Examples with CertID org.bouncycastle.asn1.ocsp.CertID used on opensource projects

Search in sources :

Example 51 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project jruby-openssl by jruby.

the class OCSPRequest method sign.

@JRubyMethod(name = "sign", rest = true)
public IRubyObject sign(final ThreadContext context, IRubyObject[] args) {
    final Ruby runtime = context.runtime;
    int flag = 0;
    IRubyObject additionalCerts = context.nil;
    IRubyObject flags = context.nil;
    IRubyObject digest = context.nil;
    Digest digestInstance = new Digest(runtime, _Digest(runtime));
    IRubyObject nocerts = (RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS);
    switch(Arity.checkArgumentCount(runtime, args, 2, 5)) {
        case 3:
            additionalCerts = args[2];
            break;
        case 4:
            additionalCerts = args[2];
            flags = args[3];
            break;
        case 5:
            additionalCerts = args[2];
            flags = args[3];
            digest = args[4];
            break;
        default:
            break;
    }
    if (digest.isNil())
        digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") });
    if (additionalCerts.isNil())
        flag |= RubyFixnum.fix2int(nocerts);
    if (!flags.isNil())
        flag = RubyFixnum.fix2int(flags);
    X509Cert signer = (X509Cert) args[0];
    PKey signerKey = (PKey) args[1];
    String keyAlg = signerKey.getAlgorithm();
    String digAlg = ((Digest) digest).getShortAlgorithm();
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(digAlg + "with" + keyAlg);
    signerBuilder.setProvider("BC");
    ContentSigner contentSigner = null;
    try {
        contentSigner = signerBuilder.build(signerKey.getPrivateKey());
    } catch (OperatorCreationException e) {
        throw newOCSPError(runtime, e);
    }
    OCSPReqBuilder builder = new OCSPReqBuilder();
    builder.setRequestorName(signer.getSubject().getX500Name());
    for (OCSPCertificateId certId : certificateIds) {
        builder.addRequest(new CertificateID(certId.getCertID()));
    }
    List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>();
    if (flag != RubyFixnum.fix2int(nocerts)) {
        try {
            certChain.add(new X509CertificateHolder(signer.getAuxCert().getEncoded()));
            if (!additionalCerts.isNil()) {
                Iterator<java.security.cert.Certificate> certIt = ((RubyArray) additionalCerts).iterator();
                while (certIt.hasNext()) {
                    certChain.add(new X509CertificateHolder(certIt.next().getEncoded()));
                }
            }
        } catch (Exception e) {
            throw newOCSPError(runtime, e);
        }
    }
    X509CertificateHolder[] chain = new X509CertificateHolder[certChain.size()];
    certChain.toArray(chain);
    try {
        asn1bcReq = org.bouncycastle.asn1.ocsp.OCSPRequest.getInstance(builder.build(contentSigner, chain).getEncoded());
    } catch (Exception e) {
        throw newOCSPError(runtime, e);
    }
    if (nonce != null) {
        addNonceImpl();
    }
    return this;
}
Also used : RubyArray(org.jruby.RubyArray) Digest._Digest(org.jruby.ext.openssl.Digest._Digest) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) ContentSigner(org.bouncycastle.operator.ContentSigner) ArrayList(java.util.ArrayList) RubyString(org.jruby.RubyString) IRubyObject(org.jruby.runtime.builtin.IRubyObject) RubyFixnum(org.jruby.RubyFixnum) RaiseException(org.jruby.exceptions.RaiseException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) Ruby(org.jruby.Ruby) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 52 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project keycloak by keycloak.

the class OcspHandler method handleRequest.

@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    if (exchange.isInIoThread()) {
        exchange.dispatch(this);
        return;
    }
    final byte[] buffy = new byte[16384];
    try (InputStream requestStream = exchange.getInputStream()) {
        requestStream.read(buffy);
    }
    final OCSPReq request = new OCSPReq(buffy);
    final Req[] requested = request.getRequestList();
    final Extension nonce = request.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
    final DigestCalculator sha1Calculator = new JcaDigestCalculatorProviderBuilder().build().get(AlgorithmIdentifier.getInstance(RespID.HASH_SHA1));
    final BasicOCSPRespBuilder responseBuilder = new BasicOCSPRespBuilder(subjectPublicKeyInfo, sha1Calculator);
    if (nonce != null) {
        responseBuilder.setResponseExtensions(new Extensions(nonce));
    }
    for (final Req req : requested) {
        final CertificateID certId = req.getCertID();
        final BigInteger certificateSerialNumber = certId.getSerialNumber();
        responseBuilder.addResponse(certId, REVOKED_CERTIFICATES_STATUS.get(certificateSerialNumber));
    }
    final ContentSigner contentSigner = new BcRSAContentSignerBuilder(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption), new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)).build(privateKey);
    final OCSPResp response = new OCSPRespBuilder().build(OCSPResp.SUCCESSFUL, responseBuilder.build(contentSigner, chain, new Date()));
    final byte[] responseBytes = response.getEncoded();
    final HeaderMap responseHeaders = exchange.getResponseHeaders();
    responseHeaders.put(Headers.CONTENT_TYPE, "application/ocsp-response");
    final Sender responseSender = exchange.getResponseSender();
    responseSender.send(ByteBuffer.wrap(responseBytes));
    exchange.endExchange();
}
Also used : BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder) OCSPRespBuilder(org.bouncycastle.cert.ocsp.OCSPRespBuilder) InputStream(java.io.InputStream) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) DigestCalculator(org.bouncycastle.operator.DigestCalculator) ContentSigner(org.bouncycastle.operator.ContentSigner) Extensions(org.bouncycastle.asn1.x509.Extensions) Date(java.util.Date) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp) Extension(org.bouncycastle.asn1.x509.Extension) Sender(io.undertow.io.Sender) BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder) HeaderMap(io.undertow.util.HeaderMap) OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq) BigInteger(java.math.BigInteger) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) Req(org.bouncycastle.cert.ocsp.Req) OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq)

Example 53 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project wso2-synapse by wso2.

the class OCSPVerifierTest method generateOCSPResponse.

/**
 * This makes the corresponding OCSP response to the OCSP request which is sent to the fake CA. If the request
 * has a certificateID which is marked as revoked by the CA, the OCSP response will say that the certificate
 * which is referred to by the request, is revoked.
 *
 * @param request the OCSP request which asks if the certificate is revoked.
 * @param caPrivateKey privateKey of the fake CA.
 * @param caPublicKey  publicKey of the fake CA
 * @param revokedID the ID at fake CA which is checked against the certificateId in the request.
 * @return the created OCSP response by the fake CA.
 * @throws NoSuchProviderException
 * @throws OCSPException
 * @throws OperatorCreationException
 */
private OCSPResp generateOCSPResponse(OCSPReq request, X509CertificateHolder certificateHolder, PrivateKey caPrivateKey, PublicKey caPublicKey, CertificateID revokedID) throws NoSuchProviderException, OCSPException, OperatorCreationException {
    BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(new RespID(certificateHolder.getSubject()));
    Extension extension = request.getExtension(new ASN1ObjectIdentifier(OCSPObjectIdentifiers.id_pkix_ocsp.getId()));
    if (extension != null) {
        basicOCSPRespBuilder.setResponseExtensions(new Extensions(extension));
    }
    Req[] requests = request.getRequestList();
    for (Req req : requests) {
        CertificateID certID = req.getCertID();
        if (certID.equals(revokedID)) {
            RevokedStatus revokedStatus = new RevokedStatus(new Date(), CRLReason.privilegeWithdrawn);
            Date nextUpdate = new Date(new Date().getTime() + TestConstants.NEXT_UPDATE_PERIOD);
            basicOCSPRespBuilder.addResponse(certID, revokedStatus, nextUpdate, (Extensions) null);
        } else {
            basicOCSPRespBuilder.addResponse(certID, CertificateStatus.GOOD);
        }
    }
    X509CertificateHolder[] chain = { certificateHolder };
    ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(caPrivateKey);
    BasicOCSPResp basicResp = basicOCSPRespBuilder.build(signer, chain, new Date());
    OCSPRespBuilder builder = new OCSPRespBuilder();
    return builder.build(OCSPRespBuilder.SUCCESSFUL, basicResp);
}
Also used : BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder) OCSPRespBuilder(org.bouncycastle.cert.ocsp.OCSPRespBuilder) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) Extensions(org.bouncycastle.asn1.x509.Extensions) Date(java.util.Date) Extension(org.bouncycastle.asn1.x509.Extension) BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder) RevokedStatus(org.bouncycastle.cert.ocsp.RevokedStatus) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) RespID(org.bouncycastle.cert.ocsp.RespID) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) Req(org.bouncycastle.cert.ocsp.Req) OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq)

Aggregations

DEROctetString (org.bouncycastle.asn1.DEROctetString)26 X509Certificate (java.security.cert.X509Certificate)19 IOException (java.io.IOException)18 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)15 CertificateException (java.security.cert.CertificateException)12 PreparedStatement (java.sql.PreparedStatement)12 SQLException (java.sql.SQLException)12 Extension (org.bouncycastle.asn1.x509.Extension)12 CertificateID (org.bouncycastle.cert.ocsp.CertificateID)12 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)11 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 BigInteger (java.math.BigInteger)10 Date (java.util.Date)10 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)9 Certificate (java.security.cert.Certificate)8 CertID (org.bouncycastle.asn1.ocsp.CertID)8 Extensions (org.bouncycastle.asn1.x509.Extensions)8 OperationException (org.xipki.ca.api.OperationException)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial