/** * Calculate a RespID based on the public key of the responder. * * @param subjectPublicKeyInfo the info structure for the responder public key. * @param digCalc a SHA-1 digest calculator. * @throws OCSPException on exception creating ID. */ public RespID( SubjectPublicKeyInfo subjectPublicKeyInfo, DigestCalculator digCalc) throws OCSPException { try { if (!digCalc.getAlgorithmIdentifier().equals(HASH_SHA1)) { throw new IllegalArgumentException("only SHA-1 can be used with RespID"); } OutputStream digOut = digCalc.getOutputStream(); digOut.write(subjectPublicKeyInfo.getPublicKeyData().getBytes()); digOut.close(); this.id = new ResponderID(new DEROctetString(digCalc.getDigest())); } catch (Exception e) { throw new OCSPException("problem creating ID: " + e, e); } }
public RespID( PublicKey key) throws OCSPException { try { // TODO Allow specification of a particular provider MessageDigest digest = OCSPUtil.createDigestInstance("SHA1", null); ASN1InputStream aIn = new ASN1InputStream(key.getEncoded()); SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject()); digest.update(info.getPublicKeyData().getBytes()); ASN1OctetString keyHash = new DEROctetString(digest.digest()); this.id = new ResponderID(keyHash); } catch (Exception e) { throw new OCSPException("problem creating ID: " + e, e); } }
private void extractSigningCertificateFormResponderId(OCSPToken ocspToken) { BasicOCSPResp basicOCSPResp = ocspToken.getBasicOCSPResp(); if (basicOCSPResp != null) { final RespID responderId = basicOCSPResp.getResponderId(); final ResponderID responderIdAsASN1Object = responderId.toASN1Primitive(); final DERTaggedObject derTaggedObject = (DERTaggedObject) responderIdAsASN1Object.toASN1Primitive(); if (2 == derTaggedObject.getTagNo()) { throw new DSSException("Certificate's key hash management not implemented yet!"); } final ASN1Primitive derObject = derTaggedObject.getObject(); final byte[] derEncoded = DSSASN1Utils.getDEREncoded(derObject); final X500Principal x500Principal_ = new X500Principal(derEncoded); final X500Principal x500Principal = DSSUtils.getNormalizedX500Principal(x500Principal_); final List<CertificateToken> certificateTokens = validationCertPool.get(x500Principal); for (final CertificateToken issuerCertificateToken : certificateTokens) { if (ocspToken.isSignedBy(issuerCertificateToken)) { break; } } } }
/** * Get String represetation of ResponderID * @param basResp * @return stringified responder ID */ private String responderIDtoString(BasicOCSPResp basResp) { if(basResp != null) { ResponderID respid = basResp.getResponseData().getResponderId().toASN1Object(); Object o = ((DERTaggedObject)respid.toASN1Object()).getObject(); if(o instanceof org.bouncycastle.asn1.DEROctetString) { org.bouncycastle.asn1.DEROctetString oc = (org.bouncycastle.asn1.DEROctetString)o; return "byKey: " + SignedDoc.bin2hex(oc.getOctets()); } else { X509Name name = new X509Name((ASN1Sequence)o); return "byName: " + name.toString(); } } else return null; }
private OcspIdentifier(ASN1Sequence seq) { if (seq.size() != 2) { throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } this.ocspResponderID = ResponderID.getInstance(seq.getObjectAt(0)); this.producedAt = (ASN1GeneralizedTime)seq.getObjectAt(1); }
public RespID( ResponderID id) { this.id = id; }
public RespID( X500Name name) { this.id = new ResponderID(name); }
public ResponderID toASN1Object() { return id; }
public OcspIdentifier(ResponderID ocspResponderID, ASN1GeneralizedTime producedAt) { this.ocspResponderID = ocspResponderID; this.producedAt = producedAt; }
public ResponderID getOcspResponderID() { return this.ocspResponderID; }
public RespID( X500Principal name) { this.id = new ResponderID(X500Name.getInstance(name.getEncoded())); }
public ResponderID toASN1Primitive() { return id; }
