/** * Checks if OCSP revocation refers to the document signing certificate. * @return true if it checks false otherwise * @since 2.1.6 */ public boolean isRevocationValid() { if (basicResp == null) return false; if (signCerts.size() < 2) return false; try { X509Certificate[] cs = (X509Certificate[])getSignCertificateChain(); SingleResp sr = basicResp.getResponses()[0]; CertificateID cid = sr.getCertID(); X509Certificate sigcer = getSigningCertificate(); X509Certificate isscer = cs[1]; CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber()); return tis.equals(cid); } catch (Exception ex) { } return false; }
try { OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber()); byte[] array = request.getEncoded(); URL urlt = new URL(url); HttpURLConnection con = (HttpURLConnection)urlt.openConnection(); OCSPResp ocspResponse = new OCSPResp(in); if (ocspResponse.getStatus() != 0) throw new IOException("Invalid status: " + ocspResponse.getStatus()); BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject(); if (basicResponse != null) { SingleResp[] responses = basicResponse.getResponses(); if (responses.length == 1) { SingleResp resp = responses[0]; Object status = resp.getCertStatus(); if (status == CertificateStatus.GOOD) { return basicResponse.getEncoded();
/** * Verifies an OCSP response against a KeyStore. * @param ocsp the OCSP response * @param keystore the <CODE>KeyStore</CODE> * @param provider the provider or <CODE>null</CODE> to use the BouncyCastle provider * @return <CODE>true</CODE> is a certificate was found * @since 2.1.6 */ public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) { if (provider == null) provider = "BC"; try { for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { try { String alias = (String)aliases.nextElement(); if (!keystore.isCertificateEntry(alias)) continue; X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); if (ocsp.verify(certStoreX509.getPublicKey(), provider)) return true; } catch (Exception ex) { } } } catch (Exception e) { } return false; }
OCSPResp ocspResp; try { ocspResp = new OCSPResp(ocsp); } catch (IOException e) { throw new RuntimeException("OCSP decoding error: " + e.getMessage(), e); ocspResponseObject = ocspResp.getResponseObject(); } catch (OCSPException e) { throw new RuntimeException("OCSP error: " + e.getMessage(), e); Date producedAt = basicOcspResp.getProducedAt(); ocspIdentifier.setProducedAt( this.datatypeFactory.newXMLGregorianCalendar(new DateTime(producedAt).toGregorianCalendar())); RespID respId = basicOcspResp.getResponderId(); ResponderID ocspResponderId = respId.toASN1Object(); DERTaggedObject derTaggedObject = (DERTaggedObject) ocspResponderId.toASN1Object(); if (2 == derTaggedObject.getTagNo()) {
CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber); OCSPReqGenerator gen = new OCSPReqGenerator(); gen.addRequest(id); values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()))); gen.setRequestExtensions(new X509Extensions(oids, values)); return gen.generate();
public static List<OCSPResp> getOCSPResponses( RevocationValuesType revocationValues) throws XAdESValidationException { try { List<OCSPResp> ocspResponses = new LinkedList<OCSPResp>(); OCSPValuesType ocspValues = revocationValues.getOCSPValues(); if (null == ocspValues) { return ocspResponses; } List<EncapsulatedPKIDataType> ocspValuesList = ocspValues .getEncapsulatedOCSPValue(); for (EncapsulatedPKIDataType ocspValue : ocspValuesList) { byte[] encodedOcspResponse = ocspValue.getValue(); OCSPResp ocspResp = new OCSPResp(encodedOcspResponse); ocspResponses.add(ocspResp); } return ocspResponses; } catch (IOException e) { throw new XAdESValidationException(e); } }
ASN1InputStream inp = new ASN1InputStream(os.getOctets()); BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject()); basicResp = new BasicOCSPResp(resp);
List<byte[]> encodedCrls = new LinkedList<byte[]>(); for (OCSPResp ocspResponse : ocspResponses) { encodedOcspResponses.add(ocspResponse.getEncoded());
try { OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber()); byte[] array = request.getEncoded(); URL urlt = new URL(url); HttpURLConnection con = (HttpURLConnection)urlt.openConnection(); OCSPResp ocspResponse = new OCSPResp(in); if (ocspResponse.getStatus() != 0) throw new IOException(MessageLocalization.getComposedMessage("invalid.status.1", ocspResponse.getStatus())); BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject(); if (basicResponse != null) { SingleResp[] responses = basicResponse.getResponses(); if (responses.length == 1) { SingleResp resp = responses[0]; Object status = resp.getCertStatus(); if (status == CertificateStatus.GOOD) { return basicResponse.getEncoded();
CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber); OCSPReqGenerator gen = new OCSPReqGenerator(); gen.addRequest(id); values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()))); gen.setRequestExtensions(new X509Extensions(oids, values)); return gen.generate();
/** * Checks if OCSP revocation refers to the document signing certificate. * @return true if it checks false otherwise * @since 2.1.6 */ public boolean isRevocationValid() { if (this.basicResp == null) { return false; } if (this.signCerts.size() < 2) { return false; } try { final X509Certificate[] cs = (X509Certificate[])getSignCertificateChain(); final SingleResp sr = this.basicResp.getResponses()[0]; final CertificateID cid = sr.getCertID(); final X509Certificate sigcer = getSigningCertificate(); final X509Certificate isscer = cs[1]; final CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber()); return tis.equals(cid); } catch (final Exception ex) { } return false; }
new OCSPResp(encodedOcspResponse);
final ASN1InputStream inp = new ASN1InputStream(os.getOctets()); final BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject()); this.basicResp = new BasicOCSPResp(resp);
if (ocsp.verify(certStoreX509.getPublicKey(), provider)) { return true;
byte[] encodedOcsp; try { encodedOcsp = ocspResp.getEncoded(); } catch (IOException e) { throw new XAdESValidationException("OCSP encoding error: "