本文整理汇总了Java中org.bouncycastle.cert.ocsp.SingleResp类的典型用法代码示例。如果您正苦于以下问题:Java SingleResp类的具体用法?Java SingleResp怎么用?Java SingleResp使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
SingleResp类属于org.bouncycastle.cert.ocsp包,在下文中一共展示了SingleResp类的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: isRevocationValid
import org.bouncycastle.cert.ocsp.SingleResp; //导入依赖的package包/类
/**
* Checks if OCSP revocation refers to the document signing certificate.
* @return true if it checks false otherwise
* @since 2.1.6
*/
public boolean isRevocationValid() {
if (basicResp == null)
return false;
if (signCerts.size() < 2)
return false;
try {
X509Certificate[] cs = (X509Certificate[])getSignCertificateChain();
SingleResp sr = basicResp.getResponses()[0];
CertificateID cid = sr.getCertID();
X509Certificate sigcer = getSigningCertificate();
X509Certificate isscer = cs[1];
CertificateID tis = new CertificateID(
new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(isscer), sigcer.getSerialNumber());
return tis.equals(cid);
}
catch (Exception ex) {
}
return false;
}
示例2: matches
import org.bouncycastle.cert.ocsp.SingleResp; //导入依赖的package包/类
/**
* fix for certId.equals methods that doesn't work very well.
*
* @param certId
* {@code CertificateID}
* @param singleResp
* {@code SingleResp}
* @return true if the certificate matches this included in
* {@code SingleResp}
*/
public static boolean matches(final CertificateID certId, final SingleResp singleResp) {
final CertificateID singleRespCertID = singleResp.getCertID();
final ASN1ObjectIdentifier singleRespCertIDHashAlgOID = singleRespCertID.getHashAlgOID();
final byte[] singleRespCertIDIssuerKeyHash = singleRespCertID.getIssuerKeyHash();
final byte[] singleRespCertIDIssuerNameHash = singleRespCertID.getIssuerNameHash();
final BigInteger singleRespCertIDSerialNumber = singleRespCertID.getSerialNumber();
final ASN1ObjectIdentifier certIdHashAlgOID = certId.getHashAlgOID();
final byte[] certIdIssuerKeyHash = certId.getIssuerKeyHash();
final byte[] certIdIssuerNameHash = certId.getIssuerNameHash();
final BigInteger certIdSerialNumber = certId.getSerialNumber();
// certId.equals fails in comparing the algoIdentifier because
// AlgoIdentifier params in null in one case and DERNull in another case
return singleRespCertIDHashAlgOID.equals(certIdHashAlgOID) && Arrays.equals(singleRespCertIDIssuerKeyHash, certIdIssuerKeyHash)
&& Arrays.equals(singleRespCertIDIssuerNameHash, certIdIssuerNameHash) && singleRespCertIDSerialNumber.equals(certIdSerialNumber);
}
示例3: testGetOCSPCertificateIDAndMatch
import org.bouncycastle.cert.ocsp.SingleResp; //导入依赖的package包/类
@Test
public void testGetOCSPCertificateIDAndMatch() throws IOException, OCSPException {
CertificateToken certificate = DSSUtils.loadCertificate(new File("src/test/resources/citizen_ca.cer"));
CertificateToken issuer = DSSUtils.loadCertificate(new File("src/test/resources/belgiumrs2.crt"));
assertTrue(certificate.isSignedBy(issuer));
CertificateID certificateID = DSSRevocationUtils.getOCSPCertificateID(certificate, issuer);
assertNotNull(certificateID);
BasicOCSPResp basicOCSPResp = DSSRevocationUtils.loadOCSPBase64Encoded(
"MIIHOgoBAKCCBzMwggcvBgkrBgEFBQcwAQEEggcgMIIHHDCCATOhRDBCMQswCQYDVQQGEwJERTEaMBgGA1UECgwRQnVuZGVzbmV0emFnZW50dXIxFzAVBgNVBAMMDjE0Ui1PQ1NQIDEyOlBOGA8yMDE2MDQyNjA5NDE0M1owgbUwgbIwOzAJBgUrDgMCGgUABBRAEkWUqHsHRftOoCVj8/DhlIT7BwQU/fNQhDCO7COa9TOy44EH3eTvgK4CAgM0gAAYDzIwMTUwOTI5MDkwOTI4WqFgMF4wXAYFKyQIAw0EUzBRMA0GCWCGSAFlAwQCAwUABED48AGg2Q8uukS9H0fDCz8LSLzuISU1he4/rk1s7xipORuO0L4BCE/uPEuEU3903zxw5ZRsbqRBysQE1tL8afTaoSIwIDAeBgkrBgEFBQcwAQYEERgPMTk4NjA0MjYwMDAwMDBaMA0GCSqGSIb3DQEBDQUAA4IBAQB3zLgjV0NAApajfNyGk2ijwzAxlTo87ktHjZyv4ccyEWYQoQf26a2K3BMNwZE/6GCY8ElXd4S7pyt5APeHDxjSjxp68OjEctF4lgghVedvMhI2BN57judwZcK9ytdfgp/vTvwVljemdFI3cNX8o1w7J6BE5IHtVuxcQfuFI/HaibvB0hbr+JLj1r/cEwBrma0O486JzfJsMH+ImIlvnAj12KAi/TSVppxycJptCaKQINjQjtM0wRNjhWI5izk8EdZV8NJi8/v8eKXUqZTbCEpbfBPZ4X3N6jDMYYEw/uCMzdvgxQGLilzW0W/CvOdHvxUAPJO5ChD0CRc98DSfVc+ooIIEzTCCBMkwggTFMIIDraADAgECAgIDNTANBgkqhkiG9w0BAQ0FADA/MQswCQYDVQQGEwJERTEaMBgGA1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzE0Ui1DQSAxOlBOMB4XDTExMDcyNTEyMzI0OVoXDTE2MDcyNDEyMzExOVowQjELMAkGA1UEBhMCREUxGjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRcwFQYDVQQDDA4xNFItT0NTUCAxMjpQTjCCASMwDQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAI0NFH6AJeiimQQGaAHc+PYwUtabavb3XzTr9ACmuO5NzcMmyIBWhpa05FKB2N/0z1a6VmvvhvvH13rTEsGCybHfFhNGGBHI2CwghyL1P5s7R0K7hCzJ5r0IBJzNTEiJsU1ad/XvjL74NPravNGfNL7rKvhIWy8+JyqcT9U22fBC7lZmqyrHAIdrit0KJ3vWGOj85QaSqLfPYmyMfaJjT2Vxp1SiUDosCosDcSmc39R+41Xn8ljFeIIkVad03CZn6WldmJvKjR53tIZjk2t0BfFXyK2unEIXx7tetM35QLBIlkIuR6tPbIFDwcjCGpXBG3VYtgy/ME+2jq8ARyo3lTMCBEAAAIGjggHFMIIBwTATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCBkAwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGGLmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIwEgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRhcDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQFMAMBAQAwHwYDVR0jBBgwFoAU/fNQhDCO7COa9TOy44EH3eTvgK4wHQYDVR0OBBYEFBFllODWsNReIMI/MM3rQ3+rIEBEMA0GCSqGSIb3DQEBDQUAA4IBAQAt3sYpIcdAKClBtX5zPG1+c9qwGq5VW0Q3AqClqI00OxY/GuK840FNUTf5RDt+aOgbgkTVb8n1lJBS05aQddFowA3k4fnxHtgyiR6KygYO3Fsl2MeEJCKgYlRaB0bqiN1A3hzMKXq3S7+l6yUKPnkNg5Nci6PoztZSe7z/TbbUyu8dY+CVYnjgy85AcUhT1tJwoa527ZfgNVDq/6GLLF3ZQzUNNebF90aZlwsW+sFtk9xkxAWuFcSkRq+IaKz/hDhVYlSYaIBlpgjR8YIIaqtky9xakC8bs8KWdBh1DcRxgdAUfLCqHMd3PwkWEw2PmLpqLZeuHFJzb7zeAcXvvVkP");
SingleResp[] responses = basicOCSPResp.getResponses();
assertFalse(DSSRevocationUtils.matches(certificateID, responses[0]));
}
示例4: extractInfo
import org.bouncycastle.cert.ocsp.SingleResp; //导入依赖的package包/类
public void extractInfo() {
if (basicOCSPResp != null) {
this.productionDate = basicOCSPResp.getProducedAt();
this.signatureAlgorithm = SignatureAlgorithm.forOID(basicOCSPResp.getSignatureAlgOID().getId());
extractArchiveCutOff();
SingleResp bestSingleResp = getBestSingleResp(basicOCSPResp, certId);
if (bestSingleResp != null) {
this.thisUpdate = bestSingleResp.getThisUpdate();
this.nextUpdate = bestSingleResp.getNextUpdate();
extractStatusInfo(bestSingleResp);
}
}
}
示例5: getBestSingleResp
import org.bouncycastle.cert.ocsp.SingleResp; //导入依赖的package包/类
private SingleResp getBestSingleResp(final BasicOCSPResp basicOCSPResp, final CertificateID certId) {
Date bestUpdate = null;
SingleResp bestSingleResp = null;
SingleResp[] responses = getResponses(basicOCSPResp);
for (final SingleResp singleResp : responses) {
if (DSSRevocationUtils.matches(certId, singleResp)) {
final Date thisUpdate = singleResp.getThisUpdate();
if ((bestUpdate == null) || thisUpdate.after(bestUpdate)) {
bestSingleResp = singleResp;
bestUpdate = thisUpdate;
}
}
}
return bestSingleResp;
}
示例6: getResponses
import org.bouncycastle.cert.ocsp.SingleResp; //导入依赖的package包/类
private SingleResp[] getResponses(final BasicOCSPResp basicOCSPResp) {
SingleResp[] responses = new SingleResp[] {};
try {
responses = basicOCSPResp.getResponses();
} catch (Exception e) {
LOG.error("Unable to parse the responses object from OCSP", e);
extraInfo.infoOCSPException("Unable to parse the responses object from OCSP : " + e.getMessage());
}
return responses;
}
示例7: extractStatusInfo
import org.bouncycastle.cert.ocsp.SingleResp; //导入依赖的package包/类
private void extractStatusInfo(SingleResp bestSingleResp) {
CertificateStatus certStatus = bestSingleResp.getCertStatus();
if (CertificateStatus.GOOD == certStatus) {
if (LOG.isInfoEnabled()) {
LOG.info("OCSP status is good");
}
status = true;
} else if (certStatus instanceof RevokedStatus) {
if (LOG.isInfoEnabled()) {
LOG.info("OCSP status revoked");
}
final RevokedStatus revokedStatus = (RevokedStatus) certStatus;
status = false;
revocationDate = revokedStatus.getRevocationTime();
int reasonId = 0; // unspecified
if (revokedStatus.hasRevocationReason()) {
reasonId = revokedStatus.getRevocationReason();
}
reason = CRLReasonEnum.fromInt(reasonId).name();
} else if (certStatus instanceof UnknownStatus) {
if (LOG.isInfoEnabled()) {
LOG.info("OCSP status unknown");
}
reason = CRLReasonEnum.unknow.name();
} else {
LOG.info("OCSP certificate status: " + certStatus);
}
}
示例8: getOCSPToken
import org.bouncycastle.cert.ocsp.SingleResp; //导入依赖的package包/类
@Override
public final OCSPToken getOCSPToken(CertificateToken certificateToken, CertificateToken issuerCertificateToken) {
final List<BasicOCSPResp> containedOCSPResponses = getContainedOCSPResponses();
if (Utils.isCollectionEmpty(containedOCSPResponses)) {
return null;
}
if (LOG.isTraceEnabled()) {
final String dssIdAsString = certificateToken.getDSSIdAsString();
LOG.trace("--> OfflineOCSPSource queried for " + dssIdAsString + " contains: " + containedOCSPResponses.size() + " element(s).");
}
Date bestUpdate = null;
BasicOCSPResp bestBasicOCSPResp = null;
final CertificateID certId = DSSRevocationUtils.getOCSPCertificateID(certificateToken, issuerCertificateToken);
for (final BasicOCSPResp basicOCSPResp : containedOCSPResponses) {
for (final SingleResp singleResp : basicOCSPResp.getResponses()) {
if (DSSRevocationUtils.matches(certId, singleResp)) {
final Date thisUpdate = singleResp.getThisUpdate();
if ((bestUpdate == null) || thisUpdate.after(bestUpdate)) {
bestBasicOCSPResp = basicOCSPResp;
bestUpdate = thisUpdate;
}
}
}
}
if (bestBasicOCSPResp != null) {
OCSPToken ocspToken = new OCSPToken();
ocspToken.setCertId(certId);
ocspToken.setOrigin(RevocationOrigin.SIGNATURE);
ocspToken.setBasicOCSPResp(bestBasicOCSPResp);
return ocspToken;
}
return null;
}
示例9: getEncoded
import org.bouncycastle.cert.ocsp.SingleResp; //导入依赖的package包/类
/**
* @return a byte array
* @see com.lowagie.text.pdf.OcspClient#getEncoded()
*/
public byte[] getEncoded() {
try {
OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber());
byte[] array = request.getEncoded();
URL urlt = new URL(url);
HttpURLConnection con = (HttpURLConnection)urlt.openConnection();
con.setRequestProperty("Content-Type", "application/ocsp-request");
con.setRequestProperty("Accept", "application/ocsp-response");
con.setDoOutput(true);
OutputStream out = con.getOutputStream();
DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
dataOut.write(array);
dataOut.flush();
dataOut.close();
if (con.getResponseCode() / 100 != 2) {
throw new IOException("Invalid HTTP response");
}
//Get Response
InputStream in = (InputStream) con.getContent();
OCSPResp ocspResponse = new OCSPResp(in);
if (ocspResponse.getStatus() != 0)
throw new IOException("Invalid status: " + ocspResponse.getStatus());
BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
if (basicResponse != null) {
SingleResp[] responses = basicResponse.getResponses();
if (responses.length == 1) {
SingleResp resp = responses[0];
Object status = resp.getCertStatus();
if (status == CertificateStatus.GOOD) {
return basicResponse.getEncoded();
}
else if (status instanceof org.bouncycastle.cert.ocsp.RevokedStatus) {
throw new IOException("OCSP Status is revoked!");
}
else {
throw new IOException("OCSP Status is unknown!");
}
}
}
}
catch (Exception ex) {
throw new ExceptionConverter(ex);
}
return null;
}
示例10: validateSuccessfulResponse
import org.bouncycastle.cert.ocsp.SingleResp; //导入依赖的package包/类
private void validateSuccessfulResponse(OCSPResp ocspResp,
OCSPReq ocspReq,
CertificateSummary... summaries) throws Exception {
assertThat(summaries).isNotEmpty();
assertThat(ocspResp.getStatus()).isEqualTo(OCSPRespBuilder.SUCCESSFUL);
assertThat(ocspResp.getResponseObject()).isExactlyInstanceOf(BasicOCSPResp.class);
BasicOCSPResp basicResponse = (BasicOCSPResp)ocspResp.getResponseObject();
assertThat(basicResponse.getProducedAt()).isAfterOrEqualsTo(NOW.toDate());
// check signature
boolean validSignature = basicResponse.isSignatureValid(
new JcaContentVerifierProviderBuilder().setProvider("BC").build(signingCertificate.getPublicKey()));
assertThat(validSignature).isTrue().withFailMessage("Signature was invalid");
assertThat(basicResponse.getSignatureAlgorithmID()).isEqualTo(
new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA")
);
// check extensions
List<ASN1ObjectIdentifier> extensionOIDs = Lists.transform(
(List<?>) basicResponse.getExtensionOIDs(),
input -> (ASN1ObjectIdentifier) input // just casting here
);
assertThat(extensionOIDs).containsExactly(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
Extension reqNonce = ocspReq.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
Extension respNonce = basicResponse.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
assertThat(respNonce).isEqualTo(reqNonce);
SingleResp[] singleResponses = basicResponse.getResponses();
Req[] singleRequests = ocspReq.getRequestList();
assertThat(singleResponses).hasSameSizeAs(singleRequests);
for (int i = 0; i < singleRequests.length; i++) {
Req request = singleRequests[i];
SingleResp response = singleResponses[i];
assertThat(response.getCertID()).isEqualTo(request.getCertID());
ASN1ObjectIdentifier[] requestExtensions = request.getSingleRequestExtensions().getExtensionOIDs();
for (ASN1ObjectIdentifier extensionOID : requestExtensions) {
Extension extension = response.getExtension(extensionOID);
assertThat(extension).isNotNull();
assertThat(extension).isEqualTo(request.getSingleRequestExtensions().getExtension(extensionOID));
}
assertThat(response.getCertID().getSerialNumber()).isEqualTo(summaries[i].getSerialNumber());
org.bouncycastle.cert.ocsp.CertificateStatus ocspCertificateStatus =
getOCSPCertificateStatus(summaries[i]).getCertificateStatus();
if (ocspCertificateStatus == GOOD) {
assertThat(response.getCertStatus()).isEqualTo(GOOD); // They implemented GOOD as null ... really? .....
} else {
assertThat(response.getCertStatus()).isEqualToComparingFieldByField(ocspCertificateStatus);
}
assertThat(response.getThisUpdate()).isEqualToIgnoringMillis(summaries[i].getThisUpdateTime().toDate());
assertThat(response.getNextUpdate())
.hasSecond((summaries[i].getThisUpdateTime().getSecondOfMinute() + REFRESH_TIME) % 60);
}
}
示例11: validate
import org.bouncycastle.cert.ocsp.SingleResp; //导入依赖的package包/类
@Override
public ValidationStatus validate(X509Certificate certificate, List<X509Certificate> issuers, Date validationDate) {
X509Certificate issuer = issuers.get(0);
ValidationStatus status = new ValidationStatus(certificate, issuer, validationDate, ValidatorSourceType.OCSP, CertificateValidity.UNKNOWN);
try {
Principal subjectX500Principal = certificate.getSubjectX500Principal();
String ocspUrl = getOCSPUrl(certificate);
if (ocspUrl == null) {
log.error("OCSP URL for '" + subjectX500Principal + "' is empty");
return status;
}
log.debug("OCSP URL for '" + subjectX500Principal + "' is '" + ocspUrl + "'");
DigestCalculator digestCalculator = new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
CertificateID certificateId = new CertificateID(digestCalculator, new JcaX509CertificateHolder(certificate), certificate.getSerialNumber());
// Generate OCSP request
OCSPReq ocspReq = generateOCSPRequest(certificateId);
// Get OCSP response from server
OCSPResp ocspResp = requestOCSPResponse(ocspUrl, ocspReq);
if (ocspResp.getStatus() != OCSPRespBuilder.SUCCESSFUL) {
log.error("OCSP response is invalid!");
status.setValidity(CertificateValidity.INVALID);
return status;
}
boolean foundResponse = false;
BasicOCSPResp basicOCSPResp = (BasicOCSPResp) ocspResp.getResponseObject();
SingleResp[] singleResps = basicOCSPResp.getResponses();
for (SingleResp singleResp : singleResps) {
CertificateID responseCertificateId = singleResp.getCertID();
if (!certificateId.equals(responseCertificateId)) {
continue;
}
foundResponse = true;
log.debug("OCSP validationDate: " + validationDate);
log.debug("OCSP thisUpdate: " + singleResp.getThisUpdate());
log.debug("OCSP nextUpdate: " + singleResp.getNextUpdate());
status.setRevocationObjectIssuingTime(basicOCSPResp.getProducedAt());
Object certStatus = singleResp.getCertStatus();
if (certStatus == CertificateStatus.GOOD) {
log.debug("OCSP status is valid for '" + certificate.getSubjectX500Principal() + "'");
status.setValidity(CertificateValidity.VALID);
} else {
if (singleResp.getCertStatus() instanceof RevokedStatus) {
log.warn("OCSP status is revoked for: " + subjectX500Principal);
if (validationDate.before(((RevokedStatus) singleResp.getCertStatus()).getRevocationTime())) {
log.warn("OCSP revocation time after the validation date, the certificate '" + subjectX500Principal + "' was valid at " + validationDate);
status.setValidity(CertificateValidity.VALID);
} else {
Date revocationDate = ((RevokedStatus) singleResp.getCertStatus()).getRevocationTime();
log.info("OCSP for certificate '" + subjectX500Principal + "' is revoked since " + revocationDate);
status.setRevocationDate(revocationDate);
status.setRevocationObjectIssuingTime(singleResp.getThisUpdate());
status.setValidity(CertificateValidity.REVOKED);
}
}
}
}
if (!foundResponse) {
log.error("There is no matching OCSP response entries");
}
} catch (Exception ex) {
log.error("OCSP exception: ", ex);
}
return status;
}