Package org.ejbca.core.protocol.ocsp

Source Code of org.ejbca.core.protocol.ocsp.OCSPUnidResponse

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
/*************************************************************************
*                                                                       *
*  EJBCA: The OpenSource Certificate Authority                          *
*                                                                       *
*  This software is free software; you can redistribute it and/or       *
*  modify it under the terms of the GNU Lesser General Public           *
*  License as published by the Free Software Foundation; either         *
*  version 2.1 of the License, or any later version.                    *
*                                                                       *
*  See terms of license at gnu.org.                                     *
*                                                                       *
*************************************************************************/

package org.ejbca.core.protocol.ocsp;

import java.util.Date;

import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.RevokedStatus;
import org.bouncycastle.ocsp.SingleResp;
import org.bouncycastle.ocsp.UnknownStatus;

/** Class holding data returned by the OCSPUnidExtension
*
* @author tomas
* @version $Id: OCSPUnidResponse.java 9334 2010-07-01 11:49:03Z jeklund $
*
*/
public class OCSPUnidResponse {
 
    /** Constants capturing the OCSP response status.
     * These are the return codes defined in the RFC.
     * The codes are just used for simple access to the OCSP return value.
     */
    public static final int OCSP_GOOD = 0;
    public static final int OCSP_REVOKED = 1;
    public static final int OCSP_UNKNOWN = 2;

    //
    // Constants for error status
    //
    /**
     * This is the standard code when no error occurred. Ideally this should always be the returned value.
     */
    public static final int ERROR_NO_ERROR = 0;
    /**
     * An unknown error has occurred (for example internal server error on the OCSP responder) .
     */
  public static final int ERROR_UNKNOWN = 1;
    /**
     * You are not authorized to perform a FNR/UNID lookup.
     */
  public static final int ERROR_UNAUTHORIZED = 2;
    /**
     * There was no response from the server.
     */
  public static final int ERROR_NO_RESPONSE = 3;
    /**
     * This error is returned when the signature of the OCSP-response sent by the server has an invalid
     * signature. This should typically never happen unless the OCSP-server is compromised in someway,
     * a fake OCSP-server is installed or something went wrong with the communication so the response
     * was truncated.
     */
  public static final int ERROR_INVALID_SIGNATURE = 4;
    /**
     * This error is returned when the signerId in the OCSP-response sent by the server does not match
     * the first certificate in the chain in the response.
     * This should typically never happen unless the OCSP-server is broken.
     */
  public static final int ERROR_INVALID_SIGNERID = 5;
    /**
     * This error is returned when the OCSP signers certificate can not be verified using the CA-certificate.
     * This should typically never happen unless the OCSP-server is broken or compromised.
     */
  public static final int ERROR_INVALID_SIGNERCERT = 6;
    /**
     * You did not specify a URI in the call, and there is not one embedded in the certificate.
     */
    public static final int ERROR_NO_OCSP_URI = 7;
    /**
     * The nonce in the response did not match the nonce sent in the request.
     */
    public static final int ERROR_INVALID_NONCE = 8;

  /*
   * Private vaiables
   */
  private OCSPResp resp = null;
  private String fnr = null;
  private int httpReturnCode = 200;
  private int errCode = OCSPUnidResponse.ERROR_NO_ERROR;
 
  public OCSPUnidResponse() {
  }
  public OCSPUnidResponse(OCSPResp ocspresp) {
    this.resp = ocspresp;
  }
  public int getHttpReturnCode() {
    return httpReturnCode;
  }
  public void setHttpReturnCode(int code) {
    httpReturnCode = code;
  }
  public int getErrorCode() {
    return errCode;
  }
  public void setErrorCode(int code) {
    errCode = code;
  }
  public String getFnr() {
    return fnr;
  }
  public void setFnr(String fnr) {
    this.fnr = fnr;
  }
  public OCSPResp getResp() {
    return resp;
  }
  public void setResp(OCSPResp resp) {
    this.resp = resp;
  }
  public int getStatus() {
        if (resp == null) {
            return OCSPUnidResponse.OCSP_UNKNOWN;
        }
    try {
      BasicOCSPResp brep;
      brep = (BasicOCSPResp) resp.getResponseObject();
      SingleResp[] singleResps = brep.getResponses();
      SingleResp singleResp = singleResps[0];
      Object status = singleResp.getCertStatus();
      if (status == null) {
        return OCSPUnidResponse.OCSP_GOOD;
      }
      if (status instanceof RevokedStatus) {
        return OCSPUnidResponse.OCSP_REVOKED;
      }
      if (status instanceof UnknownStatus) {
        return OCSPUnidResponse.OCSP_UNKNOWN;
      }
    } catch (OCSPException e) {
      // Ignore, default return
    }
    return OCSPUnidResponse.OCSP_UNKNOWN;
   
  }
 
  /** Returns the OCSP response status
   *
   * @return the response code of the OCSP message, OCSPRespGenerator.XX for example OCSPRespGenerator.SIG_REQUIRED
   */
  public int getResponseStatus() {
        if (resp == null) {
            return OCSPUnidResponse.ERROR_UNKNOWN;
        }
        return resp.getStatus();
  }
 
  public Date getProducedAt() throws OCSPException {
    return ((BasicOCSPResp)resp.getResponseObject()).getProducedAt();
  }
 
  public Date getThisUpdate() throws OCSPException {
    return ((BasicOCSPResp)resp.getResponseObject()).getResponses()[0].getThisUpdate();
  }
 
  public Date getNextUpdate() throws OCSPException {
    return ((BasicOCSPResp)resp.getResponseObject()).getResponses()[0].getNextUpdate();
  }
 
}
TOP

Related Classes of org.ejbca.core.protocol.ocsp.OCSPUnidResponse

  • org.bouncycastle.ocsp.BasicOCSPResp
  • org.bouncycastle.ocsp.SingleResp
  • org.ejbca.ui.cli.Ocsp
  • org.ejbca.ui.cli.Ocsp$StressTest$Lookup
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.