本文整理汇总了Java中org.bouncycastle.cert.ocsp.OCSPResp.getResponseObject方法的典型用法代码示例。如果您正苦于以下问题:Java OCSPResp.getResponseObject方法的具体用法?Java OCSPResp.getResponseObject怎么用?Java OCSPResp.getResponseObject使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.cert.ocsp.OCSPResp的用法示例。
在下文中一共展示了OCSPResp.getResponseObject方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: extractOCSPsFromArray
import org.bouncycastle.cert.ocsp.OCSPResp; //导入方法依赖的package包/类
private void extractOCSPsFromArray(PdfDict dict, String dictionaryName, String arrayName) {
PdfArray ocspArray = dict.getAsArray(arrayName);
if (ocspArray != null) {
LOG.debug("There are {} OCSPs in {} dictionary", ocspArray.size(), dictionaryName);
for (int ii = 0; ii < ocspArray.size(); ii++) {
try {
final byte[] stream = ocspArray.getBytes(ii);
final OCSPResp ocspResp = new OCSPResp(stream);
final BasicOCSPResp responseObject = (BasicOCSPResp) ocspResp.getResponseObject();
ocspList.add(responseObject);
} catch (Exception e) {
LOG.debug("Unable to read OCSP " + ii + " from " + dictionaryName + " dictionary : " + e.getMessage(), e);
}
}
} else {
LOG.debug("No OCSPs found in {} dictionary", dictionaryName);
}
}
示例2: fromRespToBasic
import org.bouncycastle.cert.ocsp.OCSPResp; //导入方法依赖的package包/类
/**
* Convert a OCSPResp in a BasicOCSPResp
*
* @param ocspResp
* @return
*/
public static final BasicOCSPResp fromRespToBasic(OCSPResp ocspResp) {
try {
return (BasicOCSPResp) ocspResp.getResponseObject();
} catch (OCSPException e) {
throw new DSSException(e);
}
}
示例3: load
import org.bouncycastle.cert.ocsp.OCSPResp; //导入方法依赖的package包/类
/**
* This method adds the OCSP basic ocspResponses to the general list.
*
* @param inputStream
*/
private void load(final InputStream inputStream) {
try {
final OCSPResp ocspResp = new OCSPResp(inputStream);
final BasicOCSPResp basicOCSPResp = (BasicOCSPResp) ocspResp.getResponseObject();
ocspResponses.add(basicOCSPResp);
} catch (Exception e) {
throw new DSSException(e);
}
}
示例4: getEncoded
import org.bouncycastle.cert.ocsp.OCSPResp; //导入方法依赖的package包/类
/**
* @return a byte array
* @see com.lowagie.text.pdf.OcspClient#getEncoded()
*/
public byte[] getEncoded() {
try {
OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber());
byte[] array = request.getEncoded();
URL urlt = new URL(url);
HttpURLConnection con = (HttpURLConnection)urlt.openConnection();
con.setRequestProperty("Content-Type", "application/ocsp-request");
con.setRequestProperty("Accept", "application/ocsp-response");
con.setDoOutput(true);
OutputStream out = con.getOutputStream();
DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
dataOut.write(array);
dataOut.flush();
dataOut.close();
if (con.getResponseCode() / 100 != 2) {
throw new IOException("Invalid HTTP response");
}
//Get Response
InputStream in = (InputStream) con.getContent();
OCSPResp ocspResponse = new OCSPResp(in);
if (ocspResponse.getStatus() != 0)
throw new IOException("Invalid status: " + ocspResponse.getStatus());
BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
if (basicResponse != null) {
SingleResp[] responses = basicResponse.getResponses();
if (responses.length == 1) {
SingleResp resp = responses[0];
Object status = resp.getCertStatus();
if (status == CertificateStatus.GOOD) {
return basicResponse.getEncoded();
}
else if (status instanceof org.bouncycastle.cert.ocsp.RevokedStatus) {
throw new IOException("OCSP Status is revoked!");
}
else {
throw new IOException("OCSP Status is unknown!");
}
}
}
}
catch (Exception ex) {
throw new ExceptionConverter(ex);
}
return null;
}
示例5: isValid
import org.bouncycastle.cert.ocsp.OCSPResp; //导入方法依赖的package包/类
@Override
public boolean isValid(X509Certificate cert, X509Certificate issuer) {
try {
OCSPReq ocspRequest = generateOcspRequest(issuer,cert.getSerialNumber());
URL url = new URL(this.url);
HttpURLConnection url_con = (HttpURLConnection)url.openConnection();
url_con.setDoOutput(true);
url_con.connect();
