List of usage examples for org.bouncycastle.asn1.ocsp OCSPRequest OCSPRequest
public OCSPRequest(TBSRequest tbsRequest, Signature optionalSignature)
From source file:support.revocation.OCSP.java
License:Apache License
/** * @return an OCSP request for the given certificate that was issued by * the issuer which the given issuer certificate is issued for * @param certificate//w ww . j ava 2 s . c om * @param issuerCertificate * @throws IOException * @throws GeneralSecurityException */ private static OCSPRequest generateOCSPRequest(X509Certificate certificate, X509Certificate issuerCertificate) throws IOException, GeneralSecurityException { MessageDigest digest = MessageDigest.getInstance("SHA1"); AlgorithmIdentifier digestAlgorithm = new AlgorithmIdentifier( new ASN1ObjectIdentifier(OIWObjectIdentifiers.idSHA1.getId())); if (!issuerCertificate.getSubjectX500Principal().equals(certificate.getIssuerX500Principal())) throw new CertificateException("Issuing cerrtificate and issued certificate mismatch"); // issuer hash digest.update(issuerCertificate.getSubjectX500Principal().getEncoded()); ASN1OctetString issuerNameHash = new DEROctetString(digest.digest()); // issuer public key hash SubjectPublicKeyInfo publicKey = SubjectPublicKeyInfo .getInstance(parseASN1(issuerCertificate.getPublicKey().getEncoded())); digest.update(publicKey.getPublicKeyData().getBytes()); ASN1OctetString issuerKeyHash = new DEROctetString(digest.digest()); // certificate serial number ASN1Integer serialNumber = new ASN1Integer(certificate.getSerialNumber()); // OCSP request CertID certID = new CertID(digestAlgorithm, issuerNameHash, issuerKeyHash, serialNumber); ASN1Sequence requestList = new DERSequence(new Request(certID, null)); TBSRequest request = new TBSRequest(null, requestList, (Extensions) null); return new OCSPRequest(request, null); }