public class OCSPClientImpl
extends java.lang.Object
It is implementing the RFC 2560 also taking care to support the lightweight profile recommendations defined in the RFC 5019.
Modifier and Type | Field and Description |
---|---|
private static java.nio.charset.Charset |
ASCII |
private static int |
MAX_RESPONSE_SIZE |
Constructor and Description |
---|
OCSPClientImpl() |
Modifier and Type | Method and Description |
---|---|
private boolean |
checkCertIDMatching(java.security.cert.X509Certificate toFind,
java.security.cert.X509Certificate issuerCert,
org.bouncycastle.cert.ocsp.CertificateID checkedCertId) |
private void |
configureHttpConnection(java.net.HttpURLConnection con,
int timeout) |
org.bouncycastle.cert.ocsp.OCSPReq |
createRequest(java.security.cert.X509Certificate toCheckCert,
java.security.cert.X509Certificate issuerCert,
X509Credential requester,
boolean addNonce) |
private java.net.HttpURLConnection |
doPost(java.net.URL responder,
byte[] request,
int timeout) |
private java.security.PublicKey |
establishResponsePubKey(org.bouncycastle.cert.ocsp.BasicOCSPResp bresp,
java.security.cert.X509Certificate issuerCert) |
static byte[] |
extractNonce(org.bouncycastle.cert.ocsp.OCSPReq request) |
private java.lang.String |
getHttpGetUrl(java.net.URL responder,
byte[] request) |
static java.util.Date |
getNextUpdateFromCacheHeader(java.lang.String cc) |
private static java.lang.String |
getResponderErrorDesc(int errorNo) |
OCSPResult |
queryForCertificate(java.net.URL responder,
java.security.cert.X509Certificate toCheckCert,
java.security.cert.X509Certificate issuerCert,
X509Credential requester,
boolean addNonce,
int timeout)
Returns a verified single response, related to the checked certificate.
|
OCSPResponseStructure |
send(java.net.URL responder,
org.bouncycastle.cert.ocsp.OCSPReq requestO,
int timeout) |
org.bouncycastle.cert.ocsp.SingleResp |
verifyResponse(org.bouncycastle.cert.ocsp.OCSPResp response,
java.security.cert.X509Certificate toCheckCert,
java.security.cert.X509Certificate issuerCert,
byte[] checkNonce)
Verifies the provided response
|
private void |
verifyTimeRange(java.util.Date thisUpdate,
java.util.Date nextUpdate) |
private static final java.nio.charset.Charset ASCII
private static final int MAX_RESPONSE_SIZE
public OCSPResult queryForCertificate(java.net.URL responder, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout) throws java.io.IOException, org.bouncycastle.cert.ocsp.OCSPException
responder
- mandatory - URL of the responder. HTTP or HTTPs, however in https mode thetoCheckCert
- mandatory certificate to be checkedissuerCert
- mandatory certificate of the toCheckCert issuerrequester
- if not null, then it is assumed that request must be signed by the requester.addNonce
- if true nonce will be added to the request and required in responsetimeout
- timeoutjava.io.IOException
- IO exceptionorg.bouncycastle.cert.ocsp.OCSPException
- OCSP exceptionpublic org.bouncycastle.cert.ocsp.OCSPReq createRequest(java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce) throws org.bouncycastle.cert.ocsp.OCSPException
org.bouncycastle.cert.ocsp.OCSPException
public OCSPResponseStructure send(java.net.URL responder, org.bouncycastle.cert.ocsp.OCSPReq requestO, int timeout) throws java.io.IOException
java.io.IOException
private void configureHttpConnection(java.net.HttpURLConnection con, int timeout)
private java.lang.String getHttpGetUrl(java.net.URL responder, byte[] request)
private java.net.HttpURLConnection doPost(java.net.URL responder, byte[] request, int timeout) throws java.io.IOException
java.io.IOException
public static java.util.Date getNextUpdateFromCacheHeader(java.lang.String cc)
private static java.lang.String getResponderErrorDesc(int errorNo)
public org.bouncycastle.cert.ocsp.SingleResp verifyResponse(org.bouncycastle.cert.ocsp.OCSPResp response, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, byte[] checkNonce) throws org.bouncycastle.cert.ocsp.OCSPException
response
- OCSP responsetoCheckCert
- mandatory certificate to be checkedissuerCert
- mandatory certificate of the toCheckCert issuercheckNonce
- expected OCSP nonceorg.bouncycastle.cert.ocsp.OCSPException
- OCSP exceptionprivate void verifyTimeRange(java.util.Date thisUpdate, java.util.Date nextUpdate) throws org.bouncycastle.cert.ocsp.OCSPException
org.bouncycastle.cert.ocsp.OCSPException
private boolean checkCertIDMatching(java.security.cert.X509Certificate toFind, java.security.cert.X509Certificate issuerCert, org.bouncycastle.cert.ocsp.CertificateID checkedCertId) throws org.bouncycastle.cert.ocsp.OCSPException
org.bouncycastle.cert.ocsp.OCSPException
private java.security.PublicKey establishResponsePubKey(org.bouncycastle.cert.ocsp.BasicOCSPResp bresp, java.security.cert.X509Certificate issuerCert) throws org.bouncycastle.cert.ocsp.OCSPException
org.bouncycastle.cert.ocsp.OCSPException
public static byte[] extractNonce(org.bouncycastle.cert.ocsp.OCSPReq request) throws java.io.IOException
java.io.IOException