Module jpms_dss_spi
Package eu.europa.esig.dss.spi

Class DSSRevocationUtils

java.lang.Object
eu.europa.esig.dss.spi.DSSRevocationUtils
public final class DSSRevocationUtils extends Object
Utility class used to manipulate revocation data (OCSP, CRL)

  • Method Summary

    Modifier and Type
    Method
    Description
    static boolean
    checkIssuerValidAtRevocationProductionTime(RevocationToken<?> revocationToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken)
    Checks if the revocation has been produced during the issuer certificate validity range
    static org.bouncycastle.cert.ocsp.OCSPResp
    fromBasicToResp(byte[] basicOCSPRespBinary)
    Convert a BasicOCSPResp in OCSPResp (connection status is set to SUCCESSFUL).
    static org.bouncycastle.cert.ocsp.OCSPResp
    fromBasicToResp(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)
    Convert a BasicOCSPResp in OCSPResp (connection status is set to SUCCESSFUL).
    static org.bouncycastle.cert.ocsp.BasicOCSPResp
    fromRespToBasic(org.bouncycastle.cert.ocsp.OCSPResp ocspResp)
    This method returns the BasicOCSPResp from a OCSPResp.
    static org.bouncycastle.cert.ocsp.BasicOCSPResp
    getBasicOcspResp(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)
    This method allows to create a BasicOCSPResp from a ASN1Sequence.
    static String
    getCRLRevocationTokenKey(String crlUrl)
    Gets CRL key (SHA-1 digest) of the url
    static List<String>
    getCRLRevocationTokenKeys(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Initialize a list revocation token keys String for CRLToken from the given CertificateToken
    static eu.europa.esig.dss.model.Digest
    getDigest(org.bouncycastle.asn1.esf.OtherHash otherHash)
    Converts OtherHash to Digest
    static org.bouncycastle.operator.DigestCalculator
    getDigestCalculator(eu.europa.esig.dss.enumerations.DigestAlgorithm digestAlgorithm)
    Gets a DigestCalculator for the digestAlgorithm
    static ResponderId
    getDSSResponderId(org.bouncycastle.asn1.ocsp.ResponderID responderID)
    Transforms ResponderID to ResponderId
    static ResponderId
    getDSSResponderId(org.bouncycastle.cert.ocsp.RespID respID)
    Transforms RespID to ResponderId
    static byte[]
    getEncoded(org.bouncycastle.cert.ocsp.OCSPResp ocspResp)
    Returns the encoded binaries of the OCSP response
    static byte[]
    getEncodedFromBasicResp(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)
    Gets ASN1 encoded binaries of the basicOCSPResp
    static org.bouncycastle.cert.ocsp.SingleResp
    getLatestSingleResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, eu.europa.esig.dss.model.x509.CertificateToken certificate, eu.europa.esig.dss.model.x509.CertificateToken issuer)
    Gets the latest single response from the OCSP response
    static org.bouncycastle.cert.ocsp.CertificateID
    getOCSPCertificateID(eu.europa.esig.dss.model.x509.CertificateToken cert, eu.europa.esig.dss.model.x509.CertificateToken issuerCert, eu.europa.esig.dss.enumerations.DigestAlgorithm digestAlgorithm)
    Returns the CertificateID for the given certificate and its issuer's certificate.
    static org.bouncycastle.cert.ocsp.OCSPResp
    getOcspResp(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)
    This method allows to create a OCSPResp from a ASN1Sequence.
    static String
    getOcspRevocationKey(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, String ocspUrl)
    Gets OCSP key (SHA-1 digest) of the url
    static List<String>
    getOcspRevocationTokenKeys(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Initialize a list revocation token keys String for OCSPToken from the given CertificateToken
    static List<org.bouncycastle.cert.ocsp.SingleResp>
    getSingleResponses(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, eu.europa.esig.dss.model.x509.CertificateToken certificate, eu.europa.esig.dss.model.x509.CertificateToken issuer)
    Gets a list of single response from the OCSP response
    static eu.europa.esig.dss.enumerations.DigestAlgorithm
    getUsedDigestAlgorithm(org.bouncycastle.cert.ocsp.SingleResp singleResp)
    Returns a DigestAlgorithm used in the given singleResp
    static org.bouncycastle.cert.ocsp.BasicOCSPResp
    loadOCSPBase64Encoded(String base64Encoded)
    This method loads an OCSP response from the given base 64 encoded string.
    static org.bouncycastle.cert.ocsp.BasicOCSPResp
    loadOCSPFromBinaries(byte[] binaries)
    This method loads an OCSP response from the given binaries.
    static boolean
    matches(org.bouncycastle.cert.ocsp.CertificateID certId, org.bouncycastle.cert.ocsp.SingleResp singleResp)
    fix for certId.equals methods that doesn't work very well.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • getBasicOcspResp

