Examples of org.bouncycastle.ocsp.RespID

org.bouncycastle.ocsp.RespID
Carrier for a ResponderID.


    OCSPCAServiceResponse response = OCSPUtil.createOCSPCAServiceResponse(ocspServiceReq, privKey, providerName, certChain);
    BasicOCSPResp basicResp = response.getBasicOCSPResp();
    X509Certificate[] respCerts = basicResp.getCerts("BC");
    assertEquals(3, respCerts.length); // Certificate chain included
    RespID respId = basicResp.getResponderId();
    RespID testKeyHash = new RespID(racert.getPublicKey());
    RespID testName = new RespID(racert.getSubjectX500Principal());
    assertEquals(respId, testKeyHash);
    assertFalse(respId.equals(testName));


    // Second check that the whole chain is NOT included and the responderId is Name
    ocspServiceReq = new OCSPCAServiceRequest(req, responseList, null, "SHA1WithRSA;SHA1WithDSA;SHA1WithECDSA", false);

View Full Code Here

        if (null == req) {
            throw new IllegalArgumentException();
        }
        BasicOCSPRespGenerator res = null;
        if (respIdType == OcspConfiguration.RESPONDERIDTYPE_NAME) {
          res = new BasicOCSPRespGenerator(new RespID(respondercert.getSubjectX500Principal()));
        } else {
          res = new BasicOCSPRespGenerator(respondercert.getPublicKey());
        }
        X509Extensions reqexts = req.getRequestExtensions();
        if (reqexts != null) {

View Full Code Here

      }


      returnval = basicRes.generate(sigAlg, signerKey, chain, new Date(), provider );
      if (m_log.isDebugEnabled()) {
        m_log.debug("Signing OCSP response with OCSP signer cert: " + signerCert.getSubjectDN().getName());
        RespID respId = null;
        if (respIdType == OcspConfiguration.RESPONDERIDTYPE_NAME) {
        respId = new RespID(signerCert.getSubjectX500Principal());          
        } else {
        respId = new RespID(signerCert.getPublicKey());          
        }
        if (!returnval.getResponderId().equals(respId)) {
          m_log.error("Response responderId does not match signer certificate responderId!");
        }
        boolean verify = returnval.verify(signerCert.getPublicKey(), "BC");

View Full Code Here

              ret.setErrorCode(OCSPUnidResponse.ERROR_INVALID_NONCE);
              return ret;
            }
      }


    final RespID id = brep.getResponderId();
    final DERTaggedObject to = (DERTaggedObject)id.toASN1Object().toASN1Object();
    final RespID respId;
        final X509Certificate[] chain = brep.getCerts("BC");
        final PublicKey signerPub = chain[0].getPublicKey();
    if (to.getTagNo() == 1) {
      // This is Name
      respId = new RespID(chain[0].getSubjectX500Principal());
    } else {
      // This is KeyHash
      respId = new RespID(signerPub);
    }
    if (!id.equals(respId)) {
      // Response responderId does not match signer certificate responderId!
      ret.setErrorCode(OCSPUnidResponse.ERROR_INVALID_SIGNERID);
    }

View Full Code Here

TOP

Related Classes of org.bouncycastle.ocsp.RespID

org.bouncycastle.asn1.ASN1InputStream

org.bouncycastle.asn1.ASN1OctetString

org.bouncycastle.asn1.DEROctetString

org.bouncycastle.asn1.ocsp.ResponderID

org.bouncycastle.asn1.x509.SubjectPublicKeyInfo

org.bouncycastle.jce.X509Principal

org.ejbca.core.protocol.ocsp.OCSPUnidClient

org.ejbca.core.protocol.ocsp.OCSPUtil

org.ejbca.core.protocol.ocsp.OcspUtilTest

java.security.MessageDigest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.