List of usage examples for org.bouncycastle.cert.ocsp BasicOCSPResp BasicOCSPResp
public BasicOCSPResp(BasicOCSPResponse resp)
From source file:com.itextpdf.signatures.PdfPKCS7.java
License:Open Source License
/** * Helper method that creates the BasicOCSPResp object. * * @param seq/*w ww .j a v a2 s . co m*/ * @throws IOException */ private void findOcsp(ASN1Sequence seq) throws IOException { basicResp = (BasicOCSPResp) null; boolean ret = false; while (true) { if (seq.getObjectAt(0) instanceof ASN1ObjectIdentifier && ((ASN1ObjectIdentifier) seq.getObjectAt(0)) .getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) { break; } ret = true; for (int k = 0; k < seq.size(); ++k) { if (seq.getObjectAt(k) instanceof ASN1Sequence) { seq = (ASN1Sequence) seq.getObjectAt(0); ret = false; break; } if (seq.getObjectAt(k) instanceof ASN1TaggedObject) { ASN1TaggedObject tag = (ASN1TaggedObject) seq.getObjectAt(k); if (tag.getObject() instanceof ASN1Sequence) { seq = (ASN1Sequence) tag.getObject(); ret = false; break; } else return; } } if (ret) return; } ASN1OctetString os = (ASN1OctetString) seq.getObjectAt(1); ASN1InputStream inp = new ASN1InputStream(os.getOctets()); BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject()); basicResp = new BasicOCSPResp(resp); }
From source file:com.itextpdf.text.pdf.security.PdfPKCS7.java
License:Open Source License
/** * Helper method that creates the BasicOCSPResp object. * @param seq/* w w w . j ava 2 s . c o m*/ * @throws IOException */ private void findOcsp(ASN1Sequence seq) throws IOException { basicResp = null; boolean ret = false; while (true) { if (seq.getObjectAt(0) instanceof ASN1ObjectIdentifier && ((ASN1ObjectIdentifier) seq.getObjectAt(0)) .getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) { break; } ret = true; for (int k = 0; k < seq.size(); ++k) { if (seq.getObjectAt(k) instanceof ASN1Sequence) { seq = (ASN1Sequence) seq.getObjectAt(0); ret = false; break; } if (seq.getObjectAt(k) instanceof ASN1TaggedObject) { ASN1TaggedObject tag = (ASN1TaggedObject) seq.getObjectAt(k); if (tag.getObject() instanceof ASN1Sequence) { seq = (ASN1Sequence) tag.getObject(); ret = false; break; } else return; } } if (ret) return; } ASN1OctetString os = (ASN1OctetString) seq.getObjectAt(1); ASN1InputStream inp = new ASN1InputStream(os.getOctets()); BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject()); basicResp = new BasicOCSPResp(resp); }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESOCSPSource.java
License:Open Source License
@Override public List<BasicOCSPResp> getContainedOCSPResponses() { final List<BasicOCSPResp> list = new ArrayList<BasicOCSPResp>(); // Add OCSPs from SignedData {/*from w ww . j a v a2 s. co m*/ final Store otherRevocationInfo = cmsSignedData .getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic); final Collection otherRevocationInfoMatches = otherRevocationInfo.getMatches(null); final ASN1Encodable[] matches = (ASN1Encodable[]) otherRevocationInfoMatches .toArray(new ASN1Encodable[otherRevocationInfoMatches.size()]); for (final ASN1Encodable asn1Encodable : matches) { final BasicOCSPResponse basicOcspResponse = BasicOCSPResponse.getInstance(asn1Encodable); final BasicOCSPResp basicOCSPResp = new BasicOCSPResp(basicOcspResponse); list.add(basicOCSPResp); } } { final Store otherRevocationInfo = cmsSignedData .getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response); final Collection otherRevocationInfoMatches = otherRevocationInfo.getMatches(null); final ASN1Encodable[] matches = (ASN1Encodable[]) otherRevocationInfoMatches .toArray(new ASN1Encodable[otherRevocationInfoMatches.size()]); for (final ASN1Encodable asn1Encodable : matches) { final OCSPResponse ocspResponse = OCSPResponse.getInstance(asn1Encodable); final OCSPResp ocspResp = new OCSPResp(ocspResponse); try { final Object responseObject = ocspResp.getResponseObject(); if (responseObject instanceof BasicOCSPResp) { BasicOCSPResp basicOCSPResp = (BasicOCSPResp) responseObject; list.add(basicOCSPResp); } } catch (OCSPException e) { throw new DSSException(e); } } } // Adds OCSP responses in -XL id_aa_ets_revocationValues inside SignerInfo attribute if present if (signerInformation != null) { final AttributeTable attributes = signerInformation.getUnsignedAttributes(); if (attributes != null) { final Attribute attribute = attributes.get(PKCSObjectIdentifiers.id_aa_ets_revocationValues); /* ETSI TS 101 733 V2.2.1 (2013-04) page 43 6.3.4 revocation-values Attribute Definition This attribute is used to contain the revocation information required for the following forms of extended electronic signature: CAdES-X Long, ES X-Long Type 1, and CAdES-X Long Type 2, see clause B.1.1 for an illustration of this form of electronic signature. The revocation-values attribute is an unsigned attribute. Only a single instance of this attribute shall occur with an electronic signature. It holds the values of CRLs and OCSP referenced in the complete-revocation-references attribute. RevocationValues ::= SEQUENCE { crlVals [0] SEQUENCE OF CertificateList OPTIONAL, ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL, otherRevVals [2] OtherRevVals OPTIONAL} */ if (attribute != null) { final ASN1Set attrValues = attribute.getAttrValues(); final ASN1Encodable attValue = attrValues.getObjectAt(0); final RevocationValues revValues = RevocationValues.getInstance(attValue); for (final BasicOCSPResponse revValue : revValues.getOcspVals()) { final BasicOCSPResp ocspResp = new BasicOCSPResp(revValue); list.add(ocspResp); } /* TODO: should add also OtherRevVals, but: "The syntax and semantics of the other revocation values (OtherRevVals) are outside the scope of the present document. The definition of the syntax of the other form of revocation information is as identified by OtherRevRefType." */ } } } /* TODO (pades): Read revocation data from from unsigned attribute 1.2.840.113583.1.1.8 In the PKCS #7 object of a digital signature in a PDF file, identifies a signed attribute that "can include all the revocation information that is necessary to carry out revocation checks for the signer's certificate and its issuer certificates." Defined as adbe-revocationInfoArchival { adbe(1.2.840.113583) acrobat(1) security(1) 8 } in "PDF Reference, fifth edition: Adobe Portable Document Format, Version 1.6" Adobe Systems Incorporated, 2004. http://partners.adobe.com/public/developer/en/pdf/PDFReference16.pdf page 698 RevocationInfoArchival ::= SEQUENCE { crl [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL ocsp [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL } OtherRevInfo ::= SEQUENCE { Type OBJECT IDENTIFIER Value OCTET STRING } */ // TODO: (Bob: 2013 Dec 03) --> NICOLAS: Is there any other container within the CAdES signature with revocation data? (ie: timestamp) return list; }
From source file:eu.europa.esig.dss.cades.validation.CAdESOCSPSource.java
License:Open Source License
@Override public List<BasicOCSPResp> getContainedOCSPResponses() { final List<BasicOCSPResp> basicOCSPResps = new ArrayList<BasicOCSPResp>(); // Add OCSPs from SignedData addBasicOcspRespFrom_id_pkix_ocsp_basic(basicOCSPResps); addBasicOcspRespFrom_id_ri_ocsp_response(basicOCSPResps); // Adds OCSP responses in -XL id_aa_ets_revocationValues inside SignerInfo attribute if present if (signerInformation != null) { final AttributeTable attributes = signerInformation.getUnsignedAttributes(); if (attributes != null) { final Attribute attribute = attributes.get(PKCSObjectIdentifiers.id_aa_ets_revocationValues); /*/*w ww .j a v a 2 s . co m*/ ETSI TS 101 733 V2.2.1 (2013-04) page 43 6.3.4 revocation-values Attribute Definition This attribute is used to contain the revocation information required for the following forms of extended electronic signature: CAdES-X Long, ES X-Long Type 1, and CAdES-X Long Type 2, see clause B.1.1 for an illustration of this form of electronic signature. The revocation-values attribute is an unsigned attribute. Only a single instance of this attribute shall occur with an electronic signature. It holds the values of CRLs and OCSP referenced in the complete-revocation-references attribute. RevocationValues ::= SEQUENCE { crlVals [0] SEQUENCE OF CertificateList OPTIONAL, ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL, otherRevVals [2] OtherRevVals OPTIONAL} */ if (attribute != null) { final ASN1Set attrValues = attribute.getAttrValues(); final ASN1Encodable attValue = attrValues.getObjectAt(0); final RevocationValues revocationValues = RevocationValues.getInstance(attValue); for (final BasicOCSPResponse basicOCSPResponse : revocationValues.getOcspVals()) { final BasicOCSPResp basicOCSPResp = new BasicOCSPResp(basicOCSPResponse); addBasicOcspResp(basicOCSPResps, basicOCSPResp); } /* TODO: should add also OtherRevVals, but: "The syntax and semantics of the other revocation values (OtherRevVals) are outside the scope of the present document. The definition of the syntax of the other form of revocation information is as identified by OtherRevRefType." */ } } } /* TODO (pades): Read revocation data from from unsigned attribute 1.2.840.113583.1.1.8 In the PKCS #7 object of a digital signature in a PDF file, identifies a signed attribute that "can include all the revocation information that is necessary to carry out revocation checks for the signer's certificate and its issuer certificates." Defined as adbe-revocationInfoArchival { adbe(1.2.840.113583) acrobat(1) security(1) 8 } in "PDF Reference, fifth edition: Adobe Portable Document Format, Version 1.6" Adobe Systems Incorporated, 2004. http://partners.adobe.com/public/developer/en/pdf/PDFReference16.pdf page 698 RevocationInfoArchival ::= SEQUENCE { crl [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL ocsp [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL } OtherRevInfo ::= SEQUENCE { Type OBJECT IDENTIFIER Value OCTET STRING } */ return basicOCSPResps; }
From source file:org.jruby.ext.openssl.OCSPBasicResponse.java
License:Common Public License
private BasicOCSPResp getBasicOCSPResp() { return new BasicOCSPResp(asn1BCBasicOCSPResp); }
From source file:org.jruby.ext.openssl.OCSPResponse.java
License:Common Public License
@JRubyMethod(name = "create", meta = true) public static IRubyObject create(final ThreadContext context, final IRubyObject self, IRubyObject status, IRubyObject basicResponse) {//from w ww . j a v a2 s .c om Ruby runtime = context.runtime; if (basicResponse == null || basicResponse.isNil()) { return create(context, self, status); } else { OCSPResponse ret = new OCSPResponse(runtime); OCSPBasicResponse rubyBasicResp = (OCSPBasicResponse) basicResponse; OCSPRespBuilder builder = new OCSPRespBuilder(); try { OCSPResp tmpResp = builder.build(RubyFixnum.fix2int((RubyFixnum) status), new BasicOCSPResp(rubyBasicResp.getASN1BCOCSPResp())); ret.initialize(context, new IRubyObject[] { RubyString.newString(runtime, tmpResp.getEncoded()) }); } catch (Exception e) { throw newOCSPError(runtime, e); } return ret; } }