OCSPQuery - Reference Documentation
Class implementing support for the Online Certificate Status Protocol (OCSP)
Index of Methods
Constants
Type |
Name |
Description |
Number |
GOOD |
Certificate is valid |
Number |
UNKNOWN |
Certificate is unknown to the responder |
Number |
REVOKED |
Certificate was revoked |
Number |
KEYCOMPROMISE |
Certificate was revoked because the key was compromised |
Number |
CACOMPROMISE |
Certificate was revoked because the CA key was compromised |
Number |
AFFILIATIONCHANGED |
Certificate was revoked because the affiliation changed |
Number |
SUPERSEDED |
Certificate was revoked because a new certificate was issued |
Number |
CESSATIONOFOPERATION |
Certificate was revoked because the CA discontinued operation |
Number |
CERTIFICATEHOLD |
Certificate is on hold |
Number |
REMOVEFROMCRL |
Certificate was revoked and can now be removed form CRL |
Number |
PRIVILEGEWITHDRAWN |
Certificate was revoked because the privileges granted by to the owner were withdrawn |
Number |
AACOMPROMISE |
Certificate was revoked |
Constructor
Prototype
OCSPQuery(X509 rootCert, X509 issuerCert)
OCSPQuery(X509 issuerCert)
Description
Create OCSPQuery object that can be used to collect certificates for which the
the status can be queried from an OCSP responder.
The URL for the OCSP responder is taken from isserCert.
If the root certificate is ommited from the constructor, then the
signature on the OCSP response is only validated against
the list of certificates in the OCSPResponse. No link to a
trusted anchor is verified in that case.
Arguments
Type |
Name |
Description |
X509
|
rootCert |
Root certificate used for verification of OCSP response signature |
X509
|
issuerCert |
Certificate of instance that issued the certificate for which
a query should be done. |
Exceptions
Name |
Value |
Description |
GPError |
GPError.ARGUMENTS_MISSING |
Too few arguments in call |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.INVALID_TYPE |
Arguments must be of type X509 |
Example
rootcert = new X509("root.cer");
cacert = new X509("ca.cer");
query = new OCSPQuery(cacert);
query = new OCSPQuery(rootcert, cacert);
add()
Prototype
OCSPQuery add(X509 cert)
Description
Add a certificate to the query. The certificate must be issued by the instance
identified by the isserCert certificate in the OCSPQuery constructor.
Multiple certificates can be included in a single query.
Arguments
Type |
Name |
Description |
X509
|
cert |
Certificate to include in query |
Return
OCSPQuery
|
The object this method is applied to |
Exceptions
Name |
Value |
Description |
GPError |
GPError.ARGUMENTS_MISSING |
Too few arguments in call |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.INVALID_TYPE |
Type of argument is invalid for call |
GPError |
GPError.INVALID_DATA |
Certificate is invalid for inclusion in query |
Example
goodcert = new X509("ee_good.cer");
revokedcert = new X509("ee_revoked.cer");
query.add(goodcert);
assert(query.add(revokedcert) instanceof OCSPQuery);
execute()
Prototype
OCSPQuery execute()
OCSPQuery execute(String url)
Description
Execute query against OCSP server. This is a one in all method. It extracts the
URL from the issuer certificate (unless specified), builds the request, posts the message, obtains
the response and decodes the status information.
Arguments
Type |
Name |
Description |
String
|
url |
URL of OCSP responder. |
Return
OCSPQuery
|
The object this method is applied to |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.DEVICE_ERROR |
The query could not be completed successfully |
Example
/*
assert(query.execute() instanceof OCSPQuery);
*/
post()
Prototype
OCSPQuery post(String url, ByteString request)
OCSPQuery post(String url, ByteString request, String[] header)
Description
Send a request to the server identified by the url with a custom HTTP header. This
method is suitable for test setups using custom build requests and header
fields.
Arguments
Type |
Name |
Description |
String
|
url |
URL of OCSP responder. |
ByteString
|
request |
DER encoded request |
String[]
|
header |
Custom HTTP header field in the format "key: value". Will disable
automatically generated header fields Content-Type and Content-Length. |
Return
ByteString
|
The response returned from the server |
Exceptions
Name |
Value |
Description |
GPError |
GPError.ARGUMENTS_MISSING |
Too few arguments in call |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.INVALID_TYPE |
One or more arguments do not match |
GPError |
GPError.DEVICE_ERROR |
The query could not be completed successfully |
Example
/*
var request = query.getRequest();
var response = query.post("http://ocsp.ecard.sozialversicherung.at", request);
assert(response.length > 0);
var header = [ "Content-Length: " + request.length, "Content-Type: application/ocsp-request" ];
var response = query.post("http://ocsp.ecard.sozialversicherung.at", request, header);
assert(response.length > 0);
*/
getStatus()
Prototype
Number getStatus(X509 cert)
Description
Query status from cached result of previous query operation
Arguments
Type |
Name |
Description |
X509
|
cert |
Certificate in question |
Return
Number
|
Status of the certificate as indicated by the responder. This is one of the
constant values defined for this object. |
Exceptions
Name |
Value |
Description |
GPError |
GPError.ARGUMENTS_MISSING |
Too few arguments in call |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.INVALID_TYPE |
Arguments must be of type X509 |
GPError |
GPError.DEVICE_ERROR |
The query could not be completed successfully |
Example
assert(query.getStatus(goodcert) == OCSPQuery.GOOD);
assert(query.getStatus(revokedcert) != OCSPQuery.GOOD);
getStatusString()
Prototype
String getStatusString(X509 cert)
Description
Query status from cached result of previous query operation and return a human readable string
Arguments
Type |
Name |
Description |
X509
|
cert |
Certificate in question |
Return
String
|
Status of the certificate as indicated by the responder. |
Exceptions
Name |
Value |
Description |
GPError |
GPError.ARGUMENTS_MISSING |
Too few arguments in call |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.INVALID_TYPE |
Arguments must be of type X509 |
GPError |
GPError.DEVICE_ERROR |
The query could not be completed successfully |
Example
print("ee_good.cer : " + query.getStatusString(goodcert));
print("ee_revoked.cer : " + query.getStatusString(revokedcert));
getRevocationTime()
Prototype
Date getRevocationTime(X509 cert)
Description
Query revocation time from cached result of previous query operation
Arguments
Type |
Name |
Description |
X509
|
cert |
Certificate in question |
Return
Date
|
Revocation time of the certificate as indicated by the responder. |
Exceptions
Name |
Value |
Description |
GPError |
GPError.ARGUMENTS_MISSING |
Too few arguments in call |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.INVALID_TYPE |
Arguments must be of type X509 |
GPError |
GPError.DEVICE_ERROR |
The query could not be completed successfully |
Example
var rt = query.getRevocationTime(revokedcert);
assert(rt instanceof Date);
print("ee_revoked.cer : " + rt);
getRequest()
Prototype
ByteString getRequest()
Description
Obtain DER encoded OCSP request
Return
ByteString
|
DER encoded request. |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.DEVICE_ERROR |
An error occured building the request |
Example
req = query.getRequest();
assert(req instanceof ByteString);
print(req.toString(HEX));
getResponse()
Prototype
ByteString getResponse()
Description
Obtain DER encoded OCSP response as returned from OCSP server
Return
ByteString
|
DER encoded response. |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.DEVICE_ERROR |
An error occured building the response |
Example
res = query.getResponse();
assert(res instanceof ByteString);
print(res.toString(HEX));
© Copyright 2003 - 2020 CardContact Systems GmbH
, Minden, Germany