Examples of OCSPResp

Examples of org.bouncycastle.ocsp.OCSPResp

309
310
311
312
313
314
315
316
317
318
319
320
321
            b = in.read();
        }
        baos.flush();
        in.close();
        byte[] respBytes = baos.toByteArray();
        OCSPResp response = new OCSPResp(new ByteArrayInputStream(respBytes));
        assertEquals("Response status not zero.", response.getStatus(), 0);
        BasicOCSPResp brep = (BasicOCSPResp) response.getResponseObject();
        X509Certificate[] chain = brep.getCerts("BC");
        boolean verify = brep.verify(chain[0].getPublicKey(), "BC");
        assertTrue("Response failed to verify.", verify);
        // Check nonce (if we sent one)
        if (nonce != null) {
View Full Code Here

Examples of org.bouncycastle.ocsp.OCSPResp

717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
        log.info(url.toString()); // Dump the exact string we use for access
        HttpURLConnection con = (HttpURLConnection) url.openConnection();
        assertEquals("Response code did not match. ", 200, con.getResponseCode());
        assertNotNull(con.getContentType());
        assertTrue(con.getContentType().startsWith("application/ocsp-response"));
        OCSPResp response = new OCSPResp(new ByteArrayInputStream(OcspJunitHelper.inputStreamToBytes(con.getInputStream())));
        assertNotNull("Response should not be null.", response);
        assertTrue("Should not be concidered malformed.", OCSPRespGenerator.MALFORMED_REQUEST != response.getStatus());
        final String dubbleSlashNonEncReq = "http://127.0.0.1:"
                + httpPort
                + "/ejbca/publicweb/status/ocsp/MGwwajBFMEMwQTAJBgUrDgMCGgUABBRBRfilzPB%2BAevx0i1AoeKTkrHgLgQUFJw5gwk9BaEgsX3pzsRF9iso29ICCAvB//HJyKqpoiEwHzAdBgkrBgEFBQcwAQIEEOTzT2gv3JpVva22Vj8cuKo%3D";
        url = new URL(dubbleSlashNonEncReq);
        log.info(url.toString()); // Dump the exact string we use for access
        con = (HttpURLConnection) url.openConnection();
        assertEquals("Response code did not match. ", 200, con.getResponseCode());
        assertNotNull(con.getContentType());
        assertTrue(con.getContentType().startsWith("application/ocsp-response"));
        response = new OCSPResp(new ByteArrayInputStream(OcspJunitHelper.inputStreamToBytes(con.getInputStream())));
        assertNotNull("Response should not be null.", response);
        assertTrue("Should not be concidered malformed.", OCSPRespGenerator.MALFORMED_REQUEST != response.getStatus());
        // An OCSP request, ocspTestCert is already created in earlier tests
        OCSPReqGenerator gen = new OCSPReqGenerator();
        loadUserCert(caid);
        gen.addRequest(new CertificateID(CertificateID.HASH_SHA1, cacert, ocspTestCert.getSerialNumber()));
        OCSPReq req = gen.generate();
View Full Code Here

Examples of org.bouncycastle.ocsp.OCSPResp

863
864
865
866
867
868
869
870
871
872
873
874
        // Some appserver (Weblogic) responds with
        // "application/ocsp-response; charset=UTF-8"
        assertNotNull("No Content-Type in reply.", con.getContentType());
        assertTrue(con.getContentType().startsWith("application/ocsp-response"));
        OCSPResp response = new OCSPResp(new ByteArrayInputStream(OcspJunitHelper.inputStreamToBytes(con.getInputStream())));
        assertTrue("Response status not the expected.", response.getStatus() != 200);

        BasicOCSPResp brep = (BasicOCSPResp) response.getResponseObject();
        boolean verify = brep.verify(cacert.getPublicKey(), "BC");
        assertTrue("Signature verification", verify);
    }
View Full Code Here

Examples of org.bouncycastle.ocsp.OCSPResp

941
942
943
944
945
946
947
948
949
        }
        log.info("response contains: " + respa.length + " bytes.");
        // Reading the response as a OCSPResp. When the input data array is
        // longer than allowed the OCSP response will return as an internal
        // error.
        OCSPResp response = new OCSPResp(respa);
        assertEquals("Incorrect response status.", OCSPRespGenerator.INTERNAL_ERROR, response.getStatus());
        log.trace("<test18MaliciousOcspRequest");
    }
View Full Code Here

Examples of org.bouncycastle.ocsp.OCSPResp

1008
1009
1010
1011
1012
1013
1014
1015
1016
        for (i = start; i < ret.length; i++) {
            respa[i - start] = ret[i];
        }
        log.info("response contains: " + respa.length + " bytes.");
        // Reading the response as a OCSPResp.
        OCSPResp response = new OCSPResp(respa);
        assertEquals("Incorrect response status.", OCSPRespGenerator.MALFORMED_REQUEST, response.getStatus());
        log.trace("<test19MaliciousOcspRequest");
    }
View Full Code Here

