/** * Generates an OCSP request using BouncyCastle. * @param issuerCert certificate of the issues * @param serialNumber serial number * @return an OCSP request * @throws OCSPException * @throws IOException */ private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException { //Add provider BC Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder(); DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build(); DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1); // Generate the id for the certificate we are looking for CertificateID id = new CertificateID(digestCalculator, new JcaX509CertificateHolder(issuerCert), serialNumber); // basic request generation with nonce OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id); // create details for nonce extension Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[]{ext})); return gen.build(); }
public byte[] getExtensionValue(String oid) { Extensions extensions = cert.getAcinfo().getExtensions(); if (extensions != null) { Extension ext = extensions.getExtension(new ASN1ObjectIdentifier(oid)); if (ext != null) { try { return ext.getExtnValue().getEncoded(ASN1Encoding.DER); } catch (Exception e) { throw new RuntimeException("error encoding " + e.toString()); } } } return null; }
private Set getExtensionOIDs( boolean critical) { Extensions extensions = cert.getAcinfo().getExtensions(); if (extensions != null) { Set set = new HashSet(); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); Extension ext = extensions.getExtension(oid); if (ext.isCritical() == critical) { set.add(oid.getId()); } } return set; } return null; }
public byte[] getExtensionValue(String oid) { Extensions exts = c.getTBSCertificate().getExtensions(); if (exts != null) { Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); if (ext != null) { try { return ext.getExtnValue().getEncoded(); } catch (Exception e) { throw new IllegalStateException("error parsing " + e.toString()); } } } return null; }
public byte[] getExtensionValue(String oid) { Extensions exts = c.getTBSCertList().getExtensions(); if (exts != null) { Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); if (ext != null) { try { return ext.getExtnValue().getEncoded(); } catch (Exception e) { throw new IllegalStateException("error parsing " + e.toString()); } } } return null; }
private Set getExtensionOIDs(boolean critical) { Extensions extensions = c.getExtensions(); if (extensions != null) { Set set = new HashSet(); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); Extension ext = extensions.getExtension(oid); if (critical == ext.isCritical()) { set.add(oid.getId()); } } return set; } return null; }
static void validateKeyUsage(org.bouncycastle.asn1.x509.Certificate c, int keyUsageBits) throws IOException { Extensions exts = c.getTBSCertificate().getExtensions(); if (exts != null) { KeyUsage ku = KeyUsage.fromExtensions(exts); if (ku != null) { int bits = ku.getBytes()[0] & 0xff; if ((bits & keyUsageBits) != keyUsageBits) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } } } }
public TSTInfo(ASN1ObjectIdentifier tsaPolicyId, MessageImprint messageImprint, ASN1Integer serialNumber, ASN1GeneralizedTime genTime, Accuracy accuracy, ASN1Boolean ordering, ASN1Integer nonce, GeneralName tsa, Extensions extensions) { version = new ASN1Integer(1); this.tsaPolicyId = tsaPolicyId; this.messageImprint = messageImprint; this.serialNumber = serialNumber; this.genTime = genTime; this.accuracy = accuracy; this.ordering = ordering; this.nonce = nonce; this.tsa = tsa; this.extensions = extensions; }
public TimeStampReq( MessageImprint messageImprint, ASN1ObjectIdentifier tsaPolicy, ASN1Integer nonce, ASN1Boolean certReq, Extensions extensions) { // default version = new ASN1Integer(1); this.messageImprint = messageImprint; this.tsaPolicy = tsaPolicy; this.nonce = nonce; this.certReq = certReq; this.extensions = extensions; }
public byte[] getExtensionValue(String oid) { Extensions exts = req.getExtensions(); if (exts != null) { Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); if (ext != null) { try { return ext.getExtnValue().getEncoded(); } catch (Exception e) { throw new RuntimeException("error encoding " + e.toString()); } } } return null; }
/** * Extract extensions from CSR object */ public static Extensions getExtensionsFromCSR(JcaPKCS10CertificationRequest csr) { Attribute[] attributess = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributess) { ASN1Set attValue = attribute.getAttrValues(); if (attValue != null) { ASN1Encodable extension = attValue.getObjectAt(0); if (extension instanceof Extensions) { return (Extensions) extension; } else if (extension instanceof DERSequence) { return Extensions.getInstance(extension); } } } return null; }
