SSE4E

Home

GPError
GPSystem
ByteString
ByteBuffer
TLV
TLVList
Card
Atr
Key
Crypto
Application GPApplication GPSecDomain

ASN1
CardFile
IsoSecureChannel
ApplFactory
GPXML
JsScript
CardSim

X509
CRL
KeyStore
CMSSignedData
CMSGenerator
XMLSignature
OCSPQuery
LDAP
SOAP
URLConnection

PKCS11Provider
PKCS11Session
PKCS11Object

OutlineNode

OpenSCDP

OCSPQuery - Reference Documentation

Class implementing support for the Online Certificate Status Protocol (OCSP)

Constants

Type	Name	Description
Number	GOOD	Certificate is valid
Number	UNKNOWN	Certificate is unknown to the responder
Number	REVOKED	Certificate was revoked
Number	KEYCOMPROMISE	Certificate was revoked because the key was compromised
Number	CACOMPROMISE	Certificate was revoked because the CA key was compromised
Number	AFFILIATIONCHANGED	Certificate was revoked because the affiliation changed
Number	SUPERSEDED	Certificate was revoked because a new certificate was issued
Number	CESSATIONOFOPERATION	Certificate was revoked because the CA discontinued operation
Number	CERTIFICATEHOLD	Certificate is on hold
Number	REMOVEFROMCRL	Certificate was revoked and can now be removed form CRL
Number	PRIVILEGEWITHDRAWN	Certificate was revoked because the privileges granted by to the owner were withdrawn
Number	AACOMPROMISE	Certificate was revoked

Constructor

Prototype

OCSPQuery(X509 rootCert, X509 issuerCert)

OCSPQuery(X509 issuerCert)

Description

Create OCSPQuery object that can be used to collect certificates for which the the status can be queried from an OCSP responder.

The URL for the OCSP responder is taken from isserCert.

If the root certificate is ommited from the constructor, then the signature on the OCSP response is only validated against the list of certificates in the OCSPResponse. No link to a trusted anchor is verified in that case.

Arguments

Type	Name	Description
`X509`	rootCert	Root certificate used for verification of OCSP response signature
`X509`	issuerCert	Certificate of instance that issued the certificate for which a query should be done.

Exceptions

Name	Value	Description
GPError	GPError.ARGUMENTS_MISSING	Too few arguments in call
GPError	GPError.INVALID_ARGUMENTS	Too many arguments in call
GPError	GPError.INVALID_TYPE	Arguments must be of type X509

Example


rootcert = new X509("root.cer");
cacert = new X509("ca.cer");

query = new OCSPQuery(cacert);

query = new OCSPQuery(rootcert, cacert);

add()

Prototype

OCSPQuery add(X509 cert)

Description

Add a certificate to the query. The certificate must be issued by the instance identified by the isserCert certificate in the OCSPQuery constructor. Multiple certificates can be included in a single query.

Arguments

Type	Name	Description
`X509`	cert	Certificate to include in query

Return

OCSPQuery The object this method is applied to

Exceptions

Name	Value	Description
GPError	GPError.ARGUMENTS_MISSING	Too few arguments in call
GPError	GPError.INVALID_ARGUMENTS	Too many arguments in call
GPError	GPError.INVALID_TYPE	Type of argument is invalid for call
GPError	GPError.INVALID_DATA	Certificate is invalid for inclusion in query

Example


goodcert = new X509("ee_good.cer");
revokedcert = new X509("ee_revoked.cer");

query.add(goodcert);
assert(query.add(revokedcert) instanceof OCSPQuery);

execute()

Prototype

OCSPQuery execute()

Description

Execute query against OCSP server. This is a one in all method. It extracts the URL from the issuer certificate, builds the request, posts the message, obtains the response and decodes the status information.

Return

OCSPQuery The object this method is applied to

Exceptions

Name	Value	Description
GPError	GPError.INVALID_ARGUMENTS	Too many arguments in call
GPError	GPError.DEVICE_ERROR	The query could not be completed successfully

Example


assert(query.execute() instanceof OCSPQuery);

post()

Prototype

OCSPQuery post(String url, ByteString request)

OCSPQuery post(String url, ByteString request, String[] header)

Description

Send a request to the server identified by the url with a custom HTTP header. This method is suitable for test setups using custom build requests and header fields.

