Examples with CertificateID org.bouncycastle.cert.ocsp.CertificateID used on opensource projects

Search in sources :

Example 41 with CertificateID

use of org.bouncycastle.cert.ocsp.CertificateID in project X-Road by nordic-institute.

the class OcspClient method createRequest.

private static OCSPReq createRequest(X509Certificate subjectCert, X509Certificate issuerCert, PrivateKey signerKey, X509Certificate signerCert, String signAlgoId) throws Exception {
    OCSPReqBuilder requestBuilder = new OCSPReqBuilder();
    CertificateID id = CryptoUtils.createCertId(subjectCert, issuerCert);
    requestBuilder.addRequest(id);
    if (signerKey != null && signerCert != null) {
        X509CertificateHolder signerCertHolder = new X509CertificateHolder(signerCert.getEncoded());
        ContentSigner contentSigner = CryptoUtils.createContentSigner(signAlgoId, signerKey);
        log.trace("Creating signed OCSP request for certificate '{}' (signed by {})", subjectCert.getSubjectX500Principal(), signerCertHolder.getSubject());
        // needs to be set when generating signed requests
        requestBuilder.setRequestorName(signerCertHolder.getSubject());
        return requestBuilder.build(contentSigner, new X509CertificateHolder[] { signerCertHolder });
    }
    log.trace("Creating unsigned OCSP request for certificate '{}'", subjectCert.getSubjectX500Principal());
    return requestBuilder.build();
}
Also used : CertificateID(org.bouncycastle.cert.ocsp.CertificateID) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ContentSigner(org.bouncycastle.operator.ContentSigner) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)

Example 42 with CertificateID

use of org.bouncycastle.cert.ocsp.CertificateID in project X-Road by nordic-institute.

the class OcspTestUtils method createOCSPResponse.

/**
 * Creates an OCSP response for the subject's certificate with the given status.
 * @param subject the subject certificate
 * @param issuer certificate of the subject certificate issuer
 * @param signer certificate of the OCSP response signer
 * @param signerKey key of the OCSP response signer
 * @param certStatus OCSP response status
 * @param thisUpdate date this response was valid on
 * @param nextUpdate date when next update should be requested
 * @return OCSPResp
 * @throws Exception in case of any errors
 */
public static OCSPResp createOCSPResponse(X509Certificate subject, X509Certificate issuer, X509Certificate signer, PrivateKey signerKey, CertificateStatus certStatus, Date thisUpdate, Date nextUpdate) throws Exception {
    BasicOCSPRespBuilder builder = new BasicOCSPRespBuilder(new RespID(new X500Name(signer.getSubjectX500Principal().getName())));
    CertificateID cid = CryptoUtils.createCertId(subject, issuer);
    if (thisUpdate != null) {
        builder.addResponse(cid, certStatus, thisUpdate, nextUpdate, null);
    } else {
        builder.addResponse(cid, certStatus);
    }
    ContentSigner contentSigner = CryptoUtils.createContentSigner(subject.getSigAlgName(), signerKey);
    X509CertificateHolder[] chain = { new X509CertificateHolder(signer.getEncoded()) };
    Object responseObject = builder.build(contentSigner, chain, new Date());
    OCSPResp resp = new OCSPRespBuilder().build(OCSPRespBuilder.SUCCESSFUL, responseObject);
    return resp;
}
Also used : BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder) BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder) OCSPRespBuilder(org.bouncycastle.cert.ocsp.OCSPRespBuilder) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ContentSigner(org.bouncycastle.operator.ContentSigner) RespID(org.bouncycastle.cert.ocsp.RespID) X500Name(org.bouncycastle.asn1.x500.X500Name) Date(java.util.Date) OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)

Example 43 with CertificateID

use of org.bouncycastle.cert.ocsp.CertificateID in project documentproduction by qld-gov-au.

the class OcspHelper method generateOCSPRequest.

/**
 * Generates an OCSP request and generates the <code>CertificateID</code>.
 *
 * @return OCSP request, ready to fetch data
 * @throws OCSPException
 * @throws IOException
 */
private OCSPReq generateOCSPRequest() throws OCSPException, IOException {
    Security.addProvider(SecurityProvider.getProvider());
    // Generate the ID for the certificate we are looking for
    CertificateID certId;
    try {
        certId = new CertificateID(new SHA1DigestCalculator(), new JcaX509CertificateHolder(issuerCertificate), checkCertificate.getSerialNumber());
    } catch (CertificateEncodingException e) {
        throw new IOException("Error creating CertificateID with the Certificate encoding", e);
    }
    // https://tools.ietf.org/html/rfc2560#section-4.1.2
    // Support for any specific extension is OPTIONAL. The critical flag
    // SHOULD NOT be set for any of them.
    Extension responseExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_response, false, new DLSequence(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getEncoded());
    encodedNonce = new DEROctetString(new DEROctetString(create16BytesNonce()));
    Extension nonceExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, encodedNonce);
    OCSPReqBuilder builder = new OCSPReqBuilder();
    builder.setRequestExtensions(new Extensions(new Extension[] { responseExtension, nonceExtension }));
    builder.addRequest(certId);
    return builder.build();
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) DLSequence(org.bouncycastle.asn1.DLSequence) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 44 with CertificateID

