity());
assertThat(ocspResp.getStatus()).isEqualTo(OCSPRespBuilder.MALFORMED_REQUEST);
assertThat(ocspResp.getResponseObject()).isNull();
}
}
示例11: getOcspViaSpy
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
@Test
public void getOcspViaSpy() throws Exception {
stubFor(post(urlEqualTo("/"))
.willReturn(aResponse()
.proxiedFrom(configuration.getOcspSource())));
byte[] ocspRequest = new byte[] {48, 120, 48, 118, 48, 77, 48, 75, 48, 73, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4, 20, -20, -37, 96, 16, 51, -48, 76, 118, -7, -123, -78, 28, -40, 58, -45, -98, 2, -101, -109, 49, 4, 20, 73, -64, -14, 68, 57, 101, -43, -101, 70, 59, 13, 56, 96, -125, -79, -42, 45, 40, -122, -90, 2, 16, 83, 11, -28, 27, -68, 89, 124, 68, 87, 14, 43, 124, 19, -68, -6, 12, -94, 37, 48, 35, 48, 33, 6, 9, 43, 6, 1, 5, 5, 7, 48, 1, 2, 4, 20, -55, 25, 66, -2, -90, 61, 30, -49, 20, -82, 91, 49, -4, -52, -64, 23, 106, 12, -114, 67};
SkDataLoader dataLoader = SkDataLoader.createOcspDataLoader(configuration);
dataLoader.setUserAgentSignatureProfile(SignatureProfile.LT);
byte[] response = dataLoader.post(MOCK_PROXY_URL, ocspRequest);
OCSPResp ocspResp = new OCSPResp(response);
assertNotNull(ocspResp.getResponseObject());
verify(postRequestedFor(urlMatching("/")).
withHeader("Content-Type", containing("application/ocsp-request")).
withHeader("User-Agent", containing("LIB DigiDoc4j")));
}
示例12: testInvalidResp
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
public void testInvalidResp()
throws Exception
{
try
{
OCSPResp response = new OCSPResp(invalidResp);
}
catch (CertIOException e)
{
if (e.getCause() instanceof ASN1Exception)
{
Throwable c = ((ASN1Exception)e.getCause()).getCause();
if (!c.getMessage().equals("ENUMERATED has zero length"))
{
fail("parsing failed, but for wrong reason: " + c.getMessage());
}
}
else
{
fail("parsing failed, but for wrong reason: " + e.getMessage());
}
}
}
示例13: handleOCSP
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
protected byte[] handleOCSP(byte[] input, String certAlias) throws IOException {
OCSPReq ocspreq = new OCSPReq(input);
/* TODO: verify signature - needed?
if (ocspreq.isSigned()) {
}*/
BasicOCSPRespBuilder respBuilder = Revocation.initOCSPRespBuilder(ocspreq, certUtil.getKeystoreHandler().getMCCertificate(certAlias).getPublicKey());
Req[] requests = ocspreq.getRequestList();
for (Req req : requests) {
BigInteger sn = req.getCertID().getSerialNumber();
Certificate cert = this.certificateService.getCertificateBySerialNumber(sn);
if (cert == null) {
respBuilder.addResponse(req.getCertID(), new UnknownStatus());
// Check if the certificate is even signed by this CA
} else if (!certAlias.equals(cert.getCertificateAuthority())) {
respBuilder.addResponse(req.getCertID(), new UnknownStatus());
// Check if certificate has been revoked
} else if (cert.isRevoked()) {
respBuilder.addResponse(req.getCertID(), new RevokedStatus(cert.getRevokedAt(), Revocation.getCRLReasonFromString(cert.getRevokeReason())));
} else {
// Certificate is valid
respBuilder.addResponse(req.getCertID(), CertificateStatus.GOOD);
}
}
OCSPResp response = Revocation.generateOCSPResponse(respBuilder, certUtil.getKeystoreHandler().getSigningCertEntry(certAlias));
return response.getEncoded();
}
示例14: addReferencesFromOfflineOCSPSource
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
/**
* This method adds references to retrieved OCSP responses from LT level. With LTA level, we have a proof of
* existence
*
* @param references
*/
protected void addReferencesFromOfflineOCSPSource(List<TimestampReference> references) {
OfflineOCSPSource ocspSource = getOCSPSource();
if (ocspSource != null) {
List<BasicOCSPResp> containedOCSPResponses = ocspSource.getContainedOCSPResponses();
if (Utils.isCollectionNotEmpty(containedOCSPResponses)) {
usedCertificatesDigestAlgorithms.add(DigestAlgorithm.SHA1);
for (BasicOCSPResp basicOCSPResp : containedOCSPResponses) {
OCSPResp ocspResp = DSSRevocationUtils.fromBasicToResp(basicOCSPResp);
final byte[] digest = DSSUtils.digest(DigestAlgorithm.SHA1, DSSRevocationUtils.getEncoded(ocspResp));
references.add(new TimestampReference(DigestAlgorithm.SHA1, Utils.toBase64(digest), TimestampedObjectType.REVOCATION));
}
}
}
}
示例15: getEncoded
import org.bouncycastle.cert.ocsp.OCSPResp; //导入依赖的package包/类
@Override
public byte[] getEncoded() {
try {
if (basicOCSPResp != null) {
final OCSPResp ocspResp = DSSRevocationUtils.fromBasicToResp(basicOCSPResp);
return ocspResp.getEncoded();
} else {
throw new DSSException("Empty OCSP response");
}
} catch (IOException e) {
throw new DSSException("OCSP encoding error: " + e.getMessage(), e);
}
}