public class OCSPCachingClient
extends java.lang.Object
OCSPClientImpl
.
There are two caches (all of them are configurable) consulted in the given order:
unresponsive responders cache (per responder); OCSP responses cache (per responder and checked certificate tuple).
This class is thread safe.
Modifier and Type | Field and Description |
---|---|
private long |
maxTtl |
private OCSPRespondersCache |
respondersCache |
private OCSPResponsesCache |
responsesCache |
Constructor and Description |
---|
OCSPCachingClient(long maxTtl,
java.io.File diskPath,
java.lang.String prefix) |
Modifier and Type | Method and Description |
---|---|
void |
clearMemoryCache() |
OCSPResult |
queryForCertificate(java.net.URL responder,
java.security.cert.X509Certificate toCheckCert,
java.security.cert.X509Certificate issuerCert,
X509Credential requester,
boolean addNonce,
int timeout)
Returns the checked certificate status.
|
OCSPResult |
queryForCertificate(java.net.URL responder,
java.security.cert.X509Certificate toCheckCert,
java.security.cert.X509Certificate issuerCert,
X509Credential requester,
boolean addNonce,
int timeout,
OCSPClientImpl client)
Returns the checked certificate status, using a custom client.
|
private final long maxTtl
private OCSPRespondersCache respondersCache
private OCSPResponsesCache responsesCache
public OCSPCachingClient(long maxTtl, java.io.File diskPath, java.lang.String prefix)
maxTtl
- maximum time after each cached response expires. Negative for no cache at all, 0 for no limit
(i.e. caching time will be only controlled by the OCSP response validity period). In ms.diskPath
- if not null, cached responses will be stored on disk.prefix
- used if disk cache is enabled, as a common prefix for all files created in the cache directory.public OCSPResult queryForCertificate(java.net.URL responder, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout) throws java.io.IOException, org.bouncycastle.cert.ocsp.OCSPException
responder
- mandatory - URL of the responder. HTTP or HTTPs, however in https mode thetoCheckCert
- mandatory certificate to be checkedissuerCert
- mandatory certificate of the toCheckCert issuerrequester
- if not null, then it is assumed that request must be signed by the requester.addNonce
- if true nonce will be added to the request and required in responsetimeout
- timeoutjava.io.IOException
- IO exceptionorg.bouncycastle.cert.ocsp.OCSPException
- OCSP exceptionpublic OCSPResult queryForCertificate(java.net.URL responder, java.security.cert.X509Certificate toCheckCert, java.security.cert.X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout, OCSPClientImpl client) throws java.io.IOException, org.bouncycastle.cert.ocsp.OCSPException
responder
- mandatory - URL of the responder. HTTP or HTTPs, however in https mode thetoCheckCert
- mandatory certificate to be checkedissuerCert
- mandatory certificate of the toCheckCert issuerrequester
- if not null, then it is assumed that request must be signed by the requester.addNonce
- if true nonce will be added to the request and required in responsetimeout
- timeoutclient
- client to be used for network callsjava.io.IOException
- IO exceptionorg.bouncycastle.cert.ocsp.OCSPException
- OCSP exceptionpublic void clearMemoryCache()