Class OcspClientBouncyCastle

  • All Implemented Interfaces:
    IOcspClient

    public class OcspClientBouncyCastle
    extends java.lang.Object
    implements IOcspClient
    OcspClient implementation using BouncyCastle.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected java.io.InputStream createRequestAndResponse​(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
      Create OCSP request and get the response for this request, represented as InputStream.
      protected static IOCSPReq generateOCSPRequest​(java.security.cert.X509Certificate issuerCert, java.math.BigInteger serialNumber)
      Generates an OCSP request using BouncyCastle.
      IBasicOCSPResp getBasicOCSPResp​(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
      Gets OCSP response.
      protected static ICertificateStatus getCertificateStatus​(byte[] basicOcspRespBytes)
      Retrieves certificate status from the OCSP response.
      byte[] getEncoded​(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
      Fetch a DER-encoded BasicOCSPResponse from an OCSP responder.
      (package private) IOCSPResp getOcspResponse​(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
      Gets an OCSP response object using BouncyCastle.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • LOGGER

        private static final org.slf4j.Logger LOGGER
        The Logger instance.
    • Constructor Detail

      • OcspClientBouncyCastle

        @Deprecated
        public OcspClientBouncyCastle​(OCSPVerifier verifier)
        Deprecated.
        starting from 8.0.5. OcspClientBouncyCastle() should be used instead. If required, IBasicOCSPResp can be checked using OCSPValidator class.
        Creates OcspClient.
        Parameters:
        verifier - will be used for response verification.
    • Method Detail

      • getBasicOCSPResp

        public IBasicOCSPResp getBasicOCSPResp​(java.security.cert.X509Certificate checkCert,
                                               java.security.cert.X509Certificate rootCert,
                                               java.lang.String url)
        Gets OCSP response. If OCSPVerifier was set, the response will be checked.
        Parameters:
        checkCert - the certificate to check
        rootCert - parent certificate
        url - to get the verification
        Returns:
        IBasicOCSPResp an OCSP response wrapper
      • getEncoded

        public byte[] getEncoded​(java.security.cert.X509Certificate checkCert,
                                 java.security.cert.X509Certificate rootCert,
                                 java.lang.String url)
        Fetch a DER-encoded BasicOCSPResponse from an OCSP responder. The method should not throw an exception.

        Note: do not pass in the full DER-encoded OCSPResponse object obtained from the responder, only the DER-encoded BasicOCSPResponse value contained in the response data.

        Specified by:
        getEncoded in interface IOcspClient
        Parameters:
        checkCert - Certificate to check.
        rootCert - The parent certificate.
        url - The URL of the OCSP responder endpoint. If null, implementations can attempt to obtain a URL from the AuthorityInformationAccess extension of the certificate, or from another implementation-specific source.
        Returns:
        a byte array containing a DER-encoded BasicOCSPResponse structure or null if one could not be obtained
        See Also:
        RFC 6960 ยง 4.2.1
      • generateOCSPRequest

        protected static IOCSPReq generateOCSPRequest​(java.security.cert.X509Certificate issuerCert,
                                                      java.math.BigInteger serialNumber)
                                               throws AbstractOCSPException,
                                                      java.io.IOException,
                                                      java.security.cert.CertificateEncodingException,
                                                      AbstractOperatorCreationException
        Generates an OCSP request using BouncyCastle.
        Parameters:
        issuerCert - certificate of the issues
        serialNumber - serial number
        Returns:
        IOCSPReq an OCSP request wrapper
        Throws:
        AbstractOCSPException - is thrown if any errors occur while handling OCSP requests/responses
        java.io.IOException - signals that an I/O exception has occurred
        java.security.cert.CertificateEncodingException - is thrown if any errors occur while handling OCSP requests/responses
        AbstractOperatorCreationException - is thrown if any errors occur while handling OCSP requests/responses
      • getCertificateStatus

        protected static ICertificateStatus getCertificateStatus​(byte[] basicOcspRespBytes)
        Retrieves certificate status from the OCSP response.
        Parameters:
        basicOcspRespBytes - encoded basic OCSP response
        Returns:
        good, revoked or unknown certificate status retrieved from the OCSP response, or null if an error occurs.
      • getOcspResponse

        IOCSPResp getOcspResponse​(java.security.cert.X509Certificate checkCert,
                                  java.security.cert.X509Certificate rootCert,
                                  java.lang.String url)
                           throws java.security.GeneralSecurityException,
                                  AbstractOCSPException,
                                  java.io.IOException,
                                  AbstractOperatorCreationException
        Gets an OCSP response object using BouncyCastle.
        Parameters:
        checkCert - to certificate to check
        rootCert - the parent certificate
        url - to get the verification. If it's null it will be taken from the check cert or from other implementation specific source
        Returns:
        IOCSPResp an OCSP response wrapper
        Throws:
        java.security.GeneralSecurityException - if any execution errors occur
        AbstractOCSPException - if any errors occur while handling OCSP requests/responses
        java.io.IOException - if any I/O execution errors occur
        AbstractOperatorCreationException - if any BC execution errors occur
      • createRequestAndResponse

        protected java.io.InputStream createRequestAndResponse​(java.security.cert.X509Certificate checkCert,
                                                               java.security.cert.X509Certificate rootCert,
                                                               java.lang.String url)
                                                        throws java.io.IOException,
                                                               AbstractOperatorCreationException,
                                                               AbstractOCSPException,
                                                               java.security.cert.CertificateEncodingException
        Create OCSP request and get the response for this request, represented as InputStream.
        Parameters:
        checkCert - X509Certificate certificate to get OCSP response for
        rootCert - X509Certificate root certificate from which OCSP request will be built
        url - URL link, which is expected to be used to get OCSP response from
        Returns:
        OCSP response bytes, represented as InputStream
        Throws:
        java.io.IOException - if an I/O error occurs
        AbstractOperatorCreationException - is thrown if any errors occur while handling OCSP requests/responses
        AbstractOCSPException - is thrown if any errors occur while handling OCSP requests/responses
        java.security.cert.CertificateEncodingException - is thrown if any errors occur while handling OCSP requests/responses