use of org.bouncycastle.cert.ocsp.CertificateID in project OpenUnison by TremoloSecurity.

the class OCSP method generateOcspRequest.

private OCSPReq generateOcspRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, CertificateEncodingException, OperatorCreationException, IOException {
    BcDigestCalculatorProvider util = new BcDigestCalculatorProvider();
    // Generate the id for the certificate we are looking for
    CertificateID id = new CertificateID(util.get(CertificateID.HASH_SHA1), new X509CertificateHolder(issuerCert.getEncoded()), serialNumber);
    OCSPReqBuilder ocspGen = new OCSPReqBuilder();
    ocspGen.addRequest(id);
    BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray()));
    ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext }));
    return ocspGen.build();
}
Also used : BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider) Extension(org.bouncycastle.asn1.x509.Extension) X509Extension(org.bouncycastle.asn1.x509.X509Extension) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) X509Extensions(org.bouncycastle.asn1.x509.X509Extensions) Extensions(org.bouncycastle.asn1.x509.Extensions) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 45 with CertificateID

use of org.bouncycastle.cert.ocsp.CertificateID in project ref-GemLibPki by gematik.

the class OcspRequestGenerator method generateSingleOcspRequest.

/**
 * Generates an OCSP request using BouncyCastle.
 *
 * @param x509EeCert     end-entity certificate
 * @param x509IssuerCert issuer of end-entity certificate
 * @return OCSP request for a single certificate
 * @throws GemPkiException if the ocsp request cannot be generated
 */
public static OCSPReq generateSingleOcspRequest(@NonNull final X509Certificate x509EeCert, @NonNull final X509Certificate x509IssuerCert) throws GemPkiException {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    final JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
    final DigestCalculatorProvider digestCalculatorProvider;
    try {
        digestCalculatorProvider = digestCalculatorProviderBuilder.build();
        final DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1);
        // Generate the id for the certificate we are looking for
        final CertificateID id = new CertificateID(digestCalculator, new JcaX509CertificateHolder(x509IssuerCert), x509EeCert.getSerialNumber());
        // basic request generation with nonce
        final OCSPReqBuilder gen = new OCSPReqBuilder();
        gen.addRequest(id);
        return gen.build();
    } catch (final OperatorCreationException | CertificateEncodingException | OCSPException e) {
        throw new GemPkiException(ErrorCode.OCSP, "OCSP request Erzeugung fehlgeschlagen", e);
    }
}
Also used : CertificateID(org.bouncycastle.cert.ocsp.CertificateID) DigestCalculator(org.bouncycastle.operator.DigestCalculator) CertificateEncodingException(java.security.cert.CertificateEncodingException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) GemPkiException(de.gematik.pki.exception.GemPkiException) DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider) OCSPException(org.bouncycastle.cert.ocsp.OCSPException) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)

Aggregations

CertificateID (org.bouncycastle.cert.ocsp.CertificateID)49 OCSPReqBuilder (org.bouncycastle.cert.ocsp.OCSPReqBuilder)24 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)23 Extension (org.bouncycastle.asn1.x509.Extension)22 IOException (java.io.IOException)21 Extensions (org.bouncycastle.asn1.x509.Extensions)19 JcaDigestCalculatorProviderBuilder (org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)18 BasicOCSPResp (org.bouncycastle.cert.ocsp.BasicOCSPResp)17 SingleResp (org.bouncycastle.cert.ocsp.SingleResp)17 BigInteger (java.math.BigInteger)16 X509Certificate (java.security.cert.X509Certificate)16 DEROctetString (org.bouncycastle.asn1.DEROctetString)16 JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)14 DigestCalculator (org.bouncycastle.operator.DigestCalculator)14 OCSPReq (org.bouncycastle.cert.ocsp.OCSPReq)13 Date (java.util.Date)12 OCSPException (org.bouncycastle.cert.ocsp.OCSPException)12 OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)12 DigestCalculatorProvider (org.bouncycastle.operator.DigestCalculatorProvider)12 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial