Search in sources :

Example 1 with OcspRequestorException

use of org.xipki.ocsp.client.api.OcspRequestorException in project xipki by xipki.

the class OcspBenchRequestor method ask.

public void ask(BigInteger[] serialNumbers) throws OcspRequestorException {
    byte[] ocspReq = buildRequest(serialNumbers);
    int size = ocspReq.length;
    FullHttpRequest request;
    if (size <= MAX_LEN_GET && requestOptions.isUseHttpGetForRequest()) {
        String b64Request = Base64.encodeToString(ocspReq);
        String urlEncodedReq;
        try {
            urlEncodedReq = URLEncoder.encode(b64Request, "UTF-8");
        } catch (UnsupportedEncodingException ex) {
            throw new OcspRequestorException(ex.getMessage());
        }
        String newRawpath = StringUtil.concat(responderRawPathGet, urlEncodedReq);
        request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, newRawpath);
    } else {
        ByteBuf content = Unpooled.wrappedBuffer(ocspReq);
        request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.POST, responderRawPathPost, content);
        request.headers().addInt("Content-Length", content.readableBytes());
    }
    request.headers().add("Content-Type", "application/ocsp-request");
    httpClient.send(request);
}
Also used : OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException) DefaultFullHttpRequest(io.netty.handler.codec.http.DefaultFullHttpRequest) FullHttpRequest(io.netty.handler.codec.http.FullHttpRequest) DefaultFullHttpRequest(io.netty.handler.codec.http.DefaultFullHttpRequest) UnsupportedEncodingException(java.io.UnsupportedEncodingException) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ByteBuf(io.netty.buffer.ByteBuf)

Example 2 with OcspRequestorException

use of org.xipki.ocsp.client.api.OcspRequestorException in project xipki by xipki.

the class OcspBenchRequestor method init.

public void init(OcspBenchmark responseHandler, String responderUrl, Certificate issuerCert, RequestOptions requestOptions, int queueSize) throws Exception {
    ParamUtil.requireNonNull("issuerCert", issuerCert);
    ParamUtil.requireNonNull("responseHandler", responseHandler);
    this.requestOptions = ParamUtil.requireNonNull("requestOptions", requestOptions);
    HashAlgo hashAlgo = HashAlgo.getInstance(requestOptions.getHashAlgorithmId());
    if (hashAlgo == null) {
        throw new OcspRequestorException("unknown HashAlgo " + requestOptions.getHashAlgorithmId().getId());
    }
    this.issuerhashAlg = hashAlgo.getAlgorithmIdentifier();
    this.issuerNameHash = new DEROctetString(hashAlgo.hash(issuerCert.getSubject().getEncoded()));
    this.issuerKeyHash = new DEROctetString(hashAlgo.hash(issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getOctets()));
    List<AlgorithmIdentifier> prefSigAlgs = requestOptions.getPreferredSignatureAlgorithms();
    if (prefSigAlgs == null || prefSigAlgs.size() == 0) {
        this.extensions = null;
    } else {
        ASN1EncodableVector vec = new ASN1EncodableVector();
        for (AlgorithmIdentifier algId : prefSigAlgs) {
            ASN1Sequence prefSigAlgObj = new DERSequence(algId);
            vec.add(prefSigAlgObj);
        }
        ASN1Sequence extnValue = new DERSequence(vec);
        Extension extn;
        try {
            extn = new Extension(ObjectIdentifiers.id_pkix_ocsp_prefSigAlgs, false, new DEROctetString(extnValue));
        } catch (IOException ex) {
            throw new OcspRequestorException(ex.getMessage(), ex);
        }
        this.extensions = new Extension[] { extn };
    }
    URI uri = new URI(responderUrl);
    this.responderRawPathPost = uri.getRawPath();
    if (this.responderRawPathPost.endsWith("/")) {
        this.responderRawPathGet = this.responderRawPathPost;
    } else {
        this.responderRawPathGet = this.responderRawPathPost + "/";
    }
    this.httpClient = new HttpClient(responderUrl, responseHandler, queueSize);
    this.httpClient.start();
}
Also used : OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException) Extension(org.bouncycastle.asn1.x509.Extension) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) HashAlgo(org.xipki.security.HashAlgo) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) IOException(java.io.IOException) URI(java.net.URI) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 3 with OcspRequestorException

use of org.xipki.ocsp.client.api.OcspRequestorException in project xipki by xipki.

