Package com.itextpdf.signatures

Class OcspClientBouncyCastle

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected java.io.InputStream createRequestAndResponse​(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
      Create OCSP request and get the response for this request, represented as InputStream.
      protected static IOCSPReq generateOCSPRequest​(java.security.cert.X509Certificate issuerCert, java.math.BigInteger serialNumber)
      Generates an OCSP request using BouncyCastle.
      IBasicOCSPResp getBasicOCSPResp​(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
      Gets OCSP response.
      protected static ICertificateStatus getCertificateStatus​(byte[] basicOcspRespBytes)
      Retrieves certificate status from the OCSP response.
      byte[] getEncoded​(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
      Fetch a DER-encoded BasicOCSPResponse from an OCSP responder.
      (package private) IOCSPResp getOcspResponse​(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
      Gets an OCSP response object using BouncyCastle.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • LOGGER

        private static final org.slf4j.Logger LOGGER
        The Logger instance.

    • Constructor Detail

    • Method Detail

      • getBasicOCSPResp

        public IBasicOCSPResp getBasicOCSPResp​(java.security.cert.X509Certificate checkCert,
                                       java.security.cert.X509Certificate rootCert,
                                       java.lang.String url)
        Gets OCSP response.

        If required, IBasicOCSPResp can be checked using OCSPValidator class.

        Specified by:
        getBasicOCSPResp in interface IOcspClientBouncyCastle
        Parameters:
        checkCert - the certificate to check
        rootCert - parent certificate
        url - to get the verification
        Returns:
        IBasicOCSPResp an OCSP response wrapper

      • getEncoded

        public byte[] getEncoded​(java.security.cert.X509Certificate checkCert,
                         java.security.cert.X509Certificate rootCert,
                         java.lang.String url)
        Fetch a DER-encoded BasicOCSPResponse from an OCSP responder. The method should not throw an exception.

        Note: do not pass in the full DER-encoded OCSPResponse object obtained from the responder, only the DER-encoded BasicOCSPResponse value contained in the response data.

        Specified by:
        getEncoded in interface IOcspClient
        Parameters:
        checkCert - Certificate to check.
        rootCert - The parent certificate.
        url - The URL of the OCSP responder endpoint. If null, implementations can attempt to obtain a URL from the AuthorityInformationAccess extension of the certificate, or from another implementation-specific source.
        Returns:
        a byte array containing a DER-encoded BasicOCSPResponse structure or null if one could not be obtained
        See Also:
        RFC 6960 ยง 4.2.1

      • generateOCSPRequest

        protected static IOCSPReq generateOCSPRequest​(java.security.cert.X509Certificate issuerCert,
                                              java.math.BigInteger serialNumber)
                                       throws AbstractOCSPException,
                                              java.io.IOException,
                                              java.security.cert.CertificateEncodingException,
                                              AbstractOperatorCreationException
        Generates an OCSP request using BouncyCastle.
        Parameters:
        issuerCert - certificate of the issues
        serialNumber - serial number
        Returns:
        IOCSPReq an OCSP request wrapper
        Throws:
        AbstractOCSPException - is thrown if any errors occur while handling OCSP requests/responses
        java.io.IOException - signals that an I/O exception has occurred
        java.security.cert.CertificateEncodingException - is thrown if any errors occur while handling OCSP requests/responses
        AbstractOperatorCreationException - is thrown if any errors occur while handling OCSP requests/responses

      • getCertificateStatus

        protected static ICertificateStatus getCertificateStatus​(byte[] basicOcspRespBytes)
        Retrieves certificate status from the OCSP response.
        Parameters:
        basicOcspRespBytes - encoded basic OCSP response
        Returns:
        good, revoked or unknown certificate status retrieved from the OCSP response, or null if an error occurs.

      • getOcspResponse

        IOCSPResp getOcspResponse​(java.security.cert.X509Certificate checkCert,
                          java.security.cert.X509Certificate rootCert,
                          java.lang.String url)
                   throws java.security.GeneralSecurityException,
                          AbstractOCSPException,
                          java.io.IOException,
                          AbstractOperatorCreationException
        Gets an OCSP response object using BouncyCastle.
        Parameters:
        checkCert - to certificate to check
        rootCert - the parent certificate
        url - to get the verification. If it's null it will be taken from the check cert or from other implementation specific source
        Returns:
        IOCSPResp an OCSP response wrapper
        Throws:
        java.security.GeneralSecurityException - if any execution errors occur
        AbstractOCSPException - if any errors occur while handling OCSP requests/responses
        java.io.IOException - if any I/O execution errors occur
        AbstractOperatorCreationException - if any BC execution errors occur

      • createRequestAndResponse

        protected java.io.InputStream createRequestAndResponse​(java.security.cert.X509Certificate checkCert,
                                                       java.security.cert.X509Certificate rootCert,
                                                       java.lang.String url)
                                                throws java.io.IOException,
                                                       AbstractOperatorCreationException,
                                                       AbstractOCSPException,
                                                       java.security.cert.CertificateEncodingException
        Create OCSP request and get the response for this request, represented as InputStream.
        Parameters:
        checkCert - X509Certificate certificate to get OCSP response for
        rootCert - X509Certificate root certificate from which OCSP request will be built
        url - URL link, which is expected to be used to get OCSP response from
        Returns:
        OCSP response bytes, represented as InputStream
        Throws:
        java.io.IOException - if an I/O error occurs
        AbstractOperatorCreationException - is thrown if any errors occur while handling OCSP requests/responses
        AbstractOCSPException - is thrown if any errors occur while handling OCSP requests/responses
        java.security.cert.CertificateEncodingException - is thrown if any errors occur while handling OCSP requests/responses