Package eu.europa.esig.dss.spi

Class DSSRevocationUtils

java.lang.Object
eu.europa.esig.dss.spi.DSSRevocationUtils
public final class DSSRevocationUtils extends Object
Utility class used to manipulate revocation data (OCSP, CRL)

  • Method Details

    • getBasicOcspResp

      public static org.bouncycastle.cert.ocsp.BasicOCSPResp getBasicOcspResp(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)
      This method allows to create a BasicOCSPResp from a ASN1Sequence. The value for response SHALL be the DER encoding of BasicOCSPResponse (RFC 2560).
      Parameters:
      asn1Sequence - ASN1Sequence to convert to BasicOCSPResp
      Returns:
      BasicOCSPResp

    • getOcspResp

      public static org.bouncycastle.cert.ocsp.OCSPResp getOcspResp(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)
      This method allows to create a OCSPResp from a ASN1Sequence.
      Parameters:
      asn1Sequence - ASN1Sequence to convert to OCSPResp
      Returns:
      OCSPResp

    • fromRespToBasic

      public static org.bouncycastle.cert.ocsp.BasicOCSPResp fromRespToBasic(org.bouncycastle.cert.ocsp.OCSPResp ocspResp)
      This method returns the BasicOCSPResp from a OCSPResp.
      Parameters:
      ocspResp - OCSPResp to analysed
      Returns:
      BasicOCSPResp

    • fromBasicToResp

      public static org.bouncycastle.cert.ocsp.OCSPResp fromBasicToResp(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)
      Convert a BasicOCSPResp in OCSPResp (connection status is set to SUCCESSFUL).
      Parameters:
      basicOCSPResp - the BasicOCSPResp to be converted to OCSPResp
      Returns:
      the result of the conversion

    • getEncodedFromBasicResp

      public static byte[] getEncodedFromBasicResp(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)
      Gets ASN1 encoded binaries of the basicOCSPResp
      Parameters:
      basicOCSPResp - BasicOCSPResp
      Returns:
      ASN1 encoded binaries

    • fromBasicToResp

      public static org.bouncycastle.cert.ocsp.OCSPResp fromBasicToResp(byte[] basicOCSPRespBinary)
      Convert a BasicOCSPResp in OCSPResp (connection status is set to SUCCESSFUL).
      Parameters:
      basicOCSPRespBinary - the binary of BasicOCSPResp
      Returns:
      an instance of OCSPResp

    • getUsedDigestAlgorithm

      public static DigestAlgorithm getUsedDigestAlgorithm(org.bouncycastle.cert.ocsp.SingleResp singleResp)
      Returns a DigestAlgorithm used in the given singleResp
      Parameters:
      singleResp - SingleResp to extract the used SingleResp from
      Returns:
      SingleResp

    • matches

      public static boolean matches(org.bouncycastle.cert.ocsp.CertificateID certId, org.bouncycastle.cert.ocsp.SingleResp singleResp)
      fix for certId.equals methods that doesn't work very well.
      Parameters:
      certId - CertificateID
      singleResp - SingleResp
      Returns:
      true if the certificate matches this included in SingleResp

    • getOCSPCertificateID

      public static org.bouncycastle.cert.ocsp.CertificateID getOCSPCertificateID(CertificateToken cert, CertificateToken issuerCert, DigestAlgorithm digestAlgorithm)
      Returns the CertificateID for the given certificate and its issuer's certificate.
      Parameters:
      cert - CertificateToken for which the id is created
      issuerCert - CertificateToken issuer certificate of the cert
      digestAlgorithm - DigestAlgorithm to be used for CertificateID hash calculation
      Returns:
      CertificateID

    • getDigestCalculator

      public static org.bouncycastle.operator.DigestCalculator getDigestCalculator(DigestAlgorithm digestAlgorithm)
      Gets a DigestCalculator for the digestAlgorithm
      Parameters:
      digestAlgorithm - DigestAlgorithm
      Returns:
      DigestCalculator

    • loadOCSPBase64Encoded

      public static org.bouncycastle.cert.ocsp.BasicOCSPResp loadOCSPBase64Encoded(String base64Encoded) throws IOException
      This method loads an OCSP response from the given base 64 encoded string.
      Parameters:
      base64Encoded - base 64 encoded OCSP response
      Returns:
      the BasicOCSPResp object
      Throws:
      IOException - if IO error occurred

    • loadOCSPFromBinaries

      public static org.bouncycastle.cert.ocsp.BasicOCSPResp loadOCSPFromBinaries(byte[] binaries) throws IOException
      This method loads an OCSP response from the given binaries.
      Parameters:
      binaries - byte array of OCSP response
      Returns:
      the BasicOCSPResp object
      Throws:
      IOException - if IO error occurred

    • getEncoded

      public static byte[] getEncoded(org.bouncycastle.cert.ocsp.OCSPResp ocspResp)
      Returns the encoded binaries of the OCSP response
      Parameters:
      ocspResp - OCSPResp
      Returns:
      ASN1 encoded binaries of the OCSP response

    • getDSSResponderId

      public static ResponderId getDSSResponderId(org.bouncycastle.cert.ocsp.RespID respID)
      Transforms RespID to ResponderId
      Parameters:
      respID - RespID to get values from
      Returns:
      ResponderId

    • getDSSResponderId

      public static ResponderId getDSSResponderId(org.bouncycastle.asn1.ocsp.ResponderID responderID)
      Transforms ResponderID to ResponderId
      Parameters:
      responderID - ResponderID to get values from
      Returns:
      ResponderId

    • getCRLRevocationTokenKeys

      public static List<String> getCRLRevocationTokenKeys(CertificateToken certificateToken)
      Initialize a list revocation token keys String for CRLToken from the given CertificateToken
      Parameters:
      certificateToken - CertificateToken
      Returns:
      list of String revocation keys

    • getCRLRevocationTokenKey

      public static String getCRLRevocationTokenKey(String crlUrl)
      Gets CRL key (SHA-1 digest) of the url
      Parameters:
      crlUrl - String
      Returns:
      String

    • getOcspRevocationTokenKeys

      public static List<String> getOcspRevocationTokenKeys(CertificateToken certificateToken)
      Initialize a list revocation token keys String for OCSPToken from the given CertificateToken
      Parameters:
      certificateToken - CertificateToken
      Returns:
      list of String revocation keys

    • getOcspRevocationKey

      public static String getOcspRevocationKey(CertificateToken certificateToken, String ocspUrl)
      Gets OCSP key (SHA-1 digest) of the url
      Parameters:
      certificateToken - CertificateToken
      ocspUrl - String
      Returns:
      String

    • getLatestSingleResponse

      public static org.bouncycastle.cert.ocsp.SingleResp getLatestSingleResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, CertificateToken certificate, CertificateToken issuer)
      Gets the latest single response from the OCSP response
      Parameters:
      basicResponse - BasicOCSPResp
      certificate - CertificateToken to get single response for
      issuer - CertificateToken issuer of the certificate
      Returns:
      SingleResp

    • getSingleResponses

      public static List<org.bouncycastle.cert.ocsp.SingleResp> getSingleResponses(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, CertificateToken certificate, CertificateToken issuer)
      Gets a list of single response from the OCSP response
      Parameters:
      basicResponse - BasicOCSPResp
      certificate - CertificateToken to get single response for
      issuer - CertificateToken issuer of the certificate
      Returns:
      a list of SingleResponses

    • getDigest

      public static Digest getDigest(org.bouncycastle.asn1.esf.OtherHash otherHash)
      Converts OtherHash to Digest
      Parameters:
      otherHash - OtherHash
      Returns:
      Digest

    • checkIssuerValidAtRevocationProductionTime

      public static boolean checkIssuerValidAtRevocationProductionTime(RevocationToken<?> revocationToken, CertificateToken issuerCertificateToken)
      Checks if the revocation has been produced during the issuer certificate validity range
      Parameters:
      revocationToken - RevocationToken to check
      issuerCertificateToken - CertificateToken used to issue the current revocation data
      Returns:
      TRUE if the revocation producedAt time is in the issuer certificate's validity range, false otherwise