use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.
the class CaLoadTestEnroll method nextCertRequests.
private Map<Integer, CertRequest> nextCertRequests() {
if (maxRequests > 0) {
int num = processedRequests.getAndAdd(1);
if (num >= maxRequests) {
return null;
}
}
Map<Integer, CertRequest> certRequests = new HashMap<>();
for (int i = 0; i < num; i++) {
final int certId = i + 1;
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
long thisIndex = index.getAndIncrement();
certTempBuilder.setSubject(loadtestEntry.getX500Name(thisIndex));
SubjectPublicKeyInfo spki = loadtestEntry.getSubjectPublicKeyInfo();
certTempBuilder.setPublicKey(spki);
CertTemplate certTemplate = certTempBuilder.build();
CertRequest certRequest = new CertRequest(certId, certTemplate, null);
certRequests.put(certId, certRequest);
}
return certRequests;
}
use of org.bouncycastle.asn1.ocsp.CertID in project pdfbox by apache.
the class OcspHelper method generateOCSPRequest.
/**
* Generates an OCSP request and generates the <code>CertificateID</code>.
*
* @return OCSP request, ready to fetch data
* @throws OCSPException
* @throws IOException
*/
private OCSPReq generateOCSPRequest() throws OCSPException, IOException {
Security.addProvider(new BouncyCastleProvider());
// Generate the ID for the certificate we are looking for
CertificateID certId;
try {
certId = new CertificateID(new SHA1DigestCalculator(), new JcaX509CertificateHolder(issuerCertificate), certificateToCheck.getSerialNumber());
} catch (CertificateEncodingException e) {
throw new IOException("Error creating CertificateID with the Certificate encoding", e);
}
OCSPReqBuilder builder = new OCSPReqBuilder();
Extension responseExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_response, true, new DLSequence(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getEncoded());
Random rand = new Random();
byte[] nonce = new byte[16];
rand.nextBytes(nonce);
encodedNonce = new DEROctetString(new DEROctetString(nonce));
Extension nonceExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, encodedNonce);
builder.setRequestExtensions(new Extensions(new Extension[] { responseExtension, nonceExtension }));
builder.addRequest(certId);
System.out.println("Nonce: " + Hex.getString(nonceExtension.getExtnValue().getEncoded()));
return builder.build();
}
use of org.bouncycastle.asn1.ocsp.CertID in project jruby-openssl by jruby.
the class OCSPBasicResponse method matchIssuerId.
private boolean matchIssuerId(X509Cert signerCA, CertificateID certId, List<SingleResp> singleResponses) throws IOException {
Ruby runtime = getRuntime();
if (certId == null) {
// gotta check em all
for (SingleResp resp : singleResponses) {
CertificateID tempId = resp.getCertID();
if (!matchIssuerId(signerCA, tempId, null))
return false;
}
return true;
} else {
// we have a matching cid
ASN1ObjectIdentifier alg = certId.getHashAlgOID();
String sym = ASN1.oid2Sym(runtime, alg);
MessageDigest md = Digest.getDigest(runtime, sym);
byte[] issuerNameDigest = md.digest(signerCA.getIssuer().getX500Name().getEncoded());
byte[] issuerKeyDigest = md.digest(signerCA.getAuxCert().getPublicKey().getEncoded());
if (!issuerNameDigest.equals(certId.getIssuerNameHash()))
return false;
if (!issuerKeyDigest.equals(certId.getIssuerKeyHash()))
return false;
return true;
}
}
use of org.bouncycastle.asn1.ocsp.CertID in project jruby-openssl by jruby.
the class OCSPBasicResponse method find_response.
@JRubyMethod(name = "find_response")
public IRubyObject find_response(final ThreadContext context, IRubyObject certId) {
if (certId.isNil())
return context.nil;
OCSPCertificateId rubyCertId = (OCSPCertificateId) certId;
IRubyObject retResp = context.nil;
for (OCSPSingleResponse singleResp : singleResponses) {
CertID thisId = rubyCertId.getCertID();
CertID thatId = singleResp.getBCSingleResp().getCertID();
if (thisId.equals(thatId)) {
retResp = singleResp;
break;
}
}
return retResp;
}
use of org.bouncycastle.asn1.ocsp.CertID in project jruby-openssl by jruby.
the class OCSPRequest method sign.
@JRubyMethod(name = "sign", rest = true)
public IRubyObject sign(final ThreadContext context, IRubyObject[] args) {
final Ruby runtime = context.runtime;
int flag = 0;
IRubyObject additionalCerts = context.nil;
IRubyObject flags = context.nil;
IRubyObject digest = context.nil;
Digest digestInstance = new Digest(runtime, _Digest(runtime));
IRubyObject nocerts = (RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS);
switch(Arity.checkArgumentCount(runtime, args, 2, 5)) {
case 3:
additionalCerts = args[2];
break;
case 4:
additionalCerts = args[2];
flags = args[3];
break;
case 5:
additionalCerts = args[2];
flags = args[3];
digest = args[4];
break;
default:
break;
}
if (digest.isNil())
digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") });
if (additionalCerts.isNil())
flag |= RubyFixnum.fix2int(nocerts);
if (!flags.isNil())
flag = RubyFixnum.fix2int(flags);
X509Cert signer = (X509Cert) args[0];
PKey signerKey = (PKey) args[1];
String keyAlg = signerKey.getAlgorithm();
String digAlg = ((Digest) digest).getShortAlgorithm();
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(digAlg + "with" + keyAlg);
signerBuilder.setProvider("BC");
ContentSigner contentSigner = null;
try {
contentSigner = signerBuilder.build(signerKey.getPrivateKey());
} catch (OperatorCreationException e) {
throw newOCSPError(runtime, e);
}
OCSPReqBuilder builder = new OCSPReqBuilder();
builder.setRequestorName(signer.getSubject().getX500Name());
for (OCSPCertificateId certId : certificateIds) {
builder.addRequest(new CertificateID(certId.getCertID()));
}
List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>();
if (flag != RubyFixnum.fix2int(nocerts)) {
try {
certChain.add(new X509CertificateHolder(signer.getAuxCert().getEncoded()));
if (!additionalCerts.isNil()) {
Iterator<java.security.cert.Certificate> certIt = ((RubyArray) additionalCerts).iterator();
while (certIt.hasNext()) {
certChain.add(new X509CertificateHolder(certIt.next().getEncoded()));
}
}
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
}
X509CertificateHolder[] chain = new X509CertificateHolder[certChain.size()];
certChain.toArray(chain);
try {
asn1bcReq = org.bouncycastle.asn1.ocsp.OCSPRequest.getInstance(builder.build(contentSigner, chain).getEncoded());
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
if (nonce != null) {
addNonceImpl();
}
return this;
}
Aggregations