Class OcspClientBouncyCastle
java.lang.Object
com.itextpdf.signatures.OcspClientBouncyCastle
- All Implemented Interfaces:
IOcspClient, IOcspClientBouncyCastle
OcspClient implementation using BouncyCastle.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final IBouncyCastleFactoryprivate static final org.slf4j.LoggerThe Logger instance. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected InputStreamcreateRequestAndResponse(X509Certificate checkCert, X509Certificate rootCert, String url) Create OCSP request and get the response for this request, represented asInputStream.protected static IOCSPReqgenerateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) Generates an OCSP request using BouncyCastle.getBasicOCSPResp(X509Certificate checkCert, X509Certificate rootCert, String url) Gets OCSP response.protected static ICertificateStatusgetCertificateStatus(byte[] basicOcspRespBytes) Retrieves certificate status from the OCSP response.byte[]getEncoded(X509Certificate checkCert, X509Certificate rootCert, String url) Fetch a DER-encoded BasicOCSPResponse from an OCSP responder.(package private) IOCSPRespgetOcspResponse(X509Certificate checkCert, X509Certificate rootCert, String url) Gets an OCSP response object using BouncyCastle.
-
Field Details
-
BOUNCY_CASTLE_FACTORY
-
LOGGER
private static final org.slf4j.Logger LOGGERThe Logger instance.
-
-
Constructor Details
-
OcspClientBouncyCastle
public OcspClientBouncyCastle()Creates newOcspClientBouncyCastleinstance.
-
-
Method Details
-
getBasicOCSPResp
public IBasicOCSPResp getBasicOCSPResp(X509Certificate checkCert, X509Certificate rootCert, String url) Gets OCSP response.If required,
IBasicOCSPRespcan be checked usingOCSPValidatorclass.- Specified by:
getBasicOCSPRespin interfaceIOcspClientBouncyCastle- Parameters:
checkCert- the certificate to checkrootCert- parent certificateurl- to get the verification- Returns:
IBasicOCSPRespan OCSP response wrapper
-
getEncoded
Fetch a DER-encoded BasicOCSPResponse from an OCSP responder. The method should not throw an exception.Note: do not pass in the full DER-encoded OCSPResponse object obtained from the responder, only the DER-encoded BasicOCSPResponse value contained in the response data.
- Specified by:
getEncodedin interfaceIOcspClient- Parameters:
checkCert- Certificate to check.rootCert- The parent certificate.url- The URL of the OCSP responder endpoint. If null, implementations can attempt to obtain a URL from the AuthorityInformationAccess extension of the certificate, or from another implementation-specific source.- Returns:
- a byte array containing a DER-encoded BasicOCSPResponse structure or null if one could not be obtained
- See Also:
-
generateOCSPRequest
protected static IOCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws AbstractOCSPException, IOException, CertificateEncodingException, AbstractOperatorCreationException Generates an OCSP request using BouncyCastle.- Parameters:
issuerCert- certificate of the issuesserialNumber- serial number- Returns:
IOCSPReqan OCSP request wrapper- Throws:
AbstractOCSPException- is thrown if any errors occur while handling OCSP requests/responsesIOException- signals that an I/O exception has occurredCertificateEncodingException- is thrown if any errors occur while handling OCSP requests/responsesAbstractOperatorCreationException- is thrown if any errors occur while handling OCSP requests/responses
-
getCertificateStatus
Retrieves certificate status from the OCSP response.- Parameters:
basicOcspRespBytes- encoded basic OCSP response- Returns:
- good, revoked or unknown certificate status retrieved from the OCSP response, or null if an error occurs.
-
getOcspResponse
IOCSPResp getOcspResponse(X509Certificate checkCert, X509Certificate rootCert, String url) throws GeneralSecurityException, AbstractOCSPException, IOException, AbstractOperatorCreationException Gets an OCSP response object using BouncyCastle.- Parameters:
checkCert- to certificate to checkrootCert- the parent certificateurl- to get the verification. If it's null it will be taken from the check cert or from other implementation specific source- Returns:
IOCSPRespan OCSP response wrapper- Throws:
GeneralSecurityException- if any execution errors occurAbstractOCSPException- if any errors occur while handling OCSP requests/responsesIOException- if any I/O execution errors occurAbstractOperatorCreationException- if any BC execution errors occur
-
createRequestAndResponse
protected InputStream createRequestAndResponse(X509Certificate checkCert, X509Certificate rootCert, String url) throws IOException, AbstractOperatorCreationException, AbstractOCSPException, CertificateEncodingException Create OCSP request and get the response for this request, represented asInputStream.- Parameters:
checkCert-X509Certificatecertificate to get OCSP response forrootCert-X509Certificateroot certificate from which OCSP request will be builturl-URLlink, which is expected to be used to get OCSP response from- Returns:
- OCSP response bytes, represented as
InputStream - Throws:
IOException- if an I/O error occursAbstractOperatorCreationException- is thrown if any errors occur while handling OCSP requests/responsesAbstractOCSPException- is thrown if any errors occur while handling OCSP requests/responsesCertificateEncodingException- is thrown if any errors occur while handling OCSP requests/responses
-