Scripting Server

OCSPQuery - Reference Documentation

Class implementing support for the Online Certificate Status Protocol (OCSP)

Index of Methods

Constants

Type Name Description
Number GOOD Certificate is valid
Number UNKNOWN Certificate is unknown to the responder
Number REVOKED Certificate was revoked
Number KEYCOMPROMISE Certificate was revoked because the key was compromised
Number CACOMPROMISE Certificate was revoked because the CA key was compromised
Number AFFILIATIONCHANGED Certificate was revoked because the affiliation changed
Number SUPERSEDED Certificate was revoked because a new certificate was issued
Number CESSATIONOFOPERATION Certificate was revoked because the CA discontinued operation
Number CERTIFICATEHOLD Certificate is on hold
Number REMOVEFROMCRL Certificate was revoked and can now be removed form CRL
Number PRIVILEGEWITHDRAWN Certificate was revoked because the privileges granted by to the owner were withdrawn
Number AACOMPROMISE Certificate was revoked

Constructor

Prototype

OCSPQuery(X509 rootCert, X509 issuerCert)

OCSPQuery(X509 issuerCert)

Description

Create OCSPQuery object that can be used to collect certificates for which the the status can be queried from an OCSP responder.

The URL for the OCSP responder is taken from isserCert.

If the root certificate is ommited from the constructor, then the signature on the OCSP response is only validated against the list of certificates in the OCSPResponse. No link to a trusted anchor is verified in that case.

Arguments

Type Name Description
X509 rootCert Root certificate used for verification of OCSP response signature
X509 issuerCert Certificate of instance that issued the certificate for which a query should be done.

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Arguments must be of type X509

Example


rootcert = new X509("root.cer");
cacert = new X509("ca.cer");

query = new OCSPQuery(cacert);

query = new OCSPQuery(rootcert, cacert);

add()

Prototype

OCSPQuery add(X509 cert)

Description

Add a certificate to the query. The certificate must be issued by the instance identified by the isserCert certificate in the OCSPQuery constructor. Multiple certificates can be included in a single query.

Arguments

Type Name Description
X509 cert Certificate to include in query

Return

OCSPQuery The object this method is applied to

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call
GPError GPError.INVALID_DATA Certificate is invalid for inclusion in query

Example


goodcert = new X509("ee_good.cer");
revokedcert = new X509("ee_revoked.cer");

query.add(goodcert);
assert(query.add(revokedcert) instanceof OCSPQuery);

execute()

Prototype

OCSPQuery execute()

OCSPQuery execute(String url)

Description

Execute query against OCSP server. This is a one in all method. It extracts the URL from the issuer certificate (unless specified), builds the request, posts the message, obtains the response and decodes the status information.

Arguments

Type Name Description
String url URL of OCSP responder.

Return

OCSPQuery The object this method is applied to

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.DEVICE_ERROR The query could not be completed successfully

Example


assert(query.execute() instanceof OCSPQuery);

post()

Prototype

OCSPQuery post(String url, ByteString request)

OCSPQuery post(String url, ByteString request, String[] header)

Description

Send a request to the server identified by the url with a custom HTTP header. This method is suitable for test setups using custom build requests and header fields.

Arguments

Type Name Description
String url URL of OCSP responder.
ByteString request DER encoded request
String[] header Custom HTTP header field in the format "key: value". Will disable automatically generated header fields Content-Type and Content-Length.

Return

ByteString The response returned from the server

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE One or more arguments do not match
GPError GPError.DEVICE_ERROR The query could not be completed successfully

Example


var request = query.getRequest();
var response = query.post("http://ocsp.ecard.sozialversicherung.at", request);
assert(response.length > 0);

var header = [ "Content-Length: " + request.length, "Content-Type: application/ocsp-request" ];
var response = query.post("http://ocsp.ecard.sozialversicherung.at", request, header);
assert(response.length > 0);

getStatus()

Prototype

Number getStatus(X509 cert)

Description

Query status from cached result of previous query operation

Arguments

Type Name Description
X509 cert Certificate in question

Return

Number Status of the certificate as indicated by the responder. This is one of the constant values defined for this object.

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Arguments must be of type X509
GPError GPError.DEVICE_ERROR The query could not be completed successfully

Example


assert(query.getStatus(goodcert) == OCSPQuery.GOOD);
assert(query.getStatus(revokedcert) != OCSPQuery.GOOD);

getStatusString()

Prototype

String getStatusString(X509 cert)

Description

Query status from cached result of previous query operation and return a human readable string

Arguments

Type Name Description
X509 cert Certificate in question

Return

String Status of the certificate as indicated by the responder.

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Arguments must be of type X509
GPError GPError.DEVICE_ERROR The query could not be completed successfully

Example


print("ee_good.cer    : " + query.getStatusString(goodcert));
print("ee_revoked.cer : " + query.getStatusString(revokedcert));

getRevocationTime()

Prototype

Date getRevocationTime(X509 cert)

Description

Query revocation time from cached result of previous query operation

Arguments

Type Name Description
X509 cert Certificate in question

Return

Date Revocation time of the certificate as indicated by the responder.

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Arguments must be of type X509
GPError GPError.DEVICE_ERROR The query could not be completed successfully

Example


var rt = query.getRevocationTime(revokedcert);
assert(rt instanceof Date);
print("ee_revoked.cer : " + rt);

getRequest()

Prototype

ByteString getRequest()

Description

Obtain DER encoded OCSP request

Return

ByteString DER encoded request.

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.DEVICE_ERROR An error occured building the request

Example


req = query.getRequest();
assert(req instanceof ByteString);
print(req.toString(HEX));

getResponse()

Prototype

ByteString getResponse()

Description

Obtain DER encoded OCSP response as returned from OCSP server

Return

ByteString DER encoded response.

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.DEVICE_ERROR An error occured building the response

Example


res = query.getResponse();
assert(res instanceof ByteString);
print(res.toString(HEX));