OCSPCachingClient (canl 2.5.0 API)

java.lang.Object
- eu.emi.security.authn.x509.helpers.ocsp.OCSPCachingClient

```
public class OCSPCachingClient
extends Object
```
OCSP client which adds a cache layer on top of OCSPClientImpl. There are two caches (all of them are configurable) consulted in the given order: unresponsive responders cache (per responder); OCSP responses cache (per responder and checked certificate tuple).
This class is thread safe.

Author:

K. Benedyczak

Constructor Summary

Constructors
Constructor and Description

OCSPCachingClient(long maxTtl, File diskPath, String prefix)

Constructors
Constructor and Description
`OCSPCachingClient(long maxTtl, File diskPath, String prefix)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`clearMemoryCache()`
`OCSPResult`	`queryForCertificate(URL responder, X509Certificate toCheckCert, X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout)` Returns the checked certificate status.
`OCSPResult`	`queryForCertificate(URL responder, X509Certificate toCheckCert, X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout, OCSPClientImpl client)` Returns the checked certificate status, using a custom client.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - OCSPCachingClient
```
public OCSPCachingClient(long maxTtl,
                         File diskPath,
                         String prefix)
```
    Parameters:
    
    maxTtl - maximum time after each cached response expires. Negative for no cache at all, 0 for no limit (i.e. caching time will be only controlled by the OCSP response validity period). In ms.
    
    diskPath - if not null, cached responses will be stored on disk.
    
    prefix - used if disk cache is enabled, as a common prefix for all files created in the cache directory.
- Method Detail
  - queryForCertificate
```
public OCSPResult queryForCertificate(URL responder,
                                      X509Certificate toCheckCert,
                                      X509Certificate issuerCert,
                                      X509Credential requester,
                                      boolean addNonce,
                                      int timeout)
                               throws IOException,
                                      org.bouncycastle.cert.ocsp.OCSPException
```
    Returns the checked certificate status.
    
    Parameters:
    
    responder - mandatory - URL of the responder. HTTP or HTTPs, however in https mode the
    
    toCheckCert - mandatory certificate to be checked
    
    issuerCert - mandatory certificate of the toCheckCert issuer
    
    requester - if not null, then it is assumed that request must be signed by the requester.
    
    addNonce - if true nonce will be added to the request and required in response
    
    timeout - timeout
    
    Returns:
    
    raw result of the query
    
    Throws:
    
    IOException - IO exception
    
    org.bouncycastle.cert.ocsp.OCSPException - OCSP exception
  - queryForCertificate
```
public OCSPResult queryForCertificate(URL responder,
                                      X509Certificate toCheckCert,
                                      X509Certificate issuerCert,
                                      X509Credential requester,
                                      boolean addNonce,
                                      int timeout,
                                      OCSPClientImpl client)
                               throws IOException,
                                      org.bouncycastle.cert.ocsp.OCSPException
```
    Returns the checked certificate status, using a custom client.
    
    Parameters:
    
    responder - mandatory - URL of the responder. HTTP or HTTPs, however in https mode the
    
    toCheckCert - mandatory certificate to be checked
    
    issuerCert - mandatory certificate of the toCheckCert issuer
    
    requester - if not null, then it is assumed that request must be signed by the requester.
    
    addNonce - if true nonce will be added to the request and required in response
    
    timeout - timeout
    
    client - client to be used for network calls
    
    Returns:
    
    raw result of the query
    
    Throws:
    
    IOException - IO exception
    
    org.bouncycastle.cert.ocsp.OCSPException - OCSP exception
  - clearMemoryCache
```
public void clearMemoryCache()
```

Class OCSPCachingClient

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

OCSPCachingClient

Method Detail

queryForCertificate

queryForCertificate

clearMemoryCache