Package eu.europa.esig.dss.service.ocsp

Class OnlineOCSPSource

java.lang.Object
eu.europa.esig.dss.service.ocsp.OnlineOCSPSource
All Implemented Interfaces:
OCSPSource, OnlineRevocationSource<OCSP>, RevocationSource<OCSP>, RevocationSourceAlternateUrlsSupport<OCSP>, Serializable
public class OnlineOCSPSource
extends Object
implements OCSPSource, RevocationSourceAlternateUrlsSupport<OCSP>, OnlineRevocationSource<OCSP>
Online OCSP repository. This implementation will contact the OCSP Responder to retrieve the OCSP response.
See Also:
Serialized Form

  • Constructor Details

    • OnlineOCSPSource

      public OnlineOCSPSource()
      Create an OCSP source The default constructor for OnlineOCSPSource. The default OCSPDataLoader is set. It is possible to change it with #setDataLoader(dataLoader).

    • OnlineOCSPSource

      public OnlineOCSPSource​(DataLoader dataLoader)
      Creates an Online OCSP Source with the provided DataLoader instance. It is still possible to change the defined instance with #setDataLoader(dataLoader).
      Parameters:
      dataLoader - DataLoader to use

  • Method Details

    • setDataLoader

      public void setDataLoader​(DataLoader dataLoader)
      Description copied from interface: OnlineRevocationSource
      Set the DataLoader to use for querying a revocation server.
      Specified by:
      setDataLoader in interface OnlineRevocationSource<OCSP>
      Parameters:
      dataLoader - the component that allows to retrieve a revocation response using HTTP.

    • setNonceSource

      public void setNonceSource​(NonceSource nonceSource)
      Set the NonceSource to use for querying the OCSP server.
      Parameters:
      nonceSource - the component that prevents the replay attack.

    • setCertIDDigestAlgorithm

      public void setCertIDDigestAlgorithm​(DigestAlgorithm certIDDigestAlgorithm)
      This method allows setting of DigestAlgorithm to be used in hash calculation for CertID element in an OCSP request building
      Parameters:
      certIDDigestAlgorithm - DigestAlgorithm

    • setDigestAlgorithmsForExclusion

      public void setDigestAlgorithmsForExclusion​(Collection<DigestAlgorithm> digestAlgorithmsForExclusion)
      Sets a collection of DigestAlgorithms for exclusion If an OCSPToken is signed with a listed algorithm, the OCSPToken will be skipped
      Parameters:
      digestAlgorithmsForExclusion - an array if DigestAlgorithms

    • getRevocationToken

      public OCSPToken getRevocationToken​(CertificateToken certificateToken, CertificateToken issuerCertificateToken)
      Description copied from interface: RevocationSource
      This method retrieves a RevocationToken for the certificateToken
      Specified by:
      getRevocationToken in interface OCSPSource
      Specified by:
      getRevocationToken in interface RevocationSource<OCSP>
      Parameters:
      certificateToken - The CertificateToken for which the request is made
      issuerCertificateToken - The CertificateToken which is the issuer of the certificateToken
      Returns:
      an instance of RevocationToken

    • getRevocationToken

      public OCSPToken getRevocationToken​(CertificateToken certificateToken, CertificateToken issuerCertificateToken, List<String> alternativeUrls)
      Description copied from interface: RevocationSourceAlternateUrlsSupport
      Gets an RevocationToken for the given certificate / issuer's certificate couple. The coherence between the response and the request is checked.
      Specified by:
      getRevocationToken in interface RevocationSourceAlternateUrlsSupport<OCSP>
      Parameters:
      certificateToken - The CertificateToken for which the request is made
      issuerCertificateToken - The CertificateToken which is the issuer of the certificateToken
      alternativeUrls - The list of alternative urls to call
      Returns:
      RevocationToken containing information about the validity of the cert