Examples with OcspRequestorException org.xipki.ocsp.client.OcspRequestorException used on opensource projects

Example 1 with OcspRequestorException

use of org.xipki.ocsp.client.OcspRequestorException in project xipki by xipki.

the class OcspBenchRequestor method ask.

public void ask(BigInteger[] serialNumbers) throws OcspRequestorException, HttpClientException {
    byte[] ocspReq = buildRequest(serialNumbers);
    int size = ocspReq.length;
    FullHttpRequest request;
    if (size <= MAX_LEN_GET && requestOptions.isUseHttpGetForRequest()) {
        String b64Request = Base64.encodeToString(ocspReq);
        String urlEncodedReq;
        try {
            urlEncodedReq = URLEncoder.encode(b64Request, "UTF-8");
        } catch (UnsupportedEncodingException ex) {
            throw new OcspRequestorException(ex.getMessage());
        }
        String newRawpath = StringUtil.concat(responderRawPathGet, urlEncodedReq);
        request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, newRawpath);
    } else {
        ByteBuf content = Unpooled.wrappedBuffer(ocspReq);
        request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.POST, responderRawPathPost, content);
        request.headers().addInt("Content-Length", content.readableBytes());
    }
    request.headers().add("Content-Type", "application/ocsp-request");
    httpClient.send(request);
}

Example 2 with OcspRequestorException

use of org.xipki.ocsp.client.OcspRequestorException in project xipki by xipki.

the class OcspBenchRequestor method init.

public void init(ResponseHandler responseHandler, String responderUrl, X509Cert issuerCert, RequestOptions requestOptions, int queueSize) throws OcspRequestorException, IOException, URISyntaxException {
    notNull(issuerCert, "issuerCert");
    notNull(responseHandler, "responseHandler");
    this.requestOptions = notNull(requestOptions, "requestOptions");
    this.issuerhashAlg = requestOptions.getHashAlgorithm();
    this.issuerNameHash = new DEROctetString(issuerhashAlg.hash(issuerCert.getSubject().getEncoded()));
    this.issuerKeyHash = new DEROctetString(issuerhashAlg.hash(issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getOctets()));
    List<SignAlgo> prefSigAlgs = requestOptions.getPreferredSignatureAlgorithms();
    if (prefSigAlgs == null || prefSigAlgs.size() == 0) {
        this.extensions = null;
    } else {
        ASN1EncodableVector vec = new ASN1EncodableVector();
        for (SignAlgo algId : prefSigAlgs) {
            ASN1Sequence prefSigAlgObj = new DERSequence(algId.getAlgorithmIdentifier());
            vec.add(prefSigAlgObj);
        }
        ASN1Sequence extnValue = new DERSequence(vec);
        Extension extn;
        try {
            extn = new Extension(ObjectIdentifiers.Extn.id_pkix_ocsp_prefSigAlgs, false, new DEROctetString(extnValue));
        } catch (IOException ex) {
            throw new OcspRequestorException(ex.getMessage(), ex);
        }
        this.extensions = new Extension[] { extn };
    }
    URI uri = new URI(responderUrl);
    this.responderRawPathPost = uri.getRawPath();
    if (this.responderRawPathPost.endsWith("/")) {
        this.responderRawPathGet = this.responderRawPathPost;
    } else {
        this.responderRawPathGet = this.responderRawPathPost + "/";
    }
    int port = uri.getPort();
    if (port == -1) {
        final String scheme = uri.getScheme();
        if ("http".equalsIgnoreCase(scheme)) {
            port = 80;
        } else if ("https".equalsIgnoreCase(scheme)) {
            port = 443;
        } else {
            throw new OcspRequestorException("unknown scheme " + scheme);
        }
    }
    this.httpClient = new BenchmarkHttpClient(uri.getHost(), port, null, responseHandler, queueSize);
    this.httpClient.start();
}

Example 3 with OcspRequestorException

use of org.xipki.ocsp.client.OcspRequestorException in project xipki by xipki.

the class OcspBenchRequestor method buildRequest.

// method ask
private byte[] buildRequest(BigInteger[] serialNumbers) throws OcspRequestorException {
    boolean canCache = (serialNumbers.length == 1) && !requestOptions.isUseNonce();
    if (canCache) {
        byte[] request = requests.get(serialNumbers[0]);
        if (request != null) {
            return request;
        }
    }
    OCSPReqBuilder reqBuilder = new OCSPReqBuilder();
    if (requestOptions.isUseNonce() || extensions != null) {
        List<Extension> extns = new ArrayList<>(2);
        if (requestOptions.isUseNonce()) {
            Extension extn = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nextNonce(requestOptions.getNonceLen())));
            extns.add(extn);
        }
        if (extensions != null) {
            extns.addAll(Arrays.asList(extensions));
        }
        reqBuilder.setRequestExtensions(new Extensions(extns.toArray(extnType)));
    }
    try {
        for (BigInteger serialNumber : serialNumbers) {
            CertID certId = new CertID(issuerhashAlg.getAlgorithmIdentifier(), issuerNameHash, issuerKeyHash, new ASN1Integer(serialNumber));
            reqBuilder.addRequest(new CertificateID(certId));
        }
        byte[] request = reqBuilder.build().getEncoded();
        if (canCache) {
            requests.put(serialNumbers[0], request);
        }
        return request;
    } catch (OCSPException | IOException ex) {
        throw new OcspRequestorException(ex.getMessage(), ex);
    }
}