com.itextpdf.signatures

Class OcspClientBouncyCastle

java.lang.Object

com.itextpdf.signatures.OcspClientBouncyCastle

All Implemented Interfaces:

IOcspClient

public class OcspClientBouncyCastle
extends Object
implements IOcspClient

OcspClient implementation using BouncyCastle.

Constructor Summary

Constructors

Constructor and Description
OcspClientBouncyCastle(OCSPVerifier verifier) Creates OcspClient.

Method Summary

Modifier and Type	Method and Description
protected InputStream	createRequestAndResponse(X509Certificate checkCert, X509Certificate rootCert, String url) Create OCSP request and get the response for this request, represented as InputStream.
protected static com.itextpdf.commons.bouncycastle.cert.ocsp.IOCSPReq	generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) Generates an OCSP request using BouncyCastle.
com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp	getBasicOCSPResp(X509Certificate checkCert, X509Certificate rootCert, String url) Gets OCSP response.
byte[]	getEncoded(X509Certificate checkCert, X509Certificate rootCert, String url) Fetch a DER-encoded BasicOCSPResponse from an OCSP responder.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OcspClientBouncyCastle

public OcspClientBouncyCastle(OCSPVerifier verifier)

Creates OcspClient.

Parameters:

verifier - will be used for response verification.

See Also:

OCSPVerifier

Method Detail

getBasicOCSPResp

public com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp getBasicOCSPResp(X509Certificate checkCert,
                                                                                   X509Certificate rootCert,
                                                                                   String url)

Gets OCSP response. If OCSPVerifier was set, the response will be checked.

Parameters:

checkCert - to certificate to check

rootCert - the parent certificate

url - to get the verification

Returns:

IBasicOCSPResp an OCSP response wrapper

getEncoded

public byte[] getEncoded(X509Certificate checkCert,
                         X509Certificate rootCert,
                         String url)

Fetch a DER-encoded BasicOCSPResponse from an OCSP responder. The method should not throw an exception.

Note: do not pass in the full DER-encoded OCSPResponse object obtained from the responder, only the DER-encoded BasicOCSPResponse value contained in the response data.

Specified by:

getEncoded in interface IOcspClient

Parameters:

checkCert - Certificate to check.

rootCert - The parent certificate.

url - The URL of the OCSP responder endpoint. If null, implementations can attempt to obtain a URL from the AuthorityInformationAccess extension of the certificate, or from another implementation-specific source.

Returns:

a byte array containing a DER-encoded BasicOCSPResponse structure or null if one could not be obtained

See Also:

RFC 6960 § 4.2.1

generateOCSPRequest

protected static com.itextpdf.commons.bouncycastle.cert.ocsp.IOCSPReq generateOCSPRequest(X509Certificate issuerCert,
                                                                                          BigInteger serialNumber)
                                                                                   throws com.itextpdf.commons.bouncycastle.cert.ocsp.AbstractOCSPException,
                                                                                          IOException,
                                                                                          CertificateEncodingException,
                                                                                          com.itextpdf.commons.bouncycastle.operator.AbstractOperatorCreationException

Generates an OCSP request using BouncyCastle.

Parameters:

issuerCert - certificate of the issues

serialNumber - serial number

Returns:

IOCSPReq an OCSP request wrapper

Throws:

com.itextpdf.commons.bouncycastle.cert.ocsp.AbstractOCSPException - is thrown if any errors occur while handling OCSP requests/responses

IOException - signals that an I/O exception has occurred

CertificateEncodingException - is thrown if any errors occur while handling OCSP requests/responses

com.itextpdf.commons.bouncycastle.operator.AbstractOperatorCreationException - is thrown if any errors occur while handling OCSP requests/responses

createRequestAndResponse

protected InputStream createRequestAndResponse(X509Certificate checkCert,
                                               X509Certificate rootCert,
                                               String url)
                                        throws IOException,
                                               com.itextpdf.commons.bouncycastle.operator.AbstractOperatorCreationException,
                                               com.itextpdf.commons.bouncycastle.cert.ocsp.AbstractOCSPException,
                                               CertificateEncodingException

Create OCSP request and get the response for this request, represented as InputStream.

Parameters:

checkCert - X509Certificate certificate to get OCSP response for

rootCert - X509Certificate root certificate from which OCSP request will be built

url - URL link, which is expected to be used to get OCSP response from

Returns:

OCSP response bytes, represented as InputStream

Throws:

IOException - if an I/O error occurs

com.itextpdf.commons.bouncycastle.operator.AbstractOperatorCreationException - is thrown if any errors occur while handling OCSP requests/responses

com.itextpdf.commons.bouncycastle.cert.ocsp.AbstractOCSPException - is thrown if any errors occur while handling OCSP requests/responses

CertificateEncodingException - is thrown if any errors occur while handling OCSP requests/responses