Class Overview
This is a class that checks the revocation status of a certificate(s) using
OCSP. It is not a PKIXCertPathChecker and therefore can be used outside of
the CertPathValidator framework. It is useful when you want to
just check the revocation status of a certificate, and you don't want to
incur the overhead of validating all of the certificates in the
associated certificate chain.
Summary
| Nested Classes |
|---|
|
interface |
OCSP.RevocationStatus |
The Revocation Status of a certificate. |
|
[Expand]
Inherited Methods |
|---|
From class
java.lang.Object
|
Object
|
clone()
Creates and returns a copy of this object.
|
|
boolean
|
equals(Object obj)
Indicates whether some other object is "equal to" this one.
|
|
void
|
finalize()
Called by the garbage collector on an object when garbage collection
determines that there are no more references to the object.
|
|
final
Class<?>
|
getClass()
Returns the runtime class of this Object.
|
|
int
|
hashCode()
Returns a hash code value for the object.
|
|
final
void
|
notify()
Wakes up a single thread that is waiting on this object's
monitor.
|
|
final
void
|
notifyAll()
Wakes up all threads that are waiting on this object's monitor.
|
|
String
|
toString()
Returns a string representation of the object.
|
|
final
void
|
wait()
Causes the current thread to wait until another thread invokes the
notify() method or the
notifyAll() method for this object. |
|
final
void
|
wait(long timeout, int nanos)
Causes the current thread to wait until another thread invokes the
notify() method or the
notifyAll() method for this object, or
some other thread interrupts the current thread, or a certain
amount of real time has elapsed. |
|
final
void
|
wait(long timeout)
Causes the current thread to wait until either another thread invokes the
notify() method or the
notifyAll() method for this object, or a
specified amount of time has elapsed. |
|
Public Methods
Obtains the revocation status of a certificate using OCSP.
Parameters
| cert
| the certificate to be checked |
| issuerCert
| the issuer certificate |
| responderURI
| the URI of the OCSP responder |
| responderCert
| the OCSP responder's certificate |
| date
| the time the validity of the OCSP responder's certificate
should be checked against. If null, the current time is used. |
Throws
| IOException
| if there is an exception connecting to or
communicating with the OCSP responder |
| CertPathValidatorException
| if an exception occurs while
encoding the OCSP Request or validating the OCSP Response
|
Obtains the revocation status of a certificate using OCSP using the most
common defaults. The OCSP responder URI is retrieved from the
certificate's AIA extension. The OCSP responder certificate is assumed
to be the issuer's certificate (or issued by the issuer CA).
Parameters
| cert
| the certificate to be checked |
| issuerCert
| the issuer certificate |
Throws
| IOException
| if there is an exception connecting to or
communicating with the OCSP responder |
| CertPathValidatorException
| if an exception occurs while
encoding the OCSP Request or validating the OCSP Response
|
public
static
URI
getResponderURI
(X509Certificate cert)
Returns the URI of the OCSP Responder as specified in the
certificate's Authority Information Access extension, or null if
not specified.
Returns
- the URI of the OCSP Responder, or null if not specified