Package io.netty.handler.ssl.ocsp

Class OcspClient

java.lang.Object

io.netty.handler.ssl.ocsp.OcspClient

final class OcspClient
extends java.lang.Object

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
(package private) static class	OcspClient.Initializer

Field Summary

Fields

Modifier and Type	Field	Description
private static InternalLogger	logger
private static int	OCSP_RESPONSE_MAX_SIZE
private static java.security.SecureRandom	SECURE_RANDOM

Constructor Summary

Constructors

Modifier	Constructor	Description
private	OcspClient()

Method Summary

Modifier and Type	Method	Description
private static java.lang.String	parseOcspUrlFromCertificate(java.security.cert.X509Certificate cert)	Parse OCSP endpoint URL from Certificate
private static Promise<org.bouncycastle.cert.ocsp.OCSPResp>	query(EventLoop eventLoop, ByteBuf ocspRequest, java.lang.String host, int port, java.lang.String path, IoTransport ioTransport, DnsNameResolver dnsNameResolver)	Query the OCSP responder for certificate status using HTTP/1.1
(package private) static Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp>	query(java.security.cert.X509Certificate x509Certificate, java.security.cert.X509Certificate issuer, boolean validateResponseNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver)	Query the certificate status using OCSP
private static void	validateNonce(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString encodedNonce)	Validate OCSP response nonce
private static void	validateResponse(Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> responsePromise, org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString derNonce, java.security.cert.X509Certificate issuer, boolean validateNonce)
private static void	validateSignature(org.bouncycastle.cert.ocsp.BasicOCSPResp resp, java.security.cert.X509Certificate certificate)	Validate OCSP response signature

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final InternalLogger logger

SECURE_RANDOM

private static final java.security.SecureRandom SECURE_RANDOM

OCSP_RESPONSE_MAX_SIZE

private static final int OCSP_RESPONSE_MAX_SIZE

Constructor Detail

OcspClient

private OcspClient()

Method Detail

query

static Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> query(java.security.cert.X509Certificate x509Certificate,
                                                               java.security.cert.X509Certificate issuer,
                                                               boolean validateResponseNonce,
                                                               IoTransport ioTransport,
                                                               DnsNameResolver dnsNameResolver)

Query the certificate status using OCSP

Parameters:

x509Certificate - Client X509Certificate to validate

issuer - X509Certificate issuer of client certificate

validateResponseNonce - Set to true to enable OCSP response validation

ioTransport - IoTransport to use

Returns:

Promise of BasicOCSPResp

query

private static Promise<org.bouncycastle.cert.ocsp.OCSPResp> query(EventLoop eventLoop,
                                                                  ByteBuf ocspRequest,
                                                                  java.lang.String host,
                                                                  int port,
                                                                  java.lang.String path,
                                                                  IoTransport ioTransport,
                                                                  DnsNameResolver dnsNameResolver)

Query the OCSP responder for certificate status using HTTP/1.1

Parameters:

eventLoop - EventLoop for HTTP request execution

ocspRequest - ByteBuf containing OCSP request data

host - OCSP responder hostname

port - OCSP responder port

path - OCSP responder path

ioTransport - IoTransport to use

Returns:

Returns Promise containing OCSPResp

validateResponse

private static void validateResponse(Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> responsePromise,
                                     org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse,
                                     org.bouncycastle.asn1.DEROctetString derNonce,
                                     java.security.cert.X509Certificate issuer,
                                     boolean validateNonce)

validateNonce

private static void validateNonce(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse,
                                  org.bouncycastle.asn1.DEROctetString encodedNonce)
                           throws org.bouncycastle.cert.ocsp.OCSPException

Validate OCSP response nonce

Throws:

org.bouncycastle.cert.ocsp.OCSPException

validateSignature

private static void validateSignature(org.bouncycastle.cert.ocsp.BasicOCSPResp resp,
                                      java.security.cert.X509Certificate certificate)
                               throws org.bouncycastle.cert.ocsp.OCSPException

Validate OCSP response signature

Throws:

org.bouncycastle.cert.ocsp.OCSPException

parseOcspUrlFromCertificate

private static java.lang.String parseOcspUrlFromCertificate(java.security.cert.X509Certificate cert)

Parse OCSP endpoint URL from Certificate

Parameters:

cert - Certificate to be parsed

Returns:

OCSP endpoint URL

Throws:

java.lang.NullPointerException - If we couldn't locate OCSP responder URL

java.lang.IllegalArgumentException - If we couldn't parse X509Certificate into JcaX509CertificateHolder