OutputStream os = url_con.getOutputStream();
os.write(ocspRequest.getEncoded());
InputStream is = url_con.getInputStream();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte[] buffer = new byte[1024];
int len = 0;
do {
len = is.read(buffer);
if (len > 0) {
baos.write(buffer, 0, len);
}
} while (len > 0);
ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
OCSPResp ocspResponse = new OCSPResp(bais);
BasicOCSPResp resp = (BasicOCSPResp) ocspResponse.getResponseObject();
//System.err.println(resp.getResponses()[0].getCertStatus());
return resp.getResponses()[0].getCertStatus() == null || (! (resp.getResponses()[0].getCertStatus() instanceof org.bouncycastle.cert.ocsp.RevokedStatus));
} catch (Exception e) {
logger.error("Error validating certificate",e);
return false;
}
}
示例6: loadOCSPBase64Encoded
import org.bouncycastle.cert.ocsp.OCSPResp; //导入方法依赖的package包/类
/**
* This method loads an OCSP response from the given base 64 encoded string.
*
* @param base64Encoded
* base 64 encoded OCSP response
* @return {@code BasicOCSPResp}
* @throws IOException
* @throws OCSPException
*/
public static BasicOCSPResp loadOCSPBase64Encoded(final String base64Encoded) throws IOException, OCSPException {
final byte[] derEncoded = Utils.fromBase64(base64Encoded);
final OCSPResp ocspResp = new OCSPResp(derEncoded);
final BasicOCSPResp basicOCSPResp = (BasicOCSPResp) ocspResp.getResponseObject();
return basicOCSPResp;
}
示例7: validateSuccessfulResponse
import org.bouncycastle.cert.ocsp.OCSPResp; //导入方法依赖的package包/类
private void validateSuccessfulResponse(OCSPResp ocspResp,
OCSPReq ocspReq,
CertificateSummary... summaries) throws Exception {
assertThat(summaries).isNotEmpty();
assertThat(ocspResp.getStatus()).isEqualTo(OCSPRespBuilder.SUCCESSFUL);
assertThat(ocspResp.getResponseObject()).isExactlyInstanceOf(BasicOCSPResp.class);
BasicOCSPResp basicResponse = (BasicOCSPResp)ocspResp.getResponseObject();
assertThat(basicResponse.getProducedAt()).isAfterOrEqualsTo(NOW.toDate());
// check signature
boolean validSignature = basicResponse.isSignatureValid(
new JcaContentVerifierProviderBuilder().setProvider("BC").build(signingCertificate.getPublicKey()));
assertThat(validSignature).isTrue().withFailMessage("Signature was invalid");
assertThat(basicResponse.getSignatureAlgorithmID()).isEqualTo(
new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA")
);
// check extensions
List<ASN1ObjectIdentifier> extensionOIDs = Lists.transform(
(List<?>) basicResponse.getExtensionOIDs(),
input -> (ASN1ObjectIdentifier) input // just casting here
);
assertThat(extensionOIDs).containsExactly(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
Extension reqNonce = ocspReq.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
Extension respNonce = basicResponse.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
assertThat(respNonce).isEqualTo(reqNonce);
SingleResp[] singleResponses = basicResponse.getResponses();
Req[] singleRequests = ocspReq.getRequestList();
assertThat(singleResponses).hasSameSizeAs(singleRequests);
for (int i = 0; i < singleRequests.length; i++) {
Req request = singleRequests[i];
SingleResp response = singleResponses[i];
assertThat(response.getCertID()).isEqualTo(request.getCertID());
ASN1ObjectIdentifier[] requestExtensions = request.getSingleRequestExtensions().getExtensionOIDs();
for (ASN1ObjectIdentifier extensionOID : requestExtensions) {
Extension extension = response.getExtension(extensionOID);
assertThat(extension).isNotNull();
assertThat(extension).isEqualTo(request.getSingleRequestExtensions().getExtension(extensionOID));
}
assertThat(response.getCertID().getSerialNumber()).isEqualTo(summaries[i].getSerialNumber());
org.bouncycastle.cert.ocsp.CertificateStatus ocspCertificateStatus =
getOCSPCertificateStatus(summaries[i]).getCertificateStatus();
if (ocspCertificateStatus == GOOD) {
assertThat(response.getCertStatus()).isEqualTo(GOOD); // They implemented GOOD as null ... really? .....
