public class OCSPVerifier extends RootStoreVerifier
Modifier and Type | Field | Description |
---|---|---|
protected static java.lang.String |
id_kp_OCSPSigning |
|
protected static Logger |
LOGGER |
The Logger instance
|
protected java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> |
ocsps |
The list of OCSP responses.
|
onlineCheckingAllowed, verifier
rootStore
Constructor | Description |
---|---|
OCSPVerifier(CertificateVerifier verifier,
java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps) |
Creates an OCSPVerifier instance.
|
Modifier and Type | Method | Description |
---|---|---|
org.bouncycastle.cert.ocsp.BasicOCSPResp |
getOcspResponse(java.security.cert.X509Certificate signCert,
java.security.cert.X509Certificate issuerCert) |
Gets an OCSP response online and returns it if the status is GOOD
(without further checking).
|
boolean |
isSignatureValid(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
java.security.cert.Certificate responderCert) |
Checks if an OCSP response is genuine
|
void |
isValidResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
java.security.cert.X509Certificate issuerCert) |
Verifies if an OCSP response is genuine
If it doesn't verify against the issuer certificate and response's certificates, it may verify
using a trusted anchor or cert.
|
java.util.List<VerificationOK> |
verify(java.security.cert.X509Certificate signCert,
java.security.cert.X509Certificate issuerCert,
java.util.Date signDate) |
Verifies if a a valid OCSP response is found for the certificate.
|
boolean |
verify(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
java.security.cert.X509Certificate signCert,
java.security.cert.X509Certificate issuerCert,
java.util.Date signDate) |
Verifies a certificate against a single OCSP response
|
boolean |
verifyResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
java.security.cert.X509Certificate issuerCert) |
Deprecated.
|
setOnlineCheckingAllowed
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
setRootStore
protected static final Logger LOGGER
protected static final java.lang.String id_kp_OCSPSigning
protected java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps
public OCSPVerifier(CertificateVerifier verifier, java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps)
verifier
- the next verifier in the chainocsps
- a list of OCSP responsespublic java.util.List<VerificationOK> verify(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate) throws java.security.GeneralSecurityException, java.io.IOException
verify
in class RootStoreVerifier
signCert
- the certificate that needs to be checkedissuerCert
- its issuersignDate
- the date the certificate needs to be validVerificationOK
objects.
The list will be empty if the certificate couldn't be verified.java.security.GeneralSecurityException
java.io.IOException
RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
public boolean verify(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate) throws java.security.GeneralSecurityException, java.io.IOException
ocspResp
- the OCSP responsesignCert
- the certificate that needs to be checkedissuerCert
- the certificate of CAsignDate
- sign datetrue
, in case successful check, otherwise false.java.security.GeneralSecurityException
java.io.IOException
public void isValidResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.X509Certificate issuerCert) throws java.security.GeneralSecurityException, java.io.IOException
ocspResp
- the OCSP responseissuerCert
- the issuer certificatejava.security.GeneralSecurityException
java.io.IOException
@Deprecated public boolean verifyResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.X509Certificate issuerCert)
isValidResponse()
instead.ocspResp
- the response objectissuerCert
- the issuer certificatepublic boolean isSignatureValid(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.Certificate responderCert)
ocspResp
- the OCSP responseresponderCert
- the responder certificatepublic org.bouncycastle.cert.ocsp.BasicOCSPResp getOcspResponse(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert)
signCert
- the signing certificateissuerCert
- the issuer certificateCopyright © 1998–2018. All rights reserved.