Arguments

Type	Name	Description
`String`	url	URL of OCSP responder.
`ByteString`	request	DER encoded request
`String[]`	header	Custom HTTP header field in the format "key: value". Will disable automatically generated header fields Content-Type and Content-Length.

Return

ByteString The response returned from the server

Exceptions

Name	Value	Description
GPError	GPError.ARGUMENTS_MISSING	Too few arguments in call
GPError	GPError.INVALID_ARGUMENTS	Too many arguments in call
GPError	GPError.INVALID_TYPE	One or more arguments do not match
GPError	GPError.DEVICE_ERROR	The query could not be completed successfully

Example


var request = query.getRequest();
var response = query.post("http://ocsp.ecard.sozialversicherung.at", request);
assert(response.length > 0);

var header = [ "Content-Length: " + request.length, "Content-Type: application/ocsp-request" ];
var response = query.post("http://ocsp.ecard.sozialversicherung.at", request, header);
assert(response.length > 0);

getStatus()

Prototype

Number getStatus(X509 cert)

Description

Query status from cached result of previous query operation

Arguments

Type	Name	Description
`X509`	cert	Certificate in question

Return

Number Status of the certificate as indicated by the responder. This is one of the constant values defined for this object.

Exceptions

Name	Value	Description
GPError	GPError.ARGUMENTS_MISSING	Too few arguments in call
GPError	GPError.INVALID_ARGUMENTS	Too many arguments in call
GPError	GPError.INVALID_TYPE	Arguments must be of type X509
GPError	GPError.DEVICE_ERROR	The query could not be completed successfully

Example


assert(query.getStatus(goodcert) == OCSPQuery.GOOD);
assert(query.getStatus(revokedcert) != OCSPQuery.GOOD);

getStatusString()

Prototype

String getStatusString(X509 cert)

Description

Query status from cached result of previous query operation and return a human readable string

Arguments

Type	Name	Description
`X509`	cert	Certificate in question

Return

String Status of the certificate as indicated by the responder.

Exceptions

Name	Value	Description
GPError	GPError.ARGUMENTS_MISSING	Too few arguments in call
GPError	GPError.INVALID_ARGUMENTS	Too many arguments in call
GPError	GPError.INVALID_TYPE	Arguments must be of type X509
GPError	GPError.DEVICE_ERROR	The query could not be completed successfully

Example


print("ee_good.cer    : " + query.getStatusString(goodcert));
print("ee_revoked.cer : " + query.getStatusString(revokedcert));

getRevocationTime()

Prototype

Date getRevocationTime(X509 cert)

Description

Query revocation time from cached result of previous query operation

Arguments

Type	Name	Description
`X509`	cert	Certificate in question

Return

Date Revocation time of the certificate as indicated by the responder.

Exceptions

Name	Value	Description
GPError	GPError.ARGUMENTS_MISSING	Too few arguments in call
GPError	GPError.INVALID_ARGUMENTS	Too many arguments in call
GPError	GPError.INVALID_TYPE	Arguments must be of type X509
GPError	GPError.DEVICE_ERROR	The query could not be completed successfully

Example


var rt = query.getRevocationTime(revokedcert);
assert(rt instanceof Date);
print("ee_revoked.cer : " + rt);

getRequest()

Prototype

ByteString getRequest()

Description

Obtain DER encoded OCSP request

Return

ByteString DER encoded request.

Exceptions

Name	Value	Description
GPError	GPError.INVALID_ARGUMENTS	Too many arguments in call
GPError	GPError.DEVICE_ERROR	An error occured building the request

Example


req = query.getRequest();
assert(req instanceof ByteString);
print(req.toString(HEX));

getResponse()

Prototype

ByteString getResponse()

Description

Obtain DER encoded OCSP response as returned from OCSP server

Return

ByteString DER encoded response.

Exceptions

Name	Value	Description
GPError	GPError.INVALID_ARGUMENTS	Too many arguments in call
GPError	GPError.DEVICE_ERROR	An error occured building the response

Example


res = query.getResponse();
assert(res instanceof ByteString);
print(res.toString(HEX));