eu.emi.security.authn.x509.helpers.ocsp
Class OCSPClientImpl
java.lang.Object
eu.emi.security.authn.x509.helpers.ocsp.OCSPClientImpl
public class OCSPClientImpl
- extends Object
OCSP client is responsible for the network related activity of the OCSP invocation pipeline.
This class is state less and thread safe.
It is implementing the RFC 2560 also taking care to support the lighweight profile recommendations
defined in the RFC 5019.
- Author:
- K. Benedyczak
Method Summary |
OCSPReq |
createRequest(X509Certificate toCheckCert,
X509Certificate issuerCert,
X509Credential requester,
boolean addNonce)
|
static byte[] |
extractNonce(OCSPReq request)
|
static Date |
getNextUpdateFromCacheHeader(String cc)
|
OCSPResult |
queryForCertificate(URL responder,
X509Certificate toCheckCert,
X509Certificate issuerCert,
X509Credential requester,
boolean addNonce,
int timeout)
Returns a verified single response, related to the checked certificate. |
OCSPResponseStructure |
send(URL responder,
OCSPReq requestO,
int timeout)
|
SingleResp |
verifyResponse(OCSPResp response,
X509Certificate toCheckCert,
X509Certificate issuerCert,
byte[] checkNonce)
Verifies the provided response |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
OCSPClientImpl
public OCSPClientImpl()
queryForCertificate
public OCSPResult queryForCertificate(URL responder,
X509Certificate toCheckCert,
X509Certificate issuerCert,
X509Credential requester,
boolean addNonce,
int timeout)
throws IOException,
OCSPException
- Returns a verified single response, related to the checked certificate. This is single-shot version,
which can be used instead of manual invocation of low-level methods.
- Parameters:
responder
- mandatory - URL of the responder. HTTP or HTTPs, however in https mode thetoCheckCert
- mandatory certificate to be checkedissuerCert
- mandatory certificate of the toCheckCert issuerrequester
- if not null, then it is assumed that request must be signed by the requester.addNonce
- if true nonce will be added to the request and required in response
- Returns:
- Final OCSP checking result
- Throws:
OCSPException
IOException
createRequest
public OCSPReq createRequest(X509Certificate toCheckCert,
X509Certificate issuerCert,
X509Credential requester,
boolean addNonce)
throws OCSPException
- Throws:
OCSPException
send
public OCSPResponseStructure send(URL responder,
OCSPReq requestO,
int timeout)
throws IOException
- Throws:
IOException
getNextUpdateFromCacheHeader
public static Date getNextUpdateFromCacheHeader(String cc)
verifyResponse
public SingleResp verifyResponse(OCSPResp response,
X509Certificate toCheckCert,
X509Certificate issuerCert,
byte[] checkNonce)
throws OCSPException
- Verifies the provided response
- Parameters:
response
- toCheckCert
- issuerCert
- checkNonce
-
- Returns:
- verified response corresponding to the certificate being checked
- Throws:
OCSPException
extractNonce
public static byte[] extractNonce(OCSPReq request)
Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.