List of usage examples for org.bouncycastle.cert.ocsp OCSPResp getEncoded
public byte[] getEncoded() throws IOException
From source file:be.fedict.trust.ocsp.OcspTrustLinker.java
License:Open Source License
private void addRevocationData(RevocationData revocationData, OCSPResp ocspResp, URI uri) throws IOException { if (null == revocationData) { return;/* w ww . j av a2s . co m*/ } OCSPRevocationData ocspRevocationData = new OCSPRevocationData(ocspResp.getEncoded(), uri.toString()); revocationData.getOcspRevocationData().add(ocspRevocationData); }
From source file:be.fedict.trust.ocsp.OnlineOcspRepository.java
License:Open Source License
private OCSPResp getOcspResponse(URI ocspUri, X509Certificate certificate, X509Certificate issuerCertificate) throws Exception { LOG.debug("OCSP URI: " + ocspUri); OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(); CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCertificate), certificate.getSerialNumber()); ocspReqBuilder.addRequest(certId);//from w w w . j av a2 s .c om OCSPReq ocspReq = ocspReqBuilder.build(); byte[] ocspReqData = ocspReq.getEncoded(); HttpPost httpPost = new HttpPost(ocspUri.toString()); ContentType contentType = ContentType.create("application/ocsp-request"); HttpEntity requestEntity = new ByteArrayEntity(ocspReqData, contentType); httpPost.addHeader("User-Agent", "jTrust OCSP Client"); httpPost.setEntity(requestEntity); DefaultHttpClient httpClient = new DefaultHttpClient(); if (null != this.networkConfig) { HttpHost proxy = new HttpHost(this.networkConfig.getProxyHost(), this.networkConfig.getProxyPort()); httpClient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy); } if (null != this.credentials) { this.credentials.init(httpClient.getCredentialsProvider()); } HttpResponse httpResponse; int responseCode; try { httpResponse = httpClient.execute(httpPost); StatusLine statusLine = httpResponse.getStatusLine(); responseCode = statusLine.getStatusCode(); } catch (ConnectException e) { LOG.debug("OCSP responder is down"); return null; } if (HttpURLConnection.HTTP_OK != responseCode) { LOG.error("HTTP response code: " + responseCode); return null; } Header responseContentTypeHeader = httpResponse.getFirstHeader("Content-Type"); if (null == responseContentTypeHeader) { LOG.error("no Content-Type response header"); return null; } String resultContentType = responseContentTypeHeader.getValue(); if (!"application/ocsp-response".equals(resultContentType)) { LOG.error("result content type not application/ocsp-response"); LOG.error("actual content-type: " + resultContentType); if ("text/html".equals(resultContentType)) { LOG.error("content: " + EntityUtils.toString(httpResponse.getEntity())); } return null; } Header responseContentLengthHeader = httpResponse.getFirstHeader("Content-Length"); if (null != responseContentLengthHeader) { String resultContentLength = responseContentLengthHeader.getValue(); if ("0".equals(resultContentLength)) { LOG.debug("no content returned"); return null; } } HttpEntity httpEntity = httpResponse.getEntity(); OCSPResp ocspResp = new OCSPResp(httpEntity.getContent()); LOG.debug("OCSP response size: " + ocspResp.getEncoded().length + " bytes"); httpPost.releaseConnection(); return ocspResp; }
From source file:ee.ria.xroad.common.signature.SignatureXmlBuilder.java
License:Open Source License
private void createOcspValue(Element ocspValues, OCSPResp ocspResponse, String id) throws IOException { Element encapsulatedOcspValue = createXadesElement(ocspValues, ENCAPSULATED_OCSP_VALUE_TAG); encapsulatedOcspValue.setAttribute(ID_ATTRIBUTE, id); encapsulatedOcspValue.setTextContent(encodeBase64(ocspResponse.getEncoded())); }
From source file:ee.ria.xroad.proxy.protocol.ProxyMessageEncoder.java
License:Open Source License
@Override public void ocspResponse(OCSPResp resp) throws Exception { byte[] responseEncoded = resp.getEncoded(); log.trace("writeOcspResponse({} bytes)", responseEncoded.length); try {/*ww w. j av a 2 s. co m*/ mpEncoder.startPart(MimeTypes.OCSP_RESPONSE); mpEncoder.write(responseEncoded); } catch (Exception ex) { throw translateException(ex); } }
