Package com.itextpdf.signatures

Class OcspClientBouncyCastle

java.lang.Object
com.itextpdf.signatures.OcspClientBouncyCastle
All Implemented Interfaces:
IOcspClient
public class OcspClientBouncyCastle extends Object implements IOcspClient
OcspClient implementation using BouncyCastle.
Author:
Paulo Soarees

  • Constructor Details

    • OcspClientBouncyCastle

      public OcspClientBouncyCastle (OCSPVerifier verifier)
      Creates OcspClient.
      Parameters:
      verifier - will be used for response verification.
      See Also:

  • Method Details

    • getBasicOCSPResp

      public org.bouncycastle.cert.ocsp.BasicOCSPResp getBasicOCSPResp (X509Certificate checkCert, X509Certificate rootCert, String url)
      Gets OCSP response. If OCSPVerifier was set, the response will be checked.
      Parameters:
      checkCert - to certificate to check
      rootCert - the parent certificate
      url - to get the verification
      Returns:
      OCSP response

    • getEncoded

      public byte[] getEncoded (X509Certificate checkCert, X509Certificate rootCert, String url)
      Fetch a DER-encoded BasicOCSPResponse from an OCSP responder. The method should not throw an exception.

      Note: do not pass in the full DER-encoded OCSPResponse object obtained from the responder, only the DER-encoded BasicOCSPResponse value contained in the response data.

      Specified by:
      getEncoded in interface IOcspClient
      Parameters:
      checkCert - Certificate to check.
      rootCert - The parent certificate.
      url - The URL of the OCSP responder endpoint. If null, implementations can attempt to obtain a URL from the AuthorityInformationAccess extension of the certificate, or from another implementation-specific source.
      Returns:
      a byte array containing a DER-encoded BasicOCSPResponse structure or null if one could not be obtained
      See Also: