private void verifyOCSPToken(OCSPToken token) { if (token == null) { throw CertificateValidationException.of("No token response is present"); } try { if (token.getStatus() != null) { if (!token.getStatus()) { LOGGER.debug("Certificate with DSS ID <{}> - status <{}>", token.getDSSIdAsString(), CRLReasonEnum.valueOf(token.getReason()) .name()); throw CertificateValidationException.of(CertificateValidationException.CertificateValidationStatus.REVOKED); } // Otherwise status is GOOD return; } if (StringUtils.isNotBlank(token.getReason())) { LOGGER.debug("Certificate with DSS ID <{}> - status <{}>", token.getDSSIdAsString(), CRLReasonEnum.valueOf(token.getReason()) .name()); throw CertificateValidationException.of(CertificateValidationException.CertificateValidationStatus.UNKNOWN); } } catch (CertificateValidationException e) { throw e; } catch (Exception e) { throw CertificateValidationException.of(e); } }
@Test public void testOCSPUniversign() { String ocspResponse = "MIIGtwoBAKCCBrAwggasBgkrBgEFBQcwAQEEggadMIIGmTCCAWuhgY8wgYwxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEfMB0GA1UECxMWVW5pdmVyc2lnbiBDQSBoYXJkd2FyZTEcMBoGA1UEAxMTVW5pdmVyc2lnbiBPQ1NQIDAwMRgTMjAxODAyMTMwNjIxMjMuNjc5WjCBmDCBlTBJMAkGBSsOAwIaBQAEFCKt+hzzHs7f8xFybJrVwfJIsluBBBRg5DDd7nrU0H5dJdn9O3shZE/duwIQfCokxd5pp8RnZZOUHNbq04AAGA8yMDE4MDIxMzA2MDUzMFqgERgPMjAxODAyMjAwNjA1MzBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxMjA2MTUwMDAwMDBaoScwJTAjBgkrBgEFBQcwAQIEFgQUNetpZa5nvXqQaFsj+VxQtCqKbf0wDQYJKoZIhvcNAQELBQADggEBABQenjfYfXHKFIsb/CrgefnpxxmjTE+TH46m+G18IXiIQhpfBOpFCKZln3PxRy3aofupGBlXQF0/JGIZ8txPMQad59lgjMf1aF/pNb1leN1xSGDnMxzQ8sdCKsV/gEIy+HMSzV01nV/4oFpFHc0x9Ti5Jgr+6g+vVysgOWWsZ5Y2OdV2bHOoq21BeqJV+ygn5Mv1I7RYXox5CiFMXiwC22gDybElsRr2k9kqixHogt5PsIXZ1urzxRuYIeK2loSkQTs4OzCi6trCJOkaYvk7ECnHG8/ug1obS2NIkiYzLxJMarxfkg3F5Hs/lkaUKigU5GRVMontRKhmJup2W47UU7igggQSMIIEDjCCBAowggLyoAMCAQICEFCqLJYihRGcVGmINk5HuB4wDQYJKoZIhvcNAQELBQAwbjELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MR8wHQYDVQQDExZVbml2ZXJzaWduIENBIGhhcmR3YXJlMB4XDTE2MDcyMDE1MzIxNloXDTE4MDcyMDE1MzIxNlowgYwxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEfMB0GA1UECxMWVW5pdmVyc2lnbiBDQSBoYXJkd2FyZTEcMBoGA1UEAxMTVW5pdmVyc2lnbiBPQ1NQIDAwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJtzQKxWEHOI3D1BK0a0MM2QLfRS1YJiELwXnwASHyknBXKF6XCwgGGDmCiGKcJMG8VE1tzqCEgct7LULSVqDwEX0Sdr504Dqw+MQ/ACQvxwk6Kkgm