\r
ASN1OctetStringIf readObject$ASNString() throws IOException;\r
DEROctetStringIf readObject$DERString() throws IOException;\r
- DERIntegerIf readObject$Integer() throws IOException;\r
+ ASN1IntegerIf readObject$Integer() throws IOException;\r
ASN1SequenceIf readObject$Sequence() throws IOException;\r
Object readObject$Object() throws IOException;\r
}\r
\r
+ public interface ASN1IntegerIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.asn1.ASN1Integer";\r
+ \r
+ BigInteger getPositiveValue();\r
+ }\r
+ \r
public interface ASN1ObjectIdentifierIf extends ProxyIf {\r
String delegateClass = "org.bouncycastle.asn1.ASN1ObjectIdentifier";\r
+ \r
+ String getId();\r
}\r
\r
public interface ASN1OctetStringIf extends ProxyIf {\r
}\r
\r
public interface BasicOCSPRespIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.ocsp.BasicOCSPResp";\r
+ String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPResp";\r
Date getProducedAt();\r
RespIDIf getResponderId();\r
}\r
String delegateClass = "org.bouncycastle.asn1.DERIA5String";\r
}\r
\r
- public interface DERIntegerIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.DERInteger";\r
- BigInteger getPositiveValue();\r
- }\r
- \r
public interface DEROctetStringIf extends ProxyIf {\r
String delegateClass = "org.bouncycastle.asn1.DEROctetString";\r
byte[] getOctets();\r
void marshal(Node node, String prefix, DOMCryptoContext context) throws MarshalException;\r
}\r
\r
+ public interface ExtensionsIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.asn1.x509.Extensions";\r
+ }\r
+ \r
+ public interface ExtensionIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.asn1.x509.Extension";\r
+ }\r
+ \r
+\r
public interface GeneralNameIf extends ProxyIf {\r
String delegateClass = "org.bouncycastle.asn1.x509.GeneralName";\r
\r
void init();\r
}\r
\r
+ public interface JcaDigestCalculatorProviderBuilderIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder";\r
+ JcaDigestCalculatorProviderBuilderIf setProvider(String provider);\r
+ DigestCalculatorProviderIf build();\r
+ }\r
+\r
+ public interface JcaContentSignerBuilderIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.operator.jcajce.JcaContentSignerBuilder";\r
+ \r
+ JcaContentSignerBuilderIf setProvider(String provider);\r
+ ContentSignerIf build(PrivateKey paramPrivateKey);\r
+ }\r
+ \r
+ public interface ContentSignerIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.operator.ContentSigner";\r
+ }\r
+ \r
+ public interface DigestCalculatorProviderIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.operator.DigestCalculatorProvider";\r
+ DigestCalculatorIf get(AlgorithmIdentifierIf paramAlgorithmIdentifier);\r
+ }\r
+ \r
+ public interface DigestCalculatorIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.operator.DigestCalculator";\r
+ }\r
+ \r
+ public interface AlgorithmIdentifierIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.asn1.x509.AlgorithmIdentifier";\r
+ }\r
+ \r
public interface KeyUsageIf extends ProxyIf {\r
String delegateClass = "org.bouncycastle.asn1.x509.KeyUsage";\r
int digitalSignature();\r
}\r
\r
+ public interface OCSPObjectIdentifiersIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers";\r
+ ASN1ObjectIdentifierIf id_pkix_ocsp_nonce();\r
+ }\r
+ \r
public interface OCSPRespIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.ocsp.OCSPResp";\r
+ String delegateClass = "org.bouncycastle.cert.ocsp.OCSPResp";\r
BasicOCSPRespIf getResponseObject();\r
byte[] getEncoded() throws IOException;\r
}\r
}\r
\r
public interface RespIDIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.ocsp.RespID";\r
+ String delegateClass = "org.bouncycastle.cert.ocsp.RespID";\r
ResponderIDIf toASN1Object();\r
}\r
\r
}\r
\r
public interface OCSPReqIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.ocsp.OCSPReq";\r
+ String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReq";\r
\r
ReqIf[] getRequestList();\r
}\r
\r
- public interface OCSPReqGeneratorIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.ocsp.OCSPReqGenerator";\r
- \r
- void addRequest(CertificateIDIf certId);\r
