demo.x509.ocsp
Class OCSP1

java.lang.Object
  |
  +--demo.x509.ocsp.OCSP1

public class OCSP1
extends Object

Tests the OCSP implementation.

This demo is similar to the OCPS demo but uses the ResponseGenerator utility for parsing a request and generating resonse. RequestGenerator and ResponseParser utilities for creating requests and parsing requests are planned for some of the next releases.

This class demonstrates the usage of the IAIK ocsp implementation by simulating the following actions in the given order:

  1. Requestor: creation and encoding of an ocsp request
  2. Responder: decoding and parsing of the ocsp request
  3. Responder: creation and encoding of an ocsp response for the given request
  4. Requestor: decoding, parsing, and verification of the response
The test sequence above is performed four times to simulate unsigned requests with and without extensions, and signed requests with and without extensions.

The keys and certificates required for this demo are obtained from the IAIK-JCE demo keystore "jce.keystore" which may be generated by running the SetupKeyStore program.

Version:
File Revision 15

Constructor Summary
OCSP1()
          Setup the demo certificate chains.
 
Method Summary
 OCSPRequest createOCSPRequest(PrivateKey requestorKey, X509Certificate[] requestorCerts, boolean includeExtensions)
          Creates an OCSPRequest.
 OCSPRequest createOCSPRequest(PrivateKey requestorKey, X509Certificate[] requestorCerts, X509Certificate[] targetCerts, boolean includeExtensions)
          Creates an OCSPRequest.
 byte[] createOCSPResponse(InputStream is)
          Creates an ocsp response answering the given ocsp request.
static void main(String[] argv)
          Starts the test.
 void parseForSingleResponse(ReqCert reqCert, BasicOCSPResponse basicOCSPResponse)
          Searches and parses the given basicOCSPResponse for the single response corresponding to the request idenitified by the given ReqCert.
 void parseOCSPResponse(OCSPResponse ocspResponse)
          Parses an ocsp response received and looks for the single responses included.
 void start()
          Performs three tests: Unsigned request without extensions.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

OCSP1

public OCSP1()
      throws IOException
Setup the demo certificate chains. Keys and certificates are retrieved from the demo KeyStore.
Throws:
IOException - if an file read error occurs
Method Detail

start

public void start()
Performs three tests:
  1. Unsigned request without extensions.
  2. Unsigned request with extensions.
  3. Signed request without extensions.
  4. Signed request with extensions.

createOCSPRequest

public OCSPRequest createOCSPRequest(PrivateKey requestorKey,
                                     X509Certificate[] requestorCerts,
                                     boolean includeExtensions)
                              throws OCSPException
Creates an OCSPRequest.
Parameters:
requestorKey - the private key of the requestor, or null if the request shall not be signed
requestorCerts - if the request shall be signed (requestorKey != null) and signer certs shall be included
includeExtensions - if extensions shall be included
Returns:
the OCSPRequest created
Throws:
OCSPException - if an error occurs when creating the request

createOCSPRequest

public OCSPRequest createOCSPRequest(PrivateKey requestorKey,
                                     X509Certificate[] requestorCerts,
                                     X509Certificate[] targetCerts,
                                     boolean includeExtensions)
                              throws OCSPException
Creates an OCSPRequest.
Parameters:
requestorKey - the private key of the requestor, or null if the request shall not be signed
requestorCerts - if the request shall be signed (requestorKey != null) and signer certs shall be included
targetCerts - the certs for which status information shall be included
includeExtensions - if extensions shall be included
Returns:
the OCSPRequest created
Throws:
OCSPException - if an error occurs when creating the request

createOCSPResponse

public byte[] createOCSPResponse(InputStream is)
                          throws OCSPException
Creates an ocsp response answering the given ocsp request.
Parameters:
is - the encoded OCSP request supplied from an input stream
includeExtensions - if extensions shall be included
Returns:
the DER encoded OCSPResponse
Throws:
OCSPException - if an error occurs when creating the response

parseOCSPResponse

public void parseOCSPResponse(OCSPResponse ocspResponse)
                       throws OCSPException
Parses an ocsp response received and looks for the single responses included.
Parameters:
ocspResponse - the OCSP response
Throws:
OCSPException - if an error occurs when creating the response

parseForSingleResponse

public void parseForSingleResponse(ReqCert reqCert,
                                   BasicOCSPResponse basicOCSPResponse)
                            throws OCSPException
Searches and parses the given basicOCSPResponse for the single response corresponding to the request idenitified by the given ReqCert.
Parameters:
the - reqCert the ReqCert identifying the request
basicOCSPResponse - the basic OCSP response
Throws:
OCSPException - if no reponse is included for the request in mind

main

public static void main(String[] argv)
                 throws Exception
Starts the test.
Throws:
Exception - if an error occurs when reading required keys and certificates from files

This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).

IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK