Package com.itextpdf.signatures

Class OcspClientBouncyCastle

java.lang.Object

com.itextpdf.signatures.OcspClientBouncyCastle

All Implemented Interfaces:

IOcspClient

       public class OcspClientBouncyCastle extends Object implements IOcspClient
      

OcspClient implementation using BouncyCastle.

Constructor Summary

Constructors

Constructor	Description
OcspClientBouncyCastle()	Creates new OcspClientBouncyCastle instance.
OcspClientBouncyCastle(OCSPVerifier verifier)	Deprecated. starting from 8.0.5.

Method Summary

Modifier and Type	Method	Description
protected InputStream	createRequestAndResponse(X509Certificate checkCert, X509Certificate rootCert, String url)	Create OCSP request and get the response for this request, represented as InputStream.
protected static IOCSPReq	generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber)	Generates an OCSP request using BouncyCastle.
IBasicOCSPResp	getBasicOCSPResp(X509Certificate checkCert, X509Certificate rootCert, String url)	Gets OCSP response.
protected static ICertificateStatus	getCertificateStatus(byte[] basicOcspRespBytes)	Retrieves certificate status from the OCSP response.
byte[]	getEncoded(X509Certificate checkCert, X509Certificate rootCert, String url)	Fetch a DER-encoded BasicOCSPResponse from an OCSP responder.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OcspClientBouncyCastle

             @Deprecated public OcspClientBouncyCastle
             (OCSPVerifier verifier)
            

Deprecated.

starting from 8.0.5. OcspClientBouncyCastle() should be used instead. If required, IBasicOCSPResp can be checked using OCSPValidator class.

Creates OcspClient.

Parameters:

verifier - will be used for response verification.

OcspClientBouncyCastle

             public OcspClientBouncyCastle()
            

Creates new OcspClientBouncyCastle instance.

Method Details

getBasicOCSPResp

             public IBasicOCSPResp getBasicOCSPResp
             (X509Certificate checkCert, X509Certificate rootCert, String url)
            

Gets OCSP response. If OCSPVerifier was set, the response will be checked.

Parameters:

checkCert - the certificate to check

rootCert - parent certificate

url - to get the verification

Returns:

IBasicOCSPResp an OCSP response wrapper

getEncoded

             public byte[] getEncoded
             (X509Certificate checkCert, X509Certificate rootCert, String url)
            

Fetch a DER-encoded BasicOCSPResponse from an OCSP responder. The method should not throw an exception.

Note: do not pass in the full DER-encoded OCSPResponse object obtained from the responder, only the DER-encoded BasicOCSPResponse value contained in the response data.

Specified by:

getEncoded in interface IOcspClient

Parameters:

checkCert - Certificate to check.

rootCert - The parent certificate.

url - The URL of the OCSP responder endpoint. If null, implementations can attempt to obtain a URL from the AuthorityInformationAccess extension of the certificate, or from another implementation-specific source.

Returns:

a byte array containing a DER-encoded BasicOCSPResponse structure or null if one could not be obtained

See Also:

• RFC 6960 § 4.2.1

generateOCSPRequest

             protected static IOCSPReq generateOCSPRequest
             (X509Certificate issuerCert, BigInteger serialNumber) throws AbstractOCSPException, IOException, CertificateEncodingException, AbstractOperatorCreationException
            

Generates an OCSP request using BouncyCastle.

Parameters:

issuerCert - certificate of the issues

serialNumber - serial number

Returns:

IOCSPReq an OCSP request wrapper

Throws:

AbstractOCSPException - is thrown if any errors occur while handling OCSP requests/responses

IOException - signals that an I/O exception has occurred

CertificateEncodingException - is thrown if any errors occur while handling OCSP requests/responses

AbstractOperatorCreationException - is thrown if any errors occur while handling OCSP requests/responses

getCertificateStatus

             protected static ICertificateStatus getCertificateStatus
             (byte[] basicOcspRespBytes)
            

Retrieves certificate status from the OCSP response.

Parameters:

basicOcspRespBytes - encoded basic OCSP response

Returns:

good, revoked or unknown certificate status retrieved from the OCSP response, or null if an error occurs.

createRequestAndResponse

             protected InputStream createRequestAndResponse
             (X509Certificate checkCert, X509Certificate rootCert, String url) throws IOException, AbstractOperatorCreationException, AbstractOCSPException, CertificateEncodingException
            

Create OCSP request and get the response for this request, represented as InputStream.

Parameters:

checkCert - X509Certificate certificate to get OCSP response for

rootCert - X509Certificate root certificate from which OCSP request will be built

url - URL link, which is expected to be used to get OCSP response from

Returns:

OCSP response bytes, represented as InputStream

Throws:

IOException - if an I/O error occurs

AbstractOperatorCreationException - is thrown if any errors occur while handling OCSP requests/responses

AbstractOCSPException - is thrown if any errors occur while handling OCSP requests/responses

CertificateEncodingException - is thrown if any errors occur while handling OCSP requests/responses