|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object iaik.security.ssl.OCSPStatusRequest
public class OCSPStatusRequest
Implements the OCSPStatusRequest
structure to may
be sent within a status_request
extension of type ocsp
.
An OCSPStatusRequest
may contain a list of ocsp
responder ids and a list of request extensions (see RFC 4366):
struct { ResponderID responder_id_list<0..2^16-1>; Extensions request_extensions; } OCSPStatusRequest; opaque ResponderID<1..2^16-1>; opaque Extensions<0..2^16-1>;
When creating
an
OCSPStatusRequest
specify the responder ids and extensions
to be included (both may be null
if you do not want to
send responder ids or extensions):
// responder ids ResponderID[] responderIDs = ...; // request extensions OCSPExtensions requestExtensions = ...; // create OCSPStatusRequest OCSPStatusRequest ocspStatusRequest = new OCSPStatusRequest(responderIDs, requestExtensions); // create CertificateStatusRequest extension of type ocsp: CertificateStatusRequest certStatusRequest = new CertificateStatusRequest(OCSPStatusRequest.STATUS_TYPE, ocspStatusRequest.getEncoded()); // add to ExtensionList ExtensionList extensions = new ExtensionList(); ... extensions.addExtension(certStatusRequest); ... // set extensions for the SSLClientContext configuration: SSLClientContext clientContext = new SSLClientContext(); ... clientContext.setExtensions(extensions); ...
Attention: If your request extensions contain a Nonce
extension please note that
the same nonce shall be only used once! Thus do not use the same SSLClientContext
with the same CertificateStatusRequest extension repeatedly if the status request
contains a Nonce extension!
Alternatively you do not may specify an ocsp status request at all when creating
the CertificateStatusRequest
extension. In this
case iSaSiLk will use the
method SecurityProvider
createCertStatusRequest
to create an OCSP status request with a fresh nonce anytime a new status request
is sent:
// create CertificateStatusRequest extension of type ocsp: CertificateStatusRequest certStatusRequest = new CertificateStatusRequest(OCSPStatusRequest.STATUS_TYPE, null); // add to ExtensionList ExtensionList extensions = new ExtensionList(); ... extensions.addExtension(certStatusRequest); ... // set extensions for the SSLClientContext configuration: SSLClientContext clientContext = new SSLClientContext(); ... clientContext.setExtensions(extensions); ...
CertificateStatusRequest
,
OCSPCertStatusChainVerifier
Field Summary | |
---|---|
static int |
STATUS_TYPE
Status type ocsp (1). |
Constructor Summary | |
---|---|
OCSPStatusRequest()
Creates an OCSPStatusRequest. |
|
OCSPStatusRequest(byte[] encodedOCSPStatusRequest)
Creates and decodes an OCSPStatusRequest from a TLS encoded byte array. |
|
OCSPStatusRequest(ResponderID[] responderIds)
Creates an OCSPStatusRequest for the given responder ids. |
|
OCSPStatusRequest(ResponderID[] responderIds,
byte[] nonce)
Creates an OCSPStatusRequest for the given responder id and nonce value. |
|
OCSPStatusRequest(ResponderID[] responderIds,
OCSPExtensions extensions)
Creates an OCSPStatusRequest for the given responder id and extension lists. |
Method Summary | |
---|---|
byte[] |
getEncoded()
TLS encodes this OCSPStatusRequest. |
OCSPExtensions |
getExtensions()
Gets the list of request extensions. |
byte[] |
getNonce()
Gets the nonce value, if request extensions are included in this OCSPStatusRequest and a Nonce extension is contained in the request extensions. |
ResponderID[] |
getResponderIDs()
Gets the list of ocsp responder ids. |
byte[] |
getWrappedNonce()
Gets the wrapped nonce value, if request extensions are included in this OCSPStatusRequest and a Nonce extension is contained in the request extensions. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final int STATUS_TYPE
Constructor Detail |
---|
public OCSPStatusRequest()
public OCSPStatusRequest(ResponderID[] responderIds)
responderIds
- the list of OCSP responders
(the responderIds
array is not cloned or copied by this method)public OCSPStatusRequest(ResponderID[] responderIds, OCSPExtensions extensions)
responderIds
- the list of OCSP responders
(the responderIds
array is not cloned or copied by this method)extensions
- the list of request extensions
(the extensions
array is not cloned or copied by this method)public OCSPStatusRequest(ResponderID[] responderIds, byte[] nonce) throws OCSPException
When using this constructor the ocsp status request sent to the
server will contain the given responder id list (which may be
null) and the Nonce
extension as only extension.
