本文整理汇总了Java中org.bouncycastle.cert.ocsp.CertificateStatus类的典型用法代码示例。如果您正苦于以下问题:Java CertificateStatus类的具体用法?Java CertificateStatus怎么用?Java CertificateStatus使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
CertificateStatus类属于org.bouncycastle.cert.ocsp包,在下文中一共展示了CertificateStatus类的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: generateOCSPResponse
import org.bouncycastle.cert.ocsp.CertificateStatus; //导入依赖的package包/类
private static OCSPResp generateOCSPResponse(PrivateKeyEntry server, PrivateKeyEntry issuer,
CertificateStatus status) throws CertificateException {
try {
X509Certificate serverCertJca = (X509Certificate) server.getCertificate();
X509Certificate caCertJca = (X509Certificate) issuer.getCertificate();
X509CertificateHolder caCert = new JcaX509CertificateHolder(caCertJca);
DigestCalculatorProvider digCalcProv = new BcDigestCalculatorProvider();
BasicOCSPRespBuilder basicBuilder = new BasicOCSPRespBuilder(
SubjectPublicKeyInfo.getInstance(caCertJca.getPublicKey().getEncoded()),
digCalcProv.get(CertificateID.HASH_SHA1));
CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1),
caCert, serverCertJca.getSerialNumber());
basicBuilder.addResponse(certId, status);
BasicOCSPResp resp = basicBuilder.build(
new JcaContentSignerBuilder("SHA256withRSA").build(issuer.getPrivateKey()),
null, new Date());
OCSPRespBuilder builder = new OCSPRespBuilder();
return builder.build(OCSPRespBuilder.SUCCESSFUL, resp);
} catch (Exception e) {
throw new CertificateException("cannot generate OCSP response", e);
}
}
开发者ID:google,项目名称:conscrypt,代码行数:29,代码来源:TestKeyStore.java
示例2: getOCSPResponseForGood
import org.bouncycastle.cert.ocsp.CertificateStatus; //导入依赖的package包/类
public static byte[] getOCSPResponseForGood(PrivateKeyEntry server, PrivateKeyEntry issuer)
throws CertificateException {
try {
return generateOCSPResponse(server, issuer, CertificateStatus.GOOD).getEncoded();
} catch (IOException e) {
throw new CertificateException(e);
}
}
开发者ID:google,项目名称:conscrypt,代码行数:9,代码来源:TestKeyStore.java
示例3: handleOCSP
import org.bouncycastle.cert.ocsp.CertificateStatus; //导入依赖的package包/类
protected byte[] handleOCSP(byte[] input, String certAlias) throws IOException {
OCSPReq ocspreq = new OCSPReq(input);
/* TODO: verify signature - needed?
if (ocspreq.isSigned()) {
}*/
BasicOCSPRespBuilder respBuilder = Revocation.initOCSPRespBuilder(ocspreq, certUtil.getKeystoreHandler().getMCCertificate(certAlias).getPublicKey());
Req[] requests = ocspreq.getRequestList();
for (Req req : requests) {
BigInteger sn = req.getCertID().getSerialNumber();
Certificate cert = this.certificateService.getCertificateBySerialNumber(sn);
if (cert == null) {
respBuilder.addResponse(req.getCertID(), new UnknownStatus());
// Check if the certificate is even signed by this CA
} else if (!certAlias.equals(cert.getCertificateAuthority())) {
respBuilder.addResponse(req.getCertID(), new UnknownStatus());
// Check if certificate has been revoked
} else if (cert.isRevoked()) {
respBuilder.addResponse(req.getCertID(), new RevokedStatus(cert.getRevokedAt(), Revocation.getCRLReasonFromString(cert.getRevokeReason())));
} else {
// Certificate is valid
respBuilder.addResponse(req.getCertID(), CertificateStatus.GOOD);
}
}
OCSPResp response = Revocation.generateOCSPResponse(respBuilder, certUtil.getKeystoreHandler().getSigningCertEntry(certAlias));
return response.getEncoded();
}
开发者ID:MaritimeConnectivityPlatform,项目名称:IdentityRegistry,代码行数:31,代码来源:CertificateController.java
示例4: extractStatusInfo
import org.bouncycastle.cert.ocsp.CertificateStatus; //导入依赖的package包/类
private void extractStatusInfo(SingleResp bestSingleResp) {
CertificateStatus certStatus = bestSingleResp.getCertStatus();
if (CertificateStatus.GOOD == certStatus) {
if (LOG.isInfoEnabled()) {
LOG.info("OCSP status is good");
}
status = true;
} else if (certStatus instanceof RevokedStatus) {
if (LOG.isInfoEnabled()) {
LOG.info("OCSP status revoked");
}
final RevokedStatus revokedStatus = (RevokedStatus) certStatus;
status = false;
revocationDate = revokedStatus.getRevocationTime();
int reasonId = 0; // unspecified
if (revokedStatus.hasRevocationReason()) {
reasonId = revokedStatus.getRevocationReason();
}
reason = CRLReasonEnum.fromInt(reasonId).name();
} else if (certStatus instanceof UnknownStatus) {
if (LOG.isInfoEnabled()) {
LOG.info("OCSP status unknown");
}
reason = CRLReasonEnum.unknow.name();
} else {
LOG.info("OCSP certificate status: " + certStatus);
}
}
开发者ID:esig,项目名称:dss,代码行数:29,代码来源:OCSPToken.java
示例5: getUnknownStatus
import org.bouncycastle.cert.ocsp.CertificateStatus; //导入依赖的package包/类
/**
* Gets the unknown CertificateStatus to return depending on the value of {@code rejectUnknown}
*
* @return The CertificateStatus to use for unknown certificates
*/
private CertificateStatus getUnknownStatus() {
if (rejectUnknown) {
return new RevokedStatus(DateTime.now().toDate(), UNSPECIFIED.getCode());
} else {
return new UnknownStatus();
}
}
开发者ID:wdawson,项目名称:revoker,代码行数:13,代码来源:OCSPResponderResource.java
示例6: getEncoded
import org.bouncycastle.cert.ocsp.CertificateStatus; //导入依赖的package包/类
/**
* @return a byte array
* @see com.lowagie.text.pdf.OcspClient#getEncoded()
*/
public byte[] getEncoded() {
try {
OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber());
byte[] array = request.getEncoded();
URL urlt = new URL(url);
HttpURLConnection con = (HttpURLConnection)urlt.openConnection();
con.setRequestProperty("Content-Type", "application/ocsp-request");
con.setRequestProperty("Accept", "application/ocsp-response");
con.setDoOutput(true);
OutputStream out = con.getOutputStream();
DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
dataOut.write(array);
dataOut.flush();
dataOut.close();
if (con.getResponseCode() / 100 != 2) {
throw new IOException("Invalid HTTP response");
}
//Get Response
InputStream in = (InputStream) con.getContent();
OCSPResp ocspResponse = new OCSPResp(in);
if (ocspResponse.getStatus() != 0)
throw new IOException("Invalid status: " + ocspResponse.getStatus());
BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
if (basicResponse != null) {
SingleResp[] responses = basicResponse.getResponses();
if (responses.length == 1) {
SingleResp resp = responses[0];
Object status = resp.getCertStatus();
if (status == CertificateStatus.GOOD) {
return basicResponse.getEncoded();
}
else if (status instanceof org.bouncycastle.cert.ocsp.RevokedStatus) {
throw new IOException("OCSP Status is revoked!");
}
else {
throw new IOException("OCSP Status is unknown!");
}
}
}
}
catch (Exception ex) {
throw new ExceptionConverter(ex);
}
return null;
}
开发者ID:albfernandez,项目名称:itext2,代码行数:51,代码来源:OcspClientBouncyCastle.java
示例7: setGoodStatus
import org.bouncycastle.cert.ocsp.CertificateStatus; //导入依赖的package包/类
/**
* This method allows to set the status of the cert to GOOD.
*/
public void setGoodStatus() {
this.expectedResponse = CertificateStatus.GOOD;
}
开发者ID:esig,项目名称:dss,代码行数:8,代码来源:AlwaysValidOCSPSource.java
示例8: validate
import org.bouncycastle.cert.ocsp.CertificateStatus; //导入依赖的package包/类
@Override
public ValidationStatus validate(X509Certificate certificate, List<X509Certificate> issuers, Date validationDate) {
X509Certificate issuer = issuers.get(0);
ValidationStatus status = new ValidationStatus(certificate, issuer, validationDate, ValidatorSourceType.OCSP, CertificateValidity.UNKNOWN);
try {
Principal subjectX500Principal = certificate.getSubjectX500Principal();
String ocspUrl = getOCSPUrl(certificate);
if (ocspUrl == null) {
log.error("OCSP URL for '" + subjectX500Principal + "' is empty");
return status;
}
log.debug("OCSP URL for '" + subjectX500Principal + "' is '" + ocspUrl + "'");
DigestCalculator digestCalculator = new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
CertificateID certificateId = new CertificateID(digestCalculator, new JcaX509CertificateHolder(certificate), certificate.getSerialNumber());
// Generate OCSP request
OCSPReq ocspReq = generateOCSPRequest(certificateId);
// Get OCSP response from server
OCSPResp ocspResp = requestOCSPResponse(ocspUrl, ocspReq);
if (ocspResp.getStatus() != OCSPRespBuilder.SUCCESSFUL) {
log.error("OCSP response is invalid!");
status.setValidity(CertificateValidity.INVALID);
return status;
}
boolean foundResponse = false;
BasicOCSPResp basicOCSPResp = (BasicOCSPResp) ocspResp.getResponseObject();
SingleResp[] singleResps = basicOCSPResp.getResponses();
for (SingleResp singleResp : singleResps) {
CertificateID responseCertificateId = singleResp.getCertID();
if (!certificateId.equals(responseCertificateId)) {
continue;
}
foundResponse = true;
log.debug("OCSP validationDate: " + validationDate);
log.debug("OCSP thisUpdate: " + singleResp.getThisUpdate());
log.debug("OCSP nextUpdate: " + singleResp.getNextUpdate());
status.setRevocationObjectIssuingTime(basicOCSPResp.getProducedAt());
Object certStatus = singleResp.getCertStatus();
if (certStatus == CertificateStatus.GOOD) {
log.debug("OCSP status is valid for '" + certificate.getSubjectX500Principal() + "'");
status.setValidity(CertificateValidity.VALID);
} else {
if (singleResp.getCertStatus() instanceof RevokedStatus) {
log.warn("OCSP status is revoked for: " + subjectX500Principal);
if (validationDate.before(((RevokedStatus) singleResp.getCertStatus()).getRevocationTime())) {
log.warn("OCSP revocation time after the validation date, the certificate '" + subjectX500Principal + "' was valid at " + validationDate);
status.setValidity(CertificateValidity.VALID);
} else {
Date revocationDate = ((RevokedStatus) singleResp.getCertStatus()).getRevocationTime();
log.info("OCSP for certificate '" + subjectX500Principal + "' is revoked since " + revocationDate);
status.setRevocationDate(revocationDate);
status.setRevocationObjectIssuingTime(singleResp.getThisUpdate());
status.setValidity(CertificateValidity.REVOKED);
}
}
}
}
if (!foundResponse) {
log.error("There is no matching OCSP response entries");
}
} catch (Exception ex) {
log.error("OCSP exception: ", ex);
}
return status;
}
开发者ID:GluuFederation,项目名称:oxAuth,代码行数:78,代码来源:OCSPCertificateVerifier.java
示例9: getExpectedResponse
import org.bouncycastle.cert.ocsp.CertificateStatus; //导入依赖的package包/类
public CertificateStatus getExpectedResponse() {
return expectedResponse;
}
开发者ID:esig,项目名称:dss,代码行数:5,代码来源:AlwaysValidOCSPSource.java
注:本文中的org.bouncycastle.cert.ocsp.CertificateStatus类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论