Example 1 with TBSRequest
use of org.bouncycastle.asn1.ocsp.TBSRequest in project jruby-openssl by jruby.
the class OCSPRequest method addNonceImpl.
// BC doesn't have support for nonces... gotta do things manually
private void addNonceImpl() {
GeneralName requestorName = null;
ASN1Sequence requestList = new DERSequence();
Extensions extensions = null;
Signature sig = null;
List<Extension> tmpExtensions = new ArrayList<Extension>();
if (asn1bcReq != null) {
TBSRequest currentTbsReq = asn1bcReq.getTbsRequest();
extensions = currentTbsReq.getRequestExtensions();
sig = asn1bcReq.getOptionalSignature();
Enumeration<ASN1ObjectIdentifier> oids = extensions.oids();
while (oids.hasMoreElements()) {
tmpExtensions.add(extensions.getExtension(oids.nextElement()));
}
}
tmpExtensions.add(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, nonce));
Extension[] exts = new Extension[tmpExtensions.size()];
Extensions newExtensions = new Extensions(tmpExtensions.toArray(exts));
TBSRequest newTbsReq = new TBSRequest(requestorName, requestList, newExtensions);
asn1bcReq = new org.bouncycastle.asn1.ocsp.OCSPRequest(newTbsReq, sig);
}
Also used :
ArrayList(java.util.ArrayList)
Extensions(org.bouncycastle.asn1.x509.Extensions)
TBSRequest(org.bouncycastle.asn1.ocsp.TBSRequest)
Extension(org.bouncycastle.asn1.x509.Extension)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
Signature(org.bouncycastle.asn1.ocsp.Signature)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 2 with TBSRequest
use of org.bouncycastle.asn1.ocsp.TBSRequest in project xipki by xipki.
the class OcspRequest method getInstance.
public static OcspRequest getInstance(OCSPRequest req) throws EncodingException {
TBSRequest tbsReq0 = req.getTbsRequest();
org.bouncycastle.asn1.x509.Extensions extensions0 = tbsReq0.getRequestExtensions();
Set<String> criticalExtensionOids = new HashSet<>();
if (extensions0 != null) {
for (ASN1ObjectIdentifier oid : extensions0.getCriticalExtensionOIDs()) {
criticalExtensionOids.add(oid.getId());
}
}
ASN1Sequence requestList0 = tbsReq0.getRequestList();
final int n = requestList0.size();
List<CertID> requestList = new ArrayList<>(n);
for (int i = 0; i < n; i++) {
Request singleReq0 = Request.getInstance(requestList0.getObjectAt(i));
org.bouncycastle.asn1.ocsp.CertID certId0 = singleReq0.getReqCert();
ByteArrayOutputStream out = new ByteArrayOutputStream();
try {
out.write(certId0.getHashAlgorithm().getEncoded());
out.write(certId0.getIssuerNameHash().getEncoded());
out.write(certId0.getIssuerKeyHash().getEncoded());
} catch (IOException ex) {
throw new EncodingException(ex.getMessage(), ex);
}
byte[] encodedIssuer = out.toByteArray();
RequestIssuer issuer = new RequestIssuer(encodedIssuer, 0, encodedIssuer.length);
CertID certId = new CertID(issuer, certId0.getSerialNumber().getValue());
requestList.add(certId);
}
List<ExtendedExtension> extensions = new LinkedList<>();
if (extensions0 != null) {
ASN1ObjectIdentifier[] extOids = extensions0.getExtensionOIDs();
for (ASN1ObjectIdentifier oid : extOids) {
org.bouncycastle.asn1.x509.Extension extension0 = extensions0.getExtension(oid);
byte[] encoded;
try {
encoded = extension0.getEncoded();
} catch (IOException ex) {
throw new EncodingException("error encoding Extension", ex);
}
extensions.add(ExtendedExtension.getInstance(encoded, 0, encoded.length));
}
}
return new OcspRequest(tbsReq0.getVersion().getValue().intValue(), requestList, extensions);
}
Also used :
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
RequestIssuer(org.xipki.ocsp.api.RequestIssuer)
Request(org.bouncycastle.asn1.ocsp.Request)
OCSPRequest(org.bouncycastle.asn1.ocsp.OCSPRequest)
TBSRequest(org.bouncycastle.asn1.ocsp.TBSRequest)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
TBSRequest(org.bouncycastle.asn1.ocsp.TBSRequest)
LinkedList(java.util.LinkedList)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 3 with TBSRequest
use of org.bouncycastle.asn1.ocsp.TBSRequest in project xipki by xipki.
the class Foo method createRequest.
