List of usage examples for org.bouncycastle.cert.ocsp CertificateID matchesIssuer
public boolean matchesIssuer(X509CertificateHolder issuerCert, DigestCalculatorProvider digCalcProvider) throws OCSPException
From source file:com.itextpdf.signatures.SignUtils.java
License:Open Source License
static boolean checkIfIssuersMatch(CertificateID certID, X509Certificate issuerCert) throws CertificateEncodingException, IOException, OCSPException { return certID.matchesIssuer(new X509CertificateHolder(issuerCert.getEncoded()), new BcDigestCalculatorProvider()); }
From source file:org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean.java
License:Open Source License
/** * This method handles cache misses where there exists an active key binding which hasn't been cached. * //w w w. ja v a 2 s . c o m * @param certId the CertificateID for the certificate being requested. * @return the now cached entry, or null if none was found. */ private OcspSigningCacheEntry findAndAddMissingCacheEntry(CertificateID certId) throws CertificateEncodingException { OcspSigningCacheEntry ocspSigningCacheEntry = null; for (final int internalKeyBindingId : internalKeyBindingDataSession .getIds(OcspKeyBinding.IMPLEMENTATION_ALIAS)) { final OcspKeyBinding ocspKeyBinding = (OcspKeyBinding) internalKeyBindingDataSession .getInternalKeyBinding(internalKeyBindingId); if (ocspKeyBinding.getStatus().equals(InternalKeyBindingStatus.ACTIVE)) { X509Certificate ocspCertificate = (X509Certificate) certificateStoreSession .findCertificateByFingerprint(ocspKeyBinding.getCertificateId()); if (ocspCertificate == null) { // There may be key binding with missing certificates normally (waiting for certificate response?), so don't spam the log if (log.isDebugEnabled()) { log.debug("Could not find certificate for OCSP Key Binding '" + ocspKeyBinding.getName() + "'. Certificate fingerprint: " + ocspKeyBinding.getCertificateId()); } } else { X509Certificate issuingCertificate = certificateStoreSession .findLatestX509CertificateBySubject(CertTools.getIssuerDN(ocspCertificate)); if (issuingCertificate == null) { // There may be key binding with missing certificates normally (waiting for certificate response?), so don't spam the log if (log.isDebugEnabled()) { log.info("Could not find issuer certificate for OCSP Key Binding '" + ocspKeyBinding.getName() + "'. Issuer DN: " + ocspKeyBinding.getCertificateId()); } } else { try { if (certId.matchesIssuer(new JcaX509CertificateHolder(issuingCertificate), new BcDigestCalculatorProvider())) { //We found it! Unless it's not active, or something else was wrong with it. ocspSigningCacheEntry = makeOcspSigningCacheEntry(ocspCertificate, ocspKeyBinding); //If it was all right, add it to the cache for future use. if (ocspSigningCacheEntry != null) { OcspSigningCache.INSTANCE.addSingleEntry(ocspSigningCacheEntry); break; } } } catch (OCSPException e) { throw new IllegalStateException("Could not create BcDigestCalculatorProvider", e); } } } } } return ocspSigningCacheEntry; }