Class OCSPClientImpl
- java.lang.Object
-
- eu.emi.security.authn.x509.helpers.ocsp.OCSPClientImpl
-
public class OCSPClientImpl extends java.lang.Object
OCSP client is responsible for the network related activity of the OCSP invocation pipeline. This class is state less and thread safe.It is implementing the RFC 2560 also taking care to support the lightweight profile recommendations defined in the RFC 5019.
- Author:
- K. Benedyczak
-
-
Constructor Summary
Constructors Constructor Description OCSPClientImpl()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description org.bouncycastle.cert.ocsp.OCSPReq
createRequest(java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce)
static byte[]
extractNonce(org.bouncycastle.cert.ocsp.OCSPReq request)
static java.util.Date
getNextUpdateFromCacheHeader(java.lang.String cc)
OCSPResult
queryForCertificate(java.net.URL responder, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout)
Returns a verified single response, related to the checked certificate.OCSPResponseStructure
send(java.net.URL responder, org.bouncycastle.cert.ocsp.OCSPReq requestO, int timeout)
org.bouncycastle.cert.ocsp.SingleResp
verifyResponse(org.bouncycastle.cert.ocsp.OCSPResp response, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, byte[] checkNonce)
Verifies the provided response
-
-
-
Method Detail
-
queryForCertificate
public OCSPResult queryForCertificate(java.net.URL responder, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout) throws java.io.IOException, org.bouncycastle.cert.ocsp.OCSPException
Returns a verified single response, related to the checked certificate. This is single-shot version, which can be used instead of manual invocation of low-level methods.- Parameters:
responder
- mandatory - URL of the responder. HTTP or HTTPs, however in https mode thetoCheckCert
- mandatory certificate to be checkedissuerCert
- mandatory certificate of the toCheckCert issuerrequester
- if not null, then it is assumed that request must be signed by the requester.addNonce
- if true nonce will be added to the request and required in responsetimeout
- timeout- Returns:
- Final OCSP checking result
- Throws:
java.io.IOException
- IO exceptionorg.bouncycastle.cert.ocsp.OCSPException
- OCSP exception
-
createRequest
public org.bouncycastle.cert.ocsp.OCSPReq createRequest(java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce) throws org.bouncycastle.cert.ocsp.OCSPException
- Throws:
org.bouncycastle.cert.ocsp.OCSPException
-
send
public OCSPResponseStructure send(java.net.URL responder, org.bouncycastle.cert.ocsp.OCSPReq requestO, int timeout) throws java.io.IOException
- Throws:
java.io.IOException
-
getNextUpdateFromCacheHeader
public static java.util.Date getNextUpdateFromCacheHeader(java.lang.String cc)
-
verifyResponse
public org.bouncycastle.cert.ocsp.SingleResp verifyResponse(org.bouncycastle.cert.ocsp.OCSPResp response, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, byte[] checkNonce) throws org.bouncycastle.cert.ocsp.OCSPException
Verifies the provided response- Parameters:
response
- OCSP responsetoCheckCert
- mandatory certificate to be checkedissuerCert
- mandatory certificate of the toCheckCert issuercheckNonce
- expected OCSP nonce- Returns:
- verified response corresponding to the certificate being checked
- Throws:
org.bouncycastle.cert.ocsp.OCSPException
- OCSP exception
-
extractNonce
public static byte[] extractNonce(org.bouncycastle.cert.ocsp.OCSPReq request) throws java.io.IOException
- Throws:
java.io.IOException
-
-