The Nonce
extension is calculated from the given
nonce
value. Note that TLS (RFC 4366) encodes
the Nonce
extension as separate ASN.1 OCTET_STRING
to be then wrapped into the second OCTET_STRING of the OCSP
extension value. OCSP (RFC 2560), however, encodes the nonce
value immediately into the OCSP extension value (without wrapping
it into a seperate OCTET_STRING).
The nonce
value given to this constructor has to
represent the raw nonce (not weapped into an OCTET_STRING). The
required OCTET_STRING wrapping is done inside this constructor.
Note that a nonce shall be used only once. Thus, do not use the same instance of this class repeatedly!
responderIds
- the list of OCSP responders
(the responderIds
array is not cloned or copied by this method)nonce
- the nonce value
(the nonce
byte array is not cloned or copied by this method)
OCSPException
public OCSPStatusRequest(byte[] encodedOCSPStatusRequest) throws java.io.IOException
The encoding represents the TLS encoding of the OCSPStatusRequest
structure according to RFC 4366:
struct { ResponderID responder_id_list<0..2^16-1>; Extensions request_extensions; } OCSPStatusRequest; opaque ResponderID<1..2^16-1>; opaque Extensions<0..2^16-1>;
encodedOCSPStatusRequest
- the TLS encoded ocsp status request as byte array
java.io.IOException
- if an error occurs while parsing the ocsp status requestMethod Detail |
---|
public ResponderID[] getResponderIDs()
null
or empty if no ocsp reponder
ids are included
(the returned ResponderID array is not cloned or copied by this method)public OCSPExtensions getExtensions()
OCSPExtensions
object;
the OCSPExtensions
object maybe null
or
empty if no extensions are includedpublic byte[] getNonce()
Note that TLS (RFC 4366) encodes the Nonce
extension as
separate ASN.1 OCTET_STRING to be then wrapped into the second
OCTET_STRING of the OCSP extension value. OCSP (RFC 2560), however,
encodes the nonce value immediately into the OCSP extension value
(without wrapping it into a seperate OCTET_STRING).
The nonce
value return by this method represents the raw
nonce (not weapped into an OCTET_STRING). The required OCTET_STRING
unwrapping is done inside this method.
null
if no Nonce
extension is included in this ocsp status requestpublic byte[] getWrappedNonce()
Note that TLS (RFC 4366) encodes the Nonce
extension as
separate ASN.1 OCTET_STRING to be then wrapped into the second
OCTET_STRING of the OCSP extension value. OCSP (RFC 2560), however,
encodes the nonce value immediately into the OCSP extension value
(without wrapping it into a seperate OCTET_STRING).
The nonce
value return by this method represents the
nonce weapped into an OCTET_STRING.
null
if no Nonce
extension is included in this ocsp status requestpublic byte[] getEncoded() throws java.io.IOException
The encoding may contain responder ids and/or request extensions, if set.
It represents the TLS encoding of the OCSPStatusRequest
structure according to RFC 4366:
struct { ResponderID responder_id_list<0..2^16-1>; Extensions request_extensions; } OCSPStatusRequest; opaque ResponderID<1..2^16-1>; opaque Extensions<0..2^16-1>;
java.io.IOException
- if an error occurs when encoding the status request
|
This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |