1b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootpackage org.bouncycastle.cert.ocsp; 2b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 3b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport java.io.ByteArrayOutputStream; 4b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport java.io.IOException; 5b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport java.io.OutputStream; 6b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport java.util.List; 7b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport java.util.Set; 8b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 9b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.ASN1Encoding; 10b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.ASN1Exception; 11b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.ASN1InputStream; 12b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.ASN1ObjectIdentifier; 13b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.ASN1OutputStream; 14b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.ASN1Sequence; 15b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.ocsp.OCSPRequest; 16b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.ocsp.Request; 17b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.x509.Certificate; 18b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.x509.Extension; 19b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.x509.Extensions; 20b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.asn1.x509.GeneralName; 21b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.cert.CertIOException; 22b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.cert.X509CertificateHolder; 23b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.operator.ContentVerifier; 24b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootimport org.bouncycastle.operator.ContentVerifierProvider; 25b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 26b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root/** 27b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * <pre> 28b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * OCSPRequest ::= SEQUENCE { 29b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * tbsRequest TBSRequest, 30b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * optionalSignature [0] EXPLICIT Signature OPTIONAL } 31b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * 32b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * TBSRequest ::= SEQUENCE { 33b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * version [0] EXPLICIT Version DEFAULT v1, 34b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * requestorName [1] EXPLICIT GeneralName OPTIONAL, 35b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * requestList SEQUENCE OF Request, 36b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 37b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * 38b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * Signature ::= SEQUENCE { 39b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * signatureAlgorithm AlgorithmIdentifier, 40b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * signature BIT STRING, 41b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL} 42b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * 43b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * Version ::= INTEGER { v1(0) } 44b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * 45b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * Request ::= SEQUENCE { 46b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * reqCert CertID, 47b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 48b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * 49b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * CertID ::= SEQUENCE { 50b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * hashAlgorithm AlgorithmIdentifier, 51b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * issuerNameHash OCTET STRING, -- Hash of Issuer's DN 52b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * issuerKeyHash OCTET STRING, -- Hash of Issuers public key 53b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * serialNumber CertificateSerialNumber } 54b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * </pre> 55b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root */ 56b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Rootpublic class OCSPReq 57b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root{ 58b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root private static final X509CertificateHolder[] EMPTY_CERTS = new X509CertificateHolder[0]; 59b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 60b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root private OCSPRequest req; 61b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root private Extensions extensions; 62b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 63b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public OCSPReq( 64b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root OCSPRequest req) 65b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 66b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root this.req = req; 67b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root this.extensions = req.getTbsRequest().getRequestExtensions(); 68b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 69b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 70b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public OCSPReq( 71b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root byte[] req) 72b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root throws IOException 73b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 74b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root this(new ASN1InputStream(req)); 75b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 76b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 77b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root private OCSPReq( 78b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root ASN1InputStream aIn) 79b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root throws IOException 80b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 81b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root try 82b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 83b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root this.req = OCSPRequest.getInstance(aIn.readObject()); 84b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root if (req == null) 85b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 86b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root throw new CertIOException("malformed request: no request data found"); 87b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 88b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root this.extensions = req.getTbsRequest().getRequestExtensions(); 89b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 90b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root catch (IllegalArgumentException e) 91b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 92b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root throw new CertIOException("malformed request: " + e.getMessage(), e); 93b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 94b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root catch (ClassCastException e) 95b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 96b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root throw new CertIOException("malformed request: " + e.getMessage(), e); 97b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 98b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root catch (ASN1Exception e) 99b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 100b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root throw new CertIOException("malformed request: " + e.getMessage(), e); 101b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 102b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 103b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 104b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public int getVersionNumber() 105b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 106b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return req.getTbsRequest().getVersion().getValue().intValue() + 1; 107b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 108b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 109b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public GeneralName getRequestorName() 110b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 111b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return GeneralName.getInstance(req.getTbsRequest().getRequestorName()); 112b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 113b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 114b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public Req[] getRequestList() 115b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 116b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root ASN1Sequence seq = req.getTbsRequest().getRequestList(); 117b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root Req[] requests = new Req[seq.size()]; 118b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 119b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root for (int i = 0; i != requests.length; i++) 120b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 121b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root requests[i] = new Req(Request.getInstance(seq.getObjectAt(i))); 122b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 123b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 124b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return requests; 125b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 126b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 127b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public boolean hasExtensions() 128b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 129b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return extensions != null; 130b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 131b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 132b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public Extension getExtension(ASN1ObjectIdentifier oid) 133b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 134b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root if (extensions != null) 135b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 136b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return extensions.getExtension(oid); 137b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 138b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 139b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return null; 140b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 141b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 142b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public List getExtensionOIDs() 143b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 144b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return OCSPUtils.getExtensionOIDs(extensions); 145b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 146b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 147b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public Set getCriticalExtensionOIDs() 148b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 149b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return OCSPUtils.getCriticalExtensionOIDs(extensions); 150b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 151b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 152b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public Set getNonCriticalExtensionOIDs() 153b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 154b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return OCSPUtils.getNonCriticalExtensionOIDs(extensions); 155b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 156b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 157b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root /** 158b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * return the object identifier representing the signature algorithm 159b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root */ 160b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public ASN1ObjectIdentifier getSignatureAlgOID() 161b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 162b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root if (!this.isSigned()) 163b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 164b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return null; 165b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 166b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 167b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return req.getOptionalSignature().getSignatureAlgorithm().getAlgorithm(); 168b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 169b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 170b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public byte[] getSignature() 171b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 172b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root if (!this.isSigned()) 173b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 174b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return null; 175b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 176b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 177b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return req.getOptionalSignature().getSignature().getOctets(); 178b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 179b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 180b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public X509CertificateHolder[] getCerts() 181b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 182b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root // 183b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root // load the certificates if we have any 184b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root // 185b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root if (req.getOptionalSignature() != null) 186b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 187b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root ASN1Sequence s = req.getOptionalSignature().getCerts(); 188b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 189b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root if (s != null) 190b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 191b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root X509CertificateHolder[] certs = new X509CertificateHolder[s.size()]; 192b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 193b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root for (int i = 0; i != certs.length; i++) 194b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 195b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root certs[i] = new X509CertificateHolder(Certificate.getInstance(s.getObjectAt(i))); 196b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 197b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 198b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return certs; 199b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 200b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 201b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return EMPTY_CERTS; 202b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 203b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root else 204b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 205b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return EMPTY_CERTS; 206b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 207b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 208b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 209b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root /** 210b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * Return whether or not this request is signed. 211b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * 212b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * @return true if signed false otherwise. 213b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root */ 214b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public boolean isSigned() 215b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 216b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return req.getOptionalSignature() != null; 217b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 218b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 219b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root /** 220b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * verify the signature against the TBSRequest object we contain. 221b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root */ 222b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public boolean isSignatureValid( 223b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root ContentVerifierProvider verifierProvider) 224b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root throws OCSPException 225b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 226b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root if (!this.isSigned()) 227b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 228b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root throw new OCSPException("attempt to verify signature on unsigned object"); 229b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 230b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 231b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root try 232b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 233b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root ContentVerifier verifier = verifierProvider.get(req.getOptionalSignature().getSignatureAlgorithm()); 234b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root OutputStream sOut = verifier.getOutputStream(); 235b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 236b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root sOut.write(req.getTbsRequest().getEncoded(ASN1Encoding.DER)); 237b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 238b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return verifier.verify(this.getSignature()); 239b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 240b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root catch (Exception e) 241b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 242b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root throw new OCSPException("exception processing signature: " + e, e); 243b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 244b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 245b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 246b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root /** 247b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root * return the ASN.1 encoded representation of this object. 248b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root */ 249b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root public byte[] getEncoded() 250b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root throws IOException 251b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root { 252b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root ByteArrayOutputStream bOut = new ByteArrayOutputStream(); 253b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root ASN1OutputStream aOut = new ASN1OutputStream(bOut); 254b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 255b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root aOut.writeObject(req); 256b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root 257b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root return bOut.toByteArray(); 258b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root } 259b50b4a37e3d49e05b024c189c026bef7ea290ca8Kenny Root} 260