List of usage examples for org.bouncycastle.cert.ocsp OCSPReqBuilder setRequestExtensions
public OCSPReqBuilder setRequestExtensions(Extensions requestExtensions)
From source file:com.itextpdf.signatures.SignUtils.java
License:Open Source License
static OCSPReq generateOcspRequestWithNonce(CertificateID id) throws IOException, OCSPException { OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id);/*from w w w .j av a 2 s.co m*/ Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.generateNewDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[] { ext })); return gen.build(); }
From source file:com.itextpdf.text.pdf.security.OcspClientBouncyCastle.java
License:Open Source License
/** * Generates an OCSP request using BouncyCastle. * @param issuerCert certificate of the issues * @param serialNumber serial number/*from w w w. j ava 2s . c o m*/ * @return an OCSP request * @throws OCSPException * @throws IOException */ private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException { //Add provider BC Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // Generate the id for the certificate we are looking for CertificateID id = new CertificateID( new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCert), serialNumber); // basic request generation with nonce OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[] { ext })); return gen.build(); }
From source file:com.tremolosecurity.proxy.auth.ssl.OCSP.java
License:Apache License
private OCSPReq generateOcspRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, CertificateEncodingException, OperatorCreationException, IOException { BcDigestCalculatorProvider util = new BcDigestCalculatorProvider(); // Generate the id for the certificate we are looking for CertificateID id = new CertificateID(util.get(CertificateID.HASH_SHA1), new X509CertificateHolder(issuerCert.getEncoded()), serialNumber); OCSPReqBuilder ocspGen = new OCSPReqBuilder(); ocspGen.addRequest(id);//from w ww . j a va 2s . co m BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext })); return ocspGen.build(); }
From source file:controller.CCInstance.java
License:Open Source License
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); CertificateID id = new CertificateID( new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCert), serialNumber); OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id);/* w ww .ja v a 2s .co m*/ Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[] { ext })); return gen.build(); }
From source file:eu.europa.ec.markt.dss.validation102853.ocsp.OnlineOCSPSource.java
License:Open Source License
private byte[] buildOCSPRequest(final X509Certificate x509Certificate, final X509Certificate issuerX509Certificate) throws DSSException { try {//from w w w .j a v a 2s.c om final CertificateID certId = DSSRevocationUtils.getOCSPCertificateID(x509Certificate, issuerX509Certificate); final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); ocspReqBuilder.addRequest(certId); /* * The nonce extension is used to bind a request to a response to prevent replay attacks. */ if (ADD_NONCE) { final long currentTimeNonce = System.currentTimeMillis(); nonce = new DEROctetString(DSSUtils.toByteArray(currentTimeNonce)); final Extension extension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, nonce); final Extensions extensions = new Extensions(extension); ocspReqBuilder.setRequestExtensions(extensions); } final OCSPReq ocspReq = ocspReqBuilder.build(); final byte[] ocspReqData = ocspReq.getEncoded(); return ocspReqData; } catch (OCSPException e) { throw new DSSException(e); } catch (IOException e) { throw new DSSException(e); } }
From source file:eu.europa.ec.markt.dss.validation102853.ocsp.SKOnlineOCSPSource.java
License:GNU General Public License
private byte[] buildOCSPRequest(final X509Certificate signCert, final X509Certificate issuerCert, Extension nonceExtension) throws DSSException { try {/*from w w w . j a v a2 s .c o m*/ final CertificateID certId = DSSRevocationUtils.getOCSPCertificateID(signCert, issuerCert); final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); ocspReqBuilder.addRequest(certId); ocspReqBuilder.setRequestExtensions(new Extensions(nonceExtension)); if (configuration.hasToBeOCSPRequestSigned()) { JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA1withRSA"); if (!configuration.isOCSPSigningConfigurationAvailable()) { throw new ConfigurationException( "Configuration needed for OCSP request signing is not complete."); } SignatureToken