- OCSPReqIf generate();\r
+ public interface OCSPReqBuilderIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReqBuilder";\r
+\r
+ OCSPReqBuilderIf addRequest(CertificateIDIf certId);\r
+ OCSPReqBuilderIf setRequestExtensions(ExtensionsIf paramExtensions);\r
+ OCSPReqIf build();\r
}\r
\r
- public interface BasicOCSPRespGeneratorIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.ocsp.BasicOCSPRespGenerator";\r
+ public interface OCSPRespBuilderIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.cert.ocsp.OCSPRespBuilder";\r
+ \r
+ OCSPRespIf build(int status, BasicOCSPRespIf basicOcspResp);\r
+ int SUCCESSFUL();\r
+ }\r
+ \r
+ \r
+ public interface BasicOCSPRespBuilderIf extends ProxyIf {\r
+ String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder";\r
\r
- void addResponse(CertificateIDIf certificateID, CertificateStatusIf certificateStatus);\r
- BasicOCSPRespIf generate(String signatureAlgorithm, PrivateKey ocspResponderPrivateKey,\r
- X509Certificate chain[], Date date, String provider);\r
+ BasicOCSPRespBuilderIf addResponse(CertificateIDIf certificateID, CertificateStatusIf certificateStatus);\r
+ BasicOCSPRespBuilderIf setResponseExtensions(ExtensionsIf paramExtensions);\r
+ BasicOCSPRespIf build(ContentSignerIf paramContentSigner, X509CertificateHolderIf[] paramArrayOfX509CertificateHolder, Date paramDate);\r
}\r
\r
public interface CertificateIDIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.ocsp.CertificateID";\r
+ String delegateClass = "org.bouncycastle.cert.ocsp.CertificateID";\r
\r
- String HASH_SHA1();\r
+ AlgorithmIdentifierIf HASH_SHA1();\r
}\r
\r
public interface X509ExtensionsIf extends ProxyIf {\r
}\r
\r
public interface ReqIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.ocsp.Req";\r
+ String delegateClass = "org.bouncycastle.cert.ocsp.Req";\r
\r
CertificateIDIf getCertID();\r
}\r
\r
public interface CertificateStatusIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.ocsp.CertificateStatus";\r
+ String delegateClass = "org.bouncycastle.cert.ocsp.CertificateStatus";\r
\r
CertificateStatusIf GOOD();\r
}\r
public interface CRLReasonIf extends ProxyIf {\r
String delegateClass = "org.bouncycastle.asn1.x509.CRLReason";\r
int unspecified();\r
- }\r
-\r
- public interface OCSPRespGeneratorIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.ocsp.OCSPRespGenerator";\r
- int SUCCESSFUL();\r
- OCSPRespIf generate(int status, BasicOCSPRespIf basicOCSPResp);\r
+ int privilegeWithdrawn();\r
}\r
}\r
==================================================================== */\r
package org.apache.poi.poifs.crypt;\r
\r
+import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy;\r
+\r
import java.io.ByteArrayInputStream;\r
import java.io.IOException;\r
import java.io.InputStream;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityInformationAccessIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityKeyIdentifierIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicConstraintsIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespGeneratorIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespBuilderIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLNumberIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLReasonIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateIDIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateStatusIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ContentSignerIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIA5StringIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DEROctetStringIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERSequenceIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DigestCalculatorIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointNameIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionsIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNameIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNamesIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaContentSignerBuilderIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaDigestCalculatorProviderBuilderIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqGeneratorIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPObjectIdentifiersIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqBuilderIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespGeneratorIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespBuilderIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ReqIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RevokedStatusIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectKeyIdentifierIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectPublicKeyInfoIf;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509CertificateHolderIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ObjectIdentifiersIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509PrincipalIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V2CRLGeneratorIf;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V3CertificateGeneratorIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxy;\r
import org.w3c.dom.Document;\r
import org.w3c.dom.Node;\r
import org.xml.sax.InputSource;\r
throws IOException, ClassNotFoundException, NoSuchMethodException, InstantiationException\r
, IllegalAccessException, InvocationTargetException, NoSuchFieldException {\r
ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());\r
- ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais);\r
+ ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais);\r
SubjectPublicKeyInfoIf info =\r
- HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());\r
- SubjectKeyIdentifierIf keyId = HorribleProxy.newProxy(SubjectKeyIdentifierIf.class, info);\r
+ newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());\r
+ SubjectKeyIdentifierIf keyId = newProxy(SubjectKeyIdentifierIf.class, info);\r
return keyId;\r
}\r
\r
, IllegalAccessException, InvocationTargetException, NoSuchFieldException {\r
\r
ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());\r
- ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais);\r
+ ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais);\r
SubjectPublicKeyInfoIf info =\r
- HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());\r
- AuthorityKeyIdentifierIf keyId = HorribleProxy.newProxy(AuthorityKeyIdentifierIf.class, info);\r
+ newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());\r
+ AuthorityKeyIdentifierIf keyId = newProxy(AuthorityKeyIdentifierIf.class, info);\r
\r
return keyId;\r
}\r
, InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException\r
{\r
String signatureAlgorithm = "SHA1withRSA";\r
- X509V3CertificateGeneratorIf certificateGenerator = HorribleProxy.newProxy(X509V3CertificateGeneratorIf.class);\r
+ X509V3CertificateGeneratorIf certificateGenerator = newProxy(X509V3CertificateGeneratorIf.class);\r
certificateGenerator.reset();\r
certificateGenerator.setPublicKey(subjectPublicKey);\r
certificateGenerator.setSignatureAlgorithm(signatureAlgorithm);\r
certificateGenerator.setNotBefore(notBefore);\r
certificateGenerator.setNotAfter(notAfter);\r
- X509PrincipalIf subjectDN = HorribleProxy.newProxy(X509PrincipalIf.class, subjectDn);\r
+ X509PrincipalIf subjectDN = newProxy(X509PrincipalIf.class, subjectDn);\r
X509PrincipalIf issuerDN;\r
if (null != issuerCertificate) {\r
- issuerDN = HorribleProxy.newProxy(X509PrincipalIf.class, issuerCertificate\r
+ issuerDN = newProxy(X509PrincipalIf.class, issuerCertificate\r
.getSubjectX500Principal().toString());\r
} else {\r
issuerDN = subjectDN;\r
certificateGenerator.setSerialNumber(new BigInteger(128,\r
new SecureRandom()));\r
\r
- X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class);\r
+ X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class);\r
\r
certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier(),\r
false, createSubjectKeyId(subjectPublicKey));\r
BasicConstraintsIf bc;\r
\r
if (-1 == pathLength) {\r
- bc = HorribleProxy.newProxy(BasicConstraintsIf.class, true);\r
+ bc = newProxy(BasicConstraintsIf.class, true);\r
} else {\r
- bc = HorribleProxy.newProxy(BasicConstraintsIf.class, pathLength);\r
+ bc = newProxy(BasicConstraintsIf.class, pathLength);\r
}\r
certificateGenerator.addExtension(X509Extensions.BasicConstraints(), false, bc);\r
}\r
\r
if (null != crlUri) {\r
- GeneralNameIf gn = HorribleProxy.newProxy(GeneralNameIf.class);\r
+ GeneralNameIf gn = newProxy(GeneralNameIf.class);\r
int uri = gn.uniformResourceIdentifier();\r
- DERIA5StringIf crlUriDer = HorribleProxy.newProxy(DERIA5StringIf.class, crlUri);\r
- gn = HorribleProxy.newProxy(GeneralNameIf.class, uri, crlUriDer);\r
+ DERIA5StringIf crlUriDer = newProxy(DERIA5StringIf.class, crlUri);\r
+ gn = newProxy(GeneralNameIf.class, uri, crlUriDer);\r
\r
- DERSequenceIf gnDer = HorribleProxy.newProxy(DERSequenceIf.class, gn);\r
- GeneralNamesIf gns = HorribleProxy.newProxy(GeneralNamesIf.class, gnDer);\r
+ DERSequenceIf gnDer = newProxy(DERSequenceIf.class, gn);\r
+ GeneralNamesIf gns = newProxy(GeneralNamesIf.class, gnDer);\r
\r
- DistributionPointNameIf dpn = HorribleProxy.newProxy(DistributionPointNameIf.class, 0, gns);\r
- DistributionPointIf distp = HorribleProxy.newProxy(DistributionPointIf.class, dpn, null, null);\r
- DERSequenceIf distpDer = HorribleProxy.newProxy(DERSequenceIf.class, distp);\r
+ DistributionPointNameIf dpn = newProxy(DistributionPointNameIf.class, 0, gns);\r
+ DistributionPointIf distp = newProxy(DistributionPointIf.class, dpn, null, null);\r
+ DERSequenceIf distpDer = newProxy(DERSequenceIf.class, distp);\r
certificateGenerator.addExtension(X509Extensions.CRLDistributionPoints(), false, distpDer);\r
}\r
\r
if (null != ocspUri) {\r
- GeneralNameIf ocspName = HorribleProxy.newProxy(GeneralNameIf.class);\r
+ GeneralNameIf ocspName = newProxy(GeneralNameIf.class);\r
int uri = ocspName.uniformResourceIdentifier();\r
- ocspName = HorribleProxy.newProxy(GeneralNameIf.class, uri, ocspUri);\r
+ ocspName = newProxy(GeneralNameIf.class, uri, ocspUri);\r
\r
- X509ObjectIdentifiersIf X509ObjectIdentifiers = HorribleProxy.newProxy(X509ObjectIdentifiersIf.class);\r
+ X509ObjectIdentifiersIf X509ObjectIdentifiers = newProxy(X509ObjectIdentifiersIf.class);\r
AuthorityInformationAccessIf authorityInformationAccess =\r
- HorribleProxy.newProxy(AuthorityInformationAccessIf.class\r
+ newProxy(AuthorityInformationAccessIf.class\r
, X509ObjectIdentifiers.ocspAccessMethod(), ocspName);\r
\r
certificateGenerator.addExtension(\r
CRLException, IllegalStateException, NoSuchAlgorithmException,\r
SignatureException, InvocationTargetException, IllegalAccessException,\r
InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException {\r
- X509V2CRLGeneratorIf crlGenerator = HorribleProxy.newProxy(X509V2CRLGeneratorIf.class);\r
+ X509V2CRLGeneratorIf crlGenerator = newProxy(X509V2CRLGeneratorIf.class);\r
crlGenerator.setIssuerDN(issuer.getSubjectX500Principal());\r
Date now = new Date();\r
crlGenerator.setThisUpdate(now);\r
crlGenerator.setNextUpdate(new Date(now.getTime() + 100000));\r
crlGenerator.setSignatureAlgorithm("SHA1withRSA");\r
\r
- X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class);\r
- CRLNumberIf crlNumber = HorribleProxy.newProxy(CRLNumberIf.class, new BigInteger("1234"));\r
+ X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class);\r
+ CRLNumberIf crlNumber = newProxy(CRLNumberIf.class, new BigInteger("1234"));\r
\r
crlGenerator.addExtension(X509Extensions.CRLNumber(), false, crlNumber);\r
X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey);\r
public static OCSPRespIf createOcspResp(X509Certificate certificate,\r
boolean revoked, X509Certificate issuerCertificate,\r
X509Certificate ocspResponderCertificate,\r
- PrivateKey ocspResponderPrivateKey, String signatureAlgorithm)\r
+ PrivateKey ocspResponderPrivateKey, String signatureAlgorithm,\r
+ long nonceTimeinMillis)\r
throws Exception {\r
+ CertificateIDIf certId = newProxy(CertificateIDIf.class);\r
+ DigestCalculatorIf digestCalc =\r
+ newProxy(JcaDigestCalculatorProviderBuilderIf.class)\r
+ .setProvider("BC").build().get(certId.HASH_SHA1());\r
+ X509CertificateHolderIf issuerHolder = newProxy(X509CertificateHolderIf.class, issuerCertificate.getEncoded());\r
+ certId = newProxy(CertificateIDIf.class, digestCalc, issuerHolder, certificate.getSerialNumber());\r
+ \r
// request\r
- OCSPReqGeneratorIf ocspReqGenerator = HorribleProxy.newProxy(OCSPReqGeneratorIf.class);\r
- CertificateIDIf certId = HorribleProxy.newProxy(CertificateIDIf.class);\r
- String hashSha1 = certId.HASH_SHA1();\r
- certId = HorribleProxy.newProxy(CertificateIDIf.class, hashSha1,\r
- issuerCertificate, certificate.getSerialNumber());\r
- ocspReqGenerator.addRequest(certId);\r
- OCSPReqIf ocspReq = ocspReqGenerator.generate();\r
+ //create a nonce to avoid replay attack\r
+ BigInteger nonce = BigInteger.valueOf(nonceTimeinMillis);\r
+ OCSPObjectIdentifiersIf oidIf = newProxy(OCSPObjectIdentifiersIf.class);\r
+ DEROctetStringIf nonceDer = newProxy(DEROctetStringIf.class, nonce.toByteArray());\r
+ ExtensionIf ext = newProxy(ExtensionIf.class, oidIf.id_pkix_ocsp_nonce(), true, nonceDer);\r
+ ExtensionsIf exts = newProxy(ExtensionsIf.class, ext);\r
+ \r
+ OCSPReqBuilderIf ocspReqBuilder = newProxy(OCSPReqBuilderIf.class);\r
+ ocspReqBuilder.addRequest(certId);\r
+ ocspReqBuilder.setRequestExtensions(exts);\r
+ OCSPReqIf ocspReq = ocspReqBuilder.build();\r
\r
- BasicOCSPRespGeneratorIf basicOCSPRespGenerator = \r
- HorribleProxy.newProxy(BasicOCSPRespGeneratorIf.class, ocspResponderCertificate.getPublicKey());\r
+ \r
+ SubjectPublicKeyInfoIf keyInfo = newProxy(SubjectPublicKeyInfoIf.class\r
+ , certId.HASH_SHA1(), ocspResponderCertificate.getPublicKey().getEncoded());\r
+ \r
+ BasicOCSPRespBuilderIf basicOCSPRespBuilder = \r
+ newProxy(BasicOCSPRespBuilderIf.class, keyInfo, digestCalc);\r
+ basicOCSPRespBuilder.setResponseExtensions(exts);\r
\r
// request processing\r
ReqIf[] requestList = ocspReq.getRequestList();\r
CertificateIDIf certificateID = ocspRequest.getCertID();\r
CertificateStatusIf certificateStatus;\r
if (revoked) {\r
- CRLReasonIf crlr = HorribleProxy.newProxy(CRLReasonIf.class);\r
- RevokedStatusIf rs = HorribleProxy.newProxy(RevokedStatusIf.class, new Date(), crlr.unspecified());\r
- certificateStatus = HorribleProxy.newProxy(CertificateStatusIf.class, rs.getDelegate());\r
+ CRLReasonIf crlr = newProxy(CRLReasonIf.class);\r
+ RevokedStatusIf rs = newProxy(RevokedStatusIf.class, new Date(), crlr.privilegeWithdrawn());\r
+ certificateStatus = newProxy(CertificateStatusIf.class, rs.getDelegate());\r
} else {\r
- CertificateStatusIf cs = HorribleProxy.newProxy(CertificateStatusIf.class);\r
+ CertificateStatusIf cs = newProxy(CertificateStatusIf.class);\r
certificateStatus = cs.GOOD();\r
}\r
- basicOCSPRespGenerator\r
- .addResponse(certificateID, certificateStatus);\r
+ basicOCSPRespBuilder.addResponse(certificateID, certificateStatus);\r
}\r
\r
// basic response generation\r
- X509Certificate[] chain = null;\r
+ X509CertificateHolderIf[] chain = null;\r
if (!ocspResponderCertificate.equals(issuerCertificate)) {\r
- chain = new X509Certificate[] { ocspResponderCertificate,\r
- issuerCertificate };\r
+ // TODO: HorribleProxy can't convert array input params yet\r
+ chain = new X509CertificateHolderIf[] {\r
+ newProxy(X509CertificateHolderIf.class, ocspResponderCertificate),\r
+ issuerHolder\r
+ };\r
}\r
+ \r
+ ContentSignerIf contentSigner = newProxy(JcaContentSignerBuilderIf.class, "SHA1withRSA")\r
+ .setProvider("BC").build(ocspResponderPrivateKey);\r
+ BasicOCSPRespIf basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain, new Date(nonceTimeinMillis));\r
\r
- BasicOCSPRespIf basicOCSPResp = basicOCSPRespGenerator.generate(\r
- signatureAlgorithm, ocspResponderPrivateKey, chain, new Date(),\r
- "BC");\r
-\r
- // response generation\r
- OCSPRespGeneratorIf ocspRespGenerator = HorribleProxy.newProxy(OCSPRespGeneratorIf.class);\r
- OCSPRespIf ocspResp = ocspRespGenerator.generate(\r
- ocspRespGenerator.SUCCESSFUL(), basicOCSPResp);\r
+ \r
+ OCSPRespBuilderIf ocspRespBuilder = newProxy(OCSPRespBuilderIf.class);\r
+ OCSPRespIf ocspResp = ocspRespBuilder.build(ocspRespBuilder.SUCCESSFUL(), basicOCSPResp);\r
\r
return ocspResp;\r
}\r