iaik.x509.ocsp

Class OCSPResponse

java.lang.Object

iaik.x509.ocsp.OCSPResponse

public class OCSPResponse
extends java.lang.Object

This class implements the OCSP type OCSPResponse.

The X.509 Online Certificate Status Protocol ( RFC 2560), RFC 6960) specifies the OCSPResponse type for giving the format of a response message that may be send to a OCSP requestor in response to a certificate status information request:

 OCSPResponse ::= SEQUENCE {
   responseStatus         OCSPResponseStatus,
   responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
 

An OCSP response at a minimum consists of a responseStatus field indicating the processing status of the prior request. If the value of responseStatus is one of the error conditions, responseBytes are not set. Note that responseStatus type "noMoreData" has been introduced by OCSPv2 (see draft-ietf-pkix-ocspv2-01.txt).

 OCSPResponseStatus ::= ENUMERATED {
   successful            (0),      --Response has valid confirmations
   malformedRequest      (1),      --Illegal confirmation request
   internalError         (2),      --Internal error in issuer
   tryLater              (3),      --Try again later
                                   --(4) is not used
   sigRequired           (5),      --Must sign the request
   unauthorized          (6)       --Request unauthorized 
 }
 

OCSP responses can be of various types. An OCSP response consists of a response type and the bytes of the actual response. There is one basic type of OCSP response that MUST be supported by all OCSP servers and clients. This OCSP implementation supports the BasicOCSPResponse, but also provides an easy machanism allowing application to implement any other response type and register the corresponding class by its object identifier (see class ResponseBytes for more information.

When creating an OCSPResponse you have to set the response status information, e.g.:

 OCSPResponse ocspResponse = new OCSPResponse(OCSPResponse.malformedRequest);
 

In the case of an successful OCSPResponse you immediately may supply the response component to the constructor. The response status is set to "successful" and ResponseBytes are created automatically, e.g.:

 BasicOCSPResponse basicOCSPResponse = ...;
 ...
 OCSPResponse ocspResponse = new OCSPResponse(basicOCSPResponse);
 

For DER encoding the OCSP response you may call method writeTo or getEncoded:

 OutputStream os = ...;
 ocspResponse.writeTo(os);
 

A requestor receiving an ocsp response, checks the response status and -- if successful -- gets the response included:

 // the stream supplying the encoded OCSP response:
 InputStream is = ...;
 OCSPResponse ocspResponse = new OCSPResponse(is);
 // get the response status:
 int responseStatus = ocspResponse.getResponseStatus();
 if (responseStatus != OCSPResponse.successful) {
   System.out.println("Not successful; got response status: " + 
                       ocspResponse.getResponseStatusName());   
   ...  
 } else {
   // get the included response
   Response response = ocspResponse.getResponse();
   ...
 

Version:

File Revision 14

See Also:

OCSPRequest, Request, BasicOCSPResponse, ResponseBytes, SingleResponse, ReqCert, CertStatus

Field Summary

Fields

Modifier and Type	Field and Description
static int	internalError Response status "internalError" (2) indicating an internal responder error.
static int	malformedRequest Response status "malformedRequest" (1) indicating that the request received is not OCSP-syntax-conform.
static int	noMoreData Response status "noMoreData" (7) indicating that the server has previously returned the last positive response to a related sequence of requests
static int	sigRequired Response status "sigRequired" (5) requiring a request to be signed.
static int	successful Response status "successful" (0) indicating that the response has valid confirmation.
static int	tryLater Response status "tryLater" (3) indicating that the request should be resend at later because the server temporarily cannot respond.
static int	unauthorized Response status "unauthorized" (6) indicating that the client is not authorized to make this query to this server or the server is not capable of responding authoritatively (for instance, does not have access to authoritative records for a requested certificate).

Constructor Summary

Constructors

Constructor and Description
OCSPResponse(ASN1Object obj) Creates an OCSPResponse from its ASN.1 representation.
OCSPResponse(byte[] array) Creates an OCSPResponse from its DER encoding.
OCSPResponse(java.io.InputStream is) Creates an OCSPResponse from its DER encoding.
OCSPResponse(int responseStatus) Creates an OCSPResponse for the given response status.
OCSPResponse(Response response) Creates an OCSPResponse from the given response.
OCSPResponse(ResponseBytes responseBytes) Creates an OCSPResponse for the given response bytes.