Examples of org.bouncycastle.ocsp.OCSPResp

1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
     */
    public void test20MaliciousOcspRequest() throws Exception {
        log.trace(">test20MaliciousOcspRequest");
        // Start by sending a valid OCSP requests so we know the helpers work
        byte validOcspReq[] = getValidOcspRequest();
        OCSPResp response = sendRawRequestToOcsp(validOcspReq.length, validOcspReq, false);
        assertEquals("Incorrect response status.", OCSPRespGenerator.SUCCESSFUL, response.getStatus());
        // Try sending a valid request and then keep sending some more data.
        byte[] buf = new byte[LimitLengthASN1Reader.MAX_REQUEST_SIZE * 2];
        Arrays.fill(buf, (byte) 123);
        buf = concatByteArrays(validOcspReq, buf);
        response = sendRawRequestToOcsp(buf.length, buf, false);
        assertEquals("Incorrect response status.", OCSPRespGenerator.MALFORMED_REQUEST, response.getStatus());
        // Now try with a fake HTTP content-length header
        try {
            response = sendRawRequestToOcsp(validOcspReq.length, buf, false);
            fail("Was able to send a lot of data with a fake HTTP Content-length without any error.");
        } catch (IOException e) {
        }
        // Try sneaking through a payload that is just under the limit. The
        // responder will answer politely, but log a warning.
        buf = new byte[LimitLengthASN1Reader.MAX_REQUEST_SIZE - validOcspReq.length];
        Arrays.fill(buf, (byte) 123);
        buf = concatByteArrays(validOcspReq, buf);
        response = sendRawRequestToOcsp(buf.length, buf, false);
        assertEquals("Server rejected malicious request. (This might be a good thing!)", OCSPRespGenerator.SUCCESSFUL, response.getStatus());
        log.trace("<test20MaliciousOcspRequest");
    }
View Full Code Here

Examples of org.bouncycastle.ocsp.OCSPResp

1164
1165
1166
1167
1168
1169
1170
        }
        // Reading the response.
        byte rawResponse[] = getHttpResponse(socket.getInputStream());
        log.info("Response contains: " + rawResponse.length + " bytes.");
        socket.close();
        return new OCSPResp(rawResponse);
    }
View Full Code Here

Examples of org.bouncycastle.ocsp.OCSPResp

257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
          } else {
            ret.setErrorCode(OCSPUnidResponse.ERROR_UNKNOWN);
          }
          return ret;
        }
        final OCSPResp response; {
            final InputStream in = con.getInputStream();
            if ( in!=null ) {
                try {
                    response = new OCSPResp(in);
                } finally {
                    in.close();
                }
            } else {
                response = null;
            }
        }
        if (response == null) {
          ret.setErrorCode(OCSPUnidResponse.ERROR_NO_RESPONSE);
          return ret;
        }
        ret.setResp(response);
        final BasicOCSPResp brep = (BasicOCSPResp) response.getResponseObject();
        if ( brep==null ) {
            ret.setErrorCode(OCSPUnidResponse.ERROR_NO_RESPONSE);
            return ret;
        }
        // Compare nonces to see if the server sent the same nonce as we sent
View Full Code Here

Examples of org.bouncycastle.ocsp.OCSPResp

150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
            if (con.getResponseCode() / 100 != 2) {
                throw new IOException(MessageLocalization.getComposedMessage("invalid.http.response.1", con.getResponseCode()));
            }
            //Get Response
            InputStream in = (InputStream) con.getContent();
            OCSPResp ocspResponse = new OCSPResp(in);

            if (ocspResponse.getStatus() != 0)
                throw new IOException(MessageLocalization.getComposedMessage("invalid.status.1", ocspResponse.getStatus()));
            BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
            if (basicResponse != null) {
                SingleResp[] responses = basicResponse.getResponses();
                if (responses.length == 1) {
                    SingleResp resp = responses[0];
                    Object status = resp.getCertStatus();
View Full Code Here

Examples of org.bouncycastle.ocsp.OCSPResp

255
256
257
258
259
260
261
262
263
264
265
266
267
            if (con.getResponseCode() != HttpURLConnection.HTTP_OK) {
                Log.debug("OCSPChecker: Received HTTP error: " + con.getResponseCode() +
                        " - " + con.getResponseMessage());
            }
            in = con.getInputStream();
            OCSPResp ocspResponse = new OCSPResp(in);
            BigInteger serialNumber = currCert.getSerialNumber();
            BasicOCSPResp brep = (BasicOCSPResp) ocspResponse.getResponseObject();
            try {
                if( ! brep.verify(responderCert.getPublicKey(),"BC")) {
                    throw new CertPathValidatorException("OCSP response is not verified");
                }
            } catch (NoSuchProviderException e) {
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.