sun.security.provider.certpath.OCSP Java Examples
The following examples show how to use
sun.security.provider.certpath.OCSP.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: StatusResponseManager.java From openjsse with GNU General Public License v2.0 | 6 votes |
|
/**
* Obtain the URI use by the {@code StatusResponseManager} during
* lookups.
*
* This method takes into account not only the AIA extension from a
* certificate to be checked, but also any default URI and possible
* override settings for the response manager.
*
* @param cert the subject to get the responder URI from
*
* @return a {@code URI} containing the address to the OCSP responder,
* or {@code null} if no AIA extension exists in the certificate
* and no default responder has been configured.
*
* @throws NullPointerException if {@code cert} is {@code null}.
*/
URI getURI(X509Certificate cert) {
Objects.requireNonNull(cert);
if (cert.getExtensionValue(
PKIXExtensions.OCSPNoCheck_Id.toString()) != null) {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"OCSP NoCheck extension found. OCSP will be skipped");
}
return null;
} else if (defaultResponder != null && respOverride) {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Responder override: URI is " + defaultResponder);
}
return defaultResponder;
} else {
URI certURI = OCSP.getResponderURI(cert);
return (certURI != null ? certURI : defaultResponder);
}
}
Example #2
| Source File: StatusResponseManager.java From Bytecoder with Apache License 2.0 | 6 votes |
|
/**
* Obtain the URI use by the {@code StatusResponseManager} during
* lookups.
*
* This method takes into account not only the AIA extension from a
* certificate to be checked, but also any default URI and possible
* override settings for the response manager.
*
* @param cert the subject to get the responder URI from
*
* @return a {@code URI} containing the address to the OCSP responder,
* or {@code null} if no AIA extension exists in the certificate
* and no default responder has been configured.
*
* @throws NullPointerException if {@code cert} is {@code null}.
*/
URI getURI(X509Certificate cert) {
Objects.requireNonNull(cert);
if (cert.getExtensionValue(
PKIXExtensions.OCSPNoCheck_Id.toString()) != null) {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"OCSP NoCheck extension found. OCSP will be skipped");
}
return null;
} else if (defaultResponder != null && respOverride) {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Responder override: URI is " + defaultResponder);
}
return defaultResponder;
} else {
URI certURI = OCSP.getResponderURI(cert);
return (certURI != null ? certURI : defaultResponder);
}
}
Example #3
| Source File: StatusResponseManager.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Obtain the URI use by the {@code StatusResponseManager} during lookups.
* This method takes into account not only the AIA extension from a
* certificate to be checked, but also any default URI and possible
* override settings for the response manager.
*
* @param cert the subject to get the responder URI from
*
* @return a {@code URI} containing the address to the OCSP responder, or
* {@code null} if no AIA extension exists in the certificate and no
* default responder has been configured.
*
* @throws NullPointerException if {@code cert} is {@code null}.
*/
URI getURI(X509Certificate cert) {
Objects.requireNonNull(cert);
if (cert.getExtensionValue(
PKIXExtensions.OCSPNoCheck_Id.toString()) != null) {
debugLog("OCSP NoCheck extension found. OCSP will be skipped");
return null;
} else if (defaultResponder != null && respOverride) {
debugLog("Responder override: URI is " + defaultResponder);
return defaultResponder;
} else {
URI certURI = OCSP.getResponderURI(cert);
return (certURI != null ? certURI : defaultResponder);
}
}
Example #4
| Source File: DigSigUtil.java From juddi with Apache License 2.0 | 5 votes |
|
/**
* wrapper to overcome JDK differences between oracle vs openjdk
*/
public static RevocationStatus check(X509Certificate cert,
X509Certificate issuerCert)
throws IOException, CertPathValidatorException, CertificateException {
CertId certId = null;
URI responderURI = null;
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
responderURI = getResponderURI(certImpl);
if (responderURI == null) {
throw new CertPathValidatorException
("No OCSP Responder URI in certificate");
}
return OCSP.check(cert, issuerCert, responderURI, cert, null);
}
Example #5
| Source File: StatusResponseManager.java From openjsse with GNU General Public License v2.0 | 4 votes |
|
/**
* Get an OCSP response, either from the cache or from a responder.
*
* @return The StatusInfo object passed into the
* {@code OCSPFetchCall} constructor, with the
* {@code responseData} field filled in with the response
* or {@code null} if no response can be obtained.
*/
@Override
public StatusInfo call() {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Starting fetch for SN " +
statInfo.cid.getSerialNumber());
}
try {
ResponseCacheEntry cacheEntry;
List<Extension> extsToSend;
if (statInfo.responder == null) {
// If we have no URI then there's nothing to do
// but return.
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Null URI detected, OCSP fetch aborted");
}
return statInfo;
} else {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Attempting fetch from " + statInfo.responder);
}
}
// If the StatusResponseManager has been configured to not
// forward extensions, then set extensions to an empty
// list.
//
// We will forward the extensions unless one of two
// conditions occur:
// (1) The jdk.tls.stapling.ignoreExtensions property is
// true, or
// (2) There is a non-empty ResponderId list.
