Package com.itextpdf.signatures
Class OcspClientBouncyCastle
- java.lang.Object
-
- com.itextpdf.signatures.OcspClientBouncyCastle
-
- All Implemented Interfaces:
IOcspClient
,IOcspClientBouncyCastle
public class OcspClientBouncyCastle extends java.lang.Object implements IOcspClientBouncyCastle
OcspClient implementation using BouncyCastle.
-
-
Field Summary
Fields Modifier and Type Field Description private static IBouncyCastleFactory
BOUNCY_CASTLE_FACTORY
private static org.slf4j.Logger
LOGGER
The Logger instance.
-
Constructor Summary
Constructors Constructor Description OcspClientBouncyCastle()
Creates newOcspClientBouncyCastle
instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected java.io.InputStream
createRequestAndResponse(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
Create OCSP request and get the response for this request, represented asInputStream
.protected static IOCSPReq
generateOCSPRequest(java.security.cert.X509Certificate issuerCert, java.math.BigInteger serialNumber)
Generates an OCSP request using BouncyCastle.IBasicOCSPResp
getBasicOCSPResp(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
Gets OCSP response.protected static ICertificateStatus
getCertificateStatus(byte[] basicOcspRespBytes)
Retrieves certificate status from the OCSP response.byte[]
getEncoded(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
Fetch a DER-encoded BasicOCSPResponse from an OCSP responder.(package private) IOCSPResp
getOcspResponse(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
Gets an OCSP response object using BouncyCastle.
-
-
-
Field Detail
-
BOUNCY_CASTLE_FACTORY
private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY
-
LOGGER
private static final org.slf4j.Logger LOGGER
The Logger instance.
-
-
Constructor Detail
-
OcspClientBouncyCastle
public OcspClientBouncyCastle()
Creates newOcspClientBouncyCastle
instance.
-
-
Method Detail
-
getBasicOCSPResp
public IBasicOCSPResp getBasicOCSPResp(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
Gets OCSP response.If required,
IBasicOCSPResp
can be checked usingOCSPValidator
class.- Specified by:
getBasicOCSPResp
in interfaceIOcspClientBouncyCastle
- Parameters:
checkCert
- the certificate to checkrootCert
- parent certificateurl
- to get the verification- Returns:
IBasicOCSPResp
an OCSP response wrapper
-
getEncoded
public byte[] getEncoded(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
Fetch a DER-encoded BasicOCSPResponse from an OCSP responder. The method should not throw an exception.Note: do not pass in the full DER-encoded OCSPResponse object obtained from the responder, only the DER-encoded BasicOCSPResponse value contained in the response data.
- Specified by:
getEncoded
in interfaceIOcspClient
- Parameters:
checkCert
- Certificate to check.rootCert
- The parent certificate.url
- The URL of the OCSP responder endpoint. If null, implementations can attempt to obtain a URL from the AuthorityInformationAccess extension of the certificate, or from another implementation-specific source.- Returns:
- a byte array containing a DER-encoded BasicOCSPResponse structure or null if one could not be obtained
- See Also:
- RFC 6960 ยง 4.2.1
-
generateOCSPRequest
protected static IOCSPReq generateOCSPRequest(java.security.cert.X509Certificate issuerCert, java.math.BigInteger serialNumber) throws AbstractOCSPException, java.io.IOException, java.security.cert.CertificateEncodingException, AbstractOperatorCreationException
Generates an OCSP request using BouncyCastle.- Parameters:
issuerCert
- certificate of the issuesserialNumber
- serial number- Returns:
IOCSPReq
an OCSP request wrapper- Throws:
AbstractOCSPException
- is thrown if any errors occur while handling OCSP requests/responsesjava.io.IOException
- signals that an I/O exception has occurredjava.security.cert.CertificateEncodingException
- is thrown if any errors occur while handling OCSP requests/responsesAbstractOperatorCreationException
- is thrown if any errors occur while handling OCSP requests/responses
-
getCertificateStatus
protected static ICertificateStatus getCertificateStatus(byte[] basicOcspRespBytes)
Retrieves certificate status from the OCSP response.- Parameters:
basicOcspRespBytes
- encoded basic OCSP response- Returns:
- good, revoked or unknown certificate status retrieved from the OCSP response, or null if an error occurs.
-
getOcspResponse
IOCSPResp getOcspResponse(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url) throws java.security.GeneralSecurityException, AbstractOCSPException, java.io.IOException, AbstractOperatorCreationException
Gets an OCSP response object using BouncyCastle.- Parameters:
checkCert
- to certificate to checkrootCert
- the parent certificateurl
- to get the verification. If it's null it will be taken from the check cert or from other implementation specific source- Returns:
IOCSPResp
an OCSP response wrapper- Throws:
java.security.GeneralSecurityException
- if any execution errors occurAbstractOCSPException
- if any errors occur while handling OCSP requests/responsesjava.io.IOException
- if any I/O execution errors occurAbstractOperatorCreationException
- if any BC execution errors occur
-
createRequestAndResponse
protected java.io.InputStream createRequestAndResponse(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url) throws java.io.IOException, AbstractOperatorCreationException, AbstractOCSPException, java.security.cert.CertificateEncodingException
Create OCSP request and get the response for this request, represented asInputStream
.- Parameters:
checkCert
-X509Certificate
certificate to get OCSP response forrootCert
-X509Certificate
root certificate from which OCSP request will be builturl
-URL
link, which is expected to be used to get OCSP response from- Returns:
- OCSP response bytes, represented as
InputStream
- Throws:
java.io.IOException
- if an I/O error occursAbstractOperatorCreationException
- is thrown if any errors occur while handling OCSP requests/responsesAbstractOCSPException
- is thrown if any errors occur while handling OCSP requests/responsesjava.security.cert.CertificateEncodingException
- is thrown if any errors occur while handling OCSP requests/responses
-
-