Method Summary

Methods

Modifier and Type	Method and Description
void	decode(ASN1Object obj) Decodes an OCSPResponse from its ASN.1 representation.
void	decode(java.io.InputStream is) Decodes an OCSPResponse from its DER encoding.
byte[]	getEncoded() DER encodes this OCSP response.
byte[]	getFingerprint(java.lang.String digestAlgorithm) Returns the fingerprint of this OCSPResponse calculated with the given hash algorithm.
Response	getResponse() Returns the response component of the ResponseBytes, if included.
ResponseBytes	getResponseBytes() Returns the response bytes, if included.
int	getResponseStatus() Returns the response status.
java.lang.String	getResponseStatusName() Returns the response status as String.
ObjectID	getResponseType() Returns the response type oid of the ResponseBytes, if included.
void	setResponse(Response response) Sets the response of this OCSPResponse.
void	setResponseBytes(ResponseBytes responseBytes) Sets the response bytes of this OCSPResponse.
ASN1Object	toASN1Object() Returns this OCSP response as ASN1Object.
java.lang.String	toString() Returns a String representation of this OCSP response.
void	writeTo(java.io.OutputStream os) Writes this OCSPResponse DER encoded to the given output stream.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

successful

public static final int successful

Response status "successful" (0) indicating that the response has valid confirmation.

See Also:

Constant Field Values

malformedRequest

public static final int malformedRequest

Response status "malformedRequest" (1) indicating that the request received is not OCSP-syntax-conform.

See Also:

Constant Field Values

internalError

public static final int internalError

Response status "internalError" (2) indicating an internal responder error.

See Also:

Constant Field Values

tryLater

public static final int tryLater

Response status "tryLater" (3) indicating that the request should be resend at later because the server temporarily cannot respond.

See Also:

Constant Field Values

sigRequired

public static final int sigRequired

Response status "sigRequired" (5) requiring a request to be signed.

See Also:

Constant Field Values

unauthorized

public static final int unauthorized

Response status "unauthorized" (6) indicating that the client is not authorized to make this query to this server or the server is not capable of responding authoritatively (for instance, does not have access to authoritative records for a requested certificate).

See Also:

Constant Field Values

noMoreData

public static final int noMoreData

Response status "noMoreData" (7) indicating that the server has previously returned the last positive response to a related sequence of requests

See Also:

Constant Field Values

Constructor Detail

OCSPResponse

public OCSPResponse(int responseStatus)
             throws java.lang.IllegalArgumentException

Creates an OCSPResponse for the given response status. If the response status is "succesfull" (1) use method setResponseBytes for setting the response bytes.

Parameters:

responseStatus - the response status

Throws:

java.lang.IllegalArgumentException - if the responseStatus is invalid

OCSPResponse

public OCSPResponse(ResponseBytes responseBytes)

Creates an OCSPResponse for the given response bytes. The response status is set to "successful" (1).

Parameters:

responseBytes - the response bytes

OCSPResponse

public OCSPResponse(Response response)

Creates an OCSPResponse from the given response. The response status is set to "successful" (1). ResponseBytes are internally creates from the given response.

Parameters:

response - the response

OCSPResponse

public OCSPResponse(ASN1Object obj)
             throws CodingException,
                    UnknownResponseException

Creates an OCSPResponse from its ASN.1 representation.

If the response is a successful one, response bytes are present. When parsing the response bytes, an unknown response type may be included. In this case this constructor throws an UnknownResponseException to be queried for information about the unknown response.

Parameters:

obj - the OCSPResponse as ASN1Object

Throws:

CodingException - if the ASN1Object cannot be parsed or the response status is invalid

UnknownResponseException - if the response is a successful response but the ResponseBytes included contain an response of unknown (= unsupported) type

OCSPResponse

public OCSPResponse(java.io.InputStream is)
             throws java.io.IOException,
                    UnknownResponseException

Creates an OCSPResponse from its DER encoding.

If the response is a successful one, response bytes are present. When parsing the response bytes, an unknown response type may be included. In this case this constructor throws an UnknownResponseException to be queried for information about the unknown response.

Parameters:

is - the input stream supplying the DER encoded OCSPResponse

Throws:

java.io.IOException - if the ASN1Object cannot be parsed or the response status is invalid

UnknownResponseException - if the response is a successful response but the ResponseBytes included contain an response of unknown (= unsupported) type

OCSPResponse

public OCSPResponse(byte[] array)
             throws CodingException,
                    UnknownResponseException

Creates an OCSPResponse from its DER encoding.