ocspSigner = new PKCS12SignatureToken( configuration.getOCSPAccessCertificateFileName(), configuration.getOCSPAccessCertificatePassword()); ContentSigner contentSigner = signerBuilder.build(ocspSigner.getPrivateKey()); X509Certificate ocspSignerCert = ocspSigner.getCertificate(); X509CertificateHolder[] chain = { new X509CertificateHolder(ocspSignerCert.getEncoded()) }; GeneralName generalName = new GeneralName( new JcaX509CertificateHolder(ocspSignerCert).getSubject()); ocspReqBuilder.setRequestorName(generalName); return ocspReqBuilder.build(contentSigner, chain).getEncoded(); } return ocspReqBuilder.build().getEncoded(); } catch (Exception e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.client.ocsp.OnlineOCSPSource.java
License:Open Source License
private byte[] buildOCSPRequest(final CertificateID certId) throws DSSException { try {/*from ww w .j av a2 s.co m*/ final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); ocspReqBuilder.addRequest(certId); /* * The nonce extension is used to bind a request to a response to prevent replay attacks. * RFC 6960 (OCSP) section 4.1.2 such extensions SHOULD NOT be flagged as critical */ if (nonceSource != null) { Extension extension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonceSource.getNonce().toByteArray())); Extensions extensions = new Extensions(extension); ocspReqBuilder.setRequestExtensions(extensions); } final OCSPReq ocspReq = ocspReqBuilder.build(); final byte[] ocspReqData = ocspReq.getEncoded(); return ocspReqData; } catch (OCSPException e) { throw new DSSException("Cannot build OCSP Request", e); } catch (IOException e) { throw new DSSException("Cannot build OCSP Request", e); } }
From source file:eu.europa.esig.dss.cookbook.sources.AlwaysValidOCSPSource.java
License:Open Source License
public OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws DSSException { try {// w ww. j a v a 2s .c om final DigestCalculator digestCalculator = DSSRevocationUtils.getSHA1DigestCalculator(); // Generate the id for the certificate we are looking for CertificateID id = new CertificateID(digestCalculator, new X509CertificateHolder(issuerCert.getEncoded()), serialNumber); // basic request generation with nonce OCSPReqBuilder ocspGen = new OCSPReqBuilder(); ocspGen.addRequest(id); // create details for nonce extension BigInteger nonce = BigInteger.valueOf(ocspDate.getTime()); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext })); return ocspGen.build(); } catch (OCSPException e) { throw new DSSException(e); } catch (IOException e) { throw new DSSException(e); } catch (CertificateEncodingException e) { throw new DSSException(e); } }
From source file:io.netty.example.ocsp.OcspRequestBuilder.java
License:Apache License
/** * ATTENTION: The returned {@link OCSPReq} is not re-usable/cacheable! It contains a one-time nonce * and CA's will (should) reject subsequent requests that have the same nonce value. */// ww w. j a va2 s. c om public OCSPReq build() throws OCSPException, IOException, CertificateEncodingException { SecureRandom generator = checkNotNull(this.generator, "generator"); DigestCalculator calculator = checkNotNull(this.calculator, "calculator"); X509Certificate certificate = checkNotNull(this.certificate, "certificate"); X509Certificate issuer = checkNotNull(this.issuer, "issuer"); BigInteger serial = certificate.getSerialNumber(); CertificateID certId = new CertificateID(calculator, new X509CertificateHolder(issuer.getEncoded()), serial); OCSPReqBuilder builder = new OCSPReqBuilder(); builder.addRequest(certId); byte[] nonce = new byte[8]; generator.nextBytes(nonce); Extension[] extensions = new Extension[] { new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)) }; builder.setRequestExtensions(new Extensions(extensions)); return builder.build(); }
From source file:net.maritimecloud.pki.ocsp.OCSPClient.java
License:Open Source License
private OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws CertificateEncodingException, OperatorCreationException, OCSPException, IOException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(new JcaCertificateID(new JcaDigestCalculatorProviderBuilder() .setProvider(PKIConstants.BC_PROVIDER_NAME).build().get(CertificateID.HASH_SHA1), issuerCert, serialNumber));/* w ww . j ava 2s . c o m*/ BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); gen.setRequestExtensions(new Extensions(new Extension[] { ext })); sentNonce = ext.getExtnId().getEncoded(); return gen.build(); }