Class OCSPVerifier
- java.lang.Object
-
- org.apache.synapse.transport.certificatevalidation.ocsp.OCSPVerifier
-
- All Implemented Interfaces:
RevocationVerifier
public class OCSPVerifier extends Object implements RevocationVerifier
Used to check if a Certificate is revoked or not by its CA using Online Certificate Status Protocol (OCSP).
-
-
Field Summary
Fields Modifier and Type Field Description static String
ACCEPT_TYPE
static String
CONTENT_TYPE
static String
JSON_TYPE
static String
OCSP_REQUEST_TYPE
static String
OCSP_RESPONSE_TYPE
-
Constructor Summary
Constructors Constructor Description OCSPVerifier(OCSPCache cache)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description RevocationStatus
checkRevocationStatus(X509Certificate peerCert, X509Certificate issuerCert)
Gets the revocation status (Good, Revoked or Unknown) of the given peer certificate.protected org.bouncycastle.cert.ocsp.OCSPResp
getOCSPResponse(String serviceUrl, org.bouncycastle.cert.ocsp.OCSPReq request)
Gets an ASN.1 encoded OCSP response (as defined in RFC 2560) from the given service URL.
-
-
-
Field Detail
-
CONTENT_TYPE
public static final String CONTENT_TYPE
- See Also:
- Constant Field Values
-
JSON_TYPE
public static final String JSON_TYPE
- See Also:
- Constant Field Values
-
ACCEPT_TYPE
public static final String ACCEPT_TYPE
- See Also:
- Constant Field Values
-
OCSP_REQUEST_TYPE
public static final String OCSP_REQUEST_TYPE
- See Also:
- Constant Field Values
-
OCSP_RESPONSE_TYPE
public static final String OCSP_RESPONSE_TYPE
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
OCSPVerifier
public OCSPVerifier(OCSPCache cache)
-
-
Method Detail
-
checkRevocationStatus
public RevocationStatus checkRevocationStatus(X509Certificate peerCert, X509Certificate issuerCert) throws CertificateVerificationException
Gets the revocation status (Good, Revoked or Unknown) of the given peer certificate.- Specified by:
checkRevocationStatus
in interfaceRevocationVerifier
- Parameters:
peerCert
- The certificate we want to check if revoked.issuerCert
- Needed to create OCSP request.- Returns:
- revocation status of the peer certificate.
- Throws:
CertificateVerificationException
-
getOCSPResponse
protected org.bouncycastle.cert.ocsp.OCSPResp getOCSPResponse(String serviceUrl, org.bouncycastle.cert.ocsp.OCSPReq request) throws CertificateVerificationException
Gets an ASN.1 encoded OCSP response (as defined in RFC 2560) from the given service URL. Currently supports only HTTP.- Parameters:
serviceUrl
- URL of the OCSP endpoint.request
- an OCSP request object.- Returns:
- OCSP response encoded in ASN.1 structure.
- Throws:
CertificateVerificationException
-
-