sun.security.provider.certpath.OCSPResponse Java Examples
The following examples show how to use
sun.security.provider.certpath.OCSPResponse.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: StatusResponseManager.java From openjsse with GNU General Public License v2.0 | 6 votes |
|
/**
* Create a new cache entry from the raw bytes of the response
*
* @param responseBytes the DER encoding for the OCSP response
*
* @throws IOException if an {@code OCSPResponse} cannot be
* created from the encoded bytes.
*/
ResponseCacheEntry(byte[] responseBytes, CertId cid)
throws IOException {
Objects.requireNonNull(responseBytes,
"Non-null responseBytes required");
Objects.requireNonNull(cid, "Non-null Cert ID required");
ocspBytes = responseBytes.clone();
OCSPResponse oResp = new OCSPResponse(ocspBytes);
status = oResp.getResponseStatus();
respId = oResp.getResponderId();
singleResp = oResp.getSingleResponse(cid);
if (status == OCSPResponse.ResponseStatus.SUCCESSFUL) {
if (singleResp != null) {
// Pull out the nextUpdate field in advance because the
// Date is cloned.
nextUpdate = singleResp.getNextUpdate();
} else {
throw new IOException(
"Unable to find SingleResponse for SN " +
cid.getSerialNumber());
}
} else {
nextUpdate = null;
}
}
Example #2
| Source File: StatusResponseManager.java From Bytecoder with Apache License 2.0 | 6 votes |
|
/**
* Create a new cache entry from the raw bytes of the response
*
* @param responseBytes the DER encoding for the OCSP response
*
* @throws IOException if an {@code OCSPResponse} cannot be
* created from the encoded bytes.
*/
ResponseCacheEntry(byte[] responseBytes, CertId cid)
throws IOException {
Objects.requireNonNull(responseBytes,
"Non-null responseBytes required");
Objects.requireNonNull(cid, "Non-null Cert ID required");
ocspBytes = responseBytes.clone();
OCSPResponse oResp = new OCSPResponse(ocspBytes);
status = oResp.getResponseStatus();
respId = oResp.getResponderId();
singleResp = oResp.getSingleResponse(cid);
if (status == OCSPResponse.ResponseStatus.SUCCESSFUL) {
if (singleResp != null) {
// Pull out the nextUpdate field in advance because the
// Date is cloned.
nextUpdate = singleResp.getNextUpdate();
} else {
throw new IOException(
"Unable to find SingleResponse for SN " +
cid.getSerialNumber());
}
} else {
nextUpdate = null;
}
}
Example #3
| Source File: StatusResponseManager.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Create a new cache entry from the raw bytes of the response
*
* @param responseBytes the DER encoding for the OCSP response
*
* @throws IOException if an {@code OCSPResponse} cannot be created from
* the encoded bytes.
*/
ResponseCacheEntry(byte[] responseBytes, CertId cid)
throws IOException {
Objects.requireNonNull(responseBytes,
"Non-null responseBytes required");
Objects.requireNonNull(cid, "Non-null Cert ID required");
ocspBytes = responseBytes.clone();
OCSPResponse oResp = new OCSPResponse(ocspBytes);
status = oResp.getResponseStatus();
respId = oResp.getResponderId();
singleResp = oResp.getSingleResponse(cid);
if (status == OCSPResponse.ResponseStatus.SUCCESSFUL) {
if (singleResp != null) {
// Pull out the nextUpdate field in advance because the
// Date is cloned.
nextUpdate = singleResp.getNextUpdate();
} else {
throw new IOException("Unable to find SingleResponse for " +
"SN " + cid.getSerialNumber());
}
} else {
nextUpdate = null;
}
}
Example #4
| Source File: CertStatusExtension.java From openjsse with GNU General Public License v2.0 | 5 votes |
|
private OCSPStatusResponse(byte statusType,
byte[] encoded) throws IOException {
super(statusType, encoded);
// The DER-encoded OCSP response must not be zero length
if (encoded == null || encoded.length < 1) {
throw new SSLProtocolException(
"Invalid OCSP status response: insufficient data");
}
// Otherwise, make an OCSPResponse object from the data
ocspResponse = new OCSPResponse(encoded);
}
Example #5
| Source File: CertificateStatus.java From openjsse with GNU General Public License v2.0 | 5 votes |
|
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
// Stringify the encoded OCSP response list
for (byte[] respDER : encodedResponses) {
if (respDER.length > 0) {
try {
OCSPResponse oResp = new OCSPResponse(respDER);
sb.append(oResp.toString()).append("\n");
} catch (IOException ioe) {
sb.append("OCSP Response Exception: ").append(ioe)
.append("\n");
}
} else {
sb.append("<Zero-length entry>\n");
}
}
MessageFormat messageFormat = new MessageFormat(
"\"CertificateStatus\": '{'\n" +
" \"type\" : \"{0}\",\n" +
" \"responses \" : [\n" + "{1}\n" + " ]\n" +
"'}'",
Locale.ENGLISH);
Object[] messageFields = {
statusType.name,
Utilities.indent(Utilities.indent(sb.toString()))
};
return messageFormat.format(messageFields);
}
Example #6
| Source File: CertStatusExtension.java From Bytecoder with Apache License 2.0 | 5 votes |
|
private OCSPStatusResponse(byte statusType,
byte[] encoded) throws IOException {
super(statusType, encoded);
// The DER-encoded OCSP response must not be zero length
if (encoded == null || encoded.length < 1) {
throw new SSLProtocolException(
"Invalid OCSP status response: insufficient data");
}
// Otherwise, make an OCSPResponse object from the data
ocspResponse = new OCSPResponse(encoded);
}
Example #7
| Source File: CertificateStatus.java From Bytecoder with Apache License 2.0 | 5 votes |
|
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
// Stringify the encoded OCSP response list
for (byte[] respDER : encodedResponses) {
if (respDER.length > 0) {
try {
OCSPResponse oResp = new OCSPResponse(respDER);
sb.append(oResp.toString()).append("\n");
} catch (IOException ioe) {
sb.append("OCSP Response Exception: ").append(ioe)
.append("\n");
}
} else {
sb.append("<Zero-length entry>\n");
}
}
MessageFormat messageFormat = new MessageFormat(
"\"CertificateStatus\": '{'\n" +
" \"type\" : \"{0}\",\n" +
" \"responses \" : [\n" + "{1}\n" + " ]\n" +
"'}'",
Locale.ENGLISH);
Object[] messageFields = {
statusType.name,
Utilities.indent(Utilities.indent(sb.toString()))
};
return messageFormat.format(messageFields);
}
Example #8
| Source File: SimpleOCSPServer.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
/**
* Construct a response from a list of certificate
* status objects and extensions.
*
* @param respStat the status of the entire response
* @param itemMap a {@code Map} of {@code CertId} objects and their
* respective revocation statuses from the server's response DB.
* @param reqExtensions a {@code Map} of request extensions
*
* @throws IOException if an error happens during encoding
* @throws NullPointerException if {@code respStat} is {@code null}
* or {@code respStat} is successful, and a {@code null} {@code itemMap}
* has been provided.
*/
public LocalOcspResponse(OCSPResponse.ResponseStatus respStat,
Map<CertId, CertStatusInfo> itemMap,
Map<String, Extension> reqExtensions) throws IOException {
responseStatus = Objects.requireNonNull(respStat,
"Illegal null response status");
if (responseStatus == ResponseStatus.SUCCESSFUL) {
respItemMap = Objects.requireNonNull(itemMap,
"SUCCESSFUL responses must have a response map");
producedAtDate = new Date();
// Turn the answerd from the response DB query into a list
// of single responses.
for (CertId id : itemMap.keySet()) {
singleResponseList.add(
new LocalSingleResponse(id, itemMap.get(id)));
}
responseExtensions = setResponseExtensions(reqExtensions);
certificates = new ArrayList<>();
if (signerCert != issuerCert) {
certificates.add(signerCert);
}
certificates.add(issuerCert);
} else {
respItemMap = null;
producedAtDate = null;
responseExtensions = null;
certificates = null;
}
encodedResponse = this.getBytes();
}
Example #9
| Source File: StatusResponseManager.java From openjsse with GNU General Public License v2.0 | 4 votes |
|
/**
* Get an OCSP response, either from the cache or from a responder.
*
* @return The StatusInfo object passed into the
* {@code OCSPFetchCall} constructor, with the
* {@code responseData} field filled in with the response
* or {@code null} if no response can be obtained.
*/
@Override
public StatusInfo call() {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Starting fetch for SN " +
statInfo.cid.getSerialNumber());
}
try {
ResponseCacheEntry cacheEntry;
List<Extension> extsToSend;
if (statInfo.responder == null) {
// If we have no URI then there's nothing to do
// but return.
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Null URI detected, OCSP fetch aborted");
}
return statInfo;
} else {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Attempting fetch from " + statInfo.responder);
}
}
// If the StatusResponseManager has been configured to not
// forward extensions, then set extensions to an empty
// list.
//
// We will forward the extensions unless one of two
// conditions occur:
// (1) The jdk.tls.stapling.ignoreExtensions property is
// true, or
// (2) There is a non-empty ResponderId list.
//
// ResponderId selection is a feature that will be
// supported in the future.
extsToSend = (ignoreExtensions || !responderIds.isEmpty()) ?
Collections.emptyList() : extensions;
byte[] respBytes = OCSP.getOCSPBytes(
Collections.singletonList(statInfo.cid),
statInfo.responder, extsToSend);
if (respBytes != null) {
// Place the data into the response cache
cacheEntry = new ResponseCacheEntry(respBytes,
statInfo.cid);
// Get the response status and act on it appropriately
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("OCSP Status: " + cacheEntry.status +
" (" + respBytes.length + " bytes)");
}
if (cacheEntry.status ==
OCSPResponse.ResponseStatus.SUCCESSFUL) {
// Set the response in the returned StatusInfo
statInfo.responseData = cacheEntry;
// Add the response to the cache (if applicable)
addToCache(statInfo.cid, cacheEntry);
}
} else {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"No data returned from OCSP Responder");
}
}
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("Caught exception: ", ioe);
}
}
return statInfo;
}
Example #10
| Source File: StatusResponseManager.java From Bytecoder with Apache License 2.0 | 4 votes |
|
/**
* Get an OCSP response, either from the cache or from a responder.
*
* @return The StatusInfo object passed into the
* {@code OCSPFetchCall} constructor, with the
* {@code responseData} field filled in with the response
* or {@code null} if no response can be obtained.
*/
@Override
public StatusInfo call() {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Starting fetch for SN " +
statInfo.cid.getSerialNumber());
}
try {
ResponseCacheEntry cacheEntry;
List<Extension> extsToSend;
if (statInfo.responder == null) {
// If we have no URI then there's nothing to do
// but return.
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Null URI detected, OCSP fetch aborted");
}
return statInfo;
} else {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"Attempting fetch from " + statInfo.responder);
}
}
// If the StatusResponseManager has been configured to not
// forward extensions, then set extensions to an empty
// list.
//
// We will forward the extensions unless one of two
// conditions occur:
// (1) The jdk.tls.stapling.ignoreExtensions property is
// true, or
// (2) There is a non-empty ResponderId list.
//
// ResponderId selection is a feature that will be
// supported in the future.
extsToSend = (ignoreExtensions || !responderIds.isEmpty()) ?
Collections.emptyList() : extensions;
byte[] respBytes = OCSP.getOCSPBytes(
Collections.singletonList(statInfo.cid),
statInfo.responder, extsToSend);
if (respBytes != null) {
// Place the data into the response cache
cacheEntry = new ResponseCacheEntry(respBytes,
statInfo.cid);
// Get the response status and act on it appropriately
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("OCSP Status: " + cacheEntry.status +
" (" + respBytes.length + " bytes)");
}
if (cacheEntry.status ==
OCSPResponse.ResponseStatus.SUCCESSFUL) {
// Set the response in the returned StatusInfo
statInfo.responseData = cacheEntry;
// Add the response to the cache (if applicable)
addToCache(statInfo.cid, cacheEntry);
}
} else {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine(
"No data returned from OCSP Responder");
}
}
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("Caught exception: ", ioe);
}
}
return statInfo;
}
Example #11
| Source File: StatusResponseManager.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
/**
* Get an OCSP response, either from the cache or from a responder.
*
* @return The StatusInfo object passed into the {@code OCSPFetchCall}
* constructor, with the {@code responseData} field filled in with the
* response or {@code null} if no response can be obtained.
*/
@Override
public StatusInfo call() {
debugLog("Starting fetch for SN " + statInfo.cid.getSerialNumber());
try {
ResponseCacheEntry cacheEntry;
List<Extension> extsToSend;
if (statInfo.responder == null) {
// If we have no URI then there's nothing to do but return
debugLog("Null URI detected, OCSP fetch aborted.");
return statInfo;
} else {
debugLog("Attempting fetch from " + statInfo.responder);
}
// If the StatusResponseManager has been configured to not
// forward extensions, then set extensions to an empty list.
// We will forward the extensions unless one of two conditions
// occur: (1) The jdk.tls.stapling.ignoreExtensions property is
// true or (2) There is a non-empty ResponderId list.
// ResponderId selection is a feature that will be
// supported in the future.
extsToSend = (ignoreExtensions || !responderIds.isEmpty()) ?
Collections.emptyList() : extensions;
byte[] respBytes = OCSP.getOCSPBytes(
Collections.singletonList(statInfo.cid),
statInfo.responder, extsToSend);
if (respBytes != null) {
// Place the data into the response cache
cacheEntry = new ResponseCacheEntry(respBytes,
statInfo.cid);
// Get the response status and act on it appropriately
debugLog("OCSP Status: " + cacheEntry.status +
" (" + respBytes.length + " bytes)");
if (cacheEntry.status ==
OCSPResponse.ResponseStatus.SUCCESSFUL) {
// Set the response in the returned StatusInfo
statInfo.responseData = cacheEntry;
// Add the response to the cache (if applicable)
addToCache(statInfo.cid, cacheEntry);
}
} else {
debugLog("No data returned from OCSP Responder");
}
} catch (IOException ioe) {
debugLog("Caught exception: " + ioe);
}
return statInfo;
}
Example #12
| Source File: SimpleOCSPServer.java From openjdk-jdk9 with GNU General Public License v2.0 | 2 votes |
|
/**
* Constructor for the generation of non-successful responses
*
* @param respStat the OCSP response status.
*
* @throws IOException if an error happens during encoding
* @throws NullPointerException if {@code respStat} is {@code null}
* or {@code respStat} is successful.
*/
public LocalOcspResponse(OCSPResponse.ResponseStatus respStat)
throws IOException {
this(respStat, null, null);
}
