Package se.swedenconnect.sigval.cert.validity.ocsp

Class OCSPCertificateVerifier

java.lang.Object

se.swedenconnect.sigval.cert.validity.AbstractValidityChecker

se.swedenconnect.sigval.cert.validity.ocsp.OCSPCertificateVerifier

All Implemented Interfaces:

Runnable, ValidityChecker

public class OCSPCertificateVerifier
extends AbstractValidityChecker

Certificate verifier based on OCSP

Author:

Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

Field Summary

Fields

Modifier and Type	Field	Description
protected int	connectTimeout	timeout in milliseconds for making connections to an OCSP responder
static final String	EVENT_ID	Event identifier used to identify this process
protected int	readTimeout	timeout in milliseconds for obtaining an OCSP response
static final String[]	RESPONSE_STATUS	Response status code names
static final Random	RNG	Random source for nonce generation

Fields inherited from class se.swedenconnect.sigval.cert.validity.AbstractValidityChecker

certificate, issuer

Constructor Summary

Constructors

Constructor	Description
OCSPCertificateVerifier(X509Certificate certificate, X509Certificate issuer, PropertyChangeListener... propertyChangeListeners)

Method Summary

Modifier and Type	Method	Description
ValidationStatus	checkValidity()	Checks the validity of a certificate
ValidationStatus	checkValidity(Date validationDate)	Check validity based on a specific validation date
protected org.bouncycastle.cert.ocsp.OCSPReq	generateOCSPRequest(org.bouncycastle.cert.ocsp.CertificateID certificateId, byte[] nonce)	Create OCSP request

Methods inherited from class se.swedenconnect.sigval.cert.validity.AbstractValidityChecker

run

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

EVENT_ID

public static final String EVENT_ID

Event identifier used to identify this process

See Also:

• Constant Field Values

RESPONSE_STATUS

public static final String[] RESPONSE_STATUS

Response status code names

connectTimeout

protected int connectTimeout

timeout in milliseconds for making connections to an OCSP responder

readTimeout

protected int readTimeout

timeout in milliseconds for obtaining an OCSP response

RNG

public static final Random RNG

Random source for nonce generation

Constructor Details

OCSPCertificateVerifier

public OCSPCertificateVerifier(X509Certificate certificate,
 X509Certificate issuer,
 PropertyChangeListener... propertyChangeListeners)

Method Details

checkValidity

public ValidationStatus checkValidity()

Checks the validity of a certificate

Specified by:

checkValidity in interface ValidityChecker

Specified by:

checkValidity in class AbstractValidityChecker

Returns:

certificate validity status

checkValidity

public ValidationStatus checkValidity(Date validationDate)

Check validity based on a specific validation date

Parameters:

validationDate - validation date

Returns:

validation status

generateOCSPRequest

protected org.bouncycastle.cert.ocsp.OCSPReq generateOCSPRequest(org.bouncycastle.cert.ocsp.CertificateID certificateId,
 byte[] nonce)
                                                          throws org.bouncycastle.cert.ocsp.OCSPException

Create OCSP request

Parameters:

certificateId - certID according to OCSP

nonce - optional nonce used in the OCSP request

Returns:

OCSP response

Throws:

org.bouncycastle.cert.ocsp.OCSPException - error creating the OCSP response