Example 16 with Request
use of com.github.zhenwei.core.asn1.ocsp.Request in project LinLong-Java by zhenwei1108.
the class BasicOCSPRespBuilder method build.
public BasicOCSPResp build(ContentSigner signer, X509CertificateHolder[] chain, Date producedAt) throws OCSPException {
Iterator it = list.iterator();
ASN1EncodableVector responses = new ASN1EncodableVector();
while (it.hasNext()) {
try {
responses.add(((ResponseObject) it.next()).toResponse());
} catch (Exception e) {
throw new OCSPException("exception creating Request", e);
}
}
ResponseData tbsResp = new ResponseData(responderID.toASN1Primitive(), new ASN1GeneralizedTime(producedAt), new DERSequence(responses), responseExtensions);
DERBitString bitSig;
try {
OutputStream sigOut = signer.getOutputStream();
sigOut.write(tbsResp.getEncoded(ASN1Encoding.DER));
sigOut.close();
bitSig = new DERBitString(signer.getSignature());
} catch (Exception e) {
throw new OCSPException("exception processing TBSRequest: " + e.getMessage(), e);
}
AlgorithmIdentifier sigAlgId = signer.getAlgorithmIdentifier();
DERSequence chainSeq = null;
if (chain != null && chain.length > 0) {
ASN1EncodableVector v = new ASN1EncodableVector();
for (int i = 0; i != chain.length; i++) {
v.add(chain[i].toASN1Structure());
}
chainSeq = new DERSequence(v);
}
return new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, chainSeq));
}
Also used :
ResponseData(com.github.zhenwei.core.asn1.ocsp.ResponseData)
OutputStream(java.io.OutputStream)
ASN1GeneralizedTime(com.github.zhenwei.core.asn1.ASN1GeneralizedTime)
DERBitString(com.github.zhenwei.core.asn1.DERBitString)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
BasicOCSPResponse(com.github.zhenwei.core.asn1.ocsp.BasicOCSPResponse)
Iterator(java.util.Iterator)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Example 17 with Request
use of com.github.zhenwei.core.asn1.ocsp.Request in project LinLong-Java by zhenwei1108.
the class OCSPReqBuilder method generateRequest.
private OCSPReq generateRequest(ContentSigner contentSigner, X509CertificateHolder[] chain) throws OCSPException {
Iterator it = list.iterator();
ASN1EncodableVector requests = new ASN1EncodableVector();
while (it.hasNext()) {
try {
requests.add(((RequestObject) it.next()).toRequest());
} catch (Exception e) {
throw new OCSPException("exception creating Request", e);
}
}
TBSRequest tbsReq = new TBSRequest(requestorName, new DERSequence(requests), requestExtensions);
Signature signature = null;
if (contentSigner != null) {
if (requestorName == null) {
throw new OCSPException("requestorName must be specified if request is signed.");
}
try {
OutputStream sOut = contentSigner.getOutputStream();
sOut.write(tbsReq.getEncoded(ASN1Encoding.DER));
sOut.close();
} catch (Exception e) {
throw new OCSPException("exception processing TBSRequest: " + e, e);
}
DERBitString bitSig = new DERBitString(contentSigner.getSignature());
AlgorithmIdentifier sigAlgId = contentSigner.getAlgorithmIdentifier();
if (chain != null && chain.length > 0) {
ASN1EncodableVector v = new ASN1EncodableVector();
for (int i = 0; i != chain.length; i++) {
v.add(chain[i].toASN1Structure());
}
signature = new Signature(sigAlgId, bitSig, new DERSequence(v));
} else {
signature = new Signature(sigAlgId, bitSig);
}
}
return new OCSPReq(new OCSPRequest(tbsReq, signature));
}
Also used :
OutputStream(java.io.OutputStream)
DERBitString(com.github.zhenwei.core.asn1.DERBitString)
TBSRequest(com.github.zhenwei.core.asn1.ocsp.TBSRequest)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
Signature(com.github.zhenwei.core.asn1.ocsp.Signature)
Iterator(java.util.Iterator)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
OCSPRequest(com.github.zhenwei.core.asn1.ocsp.OCSPRequest)
Example 18 with Request
use of com.github.zhenwei.core.asn1.ocsp.Request in project LinLong-Java by zhenwei1108.
the class ESTService method simpleEnrollPoP.
/**
* Implements Enroll with PoP. Request will have the tls-unique attribute added to it before it is
* signed and completed.
*
* @param reEnroll True = re enroll.
* @param builder The request builder.
* @param contentSigner The content signer.
* @param auth Auth modes.
* @return Enrollment response.
* @throws IOException
*/
public EnrollmentResponse simpleEnrollPoP(boolean reEnroll, final PKCS10CertificationRequestBuilder builder, final ContentSigner contentSigner, ESTAuth auth) throws IOException {
if (!clientProvider.isTrusted()) {
throw new IllegalStateException("No trust anchors.");
}
ESTResponse resp = null;
try {
URL url = new URL(server + (reEnroll ? SIMPLE_REENROLL : SIMPLE_ENROLL));
ESTClient client = clientProvider.makeClient();
//
// Connect supplying a source listener.