//
// ResponderId selection is a feature that will be
// supported in the future.
extsToSend = (ignoreExtensions || !responderIds.isEmpty()) ?
Collections.emptyList() : extensions;
byte[] respBytes = OCSP.getOCSPBytes(
Collections.singletonList(statInfo.cid),
statInfo.responder, extsToSend);
if (respBytes != null) {
// Place the data into the response cache
cacheEntry = new ResponseCacheEntry(respBytes,
statInfo.cid);
// Get the response status and act on it appropriately
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("OCSP Status: " + cacheEntry.status +
" (" + respBytes.length + " bytes)");
}
if (cacheEntry.status ==
OCSPResponse.ResponseStatus.SUCCESSFUL) {
// Set the response in the returned StatusInfo
statInfo.responseData = cacheEntry;
// Add the response to the cache (if applicable)
addToCache(statInfo.cid, cacheEntry);
}
} else {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"No data returned from OCSP Responder");
}
}
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("Caught exception: ", ioe);
}
}
return statInfo;
}
Example #6
| Source File: StatusResponseManager.java From Bytecoder with Apache License 2.0 | 4 votes |
|
/**
* Get an OCSP response, either from the cache or from a responder.
*
* @return The StatusInfo object passed into the
* {@code OCSPFetchCall} constructor, with the
* {@code responseData} field filled in with the response
* or {@code null} if no response can be obtained.
*/
@Override
public StatusInfo call() {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Starting fetch for SN " +
statInfo.cid.getSerialNumber());
}
try {
ResponseCacheEntry cacheEntry;
List<Extension> extsToSend;
if (statInfo.responder == null) {
// If we have no URI then there's nothing to do
// but return.
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Null URI detected, OCSP fetch aborted");
}
return statInfo;
} else {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Attempting fetch from " + statInfo.responder);
}
}
// If the StatusResponseManager has been configured to not
// forward extensions, then set extensions to an empty
// list.
//
// We will forward the extensions unless one of two
// conditions occur:
// (1) The jdk.tls.stapling.ignoreExtensions property is
// true, or
// (2) There is a non-empty ResponderId list.
//
// ResponderId selection is a feature that will be
// supported in the future.
extsToSend = (ignoreExtensions || !responderIds.isEmpty()) ?
Collections.emptyList() : extensions;
byte[] respBytes = OCSP.getOCSPBytes(
Collections.singletonList(statInfo.cid),
statInfo.responder, extsToSend);
if (respBytes != null) {
// Place the data into the response cache
cacheEntry = new ResponseCacheEntry(respBytes,
statInfo.cid);
// Get the response status and act on it appropriately
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("OCSP Status: " + cacheEntry.status +
" (" + respBytes.length + " bytes)");
}
if (cacheEntry.status ==
OCSPResponse.ResponseStatus.SUCCESSFUL) {
// Set the response in the returned StatusInfo
statInfo.responseData = cacheEntry;
// Add the response to the cache (if applicable)
addToCache(statInfo.cid, cacheEntry);
}
} else {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"No data returned from OCSP Responder");
}
}
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("Caught exception: ", ioe);
}
}
return statInfo;
}
Example #7
| Source File: StatusResponseManager.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
/**
* Get an OCSP response, either from the cache or from a responder.
*
* @return The StatusInfo object passed into the {@code OCSPFetchCall}
* constructor, with the {@code responseData} field filled in with the
* response or {@code null} if no response can be obtained.
*/
@Override
public StatusInfo call() {
debugLog("Starting fetch for SN " + statInfo.cid.getSerialNumber());
try {
ResponseCacheEntry cacheEntry;
List<Extension> extsToSend;
if (statInfo.responder == null) {
// If we have no URI then there's nothing to do but return
debugLog("Null URI detected, OCSP fetch aborted.");
return statInfo;
} else {
debugLog("Attempting fetch from " + statInfo.responder);
}
// If the StatusResponseManager has been configured to not
// forward extensions, then set extensions to an empty list.
// We will forward the extensions unless one of two conditions
// occur: (1) The jdk.tls.stapling.ignoreExtensions property is
// true or (2) There is a non-empty ResponderId list.
// ResponderId selection is a feature that will be
// supported in the future.
extsToSend = (ignoreExtensions || !responderIds.isEmpty()) ?
Collections.emptyList() : extensions;
byte[] respBytes = OCSP.getOCSPBytes(
Collections.singletonList(statInfo.cid),
statInfo.responder, extsToSend);
if (respBytes != null) {
// Place the data into the response cache
cacheEntry = new ResponseCacheEntry(respBytes,
statInfo.cid);
// Get the response status and act on it appropriately
debugLog("OCSP Status: " + cacheEntry.status +
" (" + respBytes.length + " bytes)");
if (cacheEntry.status ==
OCSPResponse.ResponseStatus.SUCCESSFUL) {
// Set the response in the returned StatusInfo
statInfo.responseData = cacheEntry;
// Add the response to the cache (if applicable)
addToCache(statInfo.cid, cacheEntry);
}
} else {
debugLog("No data returned from OCSP Responder");
}
} catch (IOException ioe) {
debugLog("Caught exception: " + ioe);
}
return statInfo;
}
