Examples with CertID org.bouncycastle.asn1.ocsp.CertID used on opensource projects

Example 31 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project robovm by robovm.

the class CertBag method toASN1Primitive.

public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(certId);
    v.add(new DERTaggedObject(0, certValue));
    return new DERSequence(v);
}

Example 32 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project wso2-synapse by wso2.

the class OCSPVerifierTest method generateOCSPResponse.

/**
 * This makes the corresponding OCSP response to the OCSP request which is sent to the fake CA. If the request
 * has a certificateID which is marked as revoked by the CA, the OCSP response will say that the certificate
 * which is referred to by the request, is revoked.
 *
 * @param request the OCSP request which asks if the certificate is revoked.
 * @param caPrivateKey privateKey of the fake CA.
 * @param caPublicKey  publicKey of the fake CA
 * @param revokedID the ID at fake CA which is checked against the certificateId in the request.
 * @return the created OCSP response by the fake CA.
 * @throws NoSuchProviderException
 * @throws OCSPException
 * @throws OperatorCreationException
 */
private OCSPResp generateOCSPResponse(OCSPReq request, X509CertificateHolder certificateHolder, PrivateKey caPrivateKey, PublicKey caPublicKey, CertificateID revokedID) throws NoSuchProviderException, OCSPException, OperatorCreationException {
    BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(new RespID(certificateHolder.getSubject()));
    Extension extension = request.getExtension(new ASN1ObjectIdentifier(OCSPObjectIdentifiers.id_pkix_ocsp.getId()));
    if (extension != null) {
        basicOCSPRespBuilder.setResponseExtensions(new Extensions(extension));
    }
    Req[] requests = request.getRequestList();
    for (Req req : requests) {
        CertificateID certID = req.getCertID();
        if (certID.equals(revokedID)) {
            RevokedStatus revokedStatus = new RevokedStatus(new Date(), CRLReason.privilegeWithdrawn);
            Date nextUpdate = new Date(new Date().getTime() + TestConstants.NEXT_UPDATE_PERIOD);
            basicOCSPRespBuilder.addResponse(certID, revokedStatus, nextUpdate, null);
        } else {
            basicOCSPRespBuilder.addResponse(certID, CertificateStatus.GOOD);
        }
    }
    X509CertificateHolder[] chain = { certificateHolder };
    ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(caPrivateKey);
    BasicOCSPResp basicResp = basicOCSPRespBuilder.build(signer, chain, new Date());
    OCSPRespBuilder builder = new OCSPRespBuilder();
    return builder.build(OCSPRespBuilder.SUCCESSFUL, basicResp);
}

Example 33 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.

the class OcspBenchRequestor method buildRequest.

// method ask
private byte[] buildRequest(BigInteger[] serialNumbers) throws OcspRequestorException {
    boolean canCache = (serialNumbers.length == 1) && !requestOptions.isUseNonce();
    if (canCache) {
        byte[] request = requests.get(serialNumbers[0]);
        if (request != null) {
            return request;
        }
    }
    OCSPReqBuilder reqBuilder = new OCSPReqBuilder();
    if (requestOptions.isUseNonce() || extensions != null) {
        List<Extension> extns = new ArrayList<>(2);
        if (requestOptions.isUseNonce()) {
            Extension extn = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nextNonce(requestOptions.getNonceLen())));
            extns.add(extn);
        }
        if (extensions != null) {
            for (Extension extn : extensions) {
                extns.add(extn);
            }
        }
        reqBuilder.setRequestExtensions(new Extensions(extns.toArray(extnType)));
    }
    try {
        for (BigInteger serialNumber : serialNumbers) {
            CertID certId = new CertID(issuerhashAlg, issuerNameHash, issuerKeyHash, new ASN1Integer(serialNumber));
            reqBuilder.addRequest(new CertificateID(certId));
        }
        byte[] request = reqBuilder.build().getEncoded();
        if (canCache) {
            requests.put(serialNumbers[0], request);
        }
        return request;
    } catch (OCSPException | IOException ex) {
        throw new OcspRequestorException(ex.getMessage(), ex);
    }
}

Example 34 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.

the class OcspRequest method getInstance.

