List of usage examples for org.bouncycastle.asn1.ocsp CertID CertID
public CertID(AlgorithmIdentifier hashAlgorithm, ASN1OctetString issuerNameHash, ASN1OctetString issuerKeyHash,
ASN1Integer serialNumber)
From source file:ee.sk.digidoc.factory.BouncyCastleNotaryFactory.java
License:Open Source License
/** * Method for creating CertificateID for OCSP request * @param signersCert//from www . ja v a 2s. c o m * @param caCert * @param provider * @return * @throws NoSuchAlgorithmException * @throws NoSuchProviderException * @throws CertificateEncodingException */ private CertificateID creatCertReq(X509Certificate signersCert, X509Certificate caCert) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException, DigiDocException { // TODO: checks this OID !!! MessageDigest digest = MessageDigest.getInstance("1.3.14.3.2.26", "BC"); if (m_logger.isDebugEnabled()) m_logger.debug("CA cert: " + ((caCert != null) ? caCert.toString() : "NULL")); X509Principal issuerName = PrincipalUtil.getSubjectX509Principal(caCert); if (m_logger.isDebugEnabled()) m_logger.debug("CA issuer: " + ((issuerName != null) ? issuerName.getName() : "NULL")); //Issuer name hash digest.update(issuerName.getEncoded()); ASN1OctetString issuerNameHash = new BERConstructedOctetString(digest.digest()); //Issuer key hash will be readed out from X509extendions // 4 first bytes are not useful for me, oid 2.5.29.15 contains keyid byte[] arr = caCert.getExtensionValue("2.5.29.14"); if (m_logger.isDebugEnabled()) m_logger.debug("Issuer key hash: " + ((arr != null) ? arr.length : 0)); if (arr == null || arr.length == 0) throw new DigiDocException(DigiDocException.ERR_CA_CERT_READ, "CA certificate has no SubjectKeyIdentifier extension!", null); byte[] arr2 = new byte[arr.length - 4]; System.arraycopy(arr, 4, arr2, 0, arr2.length); ASN1OctetString issuerKeyHash = new BERConstructedOctetString(arr2); CertID cerid = new CertID(new AlgorithmIdentifier("1.3.14.3.2.26"), issuerNameHash, issuerKeyHash, new DERInteger(signersCert.getSerialNumber())); return new CertificateID(cerid); }
From source file:support.revocation.OCSP.java
License:Apache License
/** * @return an OCSP request for the given certificate that was issued by * the issuer which the given issuer certificate is issued for * @param certificate// w ww . j av a 2 s . c om * @param issuerCertificate * @throws IOException * @throws GeneralSecurityException */ private static OCSPRequest generateOCSPRequest(X509Certificate certificate, X509Certificate issuerCertificate) throws IOException, GeneralSecurityException { MessageDigest digest = MessageDigest.getInstance("SHA1"); AlgorithmIdentifier digestAlgorithm = new AlgorithmIdentifier( new ASN1ObjectIdentifier(OIWObjectIdentifiers.idSHA1.getId())); if (!issuerCertificate.getSubjectX500Principal().equals(certificate.getIssuerX500Principal())) throw new CertificateException("Issuing cerrtificate and issued certificate mismatch"); // issuer hash digest.update(issuerCertificate.getSubjectX500Principal().getEncoded()); ASN1OctetString issuerNameHash = new DEROctetString(digest.digest()); // issuer public key hash SubjectPublicKeyInfo publicKey = SubjectPublicKeyInfo .getInstance(parseASN1(issuerCertificate.getPublicKey().getEncoded())); digest.update(publicKey.getPublicKeyData().getBytes()); ASN1OctetString issuerKeyHash = new DEROctetString(digest.digest()); // certificate serial number ASN1Integer serialNumber = new ASN1Integer(certificate.getSerialNumber()); // OCSP request CertID certID = new CertID(digestAlgorithm, issuerNameHash, issuerKeyHash, serialNumber); ASN1Sequence requestList = new DERSequence(new Request(certID, null)); TBSRequest request = new TBSRequest(null, requestList, (Extensions) null); return new OCSPRequest(request, null); }