With BouncyCastle 1.9 is:
Dependences
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.59</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.59</version>
</dependency>
Method for get url OCSP
private ASN1Primitive getExtensionValue(X509Certificate certificate, String oid) throws IOException {
byte[] bytes = certificate.getExtensionValue(oid);
if (bytes == null) {
return null;
}
ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets()));
return aIn.readObject();
}
public String getOcspUrl() throws Exception {
ASN1Primitive obj;
try {
obj = getExtensionValue(getFirstCertificate(), Extension.authorityInfoAccess.getId());
} catch (IOException ex) {
ex.printStackTrace();
return null;
}
if (obj == null) {
return null;
}
AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);
AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
for (AccessDescription accessDescription : accessDescriptions) {
boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
if (!correctAccessMethod) {
continue;
}
GeneralName name = accessDescription.getAccessLocation();
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
return null;
}
Function to verif revocation
public CertificateStatus verifRevocationWithOCSP(X509Certificate certificate,X509Certificate issuerCertificate) throws Exception{
OcspClientBouncyCastle ocspClient = new OcspClientBouncyCastle();
String urlOCSP = getOcspUrl();
BasicOCSPResp basicOCSPResp = ocspClient.getBasicOCSPResp(certificate, issuerCertificate, urlOCSP);
if (basicOCSPResp == null)
throw new IOException("Error en la consulta ar servidor OCSP ["+urlOCSP+"]");
BasicOCSPResp basicResponse = basicOCSPResp;
SingleResp[] responses = basicResponse.getResponses();
if (responses.length == 1) {
SingleResp resp = responses[0];
Object status = resp.getCertStatus();
System.out.println("OBJECT: "+status);
if (status == CertificateStatus.GOOD) {
return CertificateStatus.GOOD;
} else if (status instanceof RevokedStatus) {
RevokedStatus revokedStatus = (RevokedStatus)status;
return revokedStatus;
} else if(status instanceof UnknownStatus){
UnknownStatus unknownStatus = (UnknownStatus)status;
return unknownStatus;
}
throw new IOException("Tipo de respuesta de OCSP ["+status+"] desconocido");
}
else
throw new IOException("No se recibio ni una respuesta al consultar el OCSP para la URL ["+urlOCSP+"]");
}