List of usage examples for org.bouncycastle.asn1.ocsp BasicOCSPResponse BasicOCSPResponse
private BasicOCSPResponse(ASN1Sequence seq)
From source file:eu.europa.ec.markt.dss.applet.io.RemoteOCSPSource.java
License:Open Source License
@Override public BasicOCSPResp getOCSPResponse(X509Certificate certificate, X509Certificate issuerCertificate) throws IOException { try {/*from w ww .j ava 2 s .c o m*/ OCSPRequestMessage request = new OCSPRequestMessage(); request.setCertificate(certificate.getEncoded()); request.setIssuerCert(issuerCertificate.getEncoded()); OCSPResponseMessage response = sendAndReceive(request); if (response.getOcspResponse() == null) { return null; } else { ASN1InputStream input = new ASN1InputStream(response.getOcspResponse()); ASN1Sequence sequence = (ASN1Sequence) input.readObject().toASN1Object(); return new BasicOCSPResp(new BasicOCSPResponse(sequence)); } } catch (CertificateEncodingException e) { throw new IOException(e); } }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileXL.java
License:Open Source License
private Hashtable<ASN1ObjectIdentifier, ASN1Encodable> extendUnsignedAttributes( Hashtable<ASN1ObjectIdentifier, ASN1Encodable> unsignedAttrs, X509Certificate signingCertificate, Date signingDate, CertificateSource optionalCertificateSource) throws IOException { ValidationContext validationContext = certificateVerifier.validateCertificate(signingCertificate, signingDate, optionalCertificateSource, null, null); try {/* w ww . j a v a 2s . c om*/ List<X509CertificateStructure> certificateValues = new ArrayList<X509CertificateStructure>(); ArrayList<CertificateList> crlValues = new ArrayList<CertificateList>(); ArrayList<BasicOCSPResponse> ocspValues = new ArrayList<BasicOCSPResponse>(); /* * The ETSI TS 101 733 stipulates (6.2.1): "It references the full set of CA certificates that have been * used to validate an ES with Complete validation data up to (but not including) the signer's certificate. * [...] NOTE 1: The signer's certificate is referenced in the signing certificate attribute (see clause * 5.7.3)." (6.2.1) * * "The second and subsequent CrlOcspRef fields shall be in the same order as the OtherCertID to which they * relate." (6.2.2) * * Also, no mention of the way to order those second and subsequent fields, so we add the certificates as * provided by the context. */ /* The SignedCertificate is in validationContext.getCertificate() */ for (CertificateAndContext c : validationContext.getNeededCertificates()) { /* * Add every certificate except the signing certificate */ if (!c.equals(signingCertificate)) { certificateValues.add(new X509CertificateStructure( (ASN1Sequence) ASN1Object.fromByteArray(c.getCertificate().getEncoded()))); } } /* * Record each CRL and OCSP with a reference to the corresponding certificate */ for (CRL relatedcrl : validationContext.getNeededCRL()) { crlValues.add(new CertificateList( (ASN1Sequence) ASN1Object.fromByteArray(((X509CRL) relatedcrl).getEncoded()))); } for (BasicOCSPResp relatedocspresp : validationContext.getNeededOCSPResp()) { ocspValues.add((new BasicOCSPResponse( (ASN1Sequence) ASN1Object.fromByteArray(relatedocspresp.getEncoded())))); } CertificateList[] crlValuesArray = new CertificateList[crlValues.size()]; BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspValues.size()]; RevocationValues revocationValues = new RevocationValues(crlValues.toArray(crlValuesArray), ocspValues.toArray(ocspValuesArray), null); unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_revocationValues, new Attribute(PKCSObjectIdentifiers.id_aa_ets_revocationValues, new DERSet(revocationValues))); X509CertificateStructure[] certValuesArray = new X509CertificateStructure[certificateValues.size()]; unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_certValues, new Attribute(PKCSObjectIdentifiers.id_aa_ets_certValues, new DERSet(new DERSequence(certificateValues.toArray(certValuesArray))))); } catch (CertificateEncodingException e) { throw new RuntimeException(e); } catch (CRLException e) { throw new RuntimeException(e); } return unsignedAttrs; }