List of usage examples for org.bouncycastle.cert.ocsp BasicOCSPResp getEncoded
public byte[] getEncoded() throws IOException
From source file:com.itextpdf.signatures.OcspClientBouncyCastle.java
License:Open Source License
/** * Gets an encoded byte array with OCSP validation. The method should not throw an exception. * * @param checkCert to certificate to check * @param rootCert the parent certificate * @param url to get the verification. It it's null it will be taken * from the check cert or from other implementation specific source * @return a byte array with the validation or null if the validation could not be obtained *//* w w w .ja va 2 s . c om*/ public byte[] getEncoded(X509Certificate checkCert, X509Certificate rootCert, String url) { try { BasicOCSPResp basicResponse = getBasicOCSPResp(checkCert, rootCert, url); if (basicResponse != null) { SingleResp[] responses = basicResponse.getResponses(); if (responses.length == 1) { SingleResp resp = responses[0]; Object status = resp.getCertStatus(); if (status == CertificateStatus.GOOD) { return basicResponse.getEncoded(); } else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) { throw new java.io.IOException(LogMessageConstant.OCSP_STATUS_IS_REVOKED); } else { throw new java.io.IOException(LogMessageConstant.OCSP_STATUS_IS_UNKNOWN); } } } } catch (Exception ex) { LOGGER.error(ex.getMessage()); } return null; }
From source file:com.itextpdf.text.pdf.security.OcspClientBouncyCastle.java
License:Open Source License
/** * Gets an encoded byte array with OCSP validation. The method should not throw an exception. * @param checkCert to certificate to check * @param rootCert the parent certificate * @param the url to get the verification. It it's null it will be taken * from the check cert or from other implementation specific source * @return a byte array with the validation or null if the validation could not be obtained */// w ww .j a v a 2s .c o m public byte[] getEncoded(X509Certificate checkCert, X509Certificate rootCert, String url) { try { BasicOCSPResp basicResponse = getBasicOCSPResp(checkCert, rootCert, url); if (basicResponse != null) { SingleResp[] responses = basicResponse.getResponses(); if (responses.length == 1) { SingleResp resp = responses[0]; Object status = resp.getCertStatus(); if (status == CertificateStatus.GOOD) { return basicResponse.getEncoded(); } else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) { throw new IOException(MessageLocalization.getComposedMessage("ocsp.status.is.revoked")); } else { throw new IOException(MessageLocalization.getComposedMessage("ocsp.status.is.unknown")); } } } } catch (Exception ex) { if (LOGGER.isLogging(Level.ERROR)) LOGGER.error(ex.getMessage()); } return null; }
From source file:com.swisscom.ais.itext.PDF.java
License:Open Source License
/** * Add external revocation information to DSS Dictionary, to enable Long Term Validation (LTV) in Adobe Reader * // ww w .j a v a 2 s . c o m * @param ocspArr List of OCSP Responses as base64 encoded String * @param crlArr List of CRLs as base64 encoded String * @throws Exception */ public void addValidationInformation(ArrayList<String> ocspArr, ArrayList<String> crlArr) throws Exception { if (ocspArr == null && crlArr == null) return; PdfReader reader = new PdfReader(outputFilePath); // Check if source pdf is not protected by a certification if (reader.getCertificationLevel() == PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED) throw new Exception( "Could not apply revocation information (LTV) to the DSS Dictionary. Document contains a certification that does not allow any changes."); Collection<byte[]> ocspColl = new ArrayList<byte[]>(); Collection<byte[]> crlColl = new ArrayList<byte[]>(); // Decode each OCSP Response (String of base64 encoded form) and add it to the Collection (byte[]) if (ocspArr != null) { for (String ocspBase64 : ocspArr) { OCSPResp ocspResp = new OCSPResp(new ByteArrayInputStream(Base64.decode(ocspBase64))); BasicOCSPResp basicResp = (BasicOCSPResp) ocspResp.getResponseObject(); if (Soap._debugMode) { System.out.println("\nEmbedding OCSP Response..."); System.out.println("Status : " + ((ocspResp.getStatus() == 0) ? "GOOD" : "BAD")); System.out.println("Produced at : " + basicResp.getProducedAt()); System.out.println("This Update : " + basicResp.getResponses()[0].getThisUpdate()); System.out.println("Next Update : " + basicResp.getResponses()[0].getNextUpdate()); System.out.println("X509 Cert Issuer : " + basicResp.getCerts()[0].getIssuer()); System.out.println("X509 Cert Subject : " + basicResp.getCerts()[0].getSubject()); System.out.println( "Responder ID X500Name : " + basicResp.getResponderId().toASN1Object().getName()); System.out.println("Certificate ID : " + basicResp.getResponses()[0].getCertID().getSerialNumber().toString() + " (" + basicResp.getResponses()[0].getCertID().getSerialNumber().toString(16).toUpperCase() + ")"); } ocspColl.add(basicResp.getEncoded()); // Add Basic OCSP Response to Collection (ASN.1 encoded representation of this object) } } // Decode each CRL (String of base64 encoded form) and add it to the Collection (byte[]) if (crlArr != null) { for (String crlBase64 : crlArr) { X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509") .generateCRL(new ByteArrayInputStream(Base64.decode(crlBase64))); if (Soap._debugMode) { System.out.println("\nEmbedding CRL..."); System.out.println("IssuerDN : " + x509crl.getIssuerDN()); System.out.println("This Update : " + x509crl.getThisUpdate()); System.out.println("Next Update : " + x509crl.getNextUpdate()); System.out.println( "No. of Revoked Certificates : " + ((x509crl.getRevokedCertificates() == null) ? "0" : x509crl.getRevokedCertificates().size())); } crlColl.add(x509crl.getEncoded()); // Add CRL to Collection (ASN.1 DER-encoded form of this CRL) } } byteArrayOutputStream = new ByteArrayOutputStream(); PdfStamper stamper = new PdfStamper(reader, byteArrayOutputStream, '\0', true); LtvVerification validation = stamper.getLtvVerification(); // Add the CRL/OCSP validation information to the DSS Dictionary boolean addVerification = false; for (String sigName : stamper.getAcroFields().getSignatureNames()) { addVerification = validation.addVerification(sigName, // Signature Name ocspColl, // OCSP crlColl, // CRL null // certs ); } validation.merge(); // Merges the validation with any validation already in the document or creates a new one. stamper.close(); reader.close(); // Save to (same) file OutputStream outputStream = new FileOutputStream(outputFilePath); byteArrayOutputStream.writeTo(outputStream); if (Soap._debugMode) { if (addVerification) System.out.println("\nOK merging LTV validation information to " + outputFilePath); else System.out.println("\nFAILED merging LTV validation information to " + outputFilePath); } byteArrayOutputStream.close(); outputStream.close(); }
From source file:eu.europa.ec.markt.dss.DSSRevocationUtils.java
License:Open Source License
/** * Convert a BasicOCSPResp in OCSPResp (connection status is set to SUCCESSFUL). * * @param basicOCSPResp// ww w .j a v a2 s. c o m * @return */ public static final OCSPResp fromBasicToResp(final BasicOCSPResp basicOCSPResp) { try { final byte[] encoded = basicOCSPResp.getEncoded(); final OCSPResp ocspResp = fromBasicToResp(encoded); return ocspResp; } catch (IOException e) { throw new DSSException(e); } }
From source file:eu.europa.ec.markt.dss.DSSUtils.java
License:Open Source License
public static byte[] getEncoded(BasicOCSPResp basicOCSPResp) { try {/*from w w w . j a v a2s .c o m*/ final byte[] encoded = BasicOCSPResponse.getInstance(basicOCSPResp.getEncoded()) .getEncoded(ASN1Encoding.DER); return encoded; } catch (IOException e) { throw new DSSException(e); } }
From source file:eu.europa.ec.markt.dss.validation102853.ocsp.OCSPRef.java
License:Open Source License
/** * @param ocspResp// ww w .j av a 2s .c om * @return */ public boolean match(BasicOCSPResp ocspResp) { try { MessageDigest digest = DSSUtils.getMessageDigest(digestAlgorithm); if (matchOnlyBasicOCSPResponse) { digest.update(ocspResp.getEncoded()); } else { digest.update(DSSRevocationUtils.fromBasicToResp(ocspResp).getEncoded()); } byte[] computedValue = digest.digest(); if (LOG.isInfoEnabled()) LOG.info("Compare " + DSSUtils.encodeHexString(digestValue) + " to computed value " + DSSUtils.encodeHexString(computedValue) + " of " + "BasicOCSPResp produced at " + ocspResp.getProducedAt()); return Arrays.equals(digestValue, computedValue); } catch (NoSuchAlgorithmException ex) { throw new RuntimeException("Maybe BouncyCastle provider is not installed ?", ex); } catch (IOException ex) { throw new RuntimeException(ex); } }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
public static byte[] getEncoded(BasicOCSPResp basicOCSPResp) { try {/*from w w w. j av a 2s . c om*/ BasicOCSPResponse basicOCSPResponse = BasicOCSPResponse.getInstance(basicOCSPResp.getEncoded()); return getDEREncoded(basicOCSPResponse); } catch (IOException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.DSSRevocationUtils.java
License:Open Source License
/** * Convert a BasicOCSPResp in OCSPResp (connection status is set to * SUCCESSFUL)./*from w w w .j a v a2 s . com*/ * * @param basicOCSPResp * @return */ public static final OCSPResp fromBasicToResp(final BasicOCSPResp basicOCSPResp) { try { final byte[] encoded = basicOCSPResp.getEncoded(); final OCSPResp ocspResp = fromBasicToResp(encoded); return ocspResp; } catch (IOException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.DSSUtils.java
License:Open Source License
public static byte[] getEncoded(BasicOCSPResp basicOCSPResp) { try {//from w ww . j a v a 2 s .c o m final byte[] encoded = basicOCSPResp.getEncoded(); return encoded; } catch (IOException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.validation.OCSPRef.java
License:Open Source License
/** * @param ocspResp//from w ww . ja va 2 s.c om * @return */ public boolean match(final BasicOCSPResp ocspResp) { if (digestAlgorithm == null) { // -444 return false; } try { MessageDigest digest = DSSUtils.getMessageDigest(digestAlgorithm); if (matchOnlyBasicOCSPResponse) { digest.update(ocspResp.getEncoded()); } else { digest.update(DSSRevocationUtils.fromBasicToResp(ocspResp).getEncoded()); } byte[] computedValue = digest.digest(); if (LOG.isInfoEnabled()) { LOG.info("Compare " + Hex.encodeHexString(digestValue) + " to computed value " + Hex.encodeHexString(computedValue) + " of " + "BasicOCSPResp produced at " + ocspResp.getProducedAt()); } return Arrays.equals(digestValue, computedValue); } catch (IOException e) { throw new DSSException(e); } }