public class OCSPClient
extends java.lang.Object
Title: OCSP client
Description: RFC 2560 X.509 Internet Public Key Infrastructure Online Certificate Status Protocol standard is implemented
Copyright: Copyright (c) 2004
Company: TUBITAK/UEKAE
Modifier and Type | Field and Description |
---|---|
static tr.gov.tubitak.uekae.esya.api.crypto.alg.DigestAlg |
digestAlgForOcspRequest |
protected static org.slf4j.Logger |
logger |
protected tr.gov.tubitak.uekae.esya.api.asn.ocsp.EBasicOCSPResponse |
mBasicResponse |
protected tr.gov.tubitak.uekae.esya.api.asn.ocsp.EOCSPResponse |
mOCSPResponce |
static com.objsys.asn1j.runtime.Asn1ObjectIdentifier |
NONCE_OID |
static int |
REASON_AA_COMPROMISE |
static int |
REASON_AFFILIATION_CHANGED |
static int |
REASON_CA_COMPROMISE |
static int |
REASON_CERTIFICATE_HOLD |
static int |
REASON_CESSATION_OF_OPERATION |
static int |
REASON_KEY_COMPROMISE |
static int |
REASON_PRIVILEGE_WITHDRAWN |
static int |
REASON_SUPERSEDED |
static int |
REASON_UNSPECIFIED |
protected tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate |
signingCertificate |
protected HashMultiMap<java.math.BigInteger,tr.gov.tubitak.uekae.esya.api.asn.ocsp.ESingleResponse> |
singleResponses |
static int |
STATUS_RESPONCE_INVALID_NONCE |
static int |
STATUS_RESPONSE_CANT_BE_RECEIVED |
static int |
STATUS_RESPONSE_HAS_INVALID_SIGNATURE |
Modifier | Constructor and Description |
---|---|
protected |
OCSPClient() |
|
OCSPClient(java.lang.String aConnectionAddress) |
Modifier and Type | Method and Description |
---|---|
boolean |
checkDate(tr.gov.tubitak.uekae.esya.api.asn.ocsp.ESingleResponse aResponse,
java.util.Calendar aDate)
Checks thisUpdate and nextUpdate in OCSP response agains given date.
|
boolean |
checkNonce()
Check nonce value of response.
|
void |
checkResponse() |
boolean |
checkResponseStatus()
Check Response status.
|
boolean |
checkSignature()
Check signature value for response.
|
void |
closeConnection()
Closes connection
|
tr.gov.tubitak.uekae.esya.api.asn.ocsp.EBasicOCSPResponse |
getBasicResponse() |
byte[] |
getNonce()
Returns the nonce value in the request
|
tr.gov.tubitak.uekae.esya.api.asn.ocsp.EOCSPResponse |
getOCSPResponse() |
java.util.Calendar |
getProducedAt()
Creation time of ocsp response
|
int |
getResponseStatus()
ResponseStatus.
|
tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate |
getSigningCertificate()
Get the certificate that signs OCSP response, which should be validated.
|
tr.gov.tubitak.uekae.esya.api.asn.ocsp.ESingleResponse |
getSingleResponse(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificateToQuery,
tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aIssuerCertificate) |
int |
getStatus() |
static boolean |
isEqual(tr.gov.tubitak.uekae.esya.api.asn.ocsp.ECertID certID,
tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificateToQuery,
tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aIssuerCertificate)
Checks whether certID is generated for the aCertificateToQuery and the aIssuerCertificate.
|
void |
openConnection()
Opens connection with default timeout
|
void |
openConnection(java.lang.String aTimeOut)
Open connection with defined timeout
|
tr.gov.tubitak.uekae.esya.api.asn.ocsp.EOCSPResponse |
queryCertificate(java.math.BigInteger aSertifikaSeriNo,
byte[] aSMSubjectHashDegeri,
byte[] aSMAcikAnahtarHashDegeri) |
tr.gov.tubitak.uekae.esya.api.asn.ocsp.EOCSPResponse |
queryCertificate(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate[] aCertificatesToQuery,
tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate[] aIssuerCertificates)
Make multiple query at once.
|
void |
queryCertificate(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificateToQuery,
tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aIssuerCertificate)
Make single query.
|
void |
setCheckDate(boolean aCheckDate)
Checks thisUpdate and nextUpdate interval in OCSP response covers now
Default: false
|
void |
setCheckNonce(boolean aCheckNonce)
Defines whether ocsp response nonce will be checked
Default: true
|
void |
setCheckResponseStatus(boolean aCheckResponseStatus)
Defines whether ocsp response status will be checked
|
void |
setCheckSignature(boolean aCheckSignature)
Defines whether ocsp response signature will be checked
Default: true
|
void |
setDigestAlgForOcspRequest(tr.gov.tubitak.uekae.esya.api.crypto.alg.DigestAlg digestAlg) |
protected static org.slf4j.Logger logger
public static final int REASON_UNSPECIFIED
public static final int REASON_KEY_COMPROMISE
public static final int REASON_CA_COMPROMISE
public static final int REASON_AFFILIATION_CHANGED
public static final int REASON_SUPERSEDED
public static final int REASON_CESSATION_OF_OPERATION
public static final int REASON_CERTIFICATE_HOLD
public static final int REASON_PRIVILEGE_WITHDRAWN
public static final int REASON_AA_COMPROMISE
public static final int STATUS_RESPONSE_HAS_INVALID_SIGNATURE
public static final int STATUS_RESPONSE_CANT_BE_RECEIVED
public static final int STATUS_RESPONCE_INVALID_NONCE
public static final com.objsys.asn1j.runtime.Asn1ObjectIdentifier NONCE_OID
protected HashMultiMap<java.math.BigInteger,tr.gov.tubitak.uekae.esya.api.asn.ocsp.ESingleResponse> singleResponses
protected tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate signingCertificate
protected tr.gov.tubitak.uekae.esya.api.asn.ocsp.EBasicOCSPResponse mBasicResponse
protected tr.gov.tubitak.uekae.esya.api.asn.ocsp.EOCSPResponse mOCSPResponce
public static tr.gov.tubitak.uekae.esya.api.crypto.alg.DigestAlg digestAlgForOcspRequest
protected OCSPClient()
public OCSPClient(java.lang.String aConnectionAddress) throws tr.gov.tubitak.uekae.esya.api.common.ESYAException
aConnectionAddress
- Adress to the OCSP server
ECertificate object getOCSPAdresses() function gives addresses.tr.gov.tubitak.uekae.esya.api.common.ESYAException
public void setCheckSignature(boolean aCheckSignature)
aCheckSignature
- public void setCheckNonce(boolean aCheckNonce)
aCheckNonce
- public void setCheckResponseStatus(boolean aCheckResponseStatus)
aCheckResponseStatus
- public void setCheckDate(boolean aCheckDate)
aCheckDate
- public void openConnection() throws tr.gov.tubitak.uekae.esya.api.common.ESYAException
tr.gov.tubitak.uekae.esya.api.common.ESYAException
public void closeConnection() throws tr.gov.tubitak.uekae.esya.api.common.ESYAException
tr.gov.tubitak.uekae.esya.api.common.ESYAException
public void openConnection(java.lang.String aTimeOut) throws tr.gov.tubitak.uekae.esya.api.common.ESYAException
aTimeOut
- timeout in miliseconds. If it is null, default value is used. A timeout of zero is
intreped as an infinite timeout.
Iftr.gov.tubitak.uekae.esya.api.common.ESYAException
public java.util.Calendar getProducedAt()
public void queryCertificate(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificateToQuery, tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aIssuerCertificate) throws tr.gov.tubitak.uekae.esya.api.common.ESYAException
aCertificateToQuery
- CertificateaIssuerCertificate
- Certificatetr.gov.tubitak.uekae.esya.api.common.ESYAException
public tr.gov.tubitak.uekae.esya.api.asn.ocsp.EOCSPResponse queryCertificate(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate[] aCertificatesToQuery, tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate[] aIssuerCertificates) throws tr.gov.tubitak.uekae.esya.api.common.ESYAException
aCertificatesToQuery
- Certificate[]aIssuerCertificates
- Certificate[]tr.gov.tubitak.uekae.esya.api.common.ESYAException
public tr.gov.tubitak.uekae.esya.api.asn.ocsp.EOCSPResponse queryCertificate(java.math.BigInteger aSertifikaSeriNo, byte[] aSMSubjectHashDegeri, byte[] aSMAcikAnahtarHashDegeri) throws tr.gov.tubitak.uekae.esya.api.common.ESYAException
tr.gov.tubitak.uekae.esya.api.common.ESYAException
public int getStatus()
public int getResponseStatus()
public tr.gov.tubitak.uekae.esya.api.asn.ocsp.ESingleResponse getSingleResponse(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificateToQuery, tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aIssuerCertificate) throws tr.gov.tubitak.uekae.esya.api.common.ESYAException
tr.gov.tubitak.uekae.esya.api.common.ESYAException
public static boolean isEqual(tr.gov.tubitak.uekae.esya.api.asn.ocsp.ECertID certID, tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificateToQuery, tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aIssuerCertificate)
certID
- aCertificateToQuery
- aIssuerCertificate
- public tr.gov.tubitak.uekae.esya.api.asn.ocsp.EBasicOCSPResponse getBasicResponse()
public tr.gov.tubitak.uekae.esya.api.asn.ocsp.EOCSPResponse getOCSPResponse()
public boolean checkResponseStatus()
public void checkResponse() throws tr.gov.tubitak.uekae.esya.api.common.ESYAException
tr.gov.tubitak.uekae.esya.api.common.ESYAException
public boolean checkDate(tr.gov.tubitak.uekae.esya.api.asn.ocsp.ESingleResponse aResponse, java.util.Calendar aDate)
aResponse
- to be checkedaDate
- to checkpublic byte[] getNonce()
public boolean checkNonce()
public boolean checkSignature()
public tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate getSigningCertificate() throws tr.gov.tubitak.uekae.esya.api.common.ESYAException
tr.gov.tubitak.uekae.esya.api.common.ESYAException
public void setDigestAlgForOcspRequest(tr.gov.tubitak.uekae.esya.api.crypto.alg.DigestAlg digestAlg)
Copyright © 2025. All rights reserved.