List of usage examples for org.bouncycastle.cert.ocsp BasicOCSPResp hasExtensions
public boolean hasExtensions()
From source file:org.cesecore.certificates.ocsp.OcspResponseInformation.java
License:Open Source License
public OcspResponseInformation(OCSPResp ocspResponse, long maxAge) throws OCSPException { try {/*w ww .j av a 2 s . co m*/ this.ocspResponse = ocspResponse.getEncoded(); } catch (IOException e) { throw new IllegalStateException("Unexpected IOException caught when encoding ocsp response.", e); } this.maxAge = maxAge; /* * This may seem like a somewhat odd place to perform the below operations (instead of in the end servlet which demanded * this object), but BouncyCastle (up to 1.47) is a bit shy about making their classes serializable. This means that * OCSPResp can't be transmitted, neither can many of the objects it contains such as SingleResp. Luckily we only need * these classes for the diagnostic operations performed below, so we can sum up the result in the boolean member * addCacheHeaders. If BC choose to change their policy, the below code can med moved to a more logical location. * -mikek */ if (ocspResponse.getResponseObject() == null) { if (log.isDebugEnabled()) { log.debug("Will not add cache headers for response to bad request."); } addCacheHeaders = false; } else { final BasicOCSPResp basicOCSPResp = (BasicOCSPResp) ocspResponse.getResponseObject(); final SingleResp[] singleRespones = basicOCSPResp.getResponses(); if (singleRespones.length != 1) { if (log.isDebugEnabled()) { log.debug("Will not add RFC 5019 cache headers: reponse contains multiple embedded responses."); } addCacheHeaders = false; } else if (singleRespones[0].getNextUpdate() == null) { if (log.isDebugEnabled()) { log.debug("Will not add RFC 5019 cache headers: nextUpdate isn't set."); } addCacheHeaders = false; } else if (basicOCSPResp.hasExtensions() && basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce) != null) { if (log.isDebugEnabled()) { log.debug("Will not add RFC 5019 cache headers: response contains a nonce."); } addCacheHeaders = false; } else { nextUpdate = singleRespones[0].getNextUpdate().getTime(); thisUpdate = singleRespones[0].getThisUpdate().getTime(); try { responseHeader = new String(Hex.encode(MessageDigest .getInstance("SHA-1", BouncyCastleProvider.PROVIDER_NAME).digest(this.ocspResponse))); } catch (NoSuchProviderException e) { throw new OcspFailureException("Bouncycastle was not available as a provider", e); } catch (NoSuchAlgorithmException e) { throw new OcspFailureException("SHA-1 was not an available algorithm for MessageDigester", e); } } if (addCacheHeaders && singleRespones[0].getCertStatus() instanceof UnknownStatus) { explicitNoCache = true; } } }