本文整理汇总了Java中org.bouncycastle.cert.ocsp.OCSPRespBuilder类的典型用法代码示例。如果您正苦于以下问题:Java OCSPRespBuilder类的具体用法?Java OCSPRespBuilder怎么用?Java OCSPRespBuilder使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
OCSPRespBuilder类属于org.bouncycastle.cert.ocsp包,在下文中一共展示了OCSPRespBuilder类的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: generateOCSPResponse
import org.bouncycastle.cert.ocsp.OCSPRespBuilder; //导入依赖的package包/类
private static OCSPResp generateOCSPResponse(PrivateKeyEntry server, PrivateKeyEntry issuer,
CertificateStatus status) throws CertificateException {
try {
X509Certificate serverCertJca = (X509Certificate) server.getCertificate();
X509Certificate caCertJca = (X509Certificate) issuer.getCertificate();
X509CertificateHolder caCert = new JcaX509CertificateHolder(caCertJca);
DigestCalculatorProvider digCalcProv = new BcDigestCalculatorProvider();
BasicOCSPRespBuilder basicBuilder = new BasicOCSPRespBuilder(
SubjectPublicKeyInfo.getInstance(caCertJca.getPublicKey().getEncoded()),
digCalcProv.get(CertificateID.HASH_SHA1));
CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1),
caCert, serverCertJca.getSerialNumber());
basicBuilder.addResponse(certId, status);
BasicOCSPResp resp = basicBuilder.build(
new JcaContentSignerBuilder("SHA256withRSA").build(issuer.getPrivateKey()),
null, new Date());
OCSPRespBuilder builder = new OCSPRespBuilder();
return builder.build(OCSPRespBuilder.SUCCESSFUL, resp);
} catch (Exception e) {
throw new CertificateException("cannot generate OCSP response", e);
}
}
开发者ID:google,项目名称:conscrypt,代码行数:29,代码来源:TestKeyStore.java
示例2: processOCSPRequest
import org.bouncycastle.cert.ocsp.OCSPRespBuilder; //导入依赖的package包/类
/**
* Processes the OCSP request and catches any exceptions that occur to attempt to
* return an INTERNAL_ERROR response. If it still can't do that, 500s.
*
* @param ocspReq The OCSP request
* @return The OCSP response if possible
* @throws InternalServerErrorException if returning a proper OCSP response is not possible
*/
private OCSPResp processOCSPRequest(OCSPReq ocspReq) {
try {
return doProcessOCSPRequest(ocspReq);
} catch (OCSPException e) {
try {
// Try making an internal error response as a last ditch attempt.
LOG.error("Error processing OCSP Request!", e);
throw new InternalServerErrorException("Error processing OCSP Request",
Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(
new OCSPRespBuilder().build(OCSPRespBuilder.INTERNAL_ERROR, null)
).build(),
e);
} catch (OCSPException e1) {
LOG.error("Could not return a response!", e1);
throw new InternalServerErrorException("Could not build proper response", e1);
}
}
}
开发者ID:wdawson,项目名称:revoker,代码行数:27,代码来源:OCSPResponderResource.java
示例3: checkForValidRequest
import org.bouncycastle.cert.ocsp.OCSPRespBuilder; //导入依赖的package包/类
/**
* Checks for a valid request and throws a BadRequestException with the OCSP response if not valid
*
* @param ocspReq The request
* @throws BadRequestException with the OCSP response if the request was malformed
*/
private void checkForValidRequest(OCSPReq ocspReq) throws OCSPException {
if (ocspReq == null) {
throw new BadRequestException("Could not find a request in the payload!",
Response.status(Response.Status.BAD_REQUEST).entity(