private static byte[] createRequest(Control control) throws Exception {
GeneralName requestorName = control.withRequestName ? new GeneralName(new X500Name("CN=requestor1")) : null;
AlgorithmIdentifier algId1 = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
CertID certId1 = new CertID(algId1, new DEROctetString(newBytes(20, (byte) 0x11)), new DEROctetString(newBytes(20, (byte) 0x12)), new ASN1Integer(BigInteger.valueOf(0x1234)));
Request request1 = new Request(certId1, null);
AlgorithmIdentifier algId2 = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1);
CertID certId2 = new CertID(algId2, new DEROctetString(newBytes(20, (byte) 0x21)), new DEROctetString(newBytes(20, (byte) 0x22)), new ASN1Integer(BigInteger.valueOf(0x1235)));
Request request2 = new Request(certId2, new Extensions(new Extension(ObjectIdentifiers.id_ad_timeStamping, false, newBytes(30, (byte) 0x33))));
// CHECKSTYLE:SKIP
ASN1Sequence requestList = new DERSequence(new ASN1Encodable[] { request1, request2 });
Extensions requestExtensions = null;
if (control.withNonce || control.withPrefSigAlgs) {
int size = 0;
if (control.withNonce) {
size++;
}
if (control.withPrefSigAlgs) {
size++;
}
Extension[] arrays = new Extension[size];
int offset = 0;
if (control.withNonce) {
arrays[offset++] = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, control.extensionCritical, newBytes(20, (byte) 0x44));
}
if (control.withPrefSigAlgs) {
AlgorithmIdentifier sigAlg1 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption, DERNull.INSTANCE);
AlgorithmIdentifier sigAlg2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE);
ASN1Sequence seq = new DERSequence(new ASN1Encodable[] { sigAlg1, sigAlg2 });
arrays[offset++] = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_pref_sig_algs, control.extensionCritical, seq.getEncoded());
}
requestExtensions = new Extensions(arrays);
}
ASN1EncodableVector vec = new ASN1EncodableVector();
if (control.version != 0) {
vec.add(new DERTaggedObject(true, 0, new ASN1Integer(BigInteger.valueOf(control.version))));
}
if (requestorName != null) {
vec.add(new DERTaggedObject(true, 1, requestorName));
}
vec.add(requestList);
if (requestExtensions != null) {
vec.add(new DERTaggedObject(true, 2, requestExtensions));
}
TBSRequest tbsRequest = TBSRequest.getInstance(new DERSequence(vec));
Signature sig = null;
if (control.withSignature) {
sig = new Signature(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption), new DERBitString(newBytes(256, (byte) 0xFF)));
}
return new OCSPRequest(tbsRequest, sig).getEncoded();
}
Also used :
CertID(org.bouncycastle.asn1.ocsp.CertID)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
OCSPRequest(org.bouncycastle.asn1.ocsp.OCSPRequest)
OcspRequest(org.xipki.ocsp.server.impl.type.OcspRequest)
TBSRequest(org.bouncycastle.asn1.ocsp.TBSRequest)
Request(org.bouncycastle.asn1.ocsp.Request)
DERBitString(org.bouncycastle.asn1.DERBitString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Extensions(org.bouncycastle.asn1.x509.Extensions)
TBSRequest(org.bouncycastle.asn1.ocsp.TBSRequest)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Extension(org.bouncycastle.asn1.x509.Extension)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
Signature(org.bouncycastle.asn1.ocsp.Signature)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
OCSPRequest(org.bouncycastle.asn1.ocsp.OCSPRequest)
Example 4 with TBSRequest
use of org.bouncycastle.asn1.ocsp.TBSRequest in project xipki by xipki.
the class XiOCSPReqBuilder method generateRequest.
private OCSPRequest generateRequest(ContentSigner contentSigner, Certificate[] chain) throws OCSPException {
Iterator<RequestObject> it = list.iterator();
ASN1EncodableVector requests = new ASN1EncodableVector();
while (it.hasNext()) {
try {
requests.add(((RequestObject) it.next()).toRequest());
} catch (Exception ex) {
throw new OCSPException("exception creating Request", ex);
}
}
TBSRequest tbsReq = new TBSRequest(requestorName, new DERSequence(requests), requestExtensions);
Signature signature = null;
if (contentSigner != null) {
if (requestorName == null) {
throw new OCSPException("requestorName must be specified if request is signed.");
}
try {
// CHECKSTYLE:SKIP
OutputStream sOut = contentSigner.getOutputStream();
sOut.write(tbsReq.getEncoded(ASN1Encoding.DER));
sOut.close();
} catch (Exception ex) {
throw new OCSPException("exception processing TBSRequest: " + ex, ex);
}
DERBitString bitSig = new DERBitString(contentSigner.getSignature());
AlgorithmIdentifier sigAlgId = contentSigner.getAlgorithmIdentifier();
if (chain != null && chain.length > 0) {
ASN1EncodableVector vec = new ASN1EncodableVector();
for (int i = 0; i != chain.length; i++) {
vec.add(chain[i]);
}
signature = new Signature(sigAlgId, bitSig, new DERSequence(vec));
} else {
signature = new Signature(sigAlgId, bitSig);
}
}
return new OCSPRequest(tbsReq, signature);
}
Also used :
OutputStream(java.io.OutputStream)
DERBitString(org.bouncycastle.asn1.DERBitString)
TBSRequest(org.bouncycastle.asn1.ocsp.TBSRequest)
OCSPException(org.bouncycastle.cert.ocsp.OCSPException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DERSequence(org.bouncycastle.asn1.DERSequence)
OCSPException(org.bouncycastle.cert.ocsp.OCSPException)
Signature(org.bouncycastle.asn1.ocsp.Signature)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
OCSPRequest(org.bouncycastle.asn1.ocsp.OCSPRequest)
Aggregations
TBSRequest (org.bouncycastle.asn1.ocsp.TBSRequest)4
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)3
DERSequence (org.bouncycastle.asn1.DERSequence)3
OCSPRequest (org.bouncycastle.asn1.ocsp.OCSPRequest)3
Signature (org.bouncycastle.asn1.ocsp.Signature)3
ArrayList (java.util.ArrayList)2
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)2
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2
DERBitString (org.bouncycastle.asn1.DERBitString)2
Request (org.bouncycastle.asn1.ocsp.Request)2
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)2
Extension (org.bouncycastle.asn1.x509.Extension)2
Extensions (org.bouncycastle.asn1.x509.Extensions)2
GeneralName (org.bouncycastle.asn1.x509.GeneralName)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
IOException (java.io.IOException)1
OutputStream (java.io.OutputStream)1
HashSet (java.util.HashSet)1
LinkedList (java.util.LinkedList)1
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)1
