demo.x509.ocsp
Class OCSP1

java.lang.Object
  |
  +--demo.x509.ocsp.OCSP1

public class OCSP1

extends Object

Tests the OCSP implementation.

This demo is similar to the OCPS demo but uses the ResponseGenerator utility for parsing a request and generating resonse. RequestGenerator and ResponseParser utilities for creating requests and parsing requests are planned for some of the next releases.

This class demonstrates the usage of the IAIK ocsp implementation by simulating the following actions in the given order:

1. Requestor: creation and encoding of an ocsp request
2. Responder: decoding and parsing of the ocsp request
3. Responder: creation and encoding of an ocsp response for the given request
4. Requestor: decoding, parsing, and verification of the response

The test sequence above is performed four times to simulate unsigned requests with and without extensions, and signed requests with and without extensions.

The keys and certificates required for this demo are obtained from the IAIK-JCE demo keystore "jce.keystore" which may be generated by running the SetupKeyStore program.

Version:

File Revision 15

Constructor Summary

OCSP1()
Setup the demo certificate chains.

Method Summary

OCSPRequest	createOCSPRequest(PrivateKey requestorKey, X509Certificate[] requestorCerts, boolean includeExtensions) Creates an OCSPRequest.
OCSPRequest	createOCSPRequest(PrivateKey requestorKey, X509Certificate[] requestorCerts, X509Certificate[] targetCerts, boolean includeExtensions) Creates an OCSPRequest.
byte[]	createOCSPResponse(InputStream is) Creates an ocsp response answering the given ocsp request.
static void	main(String[] argv) Starts the test.
void	parseForSingleResponse(ReqCert reqCert, BasicOCSPResponse basicOCSPResponse) Searches and parses the given basicOCSPResponse for the single response corresponding to the request idenitified by the given ReqCert.
void	parseOCSPResponse(OCSPResponse ocspResponse) Parses an ocsp response received and looks for the single responses included.
void	start() Performs three tests: Unsigned request without extensions.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OCSP1

public OCSP1()
      throws IOException

Setup the demo certificate chains. Keys and certificates are retrieved from the demo KeyStore.

Throws:

IOException - if an file read error occurs

Method Detail

start

public void start()

Performs three tests:

1. Unsigned request without extensions.
2. Unsigned request with extensions.
3. Signed request without extensions.
4. Signed request with extensions.

createOCSPRequest

public OCSPRequest createOCSPRequest(PrivateKey requestorKey,
                                     X509Certificate[] requestorCerts,
                                     boolean includeExtensions)
                              throws OCSPException

Creates an OCSPRequest.

Parameters:

requestorKey - the private key of the requestor, or null if the request shall not be signed

requestorCerts - if the request shall be signed (requestorKey != null) and signer certs shall be included

includeExtensions - if extensions shall be included

Returns:

the OCSPRequest created

Throws:

OCSPException - if an error occurs when creating the request

createOCSPRequest

public OCSPRequest createOCSPRequest(PrivateKey requestorKey,
                                     X509Certificate[] requestorCerts,
                                     X509Certificate[] targetCerts,
                                     boolean includeExtensions)
                              throws OCSPException

Creates an OCSPRequest.

Parameters:

requestorKey - the private key of the requestor, or null if the request shall not be signed

requestorCerts - if the request shall be signed (requestorKey != null) and signer certs shall be included

targetCerts - the certs for which status information shall be included

includeExtensions - if extensions shall be included

Returns:

the OCSPRequest created

Throws:

OCSPException - if an error occurs when creating the request

createOCSPResponse

public byte[] createOCSPResponse(InputStream is)
                          throws OCSPException

Creates an ocsp response answering the given ocsp request.

Parameters:

is - the encoded OCSP request supplied from an input stream

includeExtensions - if extensions shall be included

Returns:

the DER encoded OCSPResponse

Throws:

OCSPException - if an error occurs when creating the response

parseOCSPResponse

public void parseOCSPResponse(OCSPResponse ocspResponse)
                       throws OCSPException

Parses an ocsp response received and looks for the single responses included.

Parameters:

ocspResponse - the OCSP response

Throws:

OCSPException - if an error occurs when creating the response

parseForSingleResponse

public void parseForSingleResponse(ReqCert reqCert,
                                   BasicOCSPResponse basicOCSPResponse)
                            throws OCSPException

Searches and parses the given basicOCSPResponse for the single response corresponding to the request idenitified by the given ReqCert.

Parameters:

the - reqCert the ReqCert identifying the request

basicOCSPResponse - the basic OCSP response

Throws:

OCSPException - if no reponse is included for the request in mind

main

public static void main(String[] argv)
                 throws Exception

Starts the test.

Throws:

Exception - if an error occurs when reading required keys and certificates from files