From source file:ee.ria.xroad.proxy.util.CertHashBasedOcspResponder.java
License:Open Source License
private void doHandleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception { String[] hashes = getCertHashes(request); List<OCSPResp> ocspResponses = getOcspResponses(hashes); log.debug("Returning OCSP responses for cert hashes: " + Arrays.toString(hashes)); MultiPartOutputStream mpResponse = new MultiPartOutputStream(response.getOutputStream()); response.setContentType(MimeUtils.mpRelatedContentType(mpResponse.getBoundary(), MimeTypes.OCSP_RESPONSE)); response.setStatus(HttpServletResponse.SC_OK); for (OCSPResp ocsp : ocspResponses) { mpResponse.startPart(MimeTypes.OCSP_RESPONSE); mpResponse.write(ocsp.getEncoded()); }//w ww. jav a2 s . c o m mpResponse.close(); }
From source file:ee.ria.xroad.signer.certmanager.FileBasedOcspCache.java
License:Open Source License
void saveResponseToFile(File file, OCSPResp ocspResponse) throws IOException { createIntermediateDirectories(file); try (OutputStream os = new FileOutputStream(file)) { os.write(ocspResponse.getEncoded()); }//from ww w .j a va2 s . com log.trace("Saved OCSP response to file '{}'", file); }
From source file:ee.ria.xroad.signer.tokenmanager.TokenManagerMergeTest.java
License:Open Source License
@Test public void shouldAddOcspResponse() throws IOException { assertTrue("test setup failure", Files.exists(ADDED_KEY_FILE_PATH)); final String testKeyId = "70726f6475636572"; KeyInfo beforeKeyInfo = TokenManager.getKeyInfo(testKeyId); assertNotNull("test setup failure", beforeKeyInfo); final String testCertId = "e82e0b2b184d4387c2afd83708d4cfeaeb872cf7"; CertificateInfo beforeCertInfo = TokenManager.getCertificateInfo(testCertId); assertNotNull("test setup failure", beforeCertInfo); // assert no ocsp response exists before test assertNull("test setup failure", beforeCertInfo.getOcspBytes()); OCSPResp shouldMatchResponse = PowerMockito.mock(OCSPResp.class); final byte[] shouldMatchOcspResponseBytes = "some example string 11 2 34".getBytes(); when(shouldMatchResponse.getEncoded()).thenReturn(shouldMatchOcspResponseBytes); TokenManager.setOcspResponse(testCertId, shouldMatchResponse); final int beforeCertCount = TokenManager.getAllCerts().size(); Files.copy(ADDED_KEY_CERT_FILE_PATH, testingFile.toPath(), StandardCopyOption.REPLACE_EXISTING); TokenManager.merge(addedCerts -> { });/*from w w w . j a va 2s . c o m*/ // make sure the merge actually reads the file, otherwise the ocsp response will of course be there assertEquals("merge did not add expected cert", beforeCertCount + 1, TokenManager.getAllCerts().size()); assertArrayEquals("ocsp response bytes does not match", shouldMatchOcspResponseBytes, TokenManager.getCertificateInfo(testCertId).getOcspBytes()); }
From source file:eu.europa.ec.markt.dss.validation102853.OCSPToken.java
License:Open Source License
@Override public byte[] getEncoded() { final OCSPResp ocspResp = DSSRevocationUtils.fromBasicToResp(basicOCSPResp); try {//from w w w . j a v a2 s.c o m final byte[] bytes = ocspResp.getEncoded(); return bytes; } catch (IOException e) { throw new DSSException("CRL encoding error: " + e.getMessage(), e); } }
From source file:eu.europa.esig.dss.DSSUtils.java
License:Open Source License
public static byte[] getEncoded(OCSPResp ocspResp) { try {/*from w w w .j av a 2s . c om*/ final byte[] encoded = ocspResp.getEncoded(); return encoded; } catch (IOException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.x509.ocsp.OCSPToken.java
License:Open Source License
@Override public byte[] getEncoded() { try {/* w ww. j a va2 s .c o m*/ final OCSPResp ocspResp = DSSRevocationUtils.fromBasicToResp(basicOCSPResp); final byte[] bytes = ocspResp.getEncoded(); return bytes; } catch (IOException e) { throw new DSSException("OCSP encoding error: " + e.getMessage(), e); } }