      public static org.bouncycastle.cert.ocsp.BasicOCSPResp getBasicOcspResp(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)
      This method allows to create a BasicOCSPResp from a ASN1Sequence. The value for response SHALL be the DER encoding of BasicOCSPResponse (RFC 2560).
      Parameters:
      asn1Sequence - ASN1Sequence to convert to BasicOCSPResp
      Returns:
      BasicOCSPResp

    • getOcspResp

      public static org.bouncycastle.cert.ocsp.OCSPResp getOcspResp(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)
      This method allows to create a OCSPResp from a ASN1Sequence.
      Parameters:
      asn1Sequence - ASN1Sequence to convert to OCSPResp
      Returns:
      OCSPResp

    • fromRespToBasic

      public static org.bouncycastle.cert.ocsp.BasicOCSPResp fromRespToBasic(org.bouncycastle.cert.ocsp.OCSPResp ocspResp)
      This method returns the BasicOCSPResp from a OCSPResp.
      Parameters:
      ocspResp - OCSPResp to analysed
      Returns:
      BasicOCSPResp

    • fromBasicToResp

      public static org.bouncycastle.cert.ocsp.OCSPResp fromBasicToResp(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)
      Convert a BasicOCSPResp in OCSPResp (connection status is set to SUCCESSFUL).
      Parameters:
      basicOCSPResp - the BasicOCSPResp to be converted to OCSPResp
      Returns:
      the result of the conversion

    • getEncodedFromBasicResp

      public static byte[] getEncodedFromBasicResp(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)
      Gets ASN1 encoded binaries of the basicOCSPResp
      Parameters:
      basicOCSPResp - BasicOCSPResp
      Returns:
      ASN1 encoded binaries

    • fromBasicToResp

      public static org.bouncycastle.cert.ocsp.OCSPResp fromBasicToResp(byte[] basicOCSPRespBinary)
      Convert a BasicOCSPResp in OCSPResp (connection status is set to SUCCESSFUL).
      Parameters:
      basicOCSPRespBinary - the binary of BasicOCSPResp
      Returns:
      an instance of OCSPResp

    • getUsedDigestAlgorithm

      public static eu.europa.esig.dss.enumerations.DigestAlgorithm getUsedDigestAlgorithm(org.bouncycastle.cert.ocsp.SingleResp singleResp)
      Returns a DigestAlgorithm used in the given singleResp
      Parameters:
      singleResp - SingleResp to extract the used SingleResp from
      Returns:
      SingleResp

    • matches

      public static boolean matches(org.bouncycastle.cert.ocsp.CertificateID certId, org.bouncycastle.cert.ocsp.SingleResp singleResp)
      fix for certId.equals methods that doesn't work very well.
      Parameters:
      certId - CertificateID
      singleResp - SingleResp
      Returns:
      true if the certificate matches this included in SingleResp

    • getOCSPCertificateID

      public static org.bouncycastle.cert.ocsp.CertificateID getOCSPCertificateID(eu.europa.esig.dss.model.x509.CertificateToken cert, eu.europa.esig.dss.model.x509.CertificateToken issuerCert, eu.europa.esig.dss.enumerations.DigestAlgorithm digestAlgorithm)
      Returns the CertificateID for the given certificate and its issuer's certificate.
      Parameters:
      cert - CertificateToken for which the id is created
      issuerCert - CertificateToken issuer certificate of the cert
      digestAlgorithm - DigestAlgorithm to be used for CertificateID hash calculation
      Returns:
      CertificateID

    • getDigestCalculator

      public static org.bouncycastle.operator.DigestCalculator getDigestCalculator(eu.europa.esig.dss.enumerations.DigestAlgorithm digestAlgorithm)
      Gets a DigestCalculator for the digestAlgorithm
      Parameters:
      digestAlgorithm - DigestAlgorithm
      Returns:
      DigestCalculator