public static List<String> extractX509CSRIPAddresses(PKCS10CertificationRequest certReq) { List<String> ipAddresses = new ArrayList<>(); Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.iPAddress) { try { InetAddress addr = InetAddress.getByAddress(((DEROctetString) name.getName()).getOctets()); ipAddresses.add(addr.getHostAddress()); } catch (UnknownHostException e) { } } } } } return ipAddresses; }
static Set getCriticalExtensionOIDs(Extensions extensions) { if (extensions == null) { return EMPTY_SET; } return Collections.unmodifiableSet(new HashSet(Arrays.asList(extensions.getCriticalExtensionOIDs()))); }
static Set getNonCriticalExtensionOIDs(Extensions extensions) { if (extensions == null) { return EMPTY_SET; } // TODO: should probably produce a set that imposes correct ordering return Collections.unmodifiableSet(new HashSet(Arrays.asList(extensions.getNonCriticalExtensionOIDs()))); }
static List getExtensionOIDs(Extensions extensions) { if (extensions == null) { return EMPTY_LIST; } return Collections.unmodifiableList(Arrays.asList(extensions.getExtensionOIDs())); }
private static boolean isIndirectCRL(Extensions extensions) { if (extensions == null) { return false; } Extension ext = extensions.getExtension(Extension.issuingDistributionPoint); return ext != null && IssuingDistributionPoint.getInstance(ext.getParsedValue()).isIndirectCRL(); }
/** * Look up the extension associated with the passed in OID. * * @param oid the OID of the extension of interest. * * @return the extension if present, null otherwise. */ public Extension getExtension(ASN1ObjectIdentifier oid) { Extensions extensions = entry.getExtensions(); if (extensions != null) { return extensions.getExtension(oid); } return null; }
public BasicOCSPResp( BasicOCSPResponse resp) { this.resp = resp; this.data = resp.getTbsResponseData(); this.extensions = Extensions.getInstance(resp.getTbsResponseData().getResponseExtensions()); }
public RequestObject( CertificateID certId, Extensions extensions) { this.certId = certId; this.extensions = extensions; }
/** * Add a request with extensions * * @param certId certificate ID of interest * @param singleRequestExtensions the extensions to attach to the request */ public OCSPReqBuilder addRequest( CertificateID certId, Extensions singleRequestExtensions) { list.add(new RequestObject(certId, singleRequestExtensions)); return this; }
public OCSPReqBuilder setRequestExtensions( Extensions requestExtensions) { this.requestExtensions = requestExtensions; return this; }
/** * Add a response for a particular Certificate ID. * * @param certID certificate ID details * @param certStatus status of the certificate - null if okay * @param singleExtensions optional extensions */ public BasicOCSPRespBuilder addResponse( CertificateID certID, CertificateStatus certStatus, Extensions singleExtensions) { list.add(new ResponseObject(certID, certStatus, new Date(), null, singleExtensions)); return this; }
/** * Add a response for a particular Certificate ID. * * @param certID certificate ID details * @param nextUpdate date when next update should be requested * @param certStatus status of the certificate - null if okay * @param singleExtensions optional extensions */ public BasicOCSPRespBuilder addResponse( CertificateID certID, CertificateStatus certStatus, Date nextUpdate, Extensions singleExtensions) { list.add(new ResponseObject(certID, certStatus, new Date(), nextUpdate, singleExtensions)); return this; }
/** * Add a response for a particular Certificate ID. * * @param certID certificate ID details * @param thisUpdate date this response was valid on * @param nextUpdate date when next update should be requested * @param certStatus status of the certificate - null if okay * @param singleExtensions optional extensions */ public BasicOCSPRespBuilder addResponse( CertificateID certID, CertificateStatus certStatus, Date thisUpdate, Date nextUpdate, Extensions singleExtensions) { list.add(new ResponseObject(certID, certStatus, thisUpdate, nextUpdate, singleExtensions)); return this; }
/** * Set the extensions for the response. * * @param responseExtensions the extension object to carry. */ public BasicOCSPRespBuilder setResponseExtensions( Extensions responseExtensions) { this.responseExtensions = responseExtensions; return this; }
