Package com.itextpdf.signatures
Class OcspClientBouncyCastle
java.lang.Object
com.itextpdf.signatures.OcspClientBouncyCastle
- All Implemented Interfaces:
IOcspClient
OcspClient implementation using BouncyCastle.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final IBouncyCastleFactory
private static final org.slf4j.Logger
The Logger instance.private final OCSPVerifier
-
Constructor Summary
ConstructorsConstructorDescriptionCreates newOcspClientBouncyCastle
instance.OcspClientBouncyCastle
(OCSPVerifier verifier) Deprecated.starting from 8.0.5. -
Method Summary
Modifier and TypeMethodDescriptionprotected InputStream
createRequestAndResponse
(X509Certificate checkCert, X509Certificate rootCert, String url) Create OCSP request and get the response for this request, represented asInputStream
.protected static IOCSPReq
generateOCSPRequest
(X509Certificate issuerCert, BigInteger serialNumber) Generates an OCSP request using BouncyCastle.getBasicOCSPResp
(X509Certificate checkCert, X509Certificate rootCert, String url) Gets OCSP response.protected static ICertificateStatus
getCertificateStatus
(byte[] basicOcspRespBytes) Retrieves certificate status from the OCSP response.byte[]
getEncoded
(X509Certificate checkCert, X509Certificate rootCert, String url) Fetch a DER-encoded BasicOCSPResponse from an OCSP responder.(package private) IOCSPResp
getOcspResponse
(X509Certificate checkCert, X509Certificate rootCert, String url) Gets an OCSP response object using BouncyCastle.
-
Field Details
-
BOUNCY_CASTLE_FACTORY
-
LOGGER
private static final org.slf4j.Logger LOGGERThe Logger instance. -
verifier
-
-
Constructor Details
-
OcspClientBouncyCastle
Deprecated.starting from 8.0.5.OcspClientBouncyCastle()
should be used instead. If required,IBasicOCSPResp
can be checked usingOCSPValidator
class.CreatesOcspClient
.- Parameters:
verifier
- will be used for response verification.
-
OcspClientBouncyCastle
public OcspClientBouncyCastle()Creates newOcspClientBouncyCastle
instance.
-
-
Method Details
-
getBasicOCSPResp
public IBasicOCSPResp getBasicOCSPResp(X509Certificate checkCert, X509Certificate rootCert, String url) Gets OCSP response. IfOCSPVerifier
was set, the response will be checked.- Parameters:
checkCert
- the certificate to checkrootCert
- parent certificateurl
- to get the verification- Returns:
IBasicOCSPResp
an OCSP response wrapper
-
getEncoded
Fetch a DER-encoded BasicOCSPResponse from an OCSP responder. The method should not throw an exception.Note: do not pass in the full DER-encoded OCSPResponse object obtained from the responder, only the DER-encoded BasicOCSPResponse value contained in the response data.
- Specified by:
getEncoded
in interfaceIOcspClient
- Parameters:
checkCert
- Certificate to check.rootCert
- The parent certificate.url
- The URL of the OCSP responder endpoint. If null, implementations can attempt to obtain a URL from the AuthorityInformationAccess extension of the certificate, or from another implementation-specific source.- Returns:
- a byte array containing a DER-encoded BasicOCSPResponse structure or null if one could not be obtained
- See Also:
-
generateOCSPRequest
protected static IOCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws AbstractOCSPException, IOException, CertificateEncodingException, AbstractOperatorCreationException Generates an OCSP request using BouncyCastle.- Parameters:
issuerCert
- certificate of the issuesserialNumber
- serial number- Returns:
IOCSPReq
an OCSP request wrapper- Throws:
AbstractOCSPException
- is thrown if any errors occur while handling OCSP requests/responsesIOException
- signals that an I/O exception has occurredCertificateEncodingException
- is thrown if any errors occur while handling OCSP requests/responsesAbstractOperatorCreationException
- is thrown if any errors occur while handling OCSP requests/responses
-
getCertificateStatus
Retrieves certificate status from the OCSP response.- Parameters:
basicOcspRespBytes
- encoded basic OCSP response- Returns:
- good, revoked or unknown certificate status retrieved from the OCSP response, or null if an error occurs.
-
getOcspResponse
IOCSPResp getOcspResponse(X509Certificate checkCert, X509Certificate rootCert, String url) throws GeneralSecurityException, AbstractOCSPException, IOException, AbstractOperatorCreationException Gets an OCSP response object using BouncyCastle.- Parameters:
checkCert
- to certificate to checkrootCert
- the parent certificateurl
- to get the verification. If it's null it will be taken from the check cert or from other implementation specific source- Returns:
IOCSPResp
an OCSP response wrapper- Throws:
GeneralSecurityException
- if any execution errors occurAbstractOCSPException
- if any errors occur while handling OCSP requests/responsesIOException
- if any I/O execution errors occurAbstractOperatorCreationException
- if any BC execution errors occur
-
createRequestAndResponse
protected InputStream createRequestAndResponse(X509Certificate checkCert, X509Certificate rootCert, String url) throws IOException, AbstractOperatorCreationException, AbstractOCSPException, CertificateEncodingException Create OCSP request and get the response for this request, represented asInputStream
.- Parameters:
checkCert
-X509Certificate
certificate to get OCSP response forrootCert
-X509Certificate
root certificate from which OCSP request will be builturl
-URL
link, which is expected to be used to get OCSP response from- Returns:
- OCSP response bytes, represented as
InputStream
- Throws:
IOException
- if an I/O error occursAbstractOperatorCreationException
- is thrown if any errors occur while handling OCSP requests/responsesAbstractOCSPException
- is thrown if any errors occur while handling OCSP requests/responsesCertificateEncodingException
- is thrown if any errors occur while handling OCSP requests/responses
-