8NI074QqJeFt7rn9cpeAilEYSCdJ4XNJDeADtN2JeD5NXCQ52mCjngRtuwUdBBM73O/tuJhNub/Tm4e0HX2o3xGHKpEWnCimjzygMgi+kEkGgX7lTmnLbakhmPEsbQExhGrt5nxylQOPbmNzFSxrcltGbtT7FNr2f70j6AjFYJV/ZfVDgLcx/Iq4f3M9hOMmJ0jufMBE2lTSlVCWIRe5GJRuIj8ieit8R3cU0CAwEAAaOBhDCBgTAOBgNVHQ8BAf8EBAMCB4AwDwYJKwYBBQUHMAEFBAIFADAdBgNVHQ4EFgQUDAy8daUzTEsPBHAvS4f0AblpjGAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwCQYDVR0TBAIwADAfBgNVHSMEGDAWgBRg5DDd7nrU0H5dJdn9O3shZE/duzANBgkqhkiG9w0BAQsFAAOCAQEAVtVY8g5/KOi+Z41MWXxNaruRuWBroO0QMuJBtd1Qt26URp6O+2M8TfzbNJ7my/gNeuPokPXKcakmWfiYLlchxNsOU8/HrW5mDF4KRv4RgPJouG83GF2iPfyGF01lfPLxuIIuD+XIfzaKp6xlyh6o7kAQ5JoAW9mUSwqMRtUNgxXfOoLXOBBqfSqnt05/OLIyEYrHZ0Wr8B6JDKq0N74W/H+fyXRy936F5vce6oWwHPsCSCJBTpt3a1je9QxeS/mRTkA+HqlGZA6wA0MkZzuSSSoDreIDaCKrYOA2OU3cbrSslGpi0e11ek8xWJU0vg7uWCjuXwbk8cc50n7wflM8zg=="; ExternalResourcesOCSPSource ocspSource = new ExternalResourcesOCSPSource(new ByteArrayInputStream(Utils.fromBase64(ocspResponse))); CertificateToken userUniversign = DSSUtils.loadCertificateFromBase64EncodedString( "MIIEjjCCA3agAwIBAgIQfCokxd5pp8RnZZOUHNbq0zANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJGUjEgMB4GA1UEChMXQ3J5cHRvbG9nIEludGVybmF0aW9uYWwxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxHzAdBgNVBAMTFlVuaXZlcnNpZ24gQ0EgaGFyZHdhcmUwHhcNMTIwNzA2MTkzNzI0WhcNMTcwNzA2MTkzNzI0WjBrMQswCQYDVQQGEwJGUjERMA8GA1UEBxMITkFOVEVSUkUxFzAVBgNVBAoTDkFYQSBGUkFOQ0UgVklFMRcwFQYDVQQLEw4wMDAyIDMxMDQ5OTk1OTEXMBUGA1UEAxMOQVhBIEZSQU5DRSBWSUUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPbheD3Lk34Rv+SBwS3duDqzKNEHoNen48pzVbt6wFQf9bqpE9YPZh+jb+bnRUXLbv77vaWBfCZGOfrybDv/mqpmTkdYk6F+D7ddwQuF7OVmE+VqeOgoBc+Vo1LDzjowDPOmyH938DB1ZUzI8r2mw60rR9laqLI7kO6OT/9fodJMz1eE2G6LEzXvOj+V0PhDg3FX+vF+pLFUmI53x3L+zM8AZofUCY0oaUpY1hgWR4on5K1Oy0me63UHkslEjFS5jYff4EE+z/eZY7+e3FMqwzFm5al60w1djzsHUVod+CkIASs71VgAYSYOQyckwmKaFs6325JHAu5DH5a62WVqLnAgMBAAGjggEpMIIBJTA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGGH2h0dHA6Ly9zY2FoLm9jc3AudW5pdmVyc2lnbi5ldS8wQgYDVR0gBDswOTA3BgsrBgEEAftLBQEDAjAoMCYGCCsGAQUFBwIBFhpodHRwOi8vZG9jcy51bml2ZXJzaWduLmV1LzBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVuaXZlcnNpZ24uZXUvdW5pdmVyc2lnbl9jYV9oYXJkd2FyZS5jcmwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFK13mc0NTbq7YVWmGWisLz2JJu57MB8GA1UdIwQYMBaAFGDkMN3uetTQfl0l2f07eyFkT927MA0GCSqGSIb3DQEBCwUAA4IBAQA7DWIeC3qTgW+OOsoYnzuwZxdu+F9eiqiVhq2UXx1vxjJQ6hthfq1Thzj5050fn5GQ/HeSNl05+hfoDpAK0JVWLssq1rrvBAx2lfgNWTG+LF581DVtH1I3NLi+A9YslvCPt51NVGAERhye6BZyugDlQCVhy6dRFhqSDSbi+S7RRqpIl/QDR/pBOwnBePO6qSpwSrDsCJT+N9nFBHmXpRsyFJyPEFZMIAVoluuJq4mCEGLVtqiC4DzvAwCsFBKlnwQ7pSFHO9ztXMYHpYhD/0wDSegwcvAVm7p8/N0PQDaAZQlWXs7McCBHeQPjxVD2xAkk7s9joicJ6kKttfxfEc6w"); CertificateToken caUniversign = DSSUtils.loadCertificateFromBase64EncodedString( "MIIEYTCCA0mgAwIBAgIQIVWN4tmvyrr2CIjMBjGC1zANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJGUjEgMB4GA1UEChMXQ3J5cHRvbG9nIEludGVybmF0aW9uYWwxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxJzAlBgNVBAMTHlVuaXZlcnNpZ24gUHJpbWFyeSBDQSBoYXJkd2FyZTAeFw0xMjA2MTUxMjU2MjVaFw0yMjA2MTUxMjU2MjVaMG4xCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEfMB0GA1UEAxMWVW5pdmVyc2lnbiBDQSBoYXJkd2FyZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKHfv76grtwK9PRFTBq4BDtmmLaaHDAqkj1wd0lHIN2QH1jM6hKWeS4U/wy8QuYtvw0aFxYxiMWzS/vrj0Sczv5hAt8reE1Eg1uQcx6+aSUBqJ6a+1TbM7PtkHg1ozgbmVXGuiOLyviLhhUo8XmeeGEhux+cyRNiYCs37VPN5OVrKks29dspMkvllkexfrxiPfc+gB58EU+iNEcip/YrZLu4ZqErlCePIVBLyX9skb7QwKXDW8XBIgAzpoBj0U9/4Vxaiyj209xT1Uuz2vKsuT8Hq7I1vt7miYviHg/ovsWXH6yGcNomxX55l0qWQ4z+mGlVhCLDPMKmspY5D+1kSqsCAwEAAaOB8jCB7zA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cDovL2RvY3MudW5pdmVyc2lnbi5ldS8wEgYDVR0TAQH/BAgwBgEB/wIBADBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLnVuaXZlcnNpZ24uZXUvdW5pdmVyc2lnbl9wcmltYXJ5X2NhX2hhcmR3YXJlLmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFGDkMN3uetTQfl0l2f07eyFkT927MB8GA1UdIwQYMBaAFE3Z/Kgtx8hapK1fSa5opNyeihIiMA0GCSqGSIb3DQEBCwUAA4IBAQAQrQJxwn+DBwN+KTt75IuOkaPOnZ+FfmF/1V7zDt3YNz7n1hRXlflbx9wBJn30TwyuTuZ/Cq1gEiA+TJMrsdZPKvagY8a/q7oCm6jYw6cBhopErwV/sZ9R3Ic+fphKSxoEnygpZs4uKMU2bB7nbul+sdJkP/OrIHKfHydMk3ayeAxnnieOj8EU+Z5w3fpekOGOtb4VUTESWU/xQfDZcNaauNRU2DYFi1eDypfVnyD8tORDoFVaAqzdIJuMJ06jJB5fnmNBXU7GOQFLcdK7hy3ZDmPNh5FNGnaQRrlY2st7lXfV3mu9AgHmjPjxrbAwgo1GzLRY0byI9bfitN0sLT+d"); OCSPToken ocspToken = ocspSource.getRevocationToken(userUniversign, caUniversign); ocspToken.extractInfo(); assertNotNull(ocspToken); assertNotNull(ocspToken.getArchiveCutOff()); assertNotNull(ocspToken.getThisUpdate()); assertNotNull(ocspToken.getNextUpdate()); assertNotNull(ocspToken.getProductionDate()); assertNotNull(ocspToken.getBasicOCSPResp()); assertNotNull(ocspToken.getCertId()); assertNull(ocspToken.getExpiredCertsOnCRL()); assertTrue(ocspToken.getStatus()); }