Example 21 with OCSPReqBuilder
use of org.bouncycastle.cert.ocsp.OCSPReqBuilder in project documentproduction by qld-gov-au.
the class OcspHelper method generateOCSPRequest.
/**
* Generates an OCSP request and generates the <code>CertificateID</code>.
*
* @return OCSP request, ready to fetch data
* @throws OCSPException
* @throws IOException
*/
private OCSPReq generateOCSPRequest() throws OCSPException, IOException {
Security.addProvider(SecurityProvider.getProvider());
// Generate the ID for the certificate we are looking for
CertificateID certId;
try {
certId = new CertificateID(new SHA1DigestCalculator(), new JcaX509CertificateHolder(issuerCertificate), checkCertificate.getSerialNumber());
} catch (CertificateEncodingException e) {
throw new IOException("Error creating CertificateID with the Certificate encoding", e);
}
// https://tools.ietf.org/html/rfc2560#section-4.1.2
// Support for any specific extension is OPTIONAL. The critical flag
// SHOULD NOT be set for any of them.
Extension responseExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_response, false, new DLSequence(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getEncoded());
encodedNonce = new DEROctetString(new DEROctetString(create16BytesNonce()));
Extension nonceExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, encodedNonce);
OCSPReqBuilder builder = new OCSPReqBuilder();
builder.setRequestExtensions(new Extensions(new Extension[] { responseExtension, nonceExtension }));
builder.addRequest(certId);
return builder.build();
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
DLSequence(org.bouncycastle.asn1.DLSequence)
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Example 22 with OCSPReqBuilder
use of org.bouncycastle.cert.ocsp.OCSPReqBuilder in project ph-commons by phax.
the class OCSPFuncTest method generateOCSPRequest.
@Nonnull
public static OCSPReq generateOCSPRequest(final X509Certificate aIssuerCert, final BigInteger aCheckSerialNumber) throws OCSPException {
try {
final DigestCalculatorProvider aDigestCalculatorProvider = new JcaDigestCalculatorProviderBuilder().setProvider(PBCProvider.getProvider()).build();
final DigestCalculator aDigestCalculator = aDigestCalculatorProvider.get(CertificateID.HASH_SHA1);
// CertID structure is used to uniquely identify certificates that are the
// subject of an OCSP request or response and has an ASN.1 definition.
// CertID structure is defined in RFC 2560
final CertificateID aCertificateID = new JcaCertificateID(aDigestCalculator, aIssuerCert, aCheckSerialNumber);
// create details for nonce extension. The nonce extension is used to bind
// a request to a response to prevent replay attacks. As the name implies,
// the nonce value is something that the client should only use once
// within a reasonably small period.
final BigInteger aNonce = BigInteger.valueOf(System.nanoTime());
// to create the request Extension
final Extensions aExtensions = new Extensions(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(aNonce.toByteArray())));
// basic request generation with nonce
final OCSPReqBuilder aBuilder = new OCSPReqBuilder();
aBuilder.addRequest(aCertificateID);
// Extension to the whole request
aBuilder.setRequestExtensions(aExtensions);
return aBuilder.build();
} catch (final OperatorCreationException | CertificateEncodingException ex) {
throw new IllegalStateException(ex);
}
}
Also used :
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
JcaCertificateID(org.bouncycastle.cert.ocsp.jcajce.JcaCertificateID)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
JcaCertificateID(org.bouncycastle.cert.ocsp.jcajce.JcaCertificateID)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Extension(org.bouncycastle.asn1.x509.Extension)
DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider)
BigInteger(java.math.BigInteger)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
Nonnull(javax.annotation.Nonnull)
Example 23 with OCSPReqBuilder
use of org.bouncycastle.cert.ocsp.OCSPReqBuilder in project OpenUnison by TremoloSecurity.
the class OCSP method generateOcspRequest.
private OCSPReq generateOcspRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, CertificateEncodingException, OperatorCreationException, IOException {
BcDigestCalculatorProvider util = new BcDigestCalculatorProvider();
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(util.get(CertificateID.HASH_SHA1), new X509CertificateHolder(issuerCert.getEncoded()), serialNumber);
OCSPReqBuilder ocspGen = new OCSPReqBuilder();
ocspGen.addRequest(id);
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray()));
ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext }));
return ocspGen.build();
}
Also used :
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
Extension(org.bouncycastle.asn1.x509.Extension)
X509Extension(org.bouncycastle.asn1.x509.X509Extension)
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
X509Extensions(org.bouncycastle.asn1.x509.X509Extensions)
Extensions(org.bouncycastle.asn1.x509.Extensions)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Example 24 with OCSPReqBuilder
use of org.bouncycastle.cert.ocsp.OCSPReqBuilder in project ref-GemLibPki by gematik.
the class OcspRequestGenerator method generateSingleOcspRequest.
/**
* Generates an OCSP request using BouncyCastle.
*
* @param x509EeCert end-entity certificate
* @param x509IssuerCert issuer of end-entity certificate
* @return OCSP request for a single certificate
* @throws GemPkiException if the ocsp request cannot be generated
*/
public static OCSPReq generateSingleOcspRequest(@NonNull final X509Certificate x509EeCert, @NonNull final X509Certificate x509IssuerCert) throws GemPkiException {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
final JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
final DigestCalculatorProvider digestCalculatorProvider;
try {
digestCalculatorProvider = digestCalculatorProviderBuilder.build();
final DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1);
// Generate the id for the certificate we are looking for
final CertificateID id = new CertificateID(digestCalculator, new JcaX509CertificateHolder(x509IssuerCert), x509EeCert.getSerialNumber());
// basic request generation with nonce
final OCSPReqBuilder gen = new OCSPReqBuilder();
gen.addRequest(id);
return gen.build();
} catch (final OperatorCreationException | CertificateEncodingException | OCSPException e) {
throw new GemPkiException(ErrorCode.OCSP, "OCSP request Erzeugung fehlgeschlagen", e);
}
}
Also used :
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
GemPkiException(de.gematik.pki.exception.GemPkiException)
DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider)
OCSPException(org.bouncycastle.cert.ocsp.OCSPException)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
Example 25 with OCSPReqBuilder
use of org.bouncycastle.cert.ocsp.OCSPReqBuilder in project mercury by yellow013.
the class OcspRequestBuilder method build.
/**
* ATTENTION: The returned {@link OCSPReq} is not re-usable/cacheable! It
* contains a one-time nonce and CA's will (should) reject subsequent requests
* that have the same nonce value.
*/
public OCSPReq build() throws OCSPException, IOException, CertificateEncodingException {
SecureRandom generator = checkNotNull(this.generator, "generator");
DigestCalculator calculator = checkNotNull(this.calculator, "calculator");
X509Certificate certificate = checkNotNull(this.certificate, "certificate");
X509Certificate issuer = checkNotNull(this.issuer, "issuer");
BigInteger serial = certificate.getSerialNumber();
CertificateID certId = new CertificateID(calculator, new X509CertificateHolder(issuer.getEncoded()), serial);
OCSPReqBuilder builder = new OCSPReqBuilder();
builder.addRequest(certId);
byte[] nonce = new byte[8];
generator.nextBytes(nonce);
Extension[] extensions = new Extension[] { new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)) };
builder.setRequestExtensions(new Extensions(extensions));
return builder.build();
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
SecureRandom(java.security.SecureRandom)
BigInteger(java.math.BigInteger)
Extensions(org.bouncycastle.asn1.x509.Extensions)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
X509Certificate(java.security.cert.X509Certificate)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Aggregations
OCSPReqBuilder (org.bouncycastle.cert.ocsp.OCSPReqBuilder)25
CertificateID (org.bouncycastle.cert.ocsp.CertificateID)22
Extension (org.bouncycastle.asn1.x509.Extension)14
Extensions (org.bouncycastle.asn1.x509.Extensions)14
DEROctetString (org.bouncycastle.asn1.DEROctetString)13
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)12
IOException (java.io.IOException)11
BigInteger (java.math.BigInteger)11
JcaDigestCalculatorProviderBuilder (org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)9
DigestCalculator (org.bouncycastle.operator.DigestCalculator)8
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)8
CertificateEncodingException (java.security.cert.CertificateEncodingException)7
OCSPException (org.bouncycastle.cert.ocsp.OCSPException)7
DigestCalculatorProvider (org.bouncycastle.operator.DigestCalculatorProvider)7
X509Certificate (java.security.cert.X509Certificate)6
JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)5
OCSPReq (org.bouncycastle.cert.ocsp.OCSPReq)5
SecureRandom (java.security.SecureRandom)3
CertificateException (java.security.cert.CertificateException)3
ArrayList (java.util.ArrayList)3