public static OcspRequest getInstance(OCSPRequest req) throws EncodingException {
    TBSRequest tbsReq0 = req.getTbsRequest();
    org.bouncycastle.asn1.x509.Extensions extensions0 = tbsReq0.getRequestExtensions();
    Set<String> criticalExtensionOids = new HashSet<>();
    if (extensions0 != null) {
        for (ASN1ObjectIdentifier oid : extensions0.getCriticalExtensionOIDs()) {
            criticalExtensionOids.add(oid.getId());
        }
    }
    ASN1Sequence requestList0 = tbsReq0.getRequestList();
    final int n = requestList0.size();
    List<CertID> requestList = new ArrayList<>(n);
    for (int i = 0; i < n; i++) {
        Request singleReq0 = Request.getInstance(requestList0.getObjectAt(i));
        org.bouncycastle.asn1.ocsp.CertID certId0 = singleReq0.getReqCert();
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        try {
            out.write(certId0.getHashAlgorithm().getEncoded());
            out.write(certId0.getIssuerNameHash().getEncoded());
            out.write(certId0.getIssuerKeyHash().getEncoded());
        } catch (IOException ex) {
            throw new EncodingException(ex.getMessage(), ex);
        }
        byte[] encodedIssuer = out.toByteArray();
        RequestIssuer issuer = new RequestIssuer(encodedIssuer, 0, encodedIssuer.length);
        CertID certId = new CertID(issuer, certId0.getSerialNumber().getValue());
        requestList.add(certId);
    }
    List<ExtendedExtension> extensions = new LinkedList<>();
    if (extensions0 != null) {
        ASN1ObjectIdentifier[] extOids = extensions0.getExtensionOIDs();
        for (ASN1ObjectIdentifier oid : extOids) {
            org.bouncycastle.asn1.x509.Extension extension0 = extensions0.getExtension(oid);
            byte[] encoded;
            try {
                encoded = extension0.getEncoded();
            } catch (IOException ex) {
                throw new EncodingException("error encoding Extension", ex);
            }
            extensions.add(ExtendedExtension.getInstance(encoded, 0, encoded.length));
        }
    }
    return new OcspRequest(tbsReq0.getVersion().getValue().intValue(), requestList, extensions);
}

Example 35 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.

the class Foo method createRequest.

private static byte[] createRequest(Control control) throws Exception {
    GeneralName requestorName = control.withRequestName ? new GeneralName(new X500Name("CN=requestor1")) : null;
    AlgorithmIdentifier algId1 = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
    CertID certId1 = new CertID(algId1, new DEROctetString(newBytes(20, (byte) 0x11)), new DEROctetString(newBytes(20, (byte) 0x12)), new ASN1Integer(BigInteger.valueOf(0x1234)));
    Request request1 = new Request(certId1, null);
    AlgorithmIdentifier algId2 = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1);
    CertID certId2 = new CertID(algId2, new DEROctetString(newBytes(20, (byte) 0x21)), new DEROctetString(newBytes(20, (byte) 0x22)), new ASN1Integer(BigInteger.valueOf(0x1235)));
    Request request2 = new Request(certId2, new Extensions(new Extension(ObjectIdentifiers.id_ad_timeStamping, false, newBytes(30, (byte) 0x33))));
    // CHECKSTYLE:SKIP
    ASN1Sequence requestList = new DERSequence(new ASN1Encodable[] { request1, request2 });
    Extensions requestExtensions = null;
    if (control.withNonce || control.withPrefSigAlgs) {
        int size = 0;
        if (control.withNonce) {
            size++;
        }
        if (control.withPrefSigAlgs) {
            size++;
        }
        Extension[] arrays = new Extension[size];
        int offset = 0;
        if (control.withNonce) {
            arrays[offset++] = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, control.extensionCritical, newBytes(20, (byte) 0x44));
        }
        if (control.withPrefSigAlgs) {
            AlgorithmIdentifier sigAlg1 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption, DERNull.INSTANCE);
            AlgorithmIdentifier sigAlg2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE);
            ASN1Sequence seq = new DERSequence(new ASN1Encodable[] { sigAlg1, sigAlg2 });
            arrays[offset++] = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_pref_sig_algs, control.extensionCritical, seq.getEncoded());
        }
        requestExtensions = new Extensions(arrays);
    }
    ASN1EncodableVector vec = new ASN1EncodableVector();
    if (control.version != 0) {
        vec.add(new DERTaggedObject(true, 0, new ASN1Integer(BigInteger.valueOf(control.version))));
    }
    if (requestorName != null) {
        vec.add(new DERTaggedObject(true, 1, requestorName));
    }
    vec.add(requestList);
    if (requestExtensions != null) {
        vec.add(new DERTaggedObject(true, 2, requestExtensions));
    }
    TBSRequest tbsRequest = TBSRequest.getInstance(new DERSequence(vec));
    Signature sig = null;
    if (control.withSignature) {
        sig = new Signature(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption), new DERBitString(newBytes(256, (byte) 0xFF)));
    }
    return new OCSPRequest(tbsRequest, sig).getEncoded();
}