Example usage for org.bouncycastle.cert.ocsp OCSPReqBuilder setRequestExtensions

Introduction

In this page you can find the example usage for org.bouncycastle.cert.ocsp OCSPReqBuilder setRequestExtensions.

Prototype

public OCSPReqBuilder setRequestExtensions(Extensions requestExtensions) 

Source Link

Usage

From source file:com.itextpdf.signatures.SignUtils.java

License:Open Source License

static OCSPReq generateOcspRequestWithNonce(CertificateID id) throws IOException, OCSPException {
    OCSPReqBuilder gen = new OCSPReqBuilder();
    gen.addRequest(id);/*from  w w w .j av  a  2  s.co  m*/

    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false,
            new DEROctetString(new DEROctetString(PdfEncryption.generateNewDocumentId()).getEncoded()));
    gen.setRequestExtensions(new Extensions(new Extension[] { ext }));
    return gen.build();
}

---

From source file:com.itextpdf.text.pdf.security.OcspClientBouncyCastle.java

License:Open Source License

/**
 * Generates an OCSP request using BouncyCastle.
 * @param issuerCert   certificate of the issues
 * @param serialNumber   serial number/*from  w w  w. j ava  2s . c  o  m*/
 * @return   an OCSP request
 * @throws OCSPException
 * @throws IOException
 */
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber)
        throws OCSPException, IOException, OperatorException, CertificateEncodingException {
    //Add provider BC
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    // Generate the id for the certificate we are looking for
    CertificateID id = new CertificateID(
            new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1),
            new JcaX509CertificateHolder(issuerCert), serialNumber);

    // basic request generation with nonce
    OCSPReqBuilder gen = new OCSPReqBuilder();

    gen.addRequest(id);

    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false,
            new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()));
    gen.setRequestExtensions(new Extensions(new Extension[] { ext }));

    return gen.build();
}

---

From source file:com.tremolosecurity.proxy.auth.ssl.OCSP.java

License:Apache License

private OCSPReq generateOcspRequest(X509Certificate issuerCert, BigInteger serialNumber)
        throws OCSPException, CertificateEncodingException, OperatorCreationException, IOException {

    BcDigestCalculatorProvider util = new BcDigestCalculatorProvider();

    // Generate the id for the certificate we are looking for
    CertificateID id = new CertificateID(util.get(CertificateID.HASH_SHA1),
            new X509CertificateHolder(issuerCert.getEncoded()), serialNumber);
    OCSPReqBuilder ocspGen = new OCSPReqBuilder();

    ocspGen.addRequest(id);//from  w  ww . j  a  va  2s . co  m

    BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true,
            new DEROctetString(nonce.toByteArray()));
    ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext }));

    return ocspGen.build();
}

---

From source file:controller.CCInstance.java

License:Open Source License

private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber)
        throws OCSPException, IOException, OperatorException, CertificateEncodingException {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    CertificateID id = new CertificateID(
            new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1),
            new JcaX509CertificateHolder(issuerCert), serialNumber);
    OCSPReqBuilder gen = new OCSPReqBuilder();
    gen.addRequest(id);/*  w ww .ja  v  a 2s  .co  m*/
    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false,
            new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()));
    gen.setRequestExtensions(new Extensions(new Extension[] { ext }));
    return gen.build();
}

---

From source file:eu.europa.ec.markt.dss.validation102853.ocsp.OnlineOCSPSource.java

License:Open Source License

private byte[] buildOCSPRequest(final X509Certificate x509Certificate,
        final X509Certificate issuerX509Certificate) throws DSSException {

    try {//from w w  w .j  a  v a  2s.c  om

        final CertificateID certId = DSSRevocationUtils.getOCSPCertificateID(x509Certificate,
                issuerX509Certificate);
        final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder();
        ocspReqBuilder.addRequest(certId);

        /*
         * The nonce extension is used to bind a request to a response to prevent replay attacks.
          */
        if (ADD_NONCE) {

            final long currentTimeNonce = System.currentTimeMillis();

            nonce = new DEROctetString(DSSUtils.toByteArray(currentTimeNonce));
            final Extension extension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, nonce);
            final Extensions extensions = new Extensions(extension);
            ocspReqBuilder.setRequestExtensions(extensions);
        }
        final OCSPReq ocspReq = ocspReqBuilder.build();
        final byte[] ocspReqData = ocspReq.getEncoded();
        return ocspReqData;
    } catch (OCSPException e) {
        throw new DSSException(e);
    } catch (IOException e) {
        throw new DSSException(e);
    }
}

---

From source file:eu.europa.ec.markt.dss.validation102853.ocsp.SKOnlineOCSPSource.java

License:GNU General Public License

private byte[] buildOCSPRequest(final X509Certificate signCert, final X509Certificate issuerCert,
        Extension nonceExtension) throws DSSException {
    try {/*from  w w w . j  a  v  a2  s  .c  o  m*/
        final CertificateID certId = DSSRevocationUtils.getOCSPCertificateID(signCert, issuerCert);
        final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder();
        ocspReqBuilder.addRequest(certId);
        ocspReqBuilder.setRequestExtensions(new Extensions(nonceExtension));

        if (configuration.hasToBeOCSPRequestSigned()) {
            JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA1withRSA");

            if (!configuration.isOCSPSigningConfigurationAvailable()) {
                throw new ConfigurationException(
                        "Configuration needed for OCSP request signing is not complete.");
            }

