Package com.itextpdf.text.pdf.security

Class OcspClientBouncyCastle

java.lang.Object
com.itextpdf.text.pdf.security.OcspClientBouncyCastle
All Implemented Interfaces:
OcspClient
public class OcspClientBouncyCastle extends Object implements OcspClient
OcspClient implementation using BouncyCastle.

  • Field Details

    • LOGGER

      private static final Logger LOGGER
      The Logger instance

    • verifier

      private final OCSPVerifier verifier

  • Constructor Details

    • OcspClientBouncyCastle

      @Deprecated public OcspClientBouncyCastle()
      Deprecated.
      Create default implemention of OcspClient. Note, if you use this constructor, OCSP response will not be verified.

    • OcspClientBouncyCastle

      public OcspClientBouncyCastle(OCSPVerifier verifier)
      Create OcspClient
      Parameters:
      verifier - will be used for response verification. .

  • Method Details

    • getBasicOCSPResp

      public org.bouncycastle.cert.ocsp.BasicOCSPResp getBasicOCSPResp(X509Certificate checkCert, X509Certificate rootCert, String url)
      Gets OCSP response. If was setted, the response will be checked.

    • getEncoded

      public byte[] getEncoded(X509Certificate checkCert, X509Certificate rootCert, String url)
      Gets an encoded byte array with OCSP validation. The method should not throw an exception.
      Specified by:
      getEncoded in interface OcspClient
      Parameters:
      checkCert - to certificate to check
      rootCert - the parent certificate
      url - to get the verification. It it's null it will be taken from the check cert or from other implementation specific source
      Returns:
      a byte array with the validation or null if the validation could not be obtained

    • generateOCSPRequest

      private static org.bouncycastle.cert.ocsp.OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws org.bouncycastle.cert.ocsp.OCSPException, IOException, org.bouncycastle.operator.OperatorException, CertificateEncodingException
      Generates an OCSP request using BouncyCastle.
      Parameters:
      issuerCert - certificate of the issues
      serialNumber - serial number
      Returns:
      an OCSP request
      Throws:
      org.bouncycastle.cert.ocsp.OCSPException
      IOException
      org.bouncycastle.operator.OperatorException
      CertificateEncodingException

    • getOcspResponse

      private org.bouncycastle.cert.ocsp.OCSPResp getOcspResponse(X509Certificate checkCert, X509Certificate rootCert, String url) throws GeneralSecurityException, org.bouncycastle.cert.ocsp.OCSPException, IOException, org.bouncycastle.operator.OperatorException
      Throws:
      GeneralSecurityException
      org.bouncycastle.cert.ocsp.OCSPException
      IOException
      org.bouncycastle.operator.OperatorException