OCSPClientImpl (canl 2.5.0 API)

java.lang.Object
- eu.emi.security.authn.x509.helpers.ocsp.OCSPClientImpl

```
public class OCSPClientImpl
extends Object
```
OCSP client is responsible for the network related activity of the OCSP invocation pipeline. This class is state less and thread safe.
It is implementing the RFC 2560 also taking care to support the lightweight profile recommendations defined in the RFC 5019.

Author:

K. Benedyczak

Constructor Summary

Constructors
Constructor and Description

OCSPClientImpl()

Constructors
Constructor and Description
`OCSPClientImpl()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`org.bouncycastle.cert.ocsp.OCSPReq`	`createRequest(X509Certificate toCheckCert, X509Certificate issuerCert, X509Credential requester, boolean addNonce)`
`static byte[]`	`extractNonce(org.bouncycastle.cert.ocsp.OCSPReq request)`
`static Date`	`getNextUpdateFromCacheHeader(String cc)`
`OCSPResult`	`queryForCertificate(URL responder, X509Certificate toCheckCert, X509Certificate issuerCert, X509Credential requester, boolean addNonce, int timeout)` Returns a verified single response, related to the checked certificate.
`OCSPResponseStructure`	`send(URL responder, org.bouncycastle.cert.ocsp.OCSPReq requestO, int timeout)`
`org.bouncycastle.cert.ocsp.SingleResp`	`verifyResponse(org.bouncycastle.cert.ocsp.OCSPResp response, X509Certificate toCheckCert, X509Certificate issuerCert, byte[] checkNonce)` Verifies the provided response

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- OCSPClientImpl
```
public OCSPClientImpl()
```

Method Detail

queryForCertificate
```
public OCSPResult queryForCertificate(URL responder,
                                      X509Certificate toCheckCert,
                                      X509Certificate issuerCert,
                                      X509Credential requester,
                                      boolean addNonce,
                                      int timeout)
                               throws IOException,
                                      org.bouncycastle.cert.ocsp.OCSPException
```
Returns a verified single response, related to the checked certificate. This is single-shot version, which can be used instead of manual invocation of low-level methods.

Parameters:

responder - mandatory - URL of the responder. HTTP or HTTPs, however in https mode the

toCheckCert - mandatory certificate to be checked

issuerCert - mandatory certificate of the toCheckCert issuer

requester - if not null, then it is assumed that request must be signed by the requester.

addNonce - if true nonce will be added to the request and required in response

timeout - timeout

Returns:

Final OCSP checking result

Throws:

IOException - IO exception

org.bouncycastle.cert.ocsp.OCSPException - OCSP exception

createRequest

public org.bouncycastle.cert.ocsp.OCSPReq createRequest(X509Certificate toCheckCert,
                                                        X509Certificate issuerCert,
                                                        X509Credential requester,
                                                        boolean addNonce)
                                                 throws org.bouncycastle.cert.ocsp.OCSPException

Throws:: org.bouncycastle.cert.ocsp.OCSPException

send

public OCSPResponseStructure send(URL responder,
                                  org.bouncycastle.cert.ocsp.OCSPReq requestO,
                                  int timeout)
                           throws IOException

Throws:: IOException

getNextUpdateFromCacheHeader

public static Date getNextUpdateFromCacheHeader(String cc)

verifyResponse

public org.bouncycastle.cert.ocsp.SingleResp verifyResponse(org.bouncycastle.cert.ocsp.OCSPResp response,
                                                            X509Certificate toCheckCert,
                                                            X509Certificate issuerCert,
                                                            byte[] checkNonce)
                                                     throws org.bouncycastle.cert.ocsp.OCSPException

Verifies the provided response

Parameters:: response - OCSP response; toCheckCert - mandatory certificate to be checked; issuerCert - mandatory certificate of the toCheckCert issuer; checkNonce - expected OCSP nonce
Returns:: verified response corresponding to the certificate being checked
Throws:: org.bouncycastle.cert.ocsp.OCSPException - OCSP exception

extractNonce

public static byte[] extractNonce(org.bouncycastle.cert.ocsp.OCSPReq request)
                           throws IOException

Throws:: IOException

Class OCSPClientImpl

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

OCSPClientImpl

Method Detail

queryForCertificate

createRequest

send

getNextUpdateFromCacheHeader

verifyResponse

extractNonce