Package io.netty.handler.ssl.ocsp
Class OcspClient
java.lang.Object
io.netty.handler.ssl.ocsp.OcspClient
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final InternalLoggerprivate static final intprivate static final SecureRandom -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static StringParse OCSP endpoint URL from Certificateprivate static Promise<org.bouncycastle.cert.ocsp.OCSPResp> query(EventLoop eventLoop, ByteBuf ocspRequest, String host, int port, String path, IoTransport ioTransport, DnsNameResolver dnsNameResolver) Query the OCSP responder for certificate status using HTTP/1.1(package private) static Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> query(X509Certificate x509Certificate, X509Certificate issuer, boolean validateResponseNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver) Query the certificate status using OCSPprivate static voidvalidateNonce(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString encodedNonce) Validate OCSP response nonceprivate static voidvalidateResponse(Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> responsePromise, org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString derNonce, X509Certificate issuer, boolean validateNonce) private static voidvalidateSignature(org.bouncycastle.cert.ocsp.BasicOCSPResp resp, X509Certificate certificate) Validate OCSP response signature
-
Field Details
-
logger
-
SECURE_RANDOM
-
OCSP_RESPONSE_MAX_SIZE
private static final int OCSP_RESPONSE_MAX_SIZE
-
-
Constructor Details
-
OcspClient
private OcspClient()
-
-
Method Details
-
query
static Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> query(X509Certificate x509Certificate, X509Certificate issuer, boolean validateResponseNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver) Query the certificate status using OCSP- Parameters:
x509Certificate- ClientX509Certificateto validateissuer-X509Certificateissuer of client certificatevalidateResponseNonce- Set totrueto enable OCSP response validationioTransport-IoTransportto use- Returns:
PromiseofBasicOCSPResp
-
query
private static Promise<org.bouncycastle.cert.ocsp.OCSPResp> query(EventLoop eventLoop, ByteBuf ocspRequest, String host, int port, String path, IoTransport ioTransport, DnsNameResolver dnsNameResolver) Query the OCSP responder for certificate status using HTTP/1.1- Parameters:
eventLoop-EventLoopfor HTTP request executionocspRequest-ByteBufcontaining OCSP request datahost- OCSP responder hostnameport- OCSP responder portpath- OCSP responder pathioTransport-IoTransportto use- Returns:
- Returns
PromisecontainingOCSPResp
-
validateResponse
private static void validateResponse(Promise<org.bouncycastle.cert.ocsp.BasicOCSPResp> responsePromise, org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString derNonce, X509Certificate issuer, boolean validateNonce) -
validateNonce
private static void validateNonce(org.bouncycastle.cert.ocsp.BasicOCSPResp basicResponse, org.bouncycastle.asn1.DEROctetString encodedNonce) throws org.bouncycastle.cert.ocsp.OCSPException Validate OCSP response nonce- Throws:
org.bouncycastle.cert.ocsp.OCSPException
-
validateSignature
private static void validateSignature(org.bouncycastle.cert.ocsp.BasicOCSPResp resp, X509Certificate certificate) throws org.bouncycastle.cert.ocsp.OCSPException Validate OCSP response signature- Throws:
org.bouncycastle.cert.ocsp.OCSPException
-
parseOcspUrlFromCertificate
Parse OCSP endpoint URL from Certificate- Parameters:
cert- Certificate to be parsed- Returns:
- OCSP endpoint URL
- Throws:
NullPointerException- If we couldn't locate OCSP responder URLIllegalArgumentException- If we couldn't parse X509Certificate into JcaX509CertificateHolder
-