Example 16 with SingleResp
use of org.bouncycastle.cert.ocsp.SingleResp in project jruby-openssl by jruby.
the class OCSPBasicResponse method checkCertIds.
private CertificateID checkCertIds(List<SingleResp> singleResponses) {
ArrayList<SingleResp> ary = new ArrayList<SingleResp>(singleResponses);
CertificateID cid = ary.remove(0).getCertID();
for (SingleResp singleResp : ary) {
if (!cid.equals(singleResp.getCertID()))
return null;
}
return cid;
}
Also used :
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
ArrayList(java.util.ArrayList)
SingleResp(org.bouncycastle.cert.ocsp.SingleResp)
Example 17 with SingleResp
use of org.bouncycastle.cert.ocsp.SingleResp in project jruby-openssl by jruby.
the class OCSPBasicResponse method sign.
@JRubyMethod(name = "sign", rest = true)
public IRubyObject sign(final ThreadContext context, IRubyObject[] args) {
Ruby runtime = context.getRuntime();
int flag = 0;
IRubyObject additionalCerts = context.nil;
IRubyObject flags = context.nil;
IRubyObject digest = context.nil;
Digest digestInstance = new Digest(runtime, _Digest(runtime));
List<X509CertificateHolder> addlCerts = new ArrayList<X509CertificateHolder>();
switch(Arity.checkArgumentCount(runtime, args, 2, 5)) {
case 3:
additionalCerts = args[2];
break;
case 4:
additionalCerts = args[2];
flags = args[3];
break;
case 5:
additionalCerts = args[2];
flags = args[3];
digest = args[4];
break;
default:
break;
}
if (digest.isNil())
digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") });
if (!flags.isNil())
flag = RubyFixnum.fix2int(flags);
if (additionalCerts.isNil())
flag |= RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS));
X509Cert signer = (X509Cert) args[0];
PKey signerKey = (PKey) args[1];
String keyAlg = signerKey.getAlgorithm();
String digAlg = ((Digest) digest).getShortAlgorithm();
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(digAlg + "with" + keyAlg);
signerBuilder.setProvider("BC");
ContentSigner contentSigner = null;
try {
contentSigner = signerBuilder.build(signerKey.getPrivateKey());
} catch (OperatorCreationException e) {
throw newOCSPError(runtime, e);
}
BasicOCSPRespBuilder respBuilder = null;
try {
if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_RESPID_KEY))) != 0) {
JcaDigestCalculatorProviderBuilder dcpb = new JcaDigestCalculatorProviderBuilder();
dcpb.setProvider("BC");
DigestCalculatorProvider dcp = dcpb.build();
DigestCalculator calculator = dcp.get(contentSigner.getAlgorithmIdentifier());
respBuilder = new BasicOCSPRespBuilder(SubjectPublicKeyInfo.getInstance(signerKey.getPublicKey().getEncoded()), calculator);
} else {
respBuilder = new BasicOCSPRespBuilder(new RespID(signer.getSubject().getX500Name()));
}
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
X509CertificateHolder[] chain = null;
try {
if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS))) == 0) {
addlCerts.add(new X509CertificateHolder(signer.getAuxCert().getEncoded()));
if (!additionalCerts.isNil()) {
Iterator<java.security.cert.Certificate> rubyAddlCerts = ((RubyArray) additionalCerts).iterator();
while (rubyAddlCerts.hasNext()) {
java.security.cert.Certificate cert = rubyAddlCerts.next();
addlCerts.add(new X509CertificateHolder(cert.getEncoded()));
}
}
chain = addlCerts.toArray(new X509CertificateHolder[addlCerts.size()]);
}
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
Date producedAt = null;
if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOTIME))) == 0) {
producedAt = new Date();
}
for (OCSPSingleResponse resp : singleResponses) {
SingleResp singleResp = new SingleResp(resp.getBCSingleResp());
respBuilder.addResponse(singleResp.getCertID(), singleResp.getCertStatus(), singleResp.getThisUpdate(), singleResp.getNextUpdate(), resp.getBCSingleResp().getSingleExtensions());
}
try {
Extension[] respExtAry = new Extension[extensions.size()];
Extensions respExtensions = new Extensions(extensions.toArray(respExtAry));
BasicOCSPResp bcBasicOCSPResp = respBuilder.setResponseExtensions(respExtensions).build(contentSigner, chain, producedAt);
asn1BCBasicOCSPResp = BasicOCSPResponse.getInstance(bcBasicOCSPResp.getEncoded());
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
return this;
}
Also used :
RubyArray(org.jruby.RubyArray)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ArrayList(java.util.ArrayList)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
RubyString(org.jruby.RubyString)
IRubyObject(org.jruby.runtime.builtin.IRubyObject)
Extensions(org.bouncycastle.asn1.x509.Extensions)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
Ruby(org.jruby.Ruby)
SingleResp(org.bouncycastle.cert.ocsp.SingleResp)
Digest._Digest(org.jruby.ext.openssl.Digest._Digest)
MessageDigest(java.security.MessageDigest)
ContentSigner(org.bouncycastle.operator.ContentSigner)
RubyFixnum(org.jruby.RubyFixnum)
RaiseException(org.jruby.exceptions.RaiseException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertificateParsingException(java.security.cert.CertificateParsingException)
IOException(java.io.IOException)
Date(java.util.Date)
Extension(org.bouncycastle.asn1.x509.Extension)
BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder)
DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
RespID(org.bouncycastle.cert.ocsp.RespID)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
JRubyMethod(org.jruby.anno.JRubyMethod)
Aggregations
SingleResp (org.bouncycastle.cert.ocsp.SingleResp)17
BasicOCSPResp (org.bouncycastle.cert.ocsp.BasicOCSPResp)14
CertificateID (org.bouncycastle.cert.ocsp.CertificateID)12
X509Certificate (java.security.cert.X509Certificate)9
OCSPException (org.bouncycastle.cert.ocsp.OCSPException)9
IOException (java.io.IOException)8
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)8
OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)8
BigInteger (java.math.BigInteger)7
OCSPReq (org.bouncycastle.cert.ocsp.OCSPReq)7
RevokedStatus (org.bouncycastle.cert.ocsp.RevokedStatus)7
JcaDigestCalculatorProviderBuilder (org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)7
Extension (org.bouncycastle.asn1.x509.Extension)6
Date (java.util.Date)5
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)5
CertificateEncodingException (java.security.cert.CertificateEncodingException)4
ArrayList (java.util.ArrayList)4
DigestCalculator (org.bouncycastle.operator.DigestCalculator)4
DigestCalculatorProvider (org.bouncycastle.operator.DigestCalculatorProvider)4
InputStream (java.io.InputStream)3