new OCSPRespBuilder().build(OCSPRespBuilder.MALFORMED_REQUEST, null)
).build()
);
}
// Check signature if present
if (ocspReq.isSigned() && !isSignatureValid(ocspReq)) {
throw new BadRequestException("Your signature was invalid!",
Response.status(Response.Status.BAD_REQUEST).entity(
new OCSPRespBuilder().build(OCSPRespBuilder.MALFORMED_REQUEST, null)
).build()
);
}
}
开发者ID:wdawson,项目名称:revoker,代码行数:24,代码来源:OCSPResponderResource.java
示例4: getWithBadDataIsMalformed
import org.bouncycastle.cert.ocsp.OCSPRespBuilder; //导入依赖的package包/类
@Test
public void getWithBadDataIsMalformed() throws Exception {
try {
resources.client().target("/ocsp/").path("BAD_DATA").request().get(OCSPResp.class);
failBecauseExceptionWasNotThrown(BadRequestException.class);
} catch (BadRequestException e) {
assertThat(e).hasMessageEndingWith("HTTP 400 Bad Request");
Response response = e.getResponse();
assertThat(response.hasEntity()).isTrue();
assertThat(response.getEntity()).isInstanceOf(InputStream.class);
OCSPResp ocspResp = new OCSPResp((InputStream) response.getEntity());
assertThat(ocspResp.getStatus()).isEqualTo(OCSPRespBuilder.MALFORMED_REQUEST);
assertThat(ocspResp.getResponseObject()).isNull();
}
}
开发者ID:wdawson,项目名称:revoker,代码行数:17,代码来源:OCSPResponderResourceTest.java
示例5: postWithBadPayloadIsMalformed
import org.bouncycastle.cert.ocsp.OCSPRespBuilder; //导入依赖的package包/类
@Test
public void postWithBadPayloadIsMalformed() throws Exception {
try {
resources.client().target("/ocsp/").request()
.post(Entity.entity("BAD_DATA", "application/ocsp-request"), OCSPResp.class);
} catch (BadRequestException e) {
assertThat(e).hasMessageEndingWith("HTTP 400 Bad Request");
Response response = e.getResponse();
assertThat(response.hasEntity()).isTrue();
assertThat(response.getEntity()).isInstanceOf(InputStream.class);
OCSPResp ocspResp = new OCSPResp((InputStream) response.getEntity());
assertThat(ocspResp.getStatus()).isEqualTo(OCSPRespBuilder.MALFORMED_REQUEST);
assertThat(ocspResp.getResponseObject()).isNull();
}
}
开发者ID:wdawson,项目名称:revoker,代码行数:17,代码来源:OCSPResponderResourceTest.java
示例6: buildAndSignResponse
import org.bouncycastle.cert.ocsp.OCSPRespBuilder; //导入依赖的package包/类
/**
* Builds and signs the response in the builder
*
* @param responseBuilder The builder
* @return The signed response
*/
private OCSPResp buildAndSignResponse(BasicOCSPRespBuilder responseBuilder) throws OCSPException {
BasicOCSPResp basicResponse = responseBuilder.build(
contentSigner,
signingCertificateChain,
new Date()
);
return new OCSPRespBuilder().build(OCSPRespBuilder.SUCCESSFUL, basicResponse);
}
开发者ID:wdawson,项目名称:revoker,代码行数:15,代码来源:OCSPResponderResource.java
示例7: getOCSPErrorResponse
import org.bouncycastle.cert.ocsp.OCSPRespBuilder; //导入依赖的package包/类
private Response getOCSPErrorResponse(Response.Status httpStatusCode, int ocspErrorCode) {
try {
return Response.status(httpStatusCode).entity( new OCSPRespBuilder().build(ocspErrorCode, null)).build();
} catch (OCSPException e) {
throw new InternalServerErrorException("Could not return valid OCSP response", e);
}
}
开发者ID:wdawson,项目名称:revoker,代码行数:8,代码来源:OCSPReqMessageBodyReader.java
示例8: postWithNoPayloadIsMalformed
import org.bouncycastle.cert.ocsp.OCSPRespBuilder; //导入依赖的package包/类
