All Downloads are FREE. Search and download functionalities are using the official Maven repository.

sun.security.provider.certpath.OCSPRequest Maven / Gradle / Ivy

There is a newer version: 17.alpha.0.57
Show newest version
/*
 * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.provider.certpath;

import java.io.IOException;
import java.security.cert.Extension;
import java.util.Collections;
import java.util.List;

import sun.security.util.HexDumpEncoder;
import sun.security.util.*;
import sun.security.x509.PKIXExtensions;

/**
 * This class can be used to generate an OCSP request and send it over
 * an output stream. Currently we do not support signing requests.
 * The OCSP Request is specified in RFC 2560 and
 * the ASN.1 definition is as follows:
 * 
 *
 * OCSPRequest     ::=     SEQUENCE {
 *      tbsRequest                  TBSRequest,
 *      optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
 *
 *   TBSRequest      ::=     SEQUENCE {
 *      version             [0]     EXPLICIT Version DEFAULT v1,
 *      requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
 *      requestList                 SEQUENCE OF Request,
 *      requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
 *
 *  Signature       ::=     SEQUENCE {
 *      signatureAlgorithm      AlgorithmIdentifier,
 *      signature               BIT STRING,
 *      certs               [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
 *   }
 *
 *  Version         ::=             INTEGER  {  v1(0) }
 *
 *  Request         ::=     SEQUENCE {
 *      reqCert                     CertID,
 *      singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }
 *
 *  CertID          ::= SEQUENCE {
 *       hashAlgorithm  AlgorithmIdentifier,
 *       issuerNameHash OCTET STRING, -- Hash of Issuer's DN
 *       issuerKeyHash  OCTET STRING, -- Hash of Issuers public key
 *       serialNumber   CertificateSerialNumber
 * }
 *
 * 
* * @author Ram Marti */ class OCSPRequest { private static final Debug debug = Debug.getInstance("certpath"); private static final boolean dump = debug != null && Debug.isOn("ocsp"); // List of request CertIds private final List certIds; private final List extensions; private byte[] nonce; /* * Constructs an OCSPRequest. This constructor is used * to construct an unsigned OCSP Request for a single user cert. */ OCSPRequest(CertId certId) { this(Collections.singletonList(certId)); } OCSPRequest(List certIds) { this.certIds = certIds; this.extensions = Collections.emptyList(); } OCSPRequest(List certIds, List extensions) { this.certIds = certIds; this.extensions = extensions; } byte[] encodeBytes() throws IOException { // encode tbsRequest DerOutputStream tmp = new DerOutputStream(); DerOutputStream requestsOut = new DerOutputStream(); for (CertId certId : certIds) { DerOutputStream certIdOut = new DerOutputStream(); certId.encode(certIdOut); requestsOut.write(DerValue.tag_Sequence, certIdOut); } tmp.write(DerValue.tag_Sequence, requestsOut); if (!extensions.isEmpty()) { DerOutputStream extOut = new DerOutputStream(); for (Extension ext : extensions) { ext.encode(extOut); if (ext.getId().equals( PKIXExtensions.OCSPNonce_Id.toString())) { nonce = ext.getValue(); } } DerOutputStream extsOut = new DerOutputStream(); extsOut.write(DerValue.tag_Sequence, extOut); tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)2), extsOut); } DerOutputStream tbsRequest = new DerOutputStream(); tbsRequest.write(DerValue.tag_Sequence, tmp); // OCSPRequest without the signature DerOutputStream ocspRequest = new DerOutputStream(); ocspRequest.write(DerValue.tag_Sequence, tbsRequest); byte[] bytes = ocspRequest.toByteArray(); if (dump) { HexDumpEncoder hexEnc = new HexDumpEncoder(); debug.println("OCSPRequest bytes...\n\n" + hexEnc.encode(bytes) + "\n"); } return bytes; } List getCertIds() { return certIds; } byte[] getNonce() { return nonce; } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy