Example usage for org.bouncycastle.cert.ocsp BasicOCSPResp hasExtensions

List of usage examples for org.bouncycastle.cert.ocsp BasicOCSPResp hasExtensions

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.ocsp.*
  5. BasicOCSPResp
  6. hasExtensions

Introduction

In this page you can find the example usage for org.bouncycastle.cert.ocsp BasicOCSPResp hasExtensions.

Prototype

public boolean hasExtensions()

Source Link

Usage

From source file:org.cesecore.certificates.ocsp.OcspResponseInformation.java

License:Open Source License

public OcspResponseInformation(OCSPResp ocspResponse, long maxAge) throws OCSPException {
    try {/*w  ww .j av a  2  s  .  co  m*/
        this.ocspResponse = ocspResponse.getEncoded();
    } catch (IOException e) {
        throw new IllegalStateException("Unexpected IOException caught when encoding ocsp response.", e);
    }
    this.maxAge = maxAge;
    /*
     * This may seem like a somewhat odd place to perform the below operations (instead of in the end servlet which demanded 
     * this object), but BouncyCastle (up to 1.47) is  a bit shy about making their classes serializable. This means that 
     * OCSPResp can't be transmitted, neither can many of the objects it contains such as SingleResp. Luckily we only need 
     * these classes for the diagnostic operations performed below, so we can sum up the result in the boolean member 
     * addCacheHeaders.  If BC choose to change their policy, the below code can med moved to a more logical location. 
     *  -mikek
     */
    if (ocspResponse.getResponseObject() == null) {
        if (log.isDebugEnabled()) {
            log.debug("Will not add cache headers for response to bad request.");
        }
        addCacheHeaders = false;
    } else {
        final BasicOCSPResp basicOCSPResp = (BasicOCSPResp) ocspResponse.getResponseObject();
        final SingleResp[] singleRespones = basicOCSPResp.getResponses();
        if (singleRespones.length != 1) {
            if (log.isDebugEnabled()) {
                log.debug("Will not add RFC 5019 cache headers: reponse contains multiple embedded responses.");
            }
            addCacheHeaders = false;
        } else if (singleRespones[0].getNextUpdate() == null) {
            if (log.isDebugEnabled()) {
                log.debug("Will not add RFC 5019 cache headers: nextUpdate isn't set.");
            }
            addCacheHeaders = false;
        } else if (basicOCSPResp.hasExtensions()
                && basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce) != null) {
            if (log.isDebugEnabled()) {
                log.debug("Will not add RFC 5019 cache headers: response contains a nonce.");
            }
            addCacheHeaders = false;
        } else {
            nextUpdate = singleRespones[0].getNextUpdate().getTime();
            thisUpdate = singleRespones[0].getThisUpdate().getTime();
            try {
                responseHeader = new String(Hex.encode(MessageDigest
                        .getInstance("SHA-1", BouncyCastleProvider.PROVIDER_NAME).digest(this.ocspResponse)));
            } catch (NoSuchProviderException e) {
                throw new OcspFailureException("Bouncycastle was not available as a provider", e);
            } catch (NoSuchAlgorithmException e) {
                throw new OcspFailureException("SHA-1 was not an available algorithm for MessageDigester", e);
            }
        }
        if (addCacheHeaders && singleRespones[0].getCertStatus() instanceof UnknownStatus) {
            explicitNoCache = true;
        }
    }
}