@Test
public void postWithNoPayloadIsMalformed() throws Exception {
try {
resources.client().target("/ocsp/").request().post(null, OCSPResp.class);
} catch (BadRequestException e) {
assertThat(e).hasMessageEndingWith("HTTP 400 Bad Request");
Response response = e.getResponse();
assertThat(response.hasEntity()).isTrue();
assertThat(response.getEntity()).isInstanceOf(InputStream.class);
OCSPResp ocspResp = new OCSPResp((InputStream) response.getEntity());
assertThat(ocspResp.getStatus()).isEqualTo(OCSPRespBuilder.MALFORMED_REQUEST);
assertThat(ocspResp.getResponseObject()).isNull();
}
}
开发者ID:wdawson,项目名称:revoker,代码行数:16,代码来源:OCSPResponderResourceTest.java
示例9: validateSuccessfulResponse
import org.bouncycastle.cert.ocsp.OCSPRespBuilder; //导入依赖的package包/类
private void validateSuccessfulResponse(OCSPResp ocspResp,
OCSPReq ocspReq,
CertificateSummary... summaries) throws Exception {
assertThat(summaries).isNotEmpty();
assertThat(ocspResp.getStatus()).isEqualTo(OCSPRespBuilder.SUCCESSFUL);
assertThat(ocspResp.getResponseObject()).isExactlyInstanceOf(BasicOCSPResp.class);
BasicOCSPResp basicResponse = (BasicOCSPResp)ocspResp.getResponseObject();
assertThat(basicResponse.getProducedAt()).isAfterOrEqualsTo(NOW.toDate());
// check signature
boolean validSignature = basicResponse.isSignatureValid(
new JcaContentVerifierProviderBuilder().setProvider("BC").build(signingCertificate.getPublicKey()));
assertThat(validSignature).isTrue().withFailMessage("Signature was invalid");
assertThat(basicResponse.getSignatureAlgorithmID()).isEqualTo(
new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA")
);
// check extensions
List<ASN1ObjectIdentifier> extensionOIDs = Lists.transform(
(List<?>) basicResponse.getExtensionOIDs(),
input -> (ASN1ObjectIdentifier) input // just casting here
);
assertThat(extensionOIDs).containsExactly(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
Extension reqNonce = ocspReq.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
Extension respNonce = basicResponse.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
assertThat(respNonce).isEqualTo(reqNonce);
SingleResp[] singleResponses = basicResponse.getResponses();
Req[] singleRequests = ocspReq.getRequestList();
assertThat(singleResponses).hasSameSizeAs(singleRequests);
for (int i = 0; i < singleRequests.length; i++) {
Req request = singleRequests[i];
SingleResp response = singleResponses[i];
assertThat(response.getCertID()).isEqualTo(request.getCertID());
ASN1ObjectIdentifier[] requestExtensions = request.getSingleRequestExtensions().getExtensionOIDs();
for (ASN1ObjectIdentifier extensionOID : requestExtensions) {
Extension extension = response.getExtension(extensionOID);
assertThat(extension).isNotNull();
assertThat(extension).isEqualTo(request.getSingleRequestExtensions().getExtension(extensionOID));
}
assertThat(response.getCertID().getSerialNumber()).isEqualTo(summaries[i].getSerialNumber());
org.bouncycastle.cert.ocsp.CertificateStatus ocspCertificateStatus =
getOCSPCertificateStatus(summaries[i]).getCertificateStatus();
if (ocspCertificateStatus == GOOD) {
assertThat(response.getCertStatus()).isEqualTo(GOOD); // They implemented GOOD as null ... really? .....
