public DERObject toASN1Object() {
ASN1EncodableVector accessDescription = new ASN1EncodableVector();
accessDescription.add(accessMethod);
accessDescription.add(accessLocation);
return new DERSequence(accessDescription);
}
/**
* Produce an object suitable for an ASN1OutputStream.
*
* <pre>
* RecipientEncryptedKey ::= SEQUENCE {
* rid KeyAgreeRecipientIdentifier,
* encryptedKey EncryptedKey
* }
* </pre>
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(identifier);
v.add(encryptedKey);
return new DERSequence(v);
}
/**
*
*
* <pre>
* TimeStampResp ::= SEQUENCE {
* status PKIStatusInfo,
* timeStampToken TimeStampToken OPTIONAL }
* </pre>
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(pkiStatusInfo);
if (timeStampToken != null) {
v.add(timeStampToken);
}
return new DERSequence(v);
}
/**
*
*
* <pre>
* CertReqMsg ::= SEQUENCE {
* certReq CertRequest,
* pop ProofOfPossession OPTIONAL,
* -- content depends upon key type
* regInfo SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL }
* </pre>
*
* @return a basic ASN.1 object representation.
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(certReq);
addOptional(v, popo);
addOptional(v, regInfo);
return new DERSequence(v);
}
/**
* Produce an object suitable for an ASN1OutputStream.
*
* <pre>
* KeyAgreeRecipientInfo ::= SEQUENCE {
* version CMSVersion, -- always set to 3
* originator [0] EXPLICIT OriginatorIdentifierOrKey,
* ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
* keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
* recipientEncryptedKeys RecipientEncryptedKeys
* }
*
* UserKeyingMaterial ::= OCTET STRING
* </pre>
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(version);
v.add(new DERTaggedObject(true, 0, originator));
if (ukm != null) {
v.add(new DERTaggedObject(true, 1, ukm));
}
v.add(keyEncryptionAlgorithm);
v.add(recipientEncryptedKeys);
return new DERSequence(v);
}
/**
* Produce an object suitable for an ASN1OutputStream.
*
* <pre>
* CrlID ::= SEQUENCE {
* crlUrl [0] EXPLICIT IA5String OPTIONAL,
* crlNum [1] EXPLICIT INTEGER OPTIONAL,
* crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
* </pre>
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
if (crlUrl != null) {
v.add(new DERTaggedObject(true, 0, crlUrl));
}
if (crlNum != null) {
v.add(new DERTaggedObject(true, 1, crlNum));
}
if (crlTime != null) {
v.add(new DERTaggedObject(true, 2, crlTime));
}
return new DERSequence(v);
}
private void addOptional(ASN1EncodableVector v, ASN1Encodable obj) {
if (obj != null) {
v.add(obj);
}
}
private BasicOCSPResp generateResponse(
String signatureName,
PrivateKey key,
X509Certificate[] chain,
Date producedAt,
String provider,
SecureRandom random)
throws OCSPException, NoSuchProviderException {
Iterator it = list.iterator();
DERObjectIdentifier signingAlgorithm;
try {
signingAlgorithm = OCSPUtil.getAlgorithmOID(signatureName);
} catch (Exception e) {
throw new IllegalArgumentException("unknown signing algorithm specified");
}
ASN1EncodableVector responses = new ASN1EncodableVector();
while (it.hasNext()) {
try {
responses.add(((ResponseObject) it.next()).toResponse());
} catch (Exception e) {
throw new OCSPException("exception creating Request", e);
}
}
ResponseData tbsResp =
new ResponseData(
responderID.toASN1Object(),
new DERGeneralizedTime(producedAt),
new DERSequence(responses),
responseExtensions);
Signature sig = null;
try {
sig = OCSPUtil.createSignatureInstance(signatureName, provider);
if (random != null) {
sig.initSign(key, random);
} else {
sig.initSign(key);
}
} catch (NoSuchProviderException e) {
// TODO Why this special case?
throw e;
} catch (GeneralSecurityException e) {
throw new OCSPException("exception creating signature: " + e, e);
}
DERBitString bitSig = null;
try {
sig.update(tbsResp.getEncoded(ASN1Encodable.DER));
bitSig = new DERBitString(sig.sign());
} catch (Exception e) {
throw new OCSPException("exception processing TBSRequest: " + e, e);
}
AlgorithmIdentifier sigAlgId = OCSPUtil.getSigAlgID(signingAlgorithm);
DERSequence chainSeq = null;
if (chain != null && chain.length > 0) {
ASN1EncodableVector v = new ASN1EncodableVector();
try {
for (int i = 0; i != chain.length; i++) {
v.add(
new X509CertificateStructure(
(ASN1Sequence) ASN1Object.fromByteArray(chain[i].getEncoded())));
}
} catch (IOException e) {
throw new OCSPException("error processing certs", e);
} catch (CertificateEncodingException e) {
throw new OCSPException("error encoding certs", e);
}
chainSeq = new DERSequence(v);
}
return new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, chainSeq));
}
