Package org.apache.synapse.transport.certificatevalidation.ocsp

Class OCSPVerifier

java.lang.Object

org.apache.synapse.transport.certificatevalidation.ocsp.OCSPVerifier

All Implemented Interfaces:

RevocationVerifier

public class OCSPVerifier
extends Object
implements RevocationVerifier

Used to check if a Certificate is revoked or not by its CA using Online Certificate Status Protocol (OCSP).

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ACCEPT_TYPE
static final String	CONTENT_TYPE
static final String	JSON_TYPE
static final String	OCSP_REQUEST_TYPE
static final String	OCSP_RESPONSE_TYPE

Constructor Summary

Constructors

Constructor	Description
OCSPVerifier(OCSPCache cache)

Method Summary

Modifier and Type	Method	Description
static void	addProvider(String jceProvider)
RevocationStatus	checkRevocationStatus(X509Certificate peerCert, X509Certificate issuerCert)	Gets the revocation status (Good, Revoked or Unknown) of the given peer certificate.
protected org.bouncycastle.cert.ocsp.OCSPResp	getOCSPResponce(String serviceUrl, org.bouncycastle.cert.ocsp.OCSPReq request)	Gets an ASN.1 encoded OCSP response (as defined in RFC 2560) from the given service URL.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CONTENT_TYPE

public static final String CONTENT_TYPE

See Also:

• Constant Field Values

JSON_TYPE

public static final String JSON_TYPE

See Also:

• Constant Field Values

ACCEPT_TYPE

public static final String ACCEPT_TYPE

See Also:

• Constant Field Values

OCSP_REQUEST_TYPE

public static final String OCSP_REQUEST_TYPE

See Also:

• Constant Field Values

OCSP_RESPONSE_TYPE

public static final String OCSP_RESPONSE_TYPE

See Also:

• Constant Field Values

Constructor Details

OCSPVerifier

public OCSPVerifier(OCSPCache cache)

Method Details

checkRevocationStatus

public RevocationStatus checkRevocationStatus(X509Certificate peerCert,
 X509Certificate issuerCert)
                                       throws CertificateVerificationException

Gets the revocation status (Good, Revoked or Unknown) of the given peer certificate.

Specified by:

checkRevocationStatus in interface RevocationVerifier

Parameters:

peerCert - The certificate we want to check if revoked.

issuerCert - Needed to create OCSP request.

Returns:

revocation status of the peer certificate.

Throws:

CertificateVerificationException

getOCSPResponce

protected org.bouncycastle.cert.ocsp.OCSPResp getOCSPResponce(String serviceUrl,
 org.bouncycastle.cert.ocsp.OCSPReq request)
                                                       throws CertificateVerificationException

Gets an ASN.1 encoded OCSP response (as defined in RFC 2560) from the given service URL. Currently supports only HTTP.

Parameters:

serviceUrl - URL of the OCSP endpoint.

request - an OCSP request object.

Returns:

OCSP response encoded in ASN.1 structure.

Throws:

CertificateVerificationException

addProvider

public static void addProvider(String jceProvider)
                        throws CertificateVerificationException

Throws:

CertificateVerificationException