Package eu.emi.security.authn.x509.helpers.ocsp

Class OCSPClientImpl

java.lang.Object
eu.emi.security.authn.x509.helpers.ocsp.OCSPClientImpl
public class OCSPClientImpl extends Object
OCSP client is responsible for the network related activity of the OCSP invocation pipeline. This class is state less and thread safe.

It is implementing the RFC 2560 also taking care to support the lightweight profile recommendations defined in the RFC 5019.

Author:
K. Benedyczak

  • Constructor Details

    • OCSPClientImpl

      public OCSPClientImpl()

  • Method Details

    • queryForCertificate

      public OCSPResult queryForCertificate(URL responder, X509Certificate toCheckCert, X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout) throws IOException, org.bouncycastle.cert.ocsp.OCSPException
      Returns a verified single response, related to the checked certificate. This is single-shot version, which can be used instead of manual invocation of low-level methods.
      Parameters:
      responder - mandatory - URL of the responder. HTTP or HTTPs, however in https mode the
      toCheckCert - mandatory certificate to be checked
      issuerCert - mandatory certificate of the toCheckCert issuer
      requester - if not null, then it is assumed that request must be signed by the requester.
      addNonce - if true nonce will be added to the request and required in response
      timeout - timeout
      Returns:
      Final OCSP checking result
      Throws:
      IOException - IO exception
      org.bouncycastle.cert.ocsp.OCSPException - OCSP exception

    • createRequest

      public org.bouncycastle.cert.ocsp.OCSPReq createRequest(X509Certificate toCheckCert, X509Certificate issuerCert, X509Credential requester, boolean addNonce) throws org.bouncycastle.cert.ocsp.OCSPException
      Throws:
      org.bouncycastle.cert.ocsp.OCSPException

    • send

      public OCSPResponseStructure send(URL responder, org.bouncycastle.cert.ocsp.OCSPReq requestO, int timeout) throws IOException
      Throws:
      IOException

    • getNextUpdateFromCacheHeader

      public static Date getNextUpdateFromCacheHeader(String cc)

    • verifyResponse

      public org.bouncycastle.cert.ocsp.SingleResp verifyResponse(org.bouncycastle.cert.ocsp.OCSPResp response, X509Certificate toCheckCert, X509Certificate issuerCert, byte[] checkNonce) throws org.bouncycastle.cert.ocsp.OCSPException
      Verifies the provided response
      Parameters:
      response - OCSP response
      toCheckCert - mandatory certificate to be checked
      issuerCert - mandatory certificate of the toCheckCert issuer
      checkNonce - expected OCSP nonce
      Returns:
      verified response corresponding to the certificate being checked
      Throws:
      org.bouncycastle.cert.ocsp.OCSPException - OCSP exception

    • extractNonce

      public static byte[] extractNonce(org.bouncycastle.cert.ocsp.OCSPReq request) throws IOException
      Throws:
      IOException