} else {
assertThat(response.getCertStatus()).isEqualToComparingFieldByField(ocspCertificateStatus);
}
assertThat(response.getThisUpdate()).isEqualToIgnoringMillis(summaries[i].getThisUpdateTime().toDate());
assertThat(response.getNextUpdate())
.hasSecond((summaries[i].getThisUpdateTime().getSecondOfMinute() + REFRESH_TIME) % 60);
}
}
开发者ID:wdawson,项目名称:revoker,代码行数:61,代码来源:OCSPResponderResourceTest.java
示例10: validate
import org.bouncycastle.cert.ocsp.OCSPRespBuilder; //导入依赖的package包/类
@Override
public ValidationStatus validate(X509Certificate certificate, List<X509Certificate> issuers, Date validationDate) {
X509Certificate issuer = issuers.get(0);
ValidationStatus status = new ValidationStatus(certificate, issuer, validationDate, ValidatorSourceType.OCSP, CertificateValidity.UNKNOWN);
try {
Principal subjectX500Principal = certificate.getSubjectX500Principal();
String ocspUrl = getOCSPUrl(certificate);
if (ocspUrl == null) {
log.error("OCSP URL for '" + subjectX500Principal + "' is empty");
return status;
}
log.debug("OCSP URL for '" + subjectX500Principal + "' is '" + ocspUrl + "'");
DigestCalculator digestCalculator = new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
CertificateID certificateId = new CertificateID(digestCalculator, new JcaX509CertificateHolder(certificate), certificate.getSerialNumber());
// Generate OCSP request
OCSPReq ocspReq = generateOCSPRequest(certificateId);
// Get OCSP response from server
OCSPResp ocspResp = requestOCSPResponse(ocspUrl, ocspReq);
if (ocspResp.getStatus() != OCSPRespBuilder.SUCCESSFUL) {
log.error("OCSP response is invalid!");
status.setValidity(CertificateValidity.INVALID);
return status;
}
boolean foundResponse = false;
BasicOCSPResp basicOCSPResp = (BasicOCSPResp) ocspResp.getResponseObject();
SingleResp[] singleResps = basicOCSPResp.getResponses();
for (SingleResp singleResp : singleResps) {
CertificateID responseCertificateId = singleResp.getCertID();
if (!certificateId.equals(responseCertificateId)) {
continue;
}
foundResponse = true;
log.debug("OCSP validationDate: " + validationDate);
log.debug("OCSP thisUpdate: " + singleResp.getThisUpdate());
log.debug("OCSP nextUpdate: " + singleResp.getNextUpdate());
status.setRevocationObjectIssuingTime(basicOCSPResp.getProducedAt());
Object certStatus = singleResp.getCertStatus();
if (certStatus == CertificateStatus.GOOD) {
log.debug("OCSP status is valid for '" + certificate.getSubjectX500Principal() + "'");
status.setValidity(CertificateValidity.VALID);
} else {
if (singleResp.getCertStatus() instanceof RevokedStatus) {
log.warn("OCSP status is revoked for: " + subjectX500Principal);
if (validationDate.before(((RevokedStatus) singleResp.getCertStatus()).getRevocationTime())) {
log.warn("OCSP revocation time after the validation date, the certificate '" + subjectX500Principal + "' was valid at " + validationDate);
status.setValidity(CertificateValidity.VALID);
} else {
Date revocationDate = ((RevokedStatus) singleResp.getCertStatus()).getRevocationTime();
log.info("OCSP for certificate '" + subjectX500Principal + "' is revoked since " + revocationDate);
status.setRevocationDate(revocationDate);
status.setRevocationObjectIssuingTime(singleResp.getThisUpdate());
status.setValidity(CertificateValidity.REVOKED);
}
}
}
}
if (!foundResponse) {
log.error("There is no matching OCSP response entries");
}
} catch (Exception ex) {
log.error("OCSP exception: ", ex);
}
return status;
}
开发者ID:GluuFederation,项目名称:oxAuth,代码行数:78,代码来源:OCSPCertificateVerifier.java
注:本文中的org.bouncycastle.cert.ocsp.OCSPRespBuilder类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论