Package io.netty.handler.ssl.ocsp
Class OcspClient
- java.lang.Object
-
- io.netty.handler.ssl.ocsp.OcspClient
-
final class OcspClient extends java.lang.Object
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description (package private) static class
OcspClient.Initializer
-
Field Summary
Fields Modifier and Type Field Description private static InternalLogger
logger
private static int
OCSP_RESPONSE_MAX_SIZE
private static java.security.SecureRandom
SECURE_RANDOM
-
Constructor Summary
Constructors Modifier Constructor Description private
OcspClient()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description private static java.lang.String
parseOcspUrlFromCertificate(java.security.cert.X509Certificate cert)
Parse OCSP endpoint URL from Certificateprivate static Promise<org.bouncycastle.cert.ocsp.OCSPResp>
query(EventLoop eventLoop, ByteBuf ocspRequest, java.lang.String host, int port, java.lang.String path, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
Query the OCSP responder for certificate status using HTTP/1.1(package private) static Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp>
query(java.security.cert.X509Certificate x509Certificate, java.security.cert.X509Certificate issuer, boolean validateResponseNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
Query the certificate status using OCSPprivate static void
validateNonce(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString encodedNonce)
Validate OCSP response nonceprivate static void
validateResponse(Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> responsePromise, org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString derNonce, java.security.cert.X509Certificate issuer, boolean validateNonce)
private static void
validateSignature(org.bouncycastle.cert.ocsp.BasicOCSPResp resp, java.security.cert.X509Certificate certificate)
Validate OCSP response signature
-
-
-
Field Detail
-
logger
private static final InternalLogger logger
-
SECURE_RANDOM
private static final java.security.SecureRandom SECURE_RANDOM
-
OCSP_RESPONSE_MAX_SIZE
private static final int OCSP_RESPONSE_MAX_SIZE
-
-
Method Detail
-
query
static Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> query(java.security.cert.X509Certificate x509Certificate, java.security.cert.X509Certificate issuer, boolean validateResponseNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
Query the certificate status using OCSP- Parameters:
x509Certificate
- ClientX509Certificate
to validateissuer
-X509Certificate
issuer of client certificatevalidateResponseNonce
- Set totrue
to enable OCSP response validationioTransport
-IoTransport
to use- Returns:
Promise
ofBasicOCSPResp
-
query
private static Promise<org.bouncycastle.cert.ocsp.OCSPResp> query(EventLoop eventLoop, ByteBuf ocspRequest, java.lang.String host, int port, java.lang.String path, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
Query the OCSP responder for certificate status using HTTP/1.1- Parameters:
eventLoop
-EventLoop
for HTTP request executionocspRequest
-ByteBuf
containing OCSP request datahost
- OCSP responder hostnameport
- OCSP responder portpath
- OCSP responder pathioTransport
-IoTransport
to use- Returns:
- Returns
Promise
containingOCSPResp
-
validateResponse
private static void validateResponse(Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> responsePromise, org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString derNonce, java.security.cert.X509Certificate issuer, boolean validateNonce)
-
validateNonce
private static void validateNonce(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString encodedNonce) throws org.bouncycastle.cert.ocsp.OCSPException
Validate OCSP response nonce- Throws:
org.bouncycastle.cert.ocsp.OCSPException
-
validateSignature
private static void validateSignature(org.bouncycastle.cert.ocsp.BasicOCSPResp resp, java.security.cert.X509Certificate certificate) throws org.bouncycastle.cert.ocsp.OCSPException
Validate OCSP response signature- Throws:
org.bouncycastle.cert.ocsp.OCSPException
-
parseOcspUrlFromCertificate
private static java.lang.String parseOcspUrlFromCertificate(java.security.cert.X509Certificate cert)
Parse OCSP endpoint URL from Certificate- Parameters:
cert
- Certificate to be parsed- Returns:
- OCSP endpoint URL
- Throws:
java.lang.NullPointerException
- If we couldn't locate OCSP responder URLjava.lang.IllegalArgumentException
- If we couldn't parse X509Certificate into JcaX509CertificateHolder
-
-