package ocsp;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.*;
import java.util.*;
import java.io.*;
import java.net.*;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import util.Config;
import util.Log;
/**
*
* @author Lahiru Rajeew
*/
public class OCSPOperatoionHandler {
boolean DEBUG_ON = true;
public static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber)
throws OCSPException {
//Add provider BC
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber);
// basic request generation with nonce
OCSPReqGenerator gen = new OCSPReqGenerator();
gen.addRequest(id);
// create details for nonce extension
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
Vector oids = new Vector();
Vector values = new Vector();
oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
values.add(new X509Extension(false, new DEROctetString(nonce.toByteArray())));
gen.setRequestExtensions(new X509Extensions(oids, values));
return gen.generate();
}
public boolean certificateStatus(X509Certificate rootCertificate, X509Certificate issuerCertificate) throws Exception{
boolean isValid = false;
//Read user Certificate
InputStream inStream = null;
try {
X509Certificate interCert = issuerCertificate;
//Read CA Certificate
X509Certificate rootCert = rootCertificate;
OCSPReq request = generateOCSPRequest(rootCert, interCert.getSerialNumber());
//Codificate request:
byte[] array = request.getEncoded();
//Send request:
//serviceAddr URL OCSP service
String serviceAddr = "http://ocsp.lankaclear.lk:11080/ocsp/ee/ocsp";
serviceAddr = Config.OCSP_RESSPONDER;
if(DEBUG_ON)System.out.println("serviceAddr ::: " + serviceAddr);
if (serviceAddr != null) {
try {
if (serviceAddr.startsWith("http")) {
HttpURLConnection con = null;
URL url = new URL((String) serviceAddr);
con = (HttpURLConnection) url.openConnection();
con.setRequestProperty("Content-Type", "application/ocsp-request");
con.setRequestProperty("Accept", "application/ocsp-response");
con.setDoOutput(true);
OutputStream out = con.getOutputStream();
DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
//Escribo el request
dataOut.write(array);
dataOut.flush();
dataOut.close();
//Check errors in response:
if (con.getResponseCode() / 100 != 2) {
throw new Exception("***Error***");
}
//Get Response
InputStream in = (InputStream) con.getContent();
OCSPResp ocspResponse = new OCSPResp(in);
/**
... DECODING THE RESPONSE [2] ...
*/
System.out.println(ocspResponse.getStatus() == OCSPResponseStatus.SUCCESSFUL);
System.out.println("...");
} else {
//HTTPS
//HttpsURLConnection
//...
}
} catch (Exception e) {
isValid = false;
System.out.println(e);
}
}
} catch (FileNotFoundException ex) {
Log.error(ex);
} finally {
try {
inStream.close();
} catch (IOException ex) {
Log.error(ex);
}
}
return isValid;
}
}
import java.math.BigInteger;
import java.security.*;
import java.security.cert.*;
import java.util.*;
import java.io.*;
import java.net.*;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import util.Config;
import util.Log;
/**
*
* @author Lahiru Rajeew
*/
public class OCSPOperatoionHandler {
boolean DEBUG_ON = true;
public static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber)
throws OCSPException {
//Add provider BC
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber);
// basic request generation with nonce
OCSPReqGenerator gen = new OCSPReqGenerator();
gen.addRequest(id);
// create details for nonce extension
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
Vector oids = new Vector();
Vector values = new Vector();
oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
values.add(new X509Extension(false, new DEROctetString(nonce.toByteArray())));
gen.setRequestExtensions(new X509Extensions(oids, values));
return gen.generate();
}
public boolean certificateStatus(X509Certificate rootCertificate, X509Certificate issuerCertificate) throws Exception{
boolean isValid = false;
//Read user Certificate
InputStream inStream = null;
try {
X509Certificate interCert = issuerCertificate;
//Read CA Certificate
X509Certificate rootCert = rootCertificate;
OCSPReq request = generateOCSPRequest(rootCert, interCert.getSerialNumber());
//Codificate request:
byte[] array = request.getEncoded();
//Send request:
//serviceAddr URL OCSP service
String serviceAddr = "http://ocsp.lankaclear.lk:11080/ocsp/ee/ocsp";
serviceAddr = Config.OCSP_RESSPONDER;
if(DEBUG_ON)System.out.println("serviceAddr ::: " + serviceAddr);
if (serviceAddr != null) {
try {
if (serviceAddr.startsWith("http")) {
HttpURLConnection con = null;
URL url = new URL((String) serviceAddr);
con = (HttpURLConnection) url.openConnection();
con.setRequestProperty("Content-Type", "application/ocsp-request");
con.setRequestProperty("Accept", "application/ocsp-response");
con.setDoOutput(true);
OutputStream out = con.getOutputStream();
DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
//Escribo el request
dataOut.write(array);
dataOut.flush();
dataOut.close();
//Check errors in response:
if (con.getResponseCode() / 100 != 2) {
throw new Exception("***Error***");
}
//Get Response
InputStream in = (InputStream) con.getContent();
OCSPResp ocspResponse = new OCSPResp(in);
/**
... DECODING THE RESPONSE [2] ...
*/
System.out.println(ocspResponse.getStatus() == OCSPResponseStatus.SUCCESSFUL);
System.out.println("...");
} else {
//HTTPS
//HttpsURLConnection
//...
}
} catch (Exception e) {
isValid = false;
System.out.println(e);
}
}
} catch (FileNotFoundException ex) {
Log.error(ex);
} finally {
try {
inStream.close();
} catch (IOException ex) {
Log.error(ex);
}
}
return isValid;
}
}
Comments