Package eu.emi.security.authn.x509.helpers.ocsp

Class OCSPCachingClient

java.lang.Object
eu.emi.security.authn.x509.helpers.ocsp.OCSPCachingClient
public class OCSPCachingClient extends Object
OCSP client which adds a cache layer on top of OCSPClientImpl. There are two caches (all of them are configurable) consulted in the given order: unresponsive responders cache (per responder); OCSP responses cache (per responder and checked certificate tuple).

This class is thread safe.

Author:
K. Benedyczak

  • Constructor Details

    • OCSPCachingClient

      public OCSPCachingClient(long maxTtl, File diskPath, String prefix)
      Parameters:
      maxTtl - maximum time after each cached response expires. Negative for no cache at all, 0 for no limit (i.e. caching time will be only controlled by the OCSP response validity period). In ms.
      diskPath - if not null, cached responses will be stored on disk.
      prefix - used if disk cache is enabled, as a common prefix for all files created in the cache directory.

  • Method Details

    • queryForCertificate

      public OCSPResult queryForCertificate(URL responder, X509Certificate toCheckCert, X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout) throws IOException, org.bouncycastle.cert.ocsp.OCSPException
      Returns the checked certificate status.
      Parameters:
      responder - mandatory - URL of the responder. HTTP or HTTPs, however in https mode the
      toCheckCert - mandatory certificate to be checked
      issuerCert - mandatory certificate of the toCheckCert issuer
      requester - if not null, then it is assumed that request must be signed by the requester.
      addNonce - if true nonce will be added to the request and required in response
      timeout - timeout
      Returns:
      raw result of the query
      Throws:
      IOException - IO exception
      org.bouncycastle.cert.ocsp.OCSPException - OCSP exception

    • queryForCertificate

      public OCSPResult queryForCertificate(URL responder, X509Certificate toCheckCert, X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout, OCSPClientImpl client) throws IOException, org.bouncycastle.cert.ocsp.OCSPException
      Returns the checked certificate status, using a custom client.
      Parameters:
      responder - mandatory - URL of the responder. HTTP or HTTPs, however in https mode the
      toCheckCert - mandatory certificate to be checked
      issuerCert - mandatory certificate of the toCheckCert issuer
      requester - if not null, then it is assumed that request must be signed by the requester.
      addNonce - if true nonce will be added to the request and required in response
      timeout - timeout
      client - client to be used for network calls
      Returns:
      raw result of the query
      Throws:
      IOException - IO exception
      org.bouncycastle.cert.ocsp.OCSPException - OCSP exception

    • clearMemoryCache

      public void clearMemoryCache()