diff options
Diffstat (limited to 'libraries/spongycastle/prov/src/main/java/org/spongycastle/ocsp/BasicOCSPRespGenerator.java')
-rw-r--r-- | libraries/spongycastle/prov/src/main/java/org/spongycastle/ocsp/BasicOCSPRespGenerator.java | 344 |
1 files changed, 0 insertions, 344 deletions
diff --git a/libraries/spongycastle/prov/src/main/java/org/spongycastle/ocsp/BasicOCSPRespGenerator.java b/libraries/spongycastle/prov/src/main/java/org/spongycastle/ocsp/BasicOCSPRespGenerator.java deleted file mode 100644 index 5c62b45f2..000000000 --- a/libraries/spongycastle/prov/src/main/java/org/spongycastle/ocsp/BasicOCSPRespGenerator.java +++ /dev/null @@ -1,344 +0,0 @@ -package org.spongycastle.ocsp; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Date; -import java.util.Iterator; -import java.util.List; - -import org.spongycastle.asn1.ASN1EncodableVector; -import org.spongycastle.asn1.ASN1Encoding; -import org.spongycastle.asn1.ASN1GeneralizedTime; -import org.spongycastle.asn1.ASN1Primitive; -import org.spongycastle.asn1.ASN1Sequence; -import org.spongycastle.asn1.DERBitString; -import org.spongycastle.asn1.DERGeneralizedTime; -import org.spongycastle.asn1.DERNull; -import org.spongycastle.asn1.DERObjectIdentifier; -import org.spongycastle.asn1.DERSequence; -import org.spongycastle.asn1.ocsp.BasicOCSPResponse; -import org.spongycastle.asn1.ocsp.CertStatus; -import org.spongycastle.asn1.ocsp.ResponseData; -import org.spongycastle.asn1.ocsp.RevokedInfo; -import org.spongycastle.asn1.ocsp.SingleResponse; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.asn1.x509.CRLReason; -import org.spongycastle.asn1.x509.X509CertificateStructure; -import org.spongycastle.asn1.x509.X509Extensions; - -/** - * Generator for basic OCSP response objects. - * - * @deprecated use classes in org.spongycastle.cert.ocsp. - */ -public class BasicOCSPRespGenerator -{ - private List list = new ArrayList(); - private X509Extensions responseExtensions = null; - private RespID responderID; - - private class ResponseObject - { - CertificateID certId; - CertStatus certStatus; - DERGeneralizedTime thisUpdate; - DERGeneralizedTime nextUpdate; - X509Extensions extensions; - - public ResponseObject( - CertificateID certId, - CertificateStatus certStatus, - Date thisUpdate, - Date nextUpdate, - X509Extensions extensions) - { - this.certId = certId; - - if (certStatus == null) - { - this.certStatus = new CertStatus(); - } - else if (certStatus instanceof UnknownStatus) - { - this.certStatus = new CertStatus(2, DERNull.INSTANCE); - } - else - { - RevokedStatus rs = (RevokedStatus)certStatus; - - if (rs.hasRevocationReason()) - { - this.certStatus = new CertStatus( - new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), CRLReason.lookup(rs.getRevocationReason()))); - } - else - { - this.certStatus = new CertStatus( - new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), null)); - } - } - - this.thisUpdate = new DERGeneralizedTime(thisUpdate); - - if (nextUpdate != null) - { - this.nextUpdate = new DERGeneralizedTime(nextUpdate); - } - else - { - this.nextUpdate = null; - } - - this.extensions = extensions; - } - - public SingleResponse toResponse() - throws Exception - { - return new SingleResponse(certId.toASN1Object(), certStatus, thisUpdate, nextUpdate, extensions); - } - } - - /** - * basic constructor - */ - public BasicOCSPRespGenerator( - RespID responderID) - { - this.responderID = responderID; - } - - /** - * construct with the responderID to be the SHA-1 keyHash of the passed in public key. - */ - public BasicOCSPRespGenerator( - PublicKey key) - throws OCSPException - { - this.responderID = new RespID(key); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param certStatus status of the certificate - null if okay - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus) - { - list.add(new ResponseObject(certID, certStatus, new Date(), null, null)); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param certStatus status of the certificate - null if okay - * @param singleExtensions optional extensions - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus, - X509Extensions singleExtensions) - { - list.add(new ResponseObject(certID, certStatus, new