Package eu.emi.security.authn.x509.helpers.ocsp

Class OCSPClientImpl

  • public class OCSPClientImpl
extends java.lang.Object
    OCSP client is responsible for the network related activity of the OCSP invocation pipeline. This class is state less and thread safe.

    It is implementing the RFC 2560 also taking care to support the lightweight profile recommendations defined in the RFC 5019.

    Author:
    K. Benedyczak

    • Constructor Summary

      Constructors 
      Constructor Description
      OCSPClientImpl()  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      org.bouncycastle.cert.ocsp.OCSPReq createRequest​(java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce)  
      static byte[] extractNonce​(org.bouncycastle.cert.ocsp.OCSPReq request)  
      static java.util.Date getNextUpdateFromCacheHeader​(java.lang.String cc)  
      OCSPResult queryForCertificate​(java.net.URL responder, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout)
      Returns a verified single response, related to the checked certificate.
      OCSPResponseStructure send​(java.net.URL responder, org.bouncycastle.cert.ocsp.OCSPReq requestO, int timeout)  
      org.bouncycastle.cert.ocsp.SingleResp verifyResponse​(org.bouncycastle.cert.ocsp.OCSPResp response, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, byte[] checkNonce)
      Verifies the provided response

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • OCSPClientImpl

        public OCSPClientImpl()

    • Method Detail

      • queryForCertificate

        public OCSPResult queryForCertificate​(java.net.URL responder,
                                      java.security.cert.X509Certificate toCheckCert,
                                      java.security.cert.X509Certificate issuerCert,
                                      X509Credential requester,
                                      boolean addNonce,
                                      int timeout)
                               throws java.io.IOException,
                                      org.bouncycastle.cert.ocsp.OCSPException
        Returns a verified single response, related to the checked certificate. This is single-shot version, which can be used instead of manual invocation of low-level methods.
        Parameters:
        responder - mandatory - URL of the responder. HTTP or HTTPs, however in https mode the
        toCheckCert - mandatory certificate to be checked
        issuerCert - mandatory certificate of the toCheckCert issuer
        requester - if not null, then it is assumed that request must be signed by the requester.
        addNonce - if true nonce will be added to the request and required in response
        timeout - timeout
        Returns:
        Final OCSP checking result
        Throws:
        java.io.IOException - IO exception
        org.bouncycastle.cert.ocsp.OCSPException - OCSP exception

      • createRequest

        public org.bouncycastle.cert.ocsp.OCSPReq createRequest​(java.security.cert.X509Certificate toCheckCert,
                                                        java.security.cert.X509Certificate issuerCert,
                                                        X509Credential requester,
                                                        boolean addNonce)
                                                 throws org.bouncycastle.cert.ocsp.OCSPException
        Throws:
        org.bouncycastle.cert.ocsp.OCSPException

      • send

        public OCSPResponseStructure send​(java.net.URL responder,
                                  org.bouncycastle.cert.ocsp.OCSPReq requestO,
                                  int timeout)
                           throws java.io.IOException
        Throws:
        java.io.IOException

      • getNextUpdateFromCacheHeader

        public static java.util.Date getNextUpdateFromCacheHeader​(java.lang.String cc)

      • verifyResponse

        public org.bouncycastle.cert.ocsp.SingleResp verifyResponse​(org.bouncycastle.cert.ocsp.OCSPResp response,
                                                            java.security.cert.X509Certificate toCheckCert,
                                                            java.security.cert.X509Certificate issuerCert,
                                                            byte[] checkNonce)
                                                     throws org.bouncycastle.cert.ocsp.OCSPException
        Verifies the provided response
        Parameters:
        response - OCSP response
        toCheckCert - mandatory certificate to be checked
        issuerCert - mandatory certificate of the toCheckCert issuer
        checkNonce - expected OCSP nonce
        Returns:
        verified response corresponding to the certificate being checked
        Throws:
        org.bouncycastle.cert.ocsp.OCSPException - OCSP exception

      • extractNonce

        public static byte[] extractNonce​(org.bouncycastle.cert.ocsp.OCSPReq request)
                           throws java.io.IOException
        Throws:
        java.io.IOException