If the response is a successful one, response bytes are present. When parsing the response bytes, an unknown response type may be included. In this case this constructor throws an UnknownResponseException to be queried for information about the unknown response.

Parameters:

array - the DER encoded OCSPResponse as byte array

Throws:

CodingException - if the ASN1Object cannot be parsed or the response status is invalid

UnknownResponseException - if the response is a successful response but the ResponseBytes included contain an response of unknown (= unsupported) type

Method Detail

setResponseBytes

public void setResponseBytes(ResponseBytes responseBytes)

Sets the response bytes of this OCSPResponse. The response status is set to "successful" (1).

Parameters:

responseBytes - the response bytes

setResponse

public void setResponse(Response response)

Sets the response of this OCSPResponse. The response status is set to "successful" (1). ResponseBytes are internally creates from the given response.

Parameters:

response - the response

getResponseBytes

public ResponseBytes getResponseBytes()

Returns the response bytes, if included.

Returns:

the response bytes, if included (responseStatus = "successful" (0)).

getResponse

public Response getResponse()

Returns the response component of the ResponseBytes, if included. This method only provides an alternative for getting immediately to the response instead of calling getResponseBytes().getResponse(). This method returns null, if no response bytes are included.

Returns:

the response component of the the ResponseBytes, if included (responseStatus = "successful" (0))

getResponseType

public ObjectID getResponseType()

Returns the response type oid of the ResponseBytes, if included. This method only provides an alternative for getting immediately to the response type instead of calling getResponseBytes().getResponseType(). This method returns null, if no response bytes are included.

Returns:

the response type OID of the the ResponseBytes, if included (responseStatus = "successful" (0))

getResponseStatus

public int getResponseStatus()

Returns the response status.

• successful: 0
• malformedRequest: 1
• internalError: 2
• tryLater: 3
• sigRequired: 5
• unauthorized: 6
• noMoreData: 7

Returns:

the response status

getResponseStatusName

public java.lang.String getResponseStatusName()

Returns the response status as String.

• successful: 0
• malformedRequest: 1
• internalError: 2
• tryLater: 3
• sigRequired: 5
• unauthorized: 6
• noMoreData: 7

Returns:

the response status as string, e.g. "successful"

decode

public void decode(ASN1Object obj)
            throws CodingException,
                   UnknownResponseException

Decodes an OCSPResponse from its ASN.1 representation.

If the response is a successful one, response bytes are present. When parsing the response bytes, an unknown response type may be included. In this case this method throws an UnknownResponseException to be queried for information about the unknown response.

Parameters:

obj - the OCSPResponse as ASN1Object

Throws:

CodingException - if the ASN1Object cannot be parsed or the response status is invalid

UnknownResponseException - if ResponseBytes are included containing an response of unknown (= unsupported) type

decode

public void decode(java.io.InputStream is)
            throws java.io.IOException,
                   UnknownResponseException

Decodes an OCSPResponse from its DER encoding.

If the response is a successful one, response bytes are present. When parsing the response bytes, an unknown response type may be included. In this case this method throws an UnknownResponseException to be queried for information about the unknown response.

Parameters:

is - the input stream supplying the DER encoded OCSPResponse

Throws:

java.io.IOException - if the ASN1Object cannot be parsed or the response status is invalid

UnknownResponseException - if ResponseBytes are included containing an response of unknown (= unsupported) type

toASN1Object

public ASN1Object toASN1Object()

Returns this OCSP response as ASN1Object.

Returns:

this OCSP response as ASN1Objecz.

getEncoded

public byte[] getEncoded()

DER encodes this OCSP response.

Returns:

the DER encoding of this OCSP response

writeTo

public void writeTo(java.io.OutputStream os)
             throws java.io.IOException

Writes this OCSPResponse DER encoded to the given output stream.

Parameters:

os - the output stream to which to write the response

Throws:

java.io.IOException - if an error occurs while writing to the stream

getFingerprint

public byte[] getFingerprint(java.lang.String digestAlgorithm)
                      throws java.security.NoSuchAlgorithmException

Returns the fingerprint of this OCSPResponse calculated with the given hash algorithm.

Parameters:

digestAlgorithm - the digest algorithm to be used

Returns:

the fingerprint of the OCSP response

Throws:

java.security.NoSuchAlgorithmException - if the requested algorithm is not supported

toString

public java.lang.String toString()

Returns a String representation of this OCSP response.

Overrides:

toString in class java.lang.Object

Returns:

a string representation of this OCSP response