iaik.x509.ocsp
Class OCSPResponse

java.lang.Object
  |
  +--iaik.x509.ocsp.OCSPResponse

public class OCSPResponse

extends Object

This class implements the OCSP type OCSPResponse.

The X.509 Online Certificate Status Protocol (RFC 2560) specifies the OCSPResponse type for giving the format of a response message that may be send to a OCSP requestor in response to a certificate status information request:

 OCSPResponse ::= SEQUENCE {
   responseStatus         OCSPResponseStatus,
   responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
 

An OCSP response at a minimum consists of a responseStatus field indicating the processing status of the prior request. If the value of responseStatus is one of the error conditions, responseBytes are not set. Note that responseStatus type "noMoreData" has been introduced by OCSPv2 (see draft-ietf-pkix-ocspv2-01.txt).

 OCSPResponseStatus ::= ENUMERATED {
   successful            (0),      --Response has valid confirmations
   malformedRequest      (1),      --Illegal confirmation request
   internalError         (2),      --Internal error in issuer
   tryLater              (3),      --Try again later
                                   --(4) is not used
   sigRequired           (5),      --Must sign the request
   unauthorized          (6)       --Request unauthorized }
   noMoreData            (7)       --No more data available }
 

OCSP responses can be of various types. An OCSP response consists of a response type and the bytes of the actual response. There is one basic type of OCSP response that MUST be supported by all OCSP servers and clients. This OCSP implementation supports the BasicOCSPResponse, but also provides an easy machanism allowing application to implement any other response type and register the corresponding class by its object identifier (see class ResponseBytes for more information.

When creating an OCSPResponse you have to set the response status information, e.g.:

 OCSPResponse ocspResponse = new OCSPResponse(OCSPResponse.malformedRequest);
 

In the case of an successful OCSPResponse you immediately may supply the response component to the constructor. The response status is set to "successful" and ResponseBytes are created automatically, e.g.:

 BasicOCSPResponse basicOCSPResponse = ...;
 ...
 OCSPResponse ocspResponse = new OCSPResponse(basicOCSPResponse);
 

For DER encoding the OCSP response you may call method writeTo or getEncoded:

 OutputStream os = ...;
 ocspResponse.writeTo(os);
 

A requestor receiving an ocsp response, checks the response status and -- if successful -- gets the response included:

 // the stream supplying the encoded OCSP response:
 InputStream is = ...;
 OCSPResponse ocspResponse = new OCSPResponse(is);
 // get the response status:
 int responseStatus = ocspResponse.getResponseStatus();
 if (responseStatus != OCSPResponse.successful) {
   System.out.println("Not successful; got response status: " + 
                       ocspResponse.getResponseStatusName());   
   ...  
 } else {
   // get the included response
   Response response = ocspResponse.getResponse();
   ...
 

Version:

File Revision 11

See Also:

OCSPRequest, Request, BasicOCSPResponse, ResponseBytes, SingleResponse, ReqCert, CertStatus

Field Summary

static int	internalError Response status "internalError" (2) indicating an internal responder error.
static int	malformedRequest Response status "malformedRequest" (1) indicating that the request received is not OCSP-syntax-conform.
static int	noMoreData Response status "noMoreData" (7) indicating that the server has previously returned the last positive response to a related sequence of requests
static int	sigRequired Response status "sigRequired" (5) requiring a request to be signed.
static int	successful Response status "successful" (0) indicating that the response has valid confirmation.
static int	tryLater Response status "tryLater" (3) indicating that the request should be resend at later because the server temporarily cannot respond.
static int	unauthorized Response status "unauthorized" (6) indicating an unauthorized request.

Constructor Summary

OCSPResponse(ASN1Object obj)
Creates an OCSPResponse from its ASN.1 representation.

OCSPResponse(byte[] array)
Creates an OCSPResponse from its DER encoding.

OCSPResponse(InputStream is)
Creates an OCSPResponse from its DER encoding.

OCSPResponse(int responseStatus)
Creates an OCSPResponse for the given response status.

OCSPResponse(Response response)
Creates an OCSPResponse from the given response.

OCSPResponse(ResponseBytes responseBytes)
Creates an OCSPResponse for the given response bytes.

Method Summary

void	decode(ASN1Object obj) Decodes an OCSPResponse from its ASN.1 representation.
void	decode(InputStream is) Decodes an OCSPResponse from its DER encoding.
byte[]	getEncoded() DER encodes this OCSP response.
Response	getResponse() Returns the response component of the ResponseBytes, if included.
ResponseBytes	getResponseBytes() Returns the response bytes, if included.
int	getResponseStatus() Returns the response status.
String	getResponseStatusName() Returns the response status as String.
ObjectID	getResponseType() Returns the response type oid of the ResponseBytes, if included.
void	setResponse(Response response) Sets the response of this OCSPResponse.
void	setResponseBytes(ResponseBytes responseBytes) Sets the response bytes of this OCSPResponse.
ASN1Object	toASN1Object() Returns this OCSP response as ASN1Object.
String	toString() Returns a String representation of this OCSP response.
void	writeTo(OutputStream os) Writes this OCSPResponse DER encoded to the given output stream.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

successful

public static final int successful

Response status "successful" (0) indicating that the response has valid confirmation.

malformedRequest

public static final int malformedRequest

Response status "malformedRequest" (1) indicating that the request received is not OCSP-syntax-conform.

internalError

public static final int internalError

Response status "internalError" (2) indicating an internal responder error.

tryLater

public static final int tryLater

Response status "tryLater" (3) indicating that the request should be resend at later because the server temporarily cannot respond.

sigRequired

public static final int sigRequired

Response status "sigRequired" (5) requiring a request to be signed.

unauthorized

public static final int unauthorized

Response status "unauthorized" (6) indicating an unauthorized request.

noMoreData

public static final int noMoreData

Response status "noMoreData" (7) indicating that the server has previously returned the last positive response to a related sequence of requests

Constructor Detail

OCSPResponse

public OCSPResponse(int responseStatus)
             throws IllegalArgumentException

Creates an OCSPResponse for the given response status. If the reponse status is "succesfull" (1) use method setResponseBytes for setting the resonse bytes.

Parameters:

responseStatus - the response status

Throws:

IllegalArgumentException - if the responseStatus is invalid

OCSPResponse

public OCSPResponse(ResponseBytes responseBytes)

Creates an OCSPResponse for the given response bytes. The response status is set to "successful" (1).

Parameters:

responseBytes - the response bytes

OCSPResponse

public OCSPResponse(Response response)

Creates an OCSPResponse from the given response. The response status is set to "successful" (1). ResponseBytes are internally creates from the given response.

Parameters:

response - the response

OCSPResponse

public OCSPResponse(ASN1Object obj)
             throws CodingException,
                    UnknownResponseException

Creates an OCSPResponse from its ASN.1 representation.

If the reponse is a successful one, response bytes are present. When parsing the response bytes, an unknown response type may be included. In this case this constructor throws an UnknownResponseException to be queried for information about the unknown response.

Parameters:

obj - the OCSPResponse as ASN1Object

Throws:

CodingException - if the ASN1Object cannot be parsed or the response status is invalid

UnknownResponseException - if the response is a successful response but the ResponseBytes included contain an response of unknown (= unsupported) type

OCSPResponse

public OCSPResponse(InputStream is)
             throws IOException,
                    UnknownResponseException

Creates an OCSPResponse from its DER encoding.

If the reponse is a successful one, response bytes are present. When parsing the response bytes, an unknown response type may be included. In this case this constructor throws an UnknownResponseException to be queried for information about the unknown response.

Parameters:

is - the input stream supplying the DER encoded OCSPResponse

Throws:

IOException - if the ASN1Object cannot be parsed or the response status is invalid

UnknownResponseException - if the response is a successful response but the ResponseBytes included contain an response of unknown (= unsupported) type

OCSPResponse

public OCSPResponse(byte[] array)
             throws CodingException,
                    UnknownResponseException

Creates an OCSPResponse from its DER encoding.

If the reponse is a successful one, response bytes are present. When parsing the response bytes, an unknown response type may be included. In this case this constructor throws an UnknownResponseException to be queried for information about the unknown response.

Parameters:

array - the DER encoded OCