Package com.itextpdf.text.pdf.security
Class OcspClientBouncyCastle
- java.lang.Object
-
- com.itextpdf.text.pdf.security.OcspClientBouncyCastle
-
- All Implemented Interfaces:
OcspClient
public class OcspClientBouncyCastle extends java.lang.Object implements OcspClient
OcspClient implementation using BouncyCastle.
-
-
Field Summary
Fields Modifier and Type Field Description private static Logger
LOGGER
The Logger instanceprivate OCSPVerifier
verifier
-
Constructor Summary
Constructors Constructor Description OcspClientBouncyCastle()
Deprecated.OcspClientBouncyCastle(OCSPVerifier verifier)
CreateOcspClient
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private static org.bouncycastle.cert.ocsp.OCSPReq
generateOCSPRequest(java.security.cert.X509Certificate issuerCert, java.math.BigInteger serialNumber)
Generates an OCSP request using BouncyCastle.org.bouncycastle.cert.ocsp.BasicOCSPResp
getBasicOCSPResp(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
Gets OCSP response.byte[]
getEncoded(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
Gets an encoded byte array with OCSP validation.private org.bouncycastle.cert.ocsp.OCSPResp
getOcspResponse(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
-
-
-
Field Detail
-
LOGGER
private static final Logger LOGGER
The Logger instance
-
verifier
private final OCSPVerifier verifier
-
-
Constructor Detail
-
OcspClientBouncyCastle
@Deprecated public OcspClientBouncyCastle()
Deprecated.Create default implemention ofOcspClient
. Note, if you use this constructor, OCSP response will not be verified.
-
OcspClientBouncyCastle
public OcspClientBouncyCastle(OCSPVerifier verifier)
CreateOcspClient
- Parameters:
verifier
- will be used for response verification. {@see OCSPVerifier}.
-
-
Method Detail
-
getBasicOCSPResp
public org.bouncycastle.cert.ocsp.BasicOCSPResp getBasicOCSPResp(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
Gets OCSP response. If {@see OCSPVerifier} was setted, the response will be checked.
-
getEncoded
public byte[] getEncoded(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url)
Gets an encoded byte array with OCSP validation. The method should not throw an exception.- Specified by:
getEncoded
in interfaceOcspClient
- Parameters:
checkCert
- to certificate to checkrootCert
- the parent certificateurl
- to get the verification. It it's null it will be taken from the check cert or from other implementation specific source- Returns:
- a byte array with the validation or null if the validation could not be obtained
-
generateOCSPRequest
private static org.bouncycastle.cert.ocsp.OCSPReq generateOCSPRequest(java.security.cert.X509Certificate issuerCert, java.math.BigInteger serialNumber) throws org.bouncycastle.cert.ocsp.OCSPException, java.io.IOException, org.bouncycastle.operator.OperatorException, java.security.cert.CertificateEncodingException
Generates an OCSP request using BouncyCastle.- Parameters:
issuerCert
- certificate of the issuesserialNumber
- serial number- Returns:
- an OCSP request
- Throws:
org.bouncycastle.cert.ocsp.OCSPException
java.io.IOException
org.bouncycastle.operator.OperatorException
java.security.cert.CertificateEncodingException
-
getOcspResponse
private org.bouncycastle.cert.ocsp.OCSPResp getOcspResponse(java.security.cert.X509Certificate checkCert, java.security.cert.X509Certificate rootCert, java.lang.String url) throws java.security.GeneralSecurityException, org.bouncycastle.cert.ocsp.OCSPException, java.io.IOException, org.bouncycastle.operator.OperatorException
- Throws:
java.security.GeneralSecurityException
org.bouncycastle.cert.ocsp.OCSPException
java.io.IOException
org.bouncycastle.operator.OperatorException
-
-