Class OcspClient


  • final class OcspClient
    extends java.lang.Object
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      (package private) static class  OcspClient.Initializer  
    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private OcspClient()  
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      private static java.lang.String parseOcspUrlFromCertificate​(java.security.cert.X509Certificate cert)
      Parse OCSP endpoint URL from Certificate
      private static Promise<org.bouncycastle.cert.ocsp.OCSPResp> query​(EventLoop eventLoop, ByteBuf ocspRequest, java.lang.String host, int port, java.lang.String path, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
      Query the OCSP responder for certificate status using HTTP/1.1
      (package private) static Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> query​(java.security.cert.X509Certificate x509Certificate, java.security.cert.X509Certificate issuer, boolean validateResponseNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
      Query the certificate status using OCSP
      private static void validateNonce​(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString encodedNonce)
      Validate OCSP response nonce
      private static void validateResponse​(Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> responsePromise, org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString derNonce, java.security.cert.X509Certificate issuer, boolean validateNonce)  
      private static void validateSignature​(org.bouncycastle.cert.ocsp.BasicOCSPResp resp, java.security.cert.X509Certificate certificate)
      Validate OCSP response signature
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • SECURE_RANDOM

        private static final java.security.SecureRandom SECURE_RANDOM
      • OCSP_RESPONSE_MAX_SIZE

        private static final int OCSP_RESPONSE_MAX_SIZE
    • Constructor Detail

      • OcspClient

        private OcspClient()
    • Method Detail

      • query

        static Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> query​(java.security.cert.X509Certificate x509Certificate,
                                                                       java.security.cert.X509Certificate issuer,
                                                                       boolean validateResponseNonce,
                                                                       IoTransport ioTransport,
                                                                       DnsNameResolver dnsNameResolver)
        Query the certificate status using OCSP
        Parameters:
        x509Certificate - Client X509Certificate to validate
        issuer - X509Certificate issuer of client certificate
        validateResponseNonce - Set to true to enable OCSP response validation
        ioTransport - IoTransport to use
        Returns:
        Promise of BasicOCSPResp
      • query

        private static Promise<org.bouncycastle.cert.ocsp.OCSPResp> query​(EventLoop eventLoop,
                                                                          ByteBuf ocspRequest,
                                                                          java.lang.String host,
                                                                          int port,
                                                                          java.lang.String path,
                                                                          IoTransport ioTransport,
                                                                          DnsNameResolver dnsNameResolver)
        Query the OCSP responder for certificate status using HTTP/1.1
        Parameters:
        eventLoop - EventLoop for HTTP request execution
        ocspRequest - ByteBuf containing OCSP request data
        host - OCSP responder hostname
        port - OCSP responder port
        path - OCSP responder path
        ioTransport - IoTransport to use
        Returns:
        Returns Promise containing OCSPResp
      • validateResponse

        private static void validateResponse​(Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> responsePromise,
                                             org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse,
                                             org.bouncycastle.asn1.DEROctetString derNonce,
                                             java.security.cert.X509Certificate issuer,
                                             boolean validateNonce)
      • validateNonce

        private static void validateNonce​(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse,
                                          org.bouncycastle.asn1.DEROctetString encodedNonce)
                                   throws org.bouncycastle.cert.ocsp.OCSPException
        Validate OCSP response nonce
        Throws:
        org.bouncycastle.cert.ocsp.OCSPException
      • validateSignature

        private static void validateSignature​(org.bouncycastle.cert.ocsp.BasicOCSPResp resp,
                                              java.security.cert.X509Certificate certificate)
                                       throws org.bouncycastle.cert.ocsp.OCSPException
        Validate OCSP response signature
        Throws:
        org.bouncycastle.cert.ocsp.OCSPException
      • parseOcspUrlFromCertificate

        private static java.lang.String parseOcspUrlFromCertificate​(java.security.cert.X509Certificate cert)
        Parse OCSP endpoint URL from Certificate
        Parameters:
        cert - Certificate to be parsed
        Returns:
        OCSP endpoint URL
        Throws:
        java.lang.NullPointerException - If we couldn't locate OCSP responder URL
        java.lang.IllegalArgumentException - If we couldn't parse X509Certificate into JcaX509CertificateHolder