Example 11 with Extension
use of java.security.cert.Extension in project Bytecoder by mirkosertic.
the class OCSPStatusRequest method length.
/**
* Obtain the length of the {@code OCSPStatusRequest} object in its
* encoded form
*
* @return the length of the {@code OCSPStatusRequest} object in its
* encoded form
*/
@Override
public int length() {
// If we've previously calculated encodedLen simply return it
if (encodedLen != 0) {
return encodedLen;
}
ridListLen = 0;
for (ResponderId rid : responderIds) {
ridListLen += rid.length() + 2;
}
extListLen = 0;
if (!extensions.isEmpty()) {
try {
DerOutputStream extSequence = new DerOutputStream();
DerOutputStream extEncoding = new DerOutputStream();
for (Extension ext : extensions) {
ext.encode(extEncoding);
}
extSequence.write(DerValue.tag_Sequence, extEncoding);
extListLen = extSequence.size();
} catch (IOException ioe) {
// Not sure what to do here
}
}
// Total length is the responder ID list length and extensions length
// plus each lists' 2-byte length fields.
encodedLen = ridListLen + extListLen + 4;
return encodedLen;
}
Also used :
Extension(java.security.cert.Extension)
DerOutputStream(sun.security.util.DerOutputStream)
ResponderId(sun.security.provider.certpath.ResponderId)
IOException(java.io.IOException)
Example 12 with Extension
use of java.security.cert.Extension in project Bytecoder by mirkosertic.
the class OCSP method check.
/**
* Checks the revocation status of a list of certificates using OCSP.
*
* @param certIds the CertIds to be checked
* @param responderURI the URI of the OCSP responder
* @param issuerInfo the issuer's certificate and/or subject and public key
* @param responderCert the OCSP responder's certificate
* @param date the time the validity of the OCSP responder's certificate
* should be checked against. If null, the current time is used.
* @param extensions zero or more OCSP extensions to be included in the
* request. If no extensions are requested, an empty {@code List} must
* be used. A {@code null} value is not allowed.
* @return the OCSPResponse
* @throws IOException if there is an exception connecting to or
* communicating with the OCSP responder
* @throws CertPathValidatorException if an exception occurs while
* encoding the OCSP Request or validating the OCSP Response
*/
static OCSPResponse check(List<CertId> certIds, URI responderURI, OCSPResponse.IssuerInfo issuerInfo, X509Certificate responderCert, Date date, List<Extension> extensions, String variant) throws IOException, CertPathValidatorException {
byte[] nonce = null;
for (Extension ext : extensions) {
if (ext.getId().equals(PKIXExtensions.OCSPNonce_Id.toString())) {
nonce = ext.getValue();
}
}
OCSPResponse ocspResponse = null;
try {
byte[] response = getOCSPBytes(certIds, responderURI, extensions);
ocspResponse = new OCSPResponse(response);
// verify the response
ocspResponse.verify(certIds, issuerInfo, responderCert, date, nonce, variant);
} catch (IOException ioe) {
throw new CertPathValidatorException("Unable to determine revocation status due to network error", ioe, null, -1, BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
return ocspResponse;
}
Also used :
AuthorityInfoAccessExtension(sun.security.x509.AuthorityInfoAccessExtension)
Extension(java.security.cert.Extension)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
IOException(java.io.IOException)
Example 13 with Extension
use of java.security.cert.Extension in project Bytecoder by mirkosertic.
the class OCSPRequest method encodeBytes.
byte[] encodeBytes() throws IOException {
// encode tbsRequest
DerOutputStream tmp = new DerOutputStream();
DerOutputStream requestsOut = new DerOutputStream();
for (CertId certId : certIds) {
DerOutputStream certIdOut = new DerOutputStream();
certId.encode(certIdOut);
requestsOut.write(DerValue.tag_Sequence, certIdOut);
}
tmp.write(DerValue.tag_Sequence, requestsOut);
if (!extensions.isEmpty()) {
DerOutputStream extOut = new DerOutputStream();
for (Extension ext : extensions) {
ext.encode(extOut);
if (ext.getId().equals(PKIXExtensions.OCSPNonce_Id.toString())) {
nonce = ext.getValue();
}
}
DerOutputStream extsOut = new DerOutputStream();
extsOut.write(DerValue.tag_Sequence, extOut);
tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 2), extsOut);
}
DerOutputStream tbsRequest = new DerOutputStream();
tbsRequest.write(DerValue.tag_Sequence, tmp);
// OCSPRequest without the signature
DerOutputStream ocspRequest = new DerOutputStream();
ocspRequest.write(DerValue.tag_Sequence, tbsRequest);
byte[] bytes = ocspRequest.toByteArray();
if (dump) {
HexDumpEncoder hexEnc = new HexDumpEncoder();
debug.println("OCSPRequest bytes...\n\n" + hexEnc.encode(bytes) + "\n");
}
return bytes;
}
Also used :
Extension(java.security.cert.Extension)
HexDumpEncoder(sun.security.util.HexDumpEncoder)
Example 14 with Extension
use of java.security.cert.Extension in project netty by netty.
