Example 16 with OCSPReqBuilder
use of org.bouncycastle.cert.ocsp.OCSPReqBuilder in project pdfbox by apache.
the class OcspHelper method generateOCSPRequest.
/**
* Generates an OCSP request and generates the <code>CertificateID</code>.
*
* @return OCSP request, ready to fetch data
* @throws OCSPException
* @throws IOException
*/
private OCSPReq generateOCSPRequest() throws OCSPException, IOException {
Security.addProvider(new BouncyCastleProvider());
// Generate the ID for the certificate we are looking for
CertificateID certId;
try {
certId = new CertificateID(new SHA1DigestCalculator(), new JcaX509CertificateHolder(issuerCertificate), certificateToCheck.getSerialNumber());
} catch (CertificateEncodingException e) {
throw new IOException("Error creating CertificateID with the Certificate encoding", e);
}
OCSPReqBuilder builder = new OCSPReqBuilder();
Extension responseExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_response, true, new DLSequence(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getEncoded());
Random rand = new Random();
byte[] nonce = new byte[16];
rand.nextBytes(nonce);
encodedNonce = new DEROctetString(new DEROctetString(nonce));
Extension nonceExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, encodedNonce);
builder.setRequestExtensions(new Extensions(new Extension[] { responseExtension, nonceExtension }));
builder.addRequest(certId);
System.out.println("Nonce: " + Hex.getString(nonceExtension.getExtnValue().getEncoded()));
return builder.build();
}
Also used :
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Extension(org.bouncycastle.asn1.x509.Extension)
DLSequence(org.bouncycastle.asn1.DLSequence)
Random(java.util.Random)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Example 17 with OCSPReqBuilder
use of org.bouncycastle.cert.ocsp.OCSPReqBuilder in project pdfbox by apache.
the class OcspHelper method generateOCSPRequest.
/**
* Generates an OCSP request and generates the <code>CertificateID</code>.
*
* @return OCSP request, ready to fetch data
* @throws OCSPException
* @throws IOException
*/
private OCSPReq generateOCSPRequest() throws OCSPException, IOException {
Security.addProvider(SecurityProvider.getProvider());
// Generate the ID for the certificate we are looking for
CertificateID certId;
try {
certId = new CertificateID(new SHA1DigestCalculator(), new JcaX509CertificateHolder(issuerCertificate), certificateToCheck.getSerialNumber());
} catch (CertificateEncodingException e) {
throw new IOException("Error creating CertificateID with the Certificate encoding", e);
}
// https://tools.ietf.org/html/rfc2560#section-4.1.2
// Support for any specific extension is OPTIONAL. The critical flag
// SHOULD NOT be set for any of them.
Extension responseExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_response, false, new DLSequence(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getEncoded());
encodedNonce = new DEROctetString(new DEROctetString(create16BytesNonce()));
Extension nonceExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, encodedNonce);
OCSPReqBuilder builder = new OCSPReqBuilder();
builder.setRequestExtensions(new Extensions(new Extension[] { responseExtension, nonceExtension }));
builder.addRequest(certId);
return builder.build();
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
DLSequence(org.bouncycastle.asn1.DLSequence)
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Example 18 with OCSPReqBuilder
use of org.bouncycastle.cert.ocsp.OCSPReqBuilder in project jruby-openssl by jruby.
the class OCSPRequest method sign.
@JRubyMethod(name = "sign", rest = true)
public IRubyObject sign(final ThreadContext context, IRubyObject[] args) {
final Ruby runtime = context.runtime;
int flag = 0;
IRubyObject additionalCerts = context.nil;
IRubyObject flags = context.nil;
IRubyObject digest = context.nil;
Digest digestInstance = new Digest(runtime, _Digest(runtime));
IRubyObject nocerts = (RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS);
switch(Arity.checkArgumentCount(runtime, args, 2, 5)) {
case 3:
additionalCerts = args[2];
break;
case 4:
additionalCerts = args[2];
flags = args[3];
break;
case 5:
additionalCerts = args[2];
flags = args[3];
digest = args[4];
break;
default:
break;
}
if (digest.isNil())
digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") });
if (additionalCerts.isNil())
flag |= RubyFixnum.fix2int(nocerts);
if (!flags.isNil())
flag = RubyFixnum.fix2int(flags);
X509Cert signer = (X509Cert) args[0];
PKey signerKey = (PKey) args[1];
String keyAlg = signerKey.getAlgorithm();
String digAlg = ((Digest) digest).getShortAlgorithm();
JcaContentSignerBuilder signerBuilder = newJcaContentSignerBuilder(digAlg + "with" + keyAlg);
ContentSigner contentSigner;
try {
contentSigner = signerBuilder.build(signerKey.getPrivateKey());
} catch (OperatorCreationException e) {
throw newOCSPError(runtime, e);
}
OCSPReqBuilder builder = new OCSPReqBuilder();
builder.setRequestorName(signer.getSubject().getX500Name());
for (OCSPCertificateId certId : certificateIds) {
builder.addRequest(new CertificateID(certId.getCertID()));
}
List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>();
if (flag != RubyFixnum.fix2int(nocerts)) {
try {
certChain.add(new X509CertificateHolder(signer.getAuxCert().getEncoded()));
if (!additionalCerts.isNil()) {
Iterator<java.security.cert.Certificate> certIt = ((RubyArray) additionalCerts).iterator();
while (certIt.hasNext()) {
certChain.add(new X509CertificateHolder(certIt.next().getEncoded()));
}
}
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
}
X509CertificateHolder[] chain = new X509CertificateHolder[certChain.size()];
certChain.toArray(chain);
try {
asn1bcReq = org.bouncycastle.asn1.ocsp.OCSPRequest.getInstance(builder.build(contentSigner, chain).getEncoded());
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
if (nonce != null) {
addNonceImpl();
}
return this;
}
Also used :
RubyArray(org.jruby.RubyArray)
Digest._Digest(org.jruby.ext.openssl.Digest._Digest)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ArrayList(java.util.ArrayList)
RubyString(org.jruby.RubyString)
IRubyObject(org.jruby.runtime.builtin.IRubyObject)
RubyFixnum(org.jruby.RubyFixnum)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
Ruby(org.jruby.Ruby)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
JRubyMethod(org.jruby.anno.JRubyMethod)
Example 19 with OCSPReqBuilder
use of org.bouncycastle.cert.ocsp.OCSPReqBuilder in project jruby-openssl by jruby.
the class OCSPRequest method add_certid.
@JRubyMethod(name = "add_certid")
public IRubyObject add_certid(IRubyObject certId) {
Ruby runtime = getRuntime();
OCSPCertificateId rubyCertId = (OCSPCertificateId) certId;
certificateIds.add(rubyCertId);
OCSPReqBuilder builder = new OCSPReqBuilder();
for (OCSPCertificateId certificateId : certificateIds) {
builder.addRequest(new CertificateID(certificateId.getCertID()));
}
try {
asn1bcReq = org.bouncycastle.asn1.ocsp.OCSPRequest.getInstance(builder.build().getEncoded());
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
if (nonce != null) {
addNonceImpl();
}
return this;
}
Also used :
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
Ruby(org.jruby.Ruby)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
JRubyMethod(org.jruby.anno.JRubyMethod)
Example 20 with OCSPReqBuilder
use of org.bouncycastle.cert.ocsp.OCSPReqBuilder in project X-Road by nordic-institute.
the class OcspClient method createRequest.
private static OCSPReq createRequest(X509Certificate subjectCert, X509Certificate issuerCert, PrivateKey signerKey, X509Certificate signerCert, String signAlgoId) throws Exception {
OCSPReqBuilder requestBuilder = new OCSPReqBuilder();
CertificateID id = CryptoUtils.createCertId(subjectCert, issuerCert);
requestBuilder.addRequest(id);
if (signerKey != null && signerCert != null) {
X509CertificateHolder signerCertHolder = new X509CertificateHolder(signerCert.getEncoded());
ContentSigner contentSigner = CryptoUtils.createContentSigner(signAlgoId, signerKey);
log.trace("Creating signed OCSP request for certificate '{}' (signed by {})", subjectCert.getSubjectX500Principal(), signerCertHolder.getSubject());
// needs to be set when generating signed requests
requestBuilder.setRequestorName(signerCertHolder.getSubject());
return requestBuilder.build(contentSigner, new X509CertificateHolder[] { signerCertHolder });
}
log.trace("Creating unsigned OCSP request for certificate '{}'", subjectCert.getSubjectX500Principal());
return requestBuilder.build();
}
Also used :
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
Aggregations
OCSPReqBuilder (org.bouncycastle.cert.ocsp.OCSPReqBuilder)25
CertificateID (org.bouncycastle.cert.ocsp.CertificateID)22
Extension (org.bouncycastle.asn1.x509.Extension)14
Extensions (org.bouncycastle.asn1.x509.Extensions)14
DEROctetString (org.bouncycastle.asn1.DEROctetString)13
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)12
IOException (java.io.IOException)11
BigInteger (java.math.BigInteger)11
JcaDigestCalculatorProviderBuilder (org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)9
DigestCalculator (org.bouncycastle.operator.DigestCalculator)8
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)8
CertificateEncodingException (java.security.cert.CertificateEncodingException)7
OCSPException (org.bouncycastle.cert.ocsp.OCSPException)7
DigestCalculatorProvider (org.bouncycastle.operator.DigestCalculatorProvider)7
X509Certificate (java.security.cert.X509Certificate)6
JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)5
OCSPReq (org.bouncycastle.cert.ocsp.OCSPReq)5
SecureRandom (java.security.SecureRandom)3
CertificateException (java.security.cert.CertificateException)3
ArrayList (java.util.ArrayList)3
