lv.pasts.eme.cert

Class OCSPClient

java.lang.Object

lv.pasts.eme.cert.OCSPClient

public final class OCSPClient
extends Object

OCSPClient class provides functionality to obtain OCSP responses accordingly to Online Certificate Status Protocol (RFC 2560).

Constructor Summary

Constructors

Constructor and Description
OCSPClient(TrustStore trustStore, boolean useResultCache) Creates an OCSPClient instace.
OCSPClient(TrustStore trustStore, boolean useResultCache, List<lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPResp> ocspStore)

Method Summary

Modifier and Type	Method and Description
lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPReq	generateOCSPRequest(List<lv.eparaksts.org.bouncycastle.v170.cert.ocsp.CertificateID> certificateIDList, byte[] nonce)
static List<lv.eparaksts.org.bouncycastle.v170.cert.ocsp.CertificateID>	getCertificateIDList(Map<BigInteger,X509Certificate> certificateMap)
static X509Certificate	getOCSPResponderCert(lv.eparaksts.org.bouncycastle.v170.cert.ocsp.BasicOCSPResp basicResponse)
CertValidatorResult.OCSPResult	getOCSPResult(Map<BigInteger,X509Certificate> certificateMap, String responderURL, Date validationTime) Requests certificate status using OCSP responder service.
CertValidatorResult.OCSPResult	getOCSPResult(X509Certificate userCert, X509Certificate issuerCert, Date validationTime) Requests certificate status using OCSP responder service.
static byte[]	getResponseNonce(lv.eparaksts.org.bouncycastle.v170.cert.ocsp.BasicOCSPResp basicResp)
String	getResponseStatusMessage(int status)
protected static boolean	idEquals(lv.eparaksts.org.bouncycastle.v170.cert.ocsp.CertificateID id1, lv.eparaksts.org.bouncycastle.v170.cert.ocsp.CertificateID id2)
static X509Certificate	resolveOCSPResponderCert(TrustStore trustStore, lv.eparaksts.org.bouncycastle.v170.cert.ocsp.BasicOCSPResp basicResponse)
static String	resolveOCSPResponderURL(X509Certificate userCert, X509Certificate issuerCert)
lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPResp	sendRequest(lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPReq request, String responderURL)
void	setSigningData(String signingAlg, PrivateKey signingKey, X509Certificate[] signingChain, String signingProvider) Set data used to sign the OCSP requests.
void	setUseNonceExtension(boolean useNonceExtension)
static void	validateSingleResponse(lv.eparaksts.org.bouncycastle.v170.cert.ocsp.SingleResp singleResp, Date validationTime, X509Certificate cert)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OCSPClient

public OCSPClient(TrustStore trustStore,
                  boolean useResultCache)

Creates an OCSPClient instace.

Parameters:

useResultCache - true if to use the OCSP result cache.

OCSPClient

public OCSPClient(TrustStore trustStore,
                  boolean useResultCache,
                  List<lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPResp> ocspStore)

Method Detail

setUseNonceExtension

public void setUseNonceExtension(boolean useNonceExtension)

setSigningData

public void setSigningData(String signingAlg,
                           PrivateKey signingKey,
                           X509Certificate[] signingChain,
                           String signingProvider)

Set data used to sign the OCSP requests.

Parameters:

signingAlg - signature algorithm.

signingKey - signing key.

signingChain - signing certificate chain.

signingProvider - signature provider.

getOCSPResult

public CertValidatorResult.OCSPResult getOCSPResult(X509Certificate userCert,
                                                    X509Certificate issuerCert,
                                                    Date validationTime)
                                             throws CertValidatorException

Requests certificate status using OCSP responder service. Certificate and certification path integrity is not validated.

Parameters:

userCert - the user certificate.

issuerCert - the issuer certificate.

Returns:

the result of the OCSP request.

Throws:

Exception - if certificate status cannot be obtained.

CertValidatorException

getOCSPResult

public CertValidatorResult.OCSPResult getOCSPResult(Map<BigInteger,X509Certificate> certificateMap,
                                                    String responderURL,
                                                    Date validationTime)
                                             throws CertValidatorException

Requests certificate status using OCSP responder service. Revocation status of the given certificates is not checked.

Parameters:

certificateMap - map containing certificate identifiers.

responderURL - a URL that identifies the location of the OCSP responder.

Returns:

the result of the OCSP request.

Throws:

Exception - if certificate status cannot be obtained.

CertValidatorException

generateOCSPRequest

public lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPReq generateOCSPRequest(List<lv.eparaksts.org.bouncycastle.v170.cert.ocsp.CertificateID> certificateIDList,
                                                                                byte[] nonce)
                                                                         throws lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPException

Throws:

lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPException

sendRequest

public lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPResp sendRequest(lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPReq request,
                                                                         String responderURL)
                                                                  throws lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPException

Throws:

lv.eparaksts.org.bouncycastle.v170.cert.ocsp.OCSPException

getResponseStatusMessage

public String getResponseStatusMessage(int status)

getResponseNonce

public static byte[] getResponseNonce(lv.eparaksts.org.bouncycastle.v170.cert.ocsp.BasicOCSPResp basicResp)

getCertificateIDList

public static List<lv.eparaksts.org.bouncycastle.v170.cert.ocsp.CertificateID> getCertificateIDList(Map<BigInteger,X509Certificate> certificateMap)
                                                                                             throws Exception

Throws:

Exception

idEquals

protected static boolean idEquals(lv.eparaksts.org.bouncycastle.v170.cert.ocsp.CertificateID id1,
                                  lv.eparaksts.org.bouncycastle.v170.cert.ocsp.CertificateID id2)

resolveOCSPResponderURL

public static String resolveOCSPResponderURL(X509Certificate userCert,
                                             X509Certificate issuerCert)
                                      throws CertValidatorException

Throws:

CertValidatorException

getOCSPResponderCert

public static X509Certificate getOCSPResponderCert(lv.eparaksts.org.bouncycastle.v170.cert.ocsp.BasicOCSPResp basicResponse)
                                            throws Exception

Throws:

Exception

resolveOCSPResponderCert

public static X509Certificate resolveOCSPResponderCert(TrustStore trustStore,
                                                       lv.eparaksts.org.bouncycastle.v170.cert.ocsp.BasicOCSPResp basicResponse)
                                                throws Exception

Throws:

Exception

validateSingleResponse

public static void validateSingleResponse(lv.eparaksts.org.bouncycastle.v170.cert.ocsp.SingleResp singleResp,
                                          Date validationTime,
                                          X509Certificate cert)
                                   throws CertValidatorException

Throws:

CertValidatorException