the class SslErrorTest method data.
static Collection<Object[]> data() {
List<SslProvider> serverProviders = new ArrayList<SslProvider>(2);
List<SslProvider> clientProviders = new ArrayList<SslProvider>(3);
if (OpenSsl.isAvailable()) {
serverProviders.add(SslProvider.OPENSSL);
serverProviders.add(SslProvider.OPENSSL_REFCNT);
clientProviders.add(SslProvider.OPENSSL);
clientProviders.add(SslProvider.OPENSSL_REFCNT);
}
// We not test with SslProvider.JDK on the server side as the JDK implementation currently just send the same
// alert all the time, sigh.....
clientProviders.add(SslProvider.JDK);
List<CertificateException> exceptions = new ArrayList<CertificateException>(6);
exceptions.add(new CertificateExpiredException());
exceptions.add(new CertificateNotYetValidException());
exceptions.add(new CertificateRevokedException(new Date(), CRLReason.AA_COMPROMISE, new X500Principal(""), Collections.<String, Extension>emptyMap()));
// Also use wrapped exceptions as this is what the JDK implementation of X509TrustManagerFactory is doing.
exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.EXPIRED));
exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.NOT_YET_VALID));
exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.REVOKED));
List<Object[]> params = new ArrayList<Object[]>();
for (SslProvider serverProvider : serverProviders) {
for (SslProvider clientProvider : clientProviders) {
for (CertificateException exception : exceptions) {
params.add(new Object[] { serverProvider, clientProvider, exception, true });
params.add(new Object[] { serverProvider, clientProvider, exception, false });
}
}
}
return params;
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
CertificateRevokedException(java.security.cert.CertificateRevokedException)
ArrayList(java.util.ArrayList)
CertificateException(java.security.cert.CertificateException)
Date(java.util.Date)
Extension(java.security.cert.Extension)
X500Principal(javax.security.auth.x500.X500Principal)
Example 15 with Extension
use of java.security.cert.Extension in project j2objc by google.
the class OCSPRequest method encodeBytes.
byte[] encodeBytes() throws IOException {
// encode tbsRequest
DerOutputStream tmp = new DerOutputStream();
DerOutputStream requestsOut = new DerOutputStream();
for (CertId certId : certIds) {
DerOutputStream certIdOut = new DerOutputStream();
certId.encode(certIdOut);
requestsOut.write(DerValue.tag_Sequence, certIdOut);
}
tmp.write(DerValue.tag_Sequence, requestsOut);
if (!extensions.isEmpty()) {
DerOutputStream extOut = new DerOutputStream();
for (Extension ext : extensions) {
ext.encode(extOut);
if (ext.getId().equals(OCSP.NONCE_EXTENSION_OID.toString())) {
nonce = ext.getValue();
}
}
DerOutputStream extsOut = new DerOutputStream();
extsOut.write(DerValue.tag_Sequence, extOut);
tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 2), extsOut);
}
DerOutputStream tbsRequest = new DerOutputStream();
tbsRequest.write(DerValue.tag_Sequence, tmp);
// OCSPRequest without the signature
DerOutputStream ocspRequest = new DerOutputStream();
ocspRequest.write(DerValue.tag_Sequence, tbsRequest);
byte[] bytes = ocspRequest.toByteArray();
if (dump) {
HexDumpEncoder hexEnc = new HexDumpEncoder();
debug.println("OCSPRequest bytes...\n\n" + hexEnc.encode(bytes) + "\n");
}
return bytes;
}
Also used :
Extension(java.security.cert.Extension)
HexDumpEncoder(sun.misc.HexDumpEncoder)
Aggregations
Extension (java.security.cert.Extension)15
IOException (java.io.IOException)6
URI (java.net.URI)3
CertificateRevokedException (java.security.cert.CertificateRevokedException)3
ResponderId (sun.security.provider.certpath.ResponderId)3
CertPathValidatorException (java.security.cert.CertPathValidatorException)2
Date (java.util.Date)2
X500Principal (javax.security.auth.x500.X500Principal)2
HexDumpEncoder (sun.misc.HexDumpEncoder)2
DerOutputStream (sun.security.util.DerOutputStream)2
AuthorityInfoAccessExtension (sun.security.x509.AuthorityInfoAccessExtension)2
CertificateException (java.security.cert.CertificateException)1
CertificateExpiredException (java.security.cert.CertificateExpiredException)1
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
HexDumpEncoder (sun.security.util.HexDumpEncoder)1
