Class OCSPValidator


  • public class OCSPValidator
    extends java.lang.Object
    Class that allows you to validate a single OCSP response.
    • Method Detail

      • validate

        @Deprecated
        public void validate​(ValidationReport report,
                             ValidationContext context,
                             java.security.cert.X509Certificate certificate,
                             ISingleResp singleResp,
                             IBasicOCSPResp ocspResp,
                             java.util.Date validationDate)
        Deprecated.
        starting from 8.0.5. TODO DEVSIX-8398 To be removed.
        Validates a certificate against single OCSP Response.
        Parameters:
        report - to store all the chain verification results
        context - the context in which to perform the validation
        certificate - the certificate to check for
        singleResp - single response to check
        ocspResp - basic OCSP response which contains single response to check
        validationDate - validation date to check for
      • validate

        public void validate​(ValidationReport report,
                             ValidationContext context,
                             java.security.cert.X509Certificate certificate,
                             ISingleResp singleResp,
                             IBasicOCSPResp ocspResp,
                             java.util.Date validationDate,
                             java.util.Date responseGenerationDate)
        Validates a certificate against single OCSP Response.
        Parameters:
        report - to store all the chain verification results
        context - the context in which to perform the validation
        certificate - the certificate to check for
        singleResp - single response to check
        ocspResp - basic OCSP response which contains single response to check
        validationDate - validation date to check for
        responseGenerationDate - trusted date at which response is generated
      • verifyOcspResponder

        private void verifyOcspResponder​(ValidationReport report,
                                         ValidationContext context,
                                         IBasicOCSPResp ocspResp,
                                         java.security.cert.X509Certificate issuerCert,
                                         java.util.Date responseGenerationDate)
        Verifies if an OCSP response is genuine. If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert.
        Parameters:
        report - to store all the chain verification results
        context - the context in which to perform the validation
        ocspResp - IBasicOCSPResp the OCSP response wrapper
        issuerCert - the issuer of the certificate for which the OCSP is checked
      • getArchiveCutoffExtension

        private java.util.Date getArchiveCutoffExtension​(IBasicOCSPResp ocspResp)