the class HttpClient method send.

public void send(FullHttpRequest request) throws OcspRequestorException {
    if (!channel.isActive()) {
        throw new OcspRequestorException("channel is not active");
    }
    try {
        latch.await(5, TimeUnit.SECONDS);
    } catch (InterruptedException ex) {
        throw new OcspRequestorException("sending poll is full");
    }
    incrementPendingRequests();
    ChannelFuture future = this.channel.writeAndFlush(request);
    future.awaitUninterruptibly();
}
Also used : OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException) ChannelFuture(io.netty.channel.ChannelFuture)

Example 4 with OcspRequestorException

use of org.xipki.ocsp.client.api.OcspRequestorException in project xipki by xipki.

the class AbstractOcspRequestor method ask.

@Override
public OCSPResp ask(X509Certificate issuerCert, X509Certificate cert, URL responderUrl, RequestOptions requestOptions, RequestResponseDebug debug) throws OcspResponseException, OcspRequestorException {
    ParamUtil.requireNonNull("issuerCert", issuerCert);
    ParamUtil.requireNonNull("cert", cert);
    try {
        if (!X509Util.issues(issuerCert, cert)) {
            throw new IllegalArgumentException("cert and issuerCert do not match");
        }
    } catch (CertificateEncodingException ex) {
        throw new OcspRequestorException(ex.getMessage(), ex);
    }
    return ask(issuerCert, new BigInteger[] { cert.getSerialNumber() }, responderUrl, requestOptions, debug);
}
Also used : OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 5 with OcspRequestorException

use of org.xipki.ocsp.client.api.OcspRequestorException in project xipki by xipki.

the class AbstractOcspRequestor method ask.

@Override
public OCSPResp ask(X509Certificate issuerCert, X509Certificate[] certs, URL responderUrl, RequestOptions requestOptions, RequestResponseDebug debug) throws OcspResponseException, OcspRequestorException {
    ParamUtil.requireNonNull("issuerCert", issuerCert);
    ParamUtil.requireNonNull("certs", certs);
    ParamUtil.requireMin("certs.length", certs.length, 1);
    BigInteger[] serialNumbers = new BigInteger[certs.length];
    for (int i = 0; i < certs.length; i++) {
        X509Certificate cert = certs[i];
        try {
            if (!X509Util.issues(issuerCert, cert)) {
                throw new IllegalArgumentException("cert at index " + i + " and issuerCert do not match");
            }
        } catch (CertificateEncodingException ex) {
            throw new OcspRequestorException(ex.getMessage(), ex);
        }
        serialNumbers[i] = cert.getSerialNumber();
    }
    return ask(issuerCert, serialNumbers, responderUrl, requestOptions, debug);
}
Also used : OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException) BigInteger(java.math.BigInteger) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509Certificate(java.security.cert.X509Certificate)

Aggregations

OcspRequestorException (org.xipki.ocsp.client.api.OcspRequestorException)8 DEROctetString (org.bouncycastle.asn1.DEROctetString)5 IOException (java.io.IOException)4 BigInteger (java.math.BigInteger)4 Extension (org.bouncycastle.asn1.x509.Extension)4 CertificateEncodingException (java.security.cert.CertificateEncodingException)3 CertID (org.bouncycastle.asn1.ocsp.CertID)3 OCSPException (org.bouncycastle.cert.ocsp.OCSPException)3 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)2 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)2 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)2 DERSequence (org.bouncycastle.asn1.DERSequence)2 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)2 Extensions (org.bouncycastle.asn1.x509.Extensions)2 CertificateID (org.bouncycastle.cert.ocsp.CertificateID)2 InvalidOcspResponseException (org.xipki.ocsp.client.api.InvalidOcspResponseException)2 OcspNonceUnmatchedException (org.xipki.ocsp.client.api.OcspNonceUnmatchedException)2 OcspTargetUnmatchedException (org.xipki.ocsp.client.api.OcspTargetUnmatchedException)2