    • loadOCSPBase64Encoded

      public static org.bouncycastle.cert.ocsp.BasicOCSPResp loadOCSPBase64Encoded(String base64Encoded) throws IOException
      This method loads an OCSP response from the given base 64 encoded string.
      Parameters:
      base64Encoded - base 64 encoded OCSP response
      Returns:
      the BasicOCSPResp object
      Throws:
      IOException - if IO error occurred

    • loadOCSPFromBinaries

      public static org.bouncycastle.cert.ocsp.BasicOCSPResp loadOCSPFromBinaries(byte[] binaries) throws IOException
      This method loads an OCSP response from the given binaries.
      Parameters:
      binaries - byte array of OCSP response
      Returns:
      the BasicOCSPResp object
      Throws:
      IOException - if IO error occurred

    • getEncoded

      public static byte[] getEncoded(org.bouncycastle.cert.ocsp.OCSPResp ocspResp)
      Returns the encoded binaries of the OCSP response
      Parameters:
      ocspResp - OCSPResp
      Returns:
      ASN1 encoded binaries of the OCSP response

    • getDSSResponderId

      public static ResponderId getDSSResponderId(org.bouncycastle.cert.ocsp.RespID respID)
      Transforms RespID to ResponderId
      Parameters:
      respID - RespID to get values from
      Returns:
      ResponderId

    • getDSSResponderId

      public static ResponderId getDSSResponderId(org.bouncycastle.asn1.ocsp.ResponderID responderID)
      Transforms ResponderID to ResponderId
      Parameters:
      responderID - ResponderID to get values from
      Returns:
      ResponderId

    • getCRLRevocationTokenKeys

      public static List<String> getCRLRevocationTokenKeys(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Initialize a list revocation token keys String for CRLToken from the given CertificateToken
      Parameters:
      certificateToken - CertificateToken
      Returns:
      list of String revocation keys

    • getCRLRevocationTokenKey

      public static String getCRLRevocationTokenKey(String crlUrl)
      Gets CRL key (SHA-1 digest) of the url
      Parameters:
      crlUrl - String
      Returns:
      String

    • getOcspRevocationTokenKeys

      public static List<String> getOcspRevocationTokenKeys(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Initialize a list revocation token keys String for OCSPToken from the given CertificateToken
      Parameters:
      certificateToken - CertificateToken
      Returns:
      list of String revocation keys

    • getOcspRevocationKey

      public static String getOcspRevocationKey(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, String ocspUrl)
      Gets OCSP key (SHA-1 digest) of the url
      Parameters:
      certificateToken - CertificateToken
      ocspUrl - String
      Returns:
      String

    • getLatestSingleResponse

      public static org.bouncycastle.cert.ocsp.SingleResp getLatestSingleResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, eu.europa.esig.dss.model.x509.CertificateToken certificate, eu.europa.esig.dss.model.x509.CertificateToken issuer)
      Gets the latest single response from the OCSP response
      Parameters:
      basicResponse - BasicOCSPResp
      certificate - CertificateToken to get single response for
      issuer - CertificateToken issuer of the certificate
      Returns:
      SingleResp

    • getSingleResponses

      public static List<org.bouncycastle.cert.ocsp.SingleResp> getSingleResponses(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, eu.europa.esig.dss.model.x509.CertificateToken certificate, eu.europa.esig.dss.model.x509.CertificateToken issuer)
      Gets a list of single response from the OCSP response
      Parameters:
      basicResponse - BasicOCSPResp
      certificate - CertificateToken to get single response for
      issuer - CertificateToken issuer of the certificate
      Returns:
      a list of SingleResponses

    • getDigest

      public static eu.europa.esig.dss.model.Digest getDigest(org.bouncycastle.asn1.esf.OtherHash otherHash)
      Converts OtherHash to Digest
      Parameters:
      otherHash - OtherHash
      Returns:
      Digest

    • checkIssuerValidAtRevocationProductionTime

      public static boolean checkIssuerValidAtRevocationProductionTime(RevocationToken<?> revocationToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken)
      Checks if the revocation has been produced during the issuer certificate validity range
      Parameters:
      revocationToken - RevocationToken to check
      issuerCertificateToken - CertificateToken used to issue the current revocation data
      Returns:
      TRUE if the revocation producedAt time is in the issuer certificate's validity range, false otherwise