diff options
Diffstat (limited to 'libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/ocsp/OCSPReqGenerator.java')
-rw-r--r-- | libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/ocsp/OCSPReqGenerator.java | 292 |
1 files changed, 292 insertions, 0 deletions
diff --git a/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/ocsp/OCSPReqGenerator.java b/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/ocsp/OCSPReqGenerator.java new file mode 100644 index 000000000..755751fb6 --- /dev/null +++ b/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/ocsp/OCSPReqGenerator.java @@ -0,0 +1,292 @@ +package org.spongycastle.ocsp; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.SecureRandom; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.spongycastle.asn1.ASN1EncodableVector; +import org.spongycastle.asn1.ASN1OutputStream; +import org.spongycastle.asn1.ASN1Primitive; +import org.spongycastle.asn1.ASN1Sequence; +import org.spongycastle.asn1.DERBitString; +import org.spongycastle.asn1.DERNull; +import org.spongycastle.asn1.DERObjectIdentifier; +import org.spongycastle.asn1.DERSequence; +import org.spongycastle.asn1.ocsp.OCSPRequest; +import org.spongycastle.asn1.ocsp.Request; +import org.spongycastle.asn1.ocsp.Signature; +import org.spongycastle.asn1.ocsp.TBSRequest; +import org.spongycastle.asn1.x509.AlgorithmIdentifier; +import org.spongycastle.asn1.x509.Extensions; +import org.spongycastle.asn1.x509.GeneralName; +import org.spongycastle.asn1.x509.X509CertificateStructure; +import org.spongycastle.asn1.x509.X509Extensions; +import org.spongycastle.jce.X509Principal; + +/** + * @deprecated use classes in org.spongycastle.cert.ocsp. + */ +public class OCSPReqGenerator +{ + private List list = new ArrayList(); + private GeneralName requestorName = null; + private X509Extensions requestExtensions = null; + + private class RequestObject + { + CertificateID certId; + X509Extensions extensions; + + public RequestObject( + CertificateID certId, + X509Extensions extensions) + { + this.certId = certId; + this.extensions = extensions; + } + + public Request toRequest() + throws Exception + { + return new Request(certId.toASN1Object(), Extensions.getInstance(extensions)); + } + } + + /** + * Add a request for the given CertificateID. + * + * @param certId certificate ID of interest + */ + public void addRequest( + CertificateID certId) + { + list.add(new RequestObject(certId, null)); + } + + /** + * Add a request with extensions + * + * @param certId certificate ID of interest + * @param singleRequestExtensions the extensions to attach to the request + */ + public void addRequest( + CertificateID certId, + X509Extensions singleRequestExtensions) + { + list.add(new RequestObject(certId, singleRequestExtensions)); + } + + /** + * Set the requestor name to the passed in X500Principal + * + * @param requestorName a X500Principal representing the requestor name. + */ + public void setRequestorName( + X509Principal requestorName) + { + try + { + this.requestorName = new GeneralName(GeneralName.directoryName, new X509Principal(requestorName.getEncoded())); + } + catch (IOException e) + { + throw new IllegalArgumentException("cannot encode principal: " + e); + } + } + + public void setRequestorName( + GeneralName requestorName) + { + this.requestorName = requestorName; + } + + public void setRequestExtensions( + X509Extensions requestExtensions) + { + this.requestExtensions = requestExtensions; + } + + private OCSPReq generateRequest( + DERObjectIdentifier signingAlgorithm, + PrivateKey key, + X509Certificate[] chain, + String provider, + SecureRandom random) + throws OCSPException, NoSuchProviderException + { + Iterator it = list.iterator(); + + ASN1EncodableVector requests = new ASN1EncodableVector(); + + while (it.hasNext()) + { + try + { + requests.add(((RequestObject)it.next()).toRequest()); + } + catch (Exception e) + { + throw new OCSPException("exception creating Request", e); + } + } + + TBSRequest tbsReq = new TBSRequest(requestorName, new DERSequence(requests), requestExtensions); + + java.security.Signature sig = null; + Signature signature = null; + + if (signingAlgorithm != null) + { + if (requestorName == null) + { + throw new OCSPException("requestorName must be specified if request is signed."); + } + + try + { + sig = OCSPUtil.createSignatureInstance(signingAlgorithm.getId(), provider); + if (random != null) + { + sig.initSign(key, random); + } + else + { + sig.initSign(key); + } + } + catch (NoSuchProviderException e) + { + // TODO Why this special case? + throw e; + } + catch (GeneralSecurityException e) + { + throw new OCSPException("exception creating signature: " + e, e); + } + + DERBitString bitSig = null; + + try + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + + aOut.writeObject(tbsReq); + + sig.update(bOut.toByteArray()); + + bitSig = new DERBitString(sig.sign()); + } + catch (Exception e) + { + throw new OCSPException("exception processing TBSRequest: " + e, e); + } + + AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signingAlgorithm, new DERNull()); + + if (chain != null && chain.length > 0) + { + ASN1EncodableVector v = new ASN1EncodableVector(); + try + { + for (int i = 0; i != chain.length; i++) + { + v.add(new X509CertificateStructure( + (ASN1Sequence)ASN1Primitive.fromByteArray(chain[i].getEncoded()))); + } + } + catch (IOException e) + { + throw new OCSPException("error processing certs", e); + } + catch (CertificateEncodingException e) + { + throw new OCSPException("error encoding certs", e); + } + + signature = new Signature(sigAlgId, bitSig, new DERSequence(v)); + } + else + { + signature = new Signature(sigAlgId, bitSig); + } + } + + return new OCSPReq(new OCSPRequest(tbsReq, signature)); + } + + /** + * Generate an unsigned request + * + * @return the OCSPReq + * @throws OCSPException + */ + public OCSPReq generate() + throws OCSPException + { + try + { + return generateRequest(null, null, null, null, null); + } + catch (NoSuchProviderException e) + { + // + // this shouldn't happen but... + // + throw new OCSPException("no provider! - " + e, e); + } + } + + public OCSPReq generate( + String signingAlgorithm, + PrivateKey key, + X509Certificate[] chain, + String provider) + throws OCSPException, NoSuchProviderException, IllegalArgumentException + { + return generate(signingAlgorithm, key, chain, provider, null); + } + + public OCSPReq generate( + String signingAlgorithm, + PrivateKey key, + X509Certificate[] chain, + String provider, + SecureRandom random) + throws OCSPException, NoSuchProviderException, IllegalArgumentException + { + if (signingAlgorithm == null) + { + throw new IllegalArgumentException("no signing algorithm specified"); + } + + try + { + DERObjectIdentifier oid = OCSPUtil.getAlgorithmOID(signingAlgorithm); + + return generateRequest(oid, key, chain, provider, random); + } + catch (IllegalArgumentException e) + { + throw new IllegalArgumentException("unknown signing algorithm specified: " + signingAlgorithm); + } + } + + /** + * Return an iterator of the signature names supported by the generator. + * + * @return an iterator containing recognised names. + */ + public Iterator getSignatureAlgNames() + { + return OCSPUtil.getAlgNames(); + } +} |