private void verifyOCSPToken(OCSPToken token) { if (token == null) { throw CertificateValidationException.of("No token response is present"); } try { if (token.getStatus() != null) { if (!token.getStatus()) { LOGGER.debug("Certificate with DSS ID <{}> - status <{}>", token.getDSSIdAsString(), CRLReasonEnum.valueOf(token.getReason()) .name()); throw CertificateValidationException.of(CertificateValidationException.CertificateValidationStatus.REVOKED); } // Otherwise status is GOOD return; } if (StringUtils.isNotBlank(token.getReason())) { LOGGER.debug("Certificate with DSS ID <{}> - status <{}>", token.getDSSIdAsString(), CRLReasonEnum.valueOf(token.getReason()) .name()); throw CertificateValidationException.of(CertificateValidationException.CertificateValidationStatus.UNKNOWN); } } catch (CertificateValidationException e) { throw e; } catch (Exception e) { throw CertificateValidationException.of(e); } }
@Test public void testOCSP() { String ocspResponse = "MIIFmgoBAKCCBZMwggWPBgkrBgEFBQcwAQEEggWAMIIFfDCBk6IWBBRG9FLh93YFoTCS3jTUkgpprd/GtRgPMjAxODAyMTMwNjMyNDhaMFMwUTA8MAkGBSsOAwIaBQAEFMzG72J5OVL0/31Lq6L3ZXYqftwTBBQ0Fhvx02RnYkyjNLwNs1OkfKHxFwIDC0wwggAYDzIwMTgwMjEzMDYzMjQ4WqETMBEwDwYJKwYBBQUHMAEJBAIFADANBgkqhkiG9w0BAQsFAAOCAQEAduyhdmJ1pxB6Y9wavgysICD2UjkusDLDNnj2xlNuYHK+c5OVdQ3XKxyUgdIVqNxxudVAmwtuX+vKFk7xjE16A27agZU2KO4llwpAVKrbYsrWMBj3FS/WJzTBk0G+SXKuSgDt5UkwfcZiUxmoMQBntWJTmVon0Ji2VJMALd0HzzEaVp47qqYGYtJX6L5HjvZIC7r/G5C3lEddBgmfNbSPei3EuBVRlLn8LZNLMk+49P7jNMHmlYt3InfSKwEiU18R1WGgQ5yrkyYxyMfhhBrjYZpptT0zs8AuwdAZb7xA4P7rrHgc6IMhQWXmRaKUWoJdOInKt1N59Hyl+mjk36kFQ6CCA84wggPKMIIDxjCCAq6gAwIBAgICHR0wDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCTFUxFjAUBgNVBAoTDUx1eFRydXN0IHMuYS4xHTAbBgNVBAMTFEx1eFRydXN0IEdsb2JhbCBSb290MB4XDTE3MDYyNzEyMzMxNloXDTE4MDYyNzEyMzMxNlowXjELMAkGA1UEBhMCTFUxFjAUBgNVBAoTDUx1eFRydXN0IFMuQS4xEzARBgNVBAsTClBraSBlbnRpdHkxIjAgBgNVBAMTGUx1eFRydXN0IFMuQS4gT0NTUCBTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSFDnPz4sWi+w+xMVUWq74fDelftPUqXt+bofmeIgKKC9pZ4FNrT6FCd/N7kpRjRbtKkfBUMiv88jwUFcHMC75EESf0OPeqBlubRkeSwTj60FqB8bBK2aIauGQMFSSLF2emfVvBkpw/qjR9/0bxd1R4FQ7rcl4CyrRGd/jfca6vTAi+rqFI5bOaxKT0MUHVtegJtshmj8zHlOBpm+BG2udKcpx79KIHVVKEb2AyFYdZefXV65FkRLri7l7ew08UYHV90Dq1hI/uAc8IHauSKkGE0arCRwNcLrsfVUPoh41HK3pqs7bTFJ2qmZu2mobAdBqDJBnfTxN+oHZ4whVNh5RAgMBAAGjgacwgaQwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHwYDVR0jBBgwFoAUFxWFiQkvJIdvPx0b5PKWeYNIE84wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5sdXh0cnVzdC5sdS9MVEdSQ0EuY3JsMB0GA1UdDgQWBBRG9FLh93YFoTCS3jTUkgpprd/GtTANBgkqhkiG9w0BAQsFAAOCAQEANR/sq+gfaAtWqUXTbNFkisEan6abNbv9C8Pgt79rlDBkhAOOksyi/9tcfEZd5XqsMobIdaRZzAOlyN5SP5MgyZxSWmNArcqImofpg5RiIzbwewZzTIGaKh/xRrl8LkABKEhJ+tvTwrw0de2ad5nMUy2t2hCdO7Y5dMGzQRdJVnu10LcziEgZSW98C2SfdV3JxkW0rTsSi1vpRmSicpVxeEfbMvnlDKaMF17uM/eeTjqq7hsQOUbXPPbDOM8LcH0UmnkXkW6FVN4QDKjuKDlaL9bsRHJCuikebzwG+FOmKXhpHxMaUWLrRMvbeBIJvmd64LURIdhdjOt+Iho1lI4Oaw=="; ExternalResourcesOCSPSource ocspSource = new ExternalResourcesOCSPSource(new ByteArrayInputStream(Utils.fromBase64(ocspResponse))); CertificateToken userUniversign = DSSUtils.loadCertificateFromBase64EncodedString( "MIIGEzCCBPugAwIBAgIDC0wwMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkxVMRYwFAYDVQQKEw1MdXhUcnVzdCBTLkEuMSUwIwYDVQQDExxMdXhUcnVzdCBHbG9iYWwgUXVhbGlmaWVkIENBMB4XDTE0MDYwMzA2MDUxMVoXDTE3MDYwMzA2MDUxMVowggEWMQswCQYDVQQGEwJGUjELMAkGA1UEBxMCTFUxDjAMBgNVBAoTBUlMTkFTMRMwEQYDVQQLEwpMVTIyOTU5NDYzMSwwKgYDVQQDEyNKRUFOLVBISUxJUFBFIFBJRVJSRSBKVUxJRU4gSFVNQkVSVDEQMA4GA1UEBBMHSFVNQkVSVDEkMCIGA1UEKhMbSkVBTi1QSElMSVBQRSBQSUVSUkUgSlVMSUVOMR0wGwYDVQQFExQxMTEwNTg3NTA2MDAzMjIzMjM5MDEyMDAGCSqGSIb3DQEJARYjamVhbi1waGlsaXBwZS5odW1iZXJ0QGlsbmFzLmV0YXQubHUxHDAaBgNVBAwTE1Byb2Zlc3Npb25hbCBQZXJzb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkJS3Cl5PSHpwyJ2vdiaYFt20+OC+YAToHK9POubXp0o5vt2Cp7scmOaqUb4Qo6wRPgcBQIhvyDN5Loar/JXpfcq533jKbPnFDwRwT4cwfH3aG8bhkjBOWNjKi5PL5K1YRG18EcggoiXsrXTHHUdXtUBII9fPDxMHG2iPGVWMWRPwF0EWE/lmlrXo0V1PFoQiHmv8tRyXnFr45FzwRn1iTbrZP9SQrq76UTZi6HjfgJYQK+Tbu5GrMgLKYMtBE/7BqsgrMnqHtgLTgj00/bLSeoZ0fMEvpEAF0QioKOSd3wn+4WfHPfXzjHVZ0zm1jB+E4LhOyZNvcvleaLeL7sUzfAgMBAAGjggIwMIICLDAMBgNVHRMBAf8EAjAAMGEGCCsGAQUFBwEBBFUwUzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AubHV4dHJ1c3QubHUwLAYIKwYBBQUHMAKGIGh0dHA6Ly9jYS5sdXh0cnVzdC5sdS9MVEdRQ0EuY3J0MIIBHgYDVR0gBIIBFTCCAREwggEDBggrgSsBAQoDATCB9jCBxwYIKwYBBQUHAgIwgboagbdMdXhUcnVzdCBRdWFsaWZpZWQgQ2VydGlmaWNhdGUgb24gU1NDRCBDb21wbGlhbnQgd2l0aCBFVFNJIFRTIDEwMSA0NTYgUUNQKyBjZXJ0aWZpY2F0ZSBwb2xpY3kuIEtleSBHZW5lcmF0aW9uIGJ5IENTUC4gU29sZSBBdXRob3Jpc2VkIFVzYWdlOiBTdXBwb3J0IG9mIFF1YWxpZmllZCBFbGVjdHJvbmljIFNpZ25hdHVyZS4wKgYIKwYBBQUHAgEWHmh0dHBzOi8vcmVwb3NpdG9yeS5sdXh0cnVzdC5sdTAIBgYEAIswAQEwIgYIKwYBBQUHAQMEFjAUMAgGBgQAjkYBATAIBgYEAI5GAQQwCwYDVR0PBAQDAgZAMB8GA1UdIwQYMBaAFDQWG/HTZGdiTKM0vA2zU6R8ofEXMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwubHV4dHJ1c3QubHUvTFRHUUNBLmNybDARBgNVHQ4ECgQIT+0vf3rcAoMwDQYJKoZIhvcNAQELBQADggEBAC1FnczzNUtm3n8rhkvhCPI2kZl110v/g3bPYV2cb2ifqczKN9suYU/cTpSzd/HKO285Skkc/SxDxN1ayctLt04DAdXnSgUCmWLNAgYUp2igrVyp8ZO5DTU5QlQuYUBZfbyVczi9r8E91XvO8DVKXbmP+b0tkRMpCWDLFnquE3e26dsKFmxxL89V7OvAjKyC4faoKK1XCZ9uZKAl0pH/hMqagk09glewuPO4WcRPdOgVqvOzllLh2o13uJhJ70OUdc4bg0WgLtDZqVqQ7gFjR/kG9c1J20vhAwGA9gksE2apeS3fTRH6FCuWInHlxMx4m7fc7hMjzX7/MihVYL5cZGs="); CertificateToken caUniversign = DSSUtils.loadCertificateFromBase64EncodedString( "MIID5zCCAs+gAwIBAgICDJcwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCTFUxFjAUBgNVBAoTDUx1eFRydXN0IHMuYS4xHTAbBgNVBAMTFEx1eFRydXN0IEdsb2JhbCBSb290MB4XDTExMTEyMjA5MzQyNFoXDTE3MTEyMjA5MzQyNFowTDELMAkGA1UEBhMCTFUxFjAUBgNVBAoTDUx1eFRydXN0IFMuQS4xJTAjBgNVBAMTHEx1eFRydXN0IEdsb2JhbCBRdWFsaWZpZWQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo0Cl9yek22xZb2PNZN0gIgx26qgQChKJ3az/r+qhAv/d/jVBLZy5mQvKRQFrvnLZp5gY5RzrgIcMyZxCwCitQ+MyLPiUYZ4mg/lUrHfOfhWRjYaJY4Dz+M69icdzAsKuVrfsurJ/UEmaIkGvgjBzeCd0qd8BXYnnt6GAT9bAsJ7Vh8lDyTho4D1mbude6jmupBTRNqW1TqnuzeJcooI8JAWkWZ0X4gGXzG0iZlC4irIlB/aaQiJoo+8QVr511T+zAJSJv2CpPS68dpL7AZBTw7/fhsyF84HcBf4tCH7Qhl9zFrdaWGdqrZiebSM4SeTBAnuuKUdYuuZyjoAHFnjj3AgMBAAGjgdowgdcwDwYDVR0TBAgwBgEB/wIBADBDBgNVHSAEPDA6MDgGCCuBKwEBAQoDMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vcmVwb3NpdG9yeS5sdXh0cnVzdC5sdTALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUFxWFiQkvJIdvPx0b5PKWeYNIE84wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5sdXh0cnVzdC5sdS9MVEdSQ0EuY3JsMB0GA1UdDgQWBBQ0Fhvx02RnYkyjNLwNs1OkfKHxFzANBgkqhkiG9w0BAQsFAAOCAQEAGPCWTo1SQy6Kmpwin+GaWVW9h2JO3Qwr6qVwZAQHXPhZGQTD+ghIxN949SGyoMmkGTvJjOSaIs8qJ5lGtDWJuy056rN5FCc2P+0qYofpGdNgSkyRY3xtuKteEPcoi+eFBphY+dlilSPXm3j6Vp/6BRb70Zd35O1Zic95ZUNCxDDVkaDbuN9tjGIBKhnq/ExtpheEdZJPjppVXpsBrCUUpJ0A9oSSFOQewwKSMD/vJKF32M9A2TlRd62XdHeNJrahdU/tO55f9tz3ekl/aKoS2khJxMfBvdvlw2Yc2g02g5rYsBxrSphph6IjqIkALM95jbm9T2Xo2CSROTAtprdhKw=="); OCSPToken ocspToken = ocspSource.getRevocationToken(userUniversign, caUniversign); ocspToken.extractInfo(); assertNotNull(ocspToken); assertNull(ocspToken.getArchiveCutOff()); assertNotNull(ocspToken.getThisUpdate()); assertNotNull(ocspToken.getProductionDate()); assertNotNull(ocspToken.getBasicOCSPResp()); assertNotNull(ocspToken.getCertId()); assertNull(ocspToken.getExpiredCertsOnCRL()); assertNull(ocspToken.getCertHash()); assertNotNull(ocspToken.getReason()); }