eu.emi.security.authn.x509.helpers.ocsp
Class OCSPClientImpl

java.lang.Object
  extended by eu.emi.security.authn.x509.helpers.ocsp.OCSPClientImpl

public class OCSPClientImpl
extends Object

OCSP client is responsible for the network related activity of the OCSP invocation pipeline. This class is state less and thread safe.

It is implementing the RFC 2560 also taking care to support the lighweight profile recommendations defined in the RFC 5019.

Author:
K. Benedyczak

Constructor Summary
OCSPClientImpl()
           
 
Method Summary
 OCSPReq createRequest(X509Certificate toCheckCert, X509Certificate issuerCert, X509Credential requester, boolean addNonce)
           
static byte[] extractNonce(OCSPReq request)
           
static Date getNextUpdateFromCacheHeader(String cc)
           
 OCSPResult queryForCertificate(URL responder, X509Certificate toCheckCert, X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout)
          Returns a verified single response, related to the checked certificate.
 OCSPResponseStructure send(URL responder, OCSPReq requestO, int timeout)
           
 SingleResp verifyResponse(OCSPResp response, X509Certificate toCheckCert, X509Certificate issuerCert, byte[] checkNonce)
          Verifies the provided response
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

OCSPClientImpl

public OCSPClientImpl()
Method Detail

queryForCertificate

public OCSPResult queryForCertificate(URL responder,
                                      X509Certificate toCheckCert,
                                      X509Certificate issuerCert,
                                      X509Credential requester,
                                      boolean addNonce,
                                      int timeout)
                               throws IOException,
                                      OCSPException
Returns a verified single response, related to the checked certificate. This is single-shot version, which can be used instead of manual invocation of low-level methods.

Parameters:
responder - mandatory - URL of the responder. HTTP or HTTPs, however in https mode the
toCheckCert - mandatory certificate to be checked
issuerCert - mandatory certificate of the toCheckCert issuer
requester - if not null, then it is assumed that request must be signed by the requester.
addNonce - if true nonce will be added to the request and required in response
Returns:
Final OCSP checking result
Throws:
OCSPException
IOException

createRequest

public OCSPReq createRequest(X509Certificate toCheckCert,
                             X509Certificate issuerCert,
                             X509Credential requester,
                             boolean addNonce)
                      throws OCSPException
Throws:
OCSPException

send

public OCSPResponseStructure send(URL responder,
                                  OCSPReq requestO,
                                  int timeout)
                           throws IOException
Throws:
IOException

getNextUpdateFromCacheHeader

public static Date getNextUpdateFromCacheHeader(String cc)

verifyResponse

public SingleResp verifyResponse(OCSPResp response,
                                 X509Certificate toCheckCert,
                                 X509Certificate issuerCert,
                                 byte[] checkNonce)
                          throws OCSPException
Verifies the provided response

Parameters:
response -
toCheckCert -
issuerCert -
checkNonce -
Returns:
verified response corresponding to the certificate being checked
Throws:
OCSPException

extractNonce

public static byte[] extractNonce(OCSPReq request)


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.