Date(), null, singleExtensions)); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param nextUpdate date when next update should be requested - * @param certStatus status of the certificate - null if okay - * @param singleExtensions optional extensions - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus, - Date nextUpdate, - X509Extensions singleExtensions) - { - list.add(new ResponseObject(certID, certStatus, new Date(), nextUpdate, singleExtensions)); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param thisUpdate date this response was valid on - * @param nextUpdate date when next update should be requested - * @param certStatus status of the certificate - null if okay - * @param singleExtensions optional extensions - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus, - Date thisUpdate, - Date nextUpdate, - X509Extensions singleExtensions) - { - list.add(new ResponseObject(certID, certStatus, thisUpdate, nextUpdate, singleExtensions)); - } - - /** - * Set the extensions for the response. - * - * @param responseExtensions the extension object to carry. - */ - public void setResponseExtensions( - X509Extensions responseExtensions) - { - this.responseExtensions = responseExtensions; - } - - private BasicOCSPResp generateResponse( - String signatureName, - PrivateKey key, - X509Certificate[] chain, - Date producedAt, - String provider, - SecureRandom random) - throws OCSPException, NoSuchProviderException - { - Iterator it = list.iterator(); - DERObjectIdentifier signingAlgorithm; - - try - { - signingAlgorithm = OCSPUtil.getAlgorithmOID(signatureName); - } - catch (Exception e) - { - throw new IllegalArgumentException("unknown signing algorithm specified"); - } - - ASN1EncodableVector responses = new ASN1EncodableVector(); - - while (it.hasNext()) - { - try - { - responses.add(((ResponseObject)it.next()).toResponse()); - } - catch (Exception e) - { - throw new OCSPException("exception creating Request", e); - } - } - - ResponseData tbsResp = new ResponseData(responderID.toASN1Object(), new DERGeneralizedTime(producedAt), new DERSequence(responses), responseExtensions); - - Signature sig = null; - - try - { - sig = OCSPUtil.createSignatureInstance(signatureName, provider); - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - } - catch (NoSuchProviderException e) - { - // TODO Why this special case? - throw e; - } - catch (GeneralSecurityException e) - { - throw new OCSPException("exception creating signature: " + e, e); - } - - DERBitString bitSig = null; - - try - { - sig.update(tbsResp.getEncoded(ASN1Encoding.DER)); - - bitSig = new DERBitString(sig.sign()); - } - catch (Exception e) - { - throw new OCSPException("exception processing TBSRequest: " + e, e); - } - - AlgorithmIdentifier sigAlgId = OCSPUtil.getSigAlgID(signingAlgorithm); - - DERSequence chainSeq = null; - if (chain != null && chain.length > 0) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - try - { - for (int i = 0; i != chain.length; i++) - { - v.add(new X509CertificateStructure( - (ASN1Sequence)ASN1Primitive.fromByteArray(chain[i].getEncoded()))); - } - } - catch (IOException e) - { - throw new OCSPException("error processing certs", e); - } - catch (CertificateEncodingException e) - { - throw new OCSPException("error encoding certs", e); - } - - chainSeq = new DERSequence(v); - } - - return new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, chainSeq)); - } - - public BasicOCSPResp generate( - String signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - Date thisUpdate, - String provider) - throws OCSPException, NoSuchProviderException, IllegalArgumentException - { - return generate(signingAlgorithm, key, chain, thisUpdate, provider, null); - } - - public BasicOCSPResp generate( - String signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - Date producedAt, - String provider, - SecureRandom random) - throws OCSPException, NoSuchProviderException, IllegalArgumentException - { - if (signingAlgorithm == null) - { - throw new IllegalArgumentException("no signing algorithm specified"); - } - - return generateResponse(signingAlgorithm, key, chain, producedAt, provider, random); - } - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return OCSPUtil.getAlgNames(); - } -} |