Examples with CertificateID org.bouncycastle.cert.ocsp.CertificateID used on opensource projects

Example 31 with CertificateID

use of org.bouncycastle.cert.ocsp.CertificateID in project documentproduction by qld-gov-au.

the class OcspHelper method generateOCSPRequest.

/**
 * Generates an OCSP request and generates the <code>CertificateID</code>.
 *
 * @return OCSP request, ready to fetch data
 * @throws OCSPException
 * @throws IOException
 */
private OCSPReq generateOCSPRequest() throws OCSPException, IOException {
    Security.addProvider(SecurityProvider.getProvider());
    // Generate the ID for the certificate we are looking for
    CertificateID certId;
    try {
        certId = new CertificateID(new SHA1DigestCalculator(), new JcaX509CertificateHolder(issuerCertificate), checkCertificate.getSerialNumber());
    } catch (CertificateEncodingException e) {
        throw new IOException("Error creating CertificateID with the Certificate encoding", e);
    }
    // https://tools.ietf.org/html/rfc2560#section-4.1.2
    // Support for any specific extension is OPTIONAL. The critical flag
    // SHOULD NOT be set for any of them.
    Extension responseExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_response, false, new DLSequence(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getEncoded());
    encodedNonce = new DEROctetString(new DEROctetString(create16BytesNonce()));
    Extension nonceExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, encodedNonce);
    OCSPReqBuilder builder = new OCSPReqBuilder();
    builder.setRequestExtensions(new Extensions(new Extension[] { responseExtension, nonceExtension }));
    builder.addRequest(certId);
    return builder.build();
}

Example 32 with CertificateID

use of org.bouncycastle.cert.ocsp.CertificateID in project OpenUnison by TremoloSecurity.

the class OCSP method generateOcspRequest.

private OCSPReq generateOcspRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, CertificateEncodingException, OperatorCreationException, IOException {
    BcDigestCalculatorProvider util = new BcDigestCalculatorProvider();
    // Generate the id for the certificate we are looking for
    CertificateID id = new CertificateID(util.get(CertificateID.HASH_SHA1), new X509CertificateHolder(issuerCert.getEncoded()), serialNumber);
    OCSPReqBuilder ocspGen = new OCSPReqBuilder();
    ocspGen.addRequest(id);
    BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray()));
    ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext }));
    return ocspGen.build();
}

Example 33 with CertificateID

use of org.bouncycastle.cert.ocsp.CertificateID in project ref-GemLibPki by gematik.

the class OcspRequestGenerator method generateSingleOcspRequest.

/**
 * Generates an OCSP request using BouncyCastle.
 *
 * @param x509EeCert     end-entity certificate
 * @param x509IssuerCert issuer of end-entity certificate
 * @return OCSP request for a single certificate
 * @throws GemPkiException if the ocsp request cannot be generated
 */
public static OCSPReq generateSingleOcspRequest(@NonNull final X509Certificate x509EeCert, @NonNull final X509Certificate x509IssuerCert) throws GemPkiException {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    final JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
    final DigestCalculatorProvider digestCalculatorProvider;
    try {
        digestCalculatorProvider = digestCalculatorProviderBuilder.build();
        final DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1);
        // Generate the id for the certificate we are looking for
        final CertificateID id = new CertificateID(digestCalculator, new JcaX509CertificateHolder(x509IssuerCert), x509EeCert.getSerialNumber());
        // basic request generation with nonce
        final OCSPReqBuilder gen = new OCSPReqBuilder();
        gen.addRequest(id);
        return gen.build();
    } catch (final OperatorCreationException | CertificateEncodingException | OCSPException e) {
        throw new GemPkiException(ErrorCode.OCSP, "OCSP request Erzeugung fehlgeschlagen", e);
    }
}

Example 34 with CertificateID

use of org.bouncycastle.cert.ocsp.CertificateID in project mercury by yellow013.

the class OcspRequestBuilder method build.

/**
 * ATTENTION: The returned {@link OCSPReq} is not re-usable/cacheable! It
 * contains a one-time nonce and CA's will (should) reject subsequent requests
 * that have the same nonce value.
 */
public OCSPReq build() throws OCSPException, IOException, CertificateEncodingException {
    SecureRandom generator = checkNotNull(this.generator, "generator");
    DigestCalculator calculator = checkNotNull(this.calculator, "calculator");
    X509Certificate certificate = checkNotNull(this.certificate, "certificate");
    X509Certificate issuer = checkNotNull(this.issuer, "issuer");
    BigInteger serial = certificate.getSerialNumber();
    CertificateID certId = new CertificateID(calculator, new X509CertificateHolder(issuer.getEncoded()), serial);
    OCSPReqBuilder builder = new OCSPReqBuilder();
    builder.addRequest(certId);
    byte[] nonce = new byte[8];
    generator.nextBytes(nonce);
    Extension[] extensions = new Extension[] { new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)) };
    builder.setRequestExtensions(new Extensions(extensions));
    return builder.build();
}

Example 35 with CertificateID

use of org.bouncycastle.cert.ocsp.CertificateID in project carapaceproxy by diennea.

the class CertificatesTest method generateOCSPResponse.

private static OCSPResp generateOCSPResponse(Certificate[] chain, CertificateStatus status) throws CertificateException {
    try {
        X509Certificate cert = (X509Certificate) chain[0];
        X509Certificate issuer = (X509Certificate) chain[chain.length - 1];
        X509CertificateHolder caCert = new JcaX509CertificateHolder(issuer);
        DigestCalculatorProvider digCalcProv = new BcDigestCalculatorProvider();
        BasicOCSPRespBuilder basicBuilder = new BasicOCSPRespBuilder(SubjectPublicKeyInfo.getInstance(issuer.getPublicKey().getEncoded()), digCalcProv.get(CertificateID.HASH_SHA1));
        CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), caCert, cert.getSerialNumber());
        basicBuilder.addResponse(certId, status);
        BasicOCSPResp resp = basicBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE).getPrivate()), null, new Date());
        OCSPRespBuilder builder = new OCSPRespBuilder();
        return builder.build(OCSPRespBuilder.SUCCESSFUL, resp);
    } catch (Exception e) {
        throw new CertificateException("cannot generate OCSP response", e);
    }
}