// The source listener is responsible for completing the PCS10 Cert request and encoding it.
//
ESTRequestBuilder reqBldr = new ESTRequestBuilder("POST", url).withClient(client).withConnectionListener(new ESTSourceConnectionListener() {
public ESTRequest onConnection(Source source, ESTRequest request) throws IOException {
if (source instanceof TLSUniqueProvider && ((TLSUniqueProvider) source).isTLSUniqueAvailable()) {
PKCS10CertificationRequestBuilder localBuilder = new PKCS10CertificationRequestBuilder(builder);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
byte[] tlsUnique = ((TLSUniqueProvider) source).getTLSUnique();
localBuilder.setAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(Base64.toBase64String(tlsUnique)));
bos.write(annotateRequest(localBuilder.build(contentSigner).getEncoded()).getBytes());
bos.flush();
ESTRequestBuilder reqBuilder = new ESTRequestBuilder(request).withData(bos.toByteArray());
reqBuilder.setHeader("Content-Type", "application/pkcs10");
reqBuilder.setHeader("Content-Transfer-Encoding", "base64");
reqBuilder.setHeader("Content-Length", Long.toString(bos.size()));
return reqBuilder.build();
} else {
throw new IOException("Source does not supply TLS unique.");
}
}
});
if (auth != null) {
auth.applyAuth(reqBldr);
}
resp = client.doRequest(reqBldr.build());
return handleEnrollResponse(resp);
} catch (Throwable t) {
if (t instanceof ESTException) {
throw (ESTException) t;
} else {
throw new ESTException(t.getMessage(), t);
}
} finally {
if (resp != null) {
resp.close();
}
}
}
Also used :
PKCS10CertificationRequestBuilder(com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequestBuilder)
IOException(java.io.IOException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
URL(java.net.URL)
DERPrintableString(com.github.zhenwei.core.asn1.DERPrintableString)
Example 19 with Request
use of com.github.zhenwei.core.asn1.ocsp.Request in project LinLong-Java by zhenwei1108.
the class PKCS10CertificationRequest method isSignatureValid.
/**
* Validate the signature on the PKCS10 certification request in this holder.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the
* signature.
* @return true if the signature is valid, false otherwise.
* @throws PKCSException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws PKCSException {
CertificationRequestInfo requestInfo = certificationRequest.getCertificationRequestInfo();
ContentVerifier verifier;
try {
verifier = verifierProvider.get(certificationRequest.getSignatureAlgorithm());
OutputStream sOut = verifier.getOutputStream();
sOut.write(requestInfo.getEncoded(ASN1Encoding.DER));
sOut.close();
} catch (Exception e) {
throw new PKCSException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(this.getSignature());
}
Also used :
CertificationRequestInfo(com.github.zhenwei.core.asn1.pkcs.CertificationRequestInfo)
ContentVerifier(com.github.zhenwei.pkix.operator.ContentVerifier)
OutputStream(java.io.OutputStream)
IOException(java.io.IOException)
Example 20 with Request
use of com.github.zhenwei.core.asn1.ocsp.Request in project LinLong-Java by zhenwei1108.
the class PKCS10CertificationRequest method getAttributes.
/**
* Return the attributes, if any associated with this request.
*
* @return an array of Attribute, zero length if none present.
*/
public Attribute[] getAttributes() {
ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes();
if (attrSet == null) {
return EMPTY_ARRAY;
}
Attribute[] attrs = new Attribute[attrSet.size()];
for (int i = 0; i != attrSet.size(); i++) {
attrs[i] = Attribute.getInstance(attrSet.getObjectAt(i));
}
return attrs;
}Aggregations
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)18
DERSequence (com.github.zhenwei.core.asn1.DERSequence)15
IOException (java.io.IOException)14
OutputStream (java.io.OutputStream)6
ArrayList (java.util.ArrayList)6
Iterator (java.util.Iterator)5
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)4
ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)4
DERBitString (com.github.zhenwei.core.asn1.DERBitString)4
DERTaggedObject (com.github.zhenwei.core.asn1.DERTaggedObject)4
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)4
OCSPRequest (org.bouncycastle.asn1.ocsp.OCSPRequest)4
Request (org.bouncycastle.asn1.ocsp.Request)4
ASN1GeneralizedTime (com.github.zhenwei.core.asn1.ASN1GeneralizedTime)3
ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)3
URL (java.net.URL)3
BasicOCSPResponse (com.github.zhenwei.core.asn1.ocsp.BasicOCSPResponse)2
OCSPRequest (com.github.zhenwei.core.asn1.ocsp.OCSPRequest)2
ResponseData (com.github.zhenwei.core.asn1.ocsp.ResponseData)2
