Package eu.emi.security.authn.x509.helpers.ocsp

Class OCSPCachingClient

  • public class OCSPCachingClient
extends java.lang.Object
    OCSP client which adds a cache layer on top of OCSPClientImpl. There are two caches (all of them are configurable) consulted in the given order: unresponsive responders cache (per responder); OCSP responses cache (per responder and checked certificate tuple).

    This class is thread safe.

    Author:
    K. Benedyczak

    • Constructor Summary

      Constructors 
      Constructor Description
      OCSPCachingClient​(long maxTtl, java.io.File diskPath, java.lang.String prefix)  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void clearMemoryCache()  
      OCSPResult queryForCertificate​(java.net.URL responder, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout)
      Returns the checked certificate status.
      OCSPResult queryForCertificate​(java.net.URL responder, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout, OCSPClientImpl client)
      Returns the checked certificate status, using a custom client.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • OCSPCachingClient

        public OCSPCachingClient​(long maxTtl,
                         java.io.File diskPath,
                         java.lang.String prefix)
        Parameters:
        maxTtl - maximum time after each cached response expires. Negative for no cache at all, 0 for no limit (i.e. caching time will be only controlled by the OCSP response validity period). In ms.
        diskPath - if not null, cached responses will be stored on disk.
        prefix - used if disk cache is enabled, as a common prefix for all files created in the cache directory.

    • Method Detail

      • queryForCertificate

        public OCSPResult queryForCertificate​(java.net.URL responder,
                                      java.security.cert.X509Certificate toCheckCert,
                                      java.security.cert.X509Certificate issuerCert,
                                      X509Credential requester,
                                      boolean addNonce,
                                      int timeout)
                               throws java.io.IOException,
                                      org.bouncycastle.cert.ocsp.OCSPException
        Returns the checked certificate status.
        Parameters:
        responder - mandatory - URL of the responder. HTTP or HTTPs, however in https mode the
        toCheckCert - mandatory certificate to be checked
        issuerCert - mandatory certificate of the toCheckCert issuer
        requester - if not null, then it is assumed that request must be signed by the requester.
        addNonce - if true nonce will be added to the request and required in response
        timeout - timeout
        Returns:
        raw result of the query
        Throws:
        java.io.IOException - IO exception
        org.bouncycastle.cert.ocsp.OCSPException - OCSP exception

      • queryForCertificate

        public OCSPResult queryForCertificate​(java.net.URL responder,
                                      java.security.cert.X509Certificate toCheckCert,
                                      java.security.cert.X509Certificate issuerCert,
                                      X509Credential requester,
                                      boolean addNonce,
                                      int timeout,
                                      OCSPClientImpl client)
                               throws java.io.IOException,
                                      org.bouncycastle.cert.ocsp.OCSPException
        Returns the checked certificate status, using a custom client.
        Parameters:
        responder - mandatory - URL of the responder. HTTP or HTTPs, however in https mode the
        toCheckCert - mandatory certificate to be checked
        issuerCert - mandatory certificate of the toCheckCert issuer
        requester - if not null, then it is assumed that request must be signed by the requester.
        addNonce - if true nonce will be added to the request and required in response
        timeout - timeout
        client - client to be used for network calls
        Returns:
        raw result of the query
        Throws:
        java.io.IOException - IO exception
        org.bouncycastle.cert.ocsp.OCSPException - OCSP exception

      • clearMemoryCache

        public void clearMemoryCache()