< prev index next >

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java

Print this page




  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 package sun.security.provider.certpath;
  26 
  27 import java.io.InputStream;
  28 import java.io.IOException;
  29 import java.io.OutputStream;
  30 import java.net.URI;
  31 import java.net.URL;
  32 import java.net.HttpURLConnection;
  33 import java.security.cert.CertificateException;
  34 import java.security.cert.CertPathValidatorException;
  35 import java.security.cert.CertPathValidatorException.BasicReason;
  36 import java.security.cert.CRLReason;
  37 import java.security.cert.Extension;

  38 import java.security.cert.X509Certificate;
  39 import java.util.Arrays;
  40 import java.util.Collections;
  41 import java.util.Date;
  42 import java.util.List;
  43 import java.util.Map;
  44 
  45 import sun.security.action.GetIntegerAction;
  46 import sun.security.util.Debug;
  47 import sun.security.x509.AccessDescription;
  48 import sun.security.x509.AuthorityInfoAccessExtension;
  49 import sun.security.x509.GeneralName;
  50 import sun.security.x509.GeneralNameInterface;
  51 import sun.security.x509.PKIXExtensions;
  52 import sun.security.x509.URIName;
  53 import sun.security.x509.X509CertImpl;
  54 
  55 /**
  56  * This is a class that checks the revocation status of a certificate(s) using
  57  * OCSP. It is not a PKIXCertPathChecker and therefore can be used outside of


 147      */
 148     public static RevocationStatus check(X509Certificate cert,
 149                                          X509Certificate issuerCert,
 150                                          URI responderURI,
 151                                          X509Certificate responderCert,
 152                                          Date date)
 153         throws IOException, CertPathValidatorException
 154     {
 155         return check(cert, issuerCert, responderURI, responderCert, date,
 156                      Collections.<Extension>emptyList());
 157     }
 158 
 159     // Called by com.sun.deploy.security.TrustDecider
 160     public static RevocationStatus check(X509Certificate cert,
 161                                          X509Certificate issuerCert,
 162                                          URI responderURI,
 163                                          X509Certificate responderCert,
 164                                          Date date, List<Extension> extensions)
 165         throws IOException, CertPathValidatorException
 166     {









 167         CertId certId = null;
 168         try {
 169             X509CertImpl certImpl = X509CertImpl.toImpl(cert);
 170             certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
 171         } catch (CertificateException | IOException e) {
 172             throw new CertPathValidatorException
 173                 ("Exception while encoding OCSPRequest", e);
 174         }
 175         OCSPResponse ocspResponse = check(Collections.singletonList(certId),
 176             responderURI, new OCSPResponse.IssuerInfo(issuerCert),
 177             responderCert, date, extensions);
 178         return (RevocationStatus) ocspResponse.getSingleResponse(certId);
 179     }
 180 
 181     /**
 182      * Checks the revocation status of a list of certificates using OCSP.
 183      *
 184      * @param certIds the CertIds to be checked
 185      * @param responderURI the URI of the OCSP responder
 186      * @param issuerInfo the issuer's certificate and/or subject and public key
 187      * @param responderCert the OCSP responder's certificate
 188      * @param date the time the validity of the OCSP responder's certificate
 189      *    should be checked against. If null, the current time is used.
 190      * @param extensions zero or more OCSP extensions to be included in the
 191      *    request.  If no extensions are requested, an empty {@code List} must
 192      *    be used.  A {@code null} value is not allowed.
 193      * @return the OCSPResponse
 194      * @throws IOException if there is an exception connecting to or
 195      *    communicating with the OCSP responder
 196      * @throws CertPathValidatorException if an exception occurs while




  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 package sun.security.provider.certpath;
  26 
  27 import java.io.InputStream;
  28 import java.io.IOException;
  29 import java.io.OutputStream;
  30 import java.net.URI;
  31 import java.net.URL;
  32 import java.net.HttpURLConnection;
  33 import java.security.cert.CertificateException;
  34 import java.security.cert.CertPathValidatorException;
  35 import java.security.cert.CertPathValidatorException.BasicReason;
  36 import java.security.cert.CRLReason;
  37 import java.security.cert.Extension;
  38 import java.security.cert.TrustAnchor;
  39 import java.security.cert.X509Certificate;
  40 import java.util.Arrays;
  41 import java.util.Collections;
  42 import java.util.Date;
  43 import java.util.List;
  44 import java.util.Map;
  45 
  46 import sun.security.action.GetIntegerAction;
  47 import sun.security.util.Debug;
  48 import sun.security.x509.AccessDescription;
  49 import sun.security.x509.AuthorityInfoAccessExtension;
  50 import sun.security.x509.GeneralName;
  51 import sun.security.x509.GeneralNameInterface;
  52 import sun.security.x509.PKIXExtensions;
  53 import sun.security.x509.URIName;
  54 import sun.security.x509.X509CertImpl;
  55 
  56 /**
  57  * This is a class that checks the revocation status of a certificate(s) using
  58  * OCSP. It is not a PKIXCertPathChecker and therefore can be used outside of


 148      */
 149     public static RevocationStatus check(X509Certificate cert,
 150                                          X509Certificate issuerCert,
 151                                          URI responderURI,
 152                                          X509Certificate responderCert,
 153                                          Date date)
 154         throws IOException, CertPathValidatorException
 155     {
 156         return check(cert, issuerCert, responderURI, responderCert, date,
 157                      Collections.<Extension>emptyList());
 158     }
 159 
 160     // Called by com.sun.deploy.security.TrustDecider
 161     public static RevocationStatus check(X509Certificate cert,
 162                                          X509Certificate issuerCert,
 163                                          URI responderURI,
 164                                          X509Certificate responderCert,
 165                                          Date date, List<Extension> extensions)
 166         throws IOException, CertPathValidatorException
 167     {
 168         return check(cert, responderURI, null, issuerCert, responderCert, date, extensions);
 169     }
 170 
 171     public static RevocationStatus check(X509Certificate cert,
 172             URI responderURI, TrustAnchor anchor, X509Certificate issuerCert,
 173             X509Certificate responderCert, Date date,
 174             List<Extension> extensions)
 175             throws IOException, CertPathValidatorException
 176     {
 177         CertId certId = null;
 178         try {
 179             X509CertImpl certImpl = X509CertImpl.toImpl(cert);
 180             certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
 181         } catch (CertificateException | IOException e) {
 182             throw new CertPathValidatorException
 183                 ("Exception while encoding OCSPRequest", e);
 184         }
 185         OCSPResponse ocspResponse = check(Collections.singletonList(certId),
 186                 responderURI, new OCSPResponse.IssuerInfo(anchor, issuerCert),
 187                 responderCert, date, extensions);
 188         return (RevocationStatus) ocspResponse.getSingleResponse(certId);
 189     }
 190 
 191     /**
 192      * Checks the revocation status of a list of certificates using OCSP.
 193      *
 194      * @param certIds the CertIds to be checked
 195      * @param responderURI the URI of the OCSP responder
 196      * @param issuerInfo the issuer's certificate and/or subject and public key
 197      * @param responderCert the OCSP responder's certificate
 198      * @param date the time the validity of the OCSP responder's certificate
 199      *    should be checked against. If null, the current time is used.
 200      * @param extensions zero or more OCSP extensions to be included in the
 201      *    request.  If no extensions are requested, an empty {@code List} must
 202      *    be used.  A {@code null} value is not allowed.
 203      * @return the OCSPResponse
 204      * @throws IOException if there is an exception connecting to or
 205      *    communicating with the OCSP responder
 206      * @throws CertPathValidatorException if an exception occurs while


< prev index next >