org.spongycastle.ocsp.OCSPReqGenerator Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of prov Show documentation
Show all versions of prov Show documentation
Spongy Castle is a package-rename (org.bouncycastle.* to org.spongycastle.*) of Bouncy Castle
intended for the Android platform. Android unfortunately ships with a stripped-down version of
Bouncy Castle, which prevents easy upgrades - Spongy Castle overcomes this and provides a full,
up-to-date version of the Bouncy Castle cryptographic libs.
package org.spongycastle.ocsp;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1OutputStream;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DERBitString;
import org.spongycastle.asn1.DERNull;
import org.spongycastle.asn1.DERObjectIdentifier;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.ocsp.OCSPRequest;
import org.spongycastle.asn1.ocsp.Request;
import org.spongycastle.asn1.ocsp.Signature;
import org.spongycastle.asn1.ocsp.TBSRequest;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.Extensions;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.X509CertificateStructure;
import org.spongycastle.asn1.x509.X509Extensions;
import org.spongycastle.jce.X509Principal;
/**
* @deprecated use classes in org.spongycastle.cert.ocsp.
*/
public class OCSPReqGenerator
{
private List list = new ArrayList();
private GeneralName requestorName = null;
private X509Extensions requestExtensions = null;
private class RequestObject
{
CertificateID certId;
X509Extensions extensions;
public RequestObject(
CertificateID certId,
X509Extensions extensions)
{
this.certId = certId;
this.extensions = extensions;
}
public Request toRequest()
throws Exception
{
return new Request(certId.toASN1Object(), Extensions.getInstance(extensions));
}
}
/**
* Add a request for the given CertificateID.
*
* @param certId certificate ID of interest
*/
public void addRequest(
CertificateID certId)
{
list.add(new RequestObject(certId, null));
}
/**
* Add a request with extensions
*
* @param certId certificate ID of interest
* @param singleRequestExtensions the extensions to attach to the request
*/
public void addRequest(
CertificateID certId,
X509Extensions singleRequestExtensions)
{
list.add(new RequestObject(certId, singleRequestExtensions));
}
/**
* Set the requestor name to the passed in X500Principal
*
* @param requestorName a X500Principal representing the requestor name.
*/
public void setRequestorName(
X500Principal requestorName)
{
try
{
this.requestorName = new GeneralName(GeneralName.directoryName, new X509Principal(requestorName.getEncoded()));
}
catch (IOException e)
{
throw new IllegalArgumentException("cannot encode principal: " + e);
}
}
public void setRequestorName(
GeneralName requestorName)
{
this.requestorName = requestorName;
}
public void setRequestExtensions(
X509Extensions requestExtensions)
{
this.requestExtensions = requestExtensions;
}
private OCSPReq generateRequest(
DERObjectIdentifier signingAlgorithm,
PrivateKey key,
X509Certificate[] chain,
String provider,
SecureRandom random)
throws OCSPException, NoSuchProviderException
{
Iterator it = list.iterator();
ASN1EncodableVector requests = new ASN1EncodableVector();
while (it.hasNext())
{
try
{
requests.add(((RequestObject)it.next()).toRequest());
}
catch (Exception e)
{
throw new OCSPException("exception creating Request", e);
}
}
TBSRequest tbsReq = new TBSRequest(requestorName, new DERSequence(requests), requestExtensions);
java.security.Signature sig = null;
Signature signature = null;
if (signingAlgorithm != null)
{
if (requestorName == null)
{
throw new OCSPException("requestorName must be specified if request is signed.");
}
try
{
sig = OCSPUtil.createSignatureInstance(signingAlgorithm.getId(), provider);
if (random != null)
{
sig.initSign(key, random);
}
else
{
sig.initSign(key);
}
}
catch (NoSuchProviderException e)
{
// TODO Why this special case?
throw e;
}
catch (GeneralSecurityException e)
{
throw new OCSPException("exception creating signature: " + e, e);
}
DERBitString bitSig = null;
try
{
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
ASN1OutputStream aOut = new ASN1OutputStream(bOut);
aOut.writeObject(tbsReq);
sig.update(bOut.toByteArray());
bitSig = new DERBitString(sig.sign());
}
catch (Exception e)
{
throw new OCSPException("exception processing TBSRequest: " + e, e);
}
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signingAlgorithm, DERNull.INSTANCE);
if (chain != null && chain.length > 0)
{
ASN1EncodableVector v = new ASN1EncodableVector();
try
{
for (int i = 0; i != chain.length; i++)
{
v.add(new X509CertificateStructure(
(ASN1Sequence)ASN1Primitive.fromByteArray(chain[i].getEncoded())));
}
}
catch (IOException e)
{
throw new OCSPException("error processing certs", e);
}
catch (CertificateEncodingException e)
{
throw new OCSPException("error encoding certs", e);
}
signature = new Signature(sigAlgId, bitSig, new DERSequence(v));
}
else
{
signature = new Signature(sigAlgId, bitSig);
}
}
return new OCSPReq(new OCSPRequest(tbsReq, signature));
}
/**
* Generate an unsigned request
*
* @return the OCSPReq
* @throws OCSPException
*/
public OCSPReq generate()
throws OCSPException
{
try
{
return generateRequest(null, null, null, null, null);
}
catch (NoSuchProviderException e)
{
//
// this shouldn't happen but...
//
throw new OCSPException("no provider! - " + e, e);
}
}
public OCSPReq generate(
String signingAlgorithm,
PrivateKey key,
X509Certificate[] chain,
String provider)
throws OCSPException, NoSuchProviderException, IllegalArgumentException
{
return generate(signingAlgorithm, key, chain, provider, null);
}
public OCSPReq generate(
String signingAlgorithm,
PrivateKey key,
X509Certificate[] chain,
String provider,
SecureRandom random)
throws OCSPException, NoSuchProviderException, IllegalArgumentException
{
if (signingAlgorithm == null)
{
throw new IllegalArgumentException("no signing algorithm specified");
}
try
{
DERObjectIdentifier oid = OCSPUtil.getAlgorithmOID(signingAlgorithm);
return generateRequest(oid, key, chain, provider, random);
}
catch (IllegalArgumentException e)
{
throw new IllegalArgumentException("unknown signing algorithm specified: " + signingAlgorithm);
}
}
/**
* Return an iterator of the signature names supported by the generator.
*
* @return an iterator containing recognised names.
*/
public Iterator getSignatureAlgNames()
{
return OCSPUtil.getAlgNames();
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy