ocsp

Signing with OCSP by using iText

六月ゝ 毕业季﹏ 提交于 2021-01-29 18:54:32
问题 I can sign a pdf document without problem. My app logic is; 1- create an empty field for signature in pdf 2- send the hash code of the field to the signature webservice 3- get signature object 4- embedded this object into the field. Here is my code Signature is Invalid for PDF File with iText Thank to @mlk, helped me regarding it. But I i realize that I have problem with Revocation. As can bee seen in the image, my signature does not contain OCSP. and in the trust section, 'Certify documents'

How to check OCSP client certificate revocation using Python Requests library?

≯℡__Kan透↙ 提交于 2021-01-04 10:37:12
问题 How do I make a simple request for certificate revocation status to an EJBCA OSCP Responder using the Python requests library? Example: # Determine if certificate has been revoked ocsp_url = req_cert.extensions[2].value[0].access_location.value ocsp_headers = {"whatGoes: here?"} ocsp_body = {"What goes here?"} ocsp_response = requests.get(ocsp_url, ocsp_headers, ocsp_body) if (ocsp_response == 'revoked'): return func.HttpResponse( "Certificate is not valid (Revoked)." ) 回答1: Basically it

Force Chrome to send all certificates in chain during TLS

痞子三分冷 提交于 2019-12-24 08:17:06
问题 I have written a TLS code which is doing mutual authentication at Java, so client is sending its certificate after server sends its certificate. I would like to validate all the certificates in certificate chain by OCSP which is coming from client side to server side. I have written my loop logic as assuming that last certificate is root(CA) certificate in the chain and not to send any OCSP query for it; int certificateChainSize= x509Certificates.length; // Verifies certificate chain

OCSP response does not give Certificate Status

孤街浪徒 提交于 2019-12-21 09:25:25
问题 I created an OCSP client using Bouncy castle API. I am having a trouble in finding the Certificate Status (Saying whether its revoked or not) from the OCSP response I get. The value returned from resp.getCertStatus() is always null. This is how I create the OCSP request. private OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws CertificateVerificationException { //Add provider BC Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider(

OCSP check in Java secure sockets

一世执手 提交于 2019-12-20 05:01:27
问题 If I set Security.setProperty("ocsp.enable", "true") , will an SSLSocket or SSLServerSocket connection automatically check for certificate revocation using OCSP? Do I have to do the OCSP check manually when creating the socket? (I'm not using CRLs.) 回答1: You can use this TrustManager implementation I whipped up for some testing which is based on the OCSP checking code on XueLei.Fan's blog. I have used this with Netty based on the their HttpSnoopClient hitting https://www.mozilla.org/en-US/

Getting certificate chain from TLS for using OCSP

你。 提交于 2019-12-13 04:14:47
问题 I would like to use OCSP checking for the certificate which is coming from the server during TLS handshake. I am using Bouncy Castle as provider for OCSP implementation and BC verification methods want X509Certificate as parameter generally. So; how can I follow and get incoming certificate chain at Java side and fetch it? Thanks for your help. 回答1: You can use HttpsURLConnection.getServerCertificates and cast the result to X509Certificate HttpsURLConnection connection = ... Certificate chain

How to create ocsp request using openssl in c++?

坚强是说给别人听的谎言 提交于 2019-12-11 14:54:11
问题 I am trying to send a ocsp request to an ocsp server using C++ , but I can't find anything to prepare the request. In the documentation I found the following functions long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp); long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len); How can I add the certificate and set the nonce for the request? 回答1: Want you are trying to do is generate C++ code for the openssl OCSP command: openssl ocsp -issuer issuer.pem -cert alice

iTextSharp OcspClientBouncyCastle constructor is deprecated, what's the replacement?

天大地大妈咪最大 提交于 2019-12-11 04:13:10
问题 I'm using iTextSharp 5.5.10. OcspClientBouncyCastle default's constructor is deprecated. IOcspClient ocspClient = new OcspClientBouncyCastle(); The other one is : OcspClientBouncyCastle(OcspVerifier verifier) But i cant't find any way to use it. Could anybody provide a sample with this new constructor, please ? Thank you very much. 回答1: If you want the former behavior, i.e. the OCSP response retrieved by the OcspClientBouncyCastle is trusted without further ado, you can simply use null as

Does X509TrustManagerImpl.checkServerTrusted() handle OCSP by itself if the appropriate properties are set?

我是研究僧i 提交于 2019-12-09 07:16:17
问题 public class CustomTrustManager implements X509TrustManager { private X509TrustManager trustManager; // If a connection was previously attempted and failed the certificate check, that certificate chain will be saved here. private Certificate[] rejectedCertificates = null; private Certificate[] encounteredCertificates = null; private KeyStore keyStore = null; private Logger logger; /** * Constructor * * @param loggerFactory * see {@link InstanceLoggerFactory} */ public CustomTrustManager

OCSP response does not give Certificate Status

北城以北 提交于 2019-12-04 03:29:45
I created an OCSP client using Bouncy castle API. I am having a trouble in finding the Certificate Status (Saying whether its revoked or not) from the OCSP response I get. The value returned from resp.getCertStatus() is always null. This is how I create the OCSP request. private OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws CertificateVerificationException { //Add provider BC Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); try { // CertID structure is used to uniquely identify certificates that are the subject of // an