Package com.itextpdf.signatures.validation

Class ValidationOcspClient

  • All Implemented Interfaces:
    IOcspClient
    public class ValidationOcspClient
extends java.lang.Object
implements IOcspClient
    OCSP client which is expected to be used in case OCSP responses shall be linked with generation date.

    • Constructor Detail

    • Method Detail

      • addResponse

        public void addResponse​(IBasicOCSPResp response,
                        java.util.Date date,
                        TimeBasedContext context)
        Add OCSP response which is linked with generation date.
        Parameters:
        response - IBasicOCSPResp response to be added
        date - Date to be linked with the response
        context - TimeBasedContext time based context which corresponds to generation date

      • getEncoded

        public byte[] getEncoded​(java.security.cert.X509Certificate checkCert,
                         java.security.cert.X509Certificate issuerCert,
                         java.lang.String url)
        Fetch a DER-encoded BasicOCSPResponse from an OCSP responder. The method should not throw an exception.

        Note: do not pass in the full DER-encoded OCSPResponse object obtained from the responder, only the DER-encoded BasicOCSPResponse value contained in the response data..

        Specified by:
        getEncoded in interface IOcspClient
        Parameters:
        checkCert - Certificate to check.
        issuerCert - The parent certificate.
        url - The URL of the OCSP responder endpoint. If null, implementations can attempt to obtain a URL from the AuthorityInformationAccess extension of the certificate, or from another implementation-specific source.
        Returns:
        a byte array containing a DER-encoded BasicOCSPResponse structure or null if one could not be obtained
        See Also:
        RFC 6960 ยง 4.2.1