} else {
assertThat(response.getCertStatus()).isEqualToComparingFieldByField(ocspCertificateStatus);
}
assertThat(response.getThisUpdate()).isEqualToIgnoringMillis(summaries[i].getThisUpdateTime().toDate());
assertThat(response.getNextUpdate())
.hasSecond((summaries[i].getThisUpdateTime().getSecondOfMinute() + REFRESH_TIME) % 60);
}
}
示例8: validate
import org.bouncycastle.cert.ocsp.OCSPResp; //导入方法依赖的package包/类
@Override
public ValidationStatus validate(X509Certificate certificate, List<X509Certificate> issuers, Date validationDate) {
X509Certificate issuer = issuers.get(0);
ValidationStatus status = new ValidationStatus(certificate, issuer, validationDate, ValidatorSourceType.OCSP, CertificateValidity.UNKNOWN);
try {
Principal subjectX500Principal = certificate.getSubjectX500Principal();
String ocspUrl = getOCSPUrl(certificate);
if (ocspUrl == null) {
log.error("OCSP URL for '" + subjectX500Principal + "' is empty");
return status;
}
log.debug("OCSP URL for '" + subjectX500Principal + "' is '" + ocspUrl + "'");
DigestCalculator digestCalculator = new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
CertificateID certificateId = new CertificateID(digestCalculator, new JcaX509CertificateHolder(certificate), certificate.getSerialNumber());
// Generate OCSP request
OCSPReq ocspReq = generateOCSPRequest(certificateId);
// Get OCSP response from server
OCSPResp ocspResp = requestOCSPResponse(ocspUrl, ocspReq);
if (ocspResp.getStatus() != OCSPRespBuilder.SUCCESSFUL) {
log.error("OCSP response is invalid!");
status.setValidity(CertificateValidity.INVALID);
return status;
}
boolean foundResponse = false;
BasicOCSPResp basicOCSPResp = (BasicOCSPResp) ocspResp.getResponseObject();
SingleResp[] singleResps = basicOCSPResp.getResponses();
for (SingleResp singleResp : singleResps) {
CertificateID responseCertificateId = singleResp.getCertID();
if (!certificateId.equals(responseCertificateId)) {
continue;
}
foundResponse = true;
log.debug("OCSP validationDate: " + validationDate);
log.debug("OCSP thisUpdate: " + singleResp.getThisUpdate());
log.debug("OCSP nextUpdate: " + singleResp.getNextUpdate());
status.setRevocationObjectIssuingTime(basicOCSPResp.getProducedAt());
Object certStatus = singleResp.getCertStatus();
if (certStatus == CertificateStatus.GOOD) {
log.debug("OCSP status is valid for '" + certificate.getSubjectX500Principal() + "'");
status.setValidity(CertificateValidity.VALID);
} else {
if (singleResp.getCertStatus() instanceof RevokedStatus) {
log.warn("OCSP status is revoked for: " + subjectX500Principal);
if (validationDate.before(((RevokedStatus) singleResp.getCertStatus()).getRevocationTime())) {
log.warn("OCSP revocation time after the validation date, the certificate '" + subjectX500Principal + "' was valid at " + validationDate);
status.setValidity(CertificateValidity.VALID);
} else {
Date revocationDate = ((RevokedStatus) singleResp.getCertStatus()).getRevocationTime();
log.info("OCSP for certificate '" + subjectX500Principal + "' is revoked since " + revocationDate);
status.setRevocationDate(revocationDate);
status.setRevocationObjectIssuingTime(singleResp.getThisUpdate());
status.setValidity(CertificateValidity.REVOKED);
}
}
}
}
if (!foundResponse) {
log.error("There is no matching OCSP response entries");
}
} catch (Exception ex) {
log.error("OCSP exception: ", ex);
}
return status;
}