            SignatureToken ocspSigner = new PKCS12SignatureToken(
                    configuration.getOCSPAccessCertificateFileName(),
                    configuration.getOCSPAccessCertificatePassword());

            ContentSigner contentSigner = signerBuilder.build(ocspSigner.getPrivateKey());
            X509Certificate ocspSignerCert = ocspSigner.getCertificate();
            X509CertificateHolder[] chain = { new X509CertificateHolder(ocspSignerCert.getEncoded()) };
            GeneralName generalName = new GeneralName(
                    new JcaX509CertificateHolder(ocspSignerCert).getSubject());
            ocspReqBuilder.setRequestorName(generalName);

            return ocspReqBuilder.build(contentSigner, chain).getEncoded();
        }
        return ocspReqBuilder.build().getEncoded();
    } catch (Exception e) {
        throw new DSSException(e);
    }
}

---

From source file:eu.europa.esig.dss.client.ocsp.OnlineOCSPSource.java

License:Open Source License

private byte[] buildOCSPRequest(final CertificateID certId) throws DSSException {
    try {/*from  ww w  .j  av  a2 s.co m*/
        final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder();
        ocspReqBuilder.addRequest(certId);
        /*
         * The nonce extension is used to bind a request to a response to prevent replay attacks.
         * RFC 6960 (OCSP) section 4.1.2 such extensions SHOULD NOT be flagged as critical
         */
        if (nonceSource != null) {
            Extension extension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false,
                    new DEROctetString(nonceSource.getNonce().toByteArray()));
            Extensions extensions = new Extensions(extension);
            ocspReqBuilder.setRequestExtensions(extensions);
        }
        final OCSPReq ocspReq = ocspReqBuilder.build();
        final byte[] ocspReqData = ocspReq.getEncoded();
        return ocspReqData;
    } catch (OCSPException e) {
        throw new DSSException("Cannot build OCSP Request", e);
    } catch (IOException e) {
        throw new DSSException("Cannot build OCSP Request", e);
    }
}

---

From source file:eu.europa.esig.dss.cookbook.sources.AlwaysValidOCSPSource.java

License:Open Source License

public OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws DSSException {

    try {//  w  ww. j a v  a  2s  .c  om

        final DigestCalculator digestCalculator = DSSRevocationUtils.getSHA1DigestCalculator();
        // Generate the id for the certificate we are looking for
        CertificateID id = new CertificateID(digestCalculator,
                new X509CertificateHolder(issuerCert.getEncoded()), serialNumber);

        // basic request generation with nonce
        OCSPReqBuilder ocspGen = new OCSPReqBuilder();

        ocspGen.addRequest(id);

        // create details for nonce extension
        BigInteger nonce = BigInteger.valueOf(ocspDate.getTime());

        Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true,
                new DEROctetString(nonce.toByteArray()));
        ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext }));

        return ocspGen.build();
    } catch (OCSPException e) {
        throw new DSSException(e);
    } catch (IOException e) {
        throw new DSSException(e);
    } catch (CertificateEncodingException e) {
        throw new DSSException(e);
    }
}

---

From source file:io.netty.example.ocsp.OcspRequestBuilder.java

License:Apache License

/**
 * ATTENTION: The returned {@link OCSPReq} is not re-usable/cacheable! It contains a one-time nonce
 * and CA's will (should) reject subsequent requests that have the same nonce value.
 */// ww w. j a va2 s. c  om
public OCSPReq build() throws OCSPException, IOException, CertificateEncodingException {
    SecureRandom generator = checkNotNull(this.generator, "generator");
    DigestCalculator calculator = checkNotNull(this.calculator, "calculator");
    X509Certificate certificate = checkNotNull(this.certificate, "certificate");
    X509Certificate issuer = checkNotNull(this.issuer, "issuer");

    BigInteger serial = certificate.getSerialNumber();

    CertificateID certId = new CertificateID(calculator, new X509CertificateHolder(issuer.getEncoded()),
            serial);

    OCSPReqBuilder builder = new OCSPReqBuilder();
    builder.addRequest(certId);

    byte[] nonce = new byte[8];
    generator.nextBytes(nonce);

    Extension[] extensions = new Extension[] {
            new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)) };

    builder.setRequestExtensions(new Extensions(extensions));

    return builder.build();
}

---

From source file:net.maritimecloud.pki.ocsp.OCSPClient.java

License:Open Source License

private OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber)
        throws CertificateEncodingException, OperatorCreationException, OCSPException, IOException {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    OCSPReqBuilder gen = new OCSPReqBuilder();
    gen.addRequest(new JcaCertificateID(new JcaDigestCalculatorProviderBuilder()
            .setProvider(PKIConstants.BC_PROVIDER_NAME).build().get(CertificateID.HASH_SHA1), issuerCert,
            serialNumber));/* w  ww  .  j ava 2s  .  c  o  m*/

    BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true,
            new DEROctetString(nonce.toByteArray()));
    gen.setRequestExtensions(new Extensions(new Extension[] { ext }));
    sentNonce = ext.getExtnId().getEncoded();

    return gen.build();
}

---

• «
• 1
• 2
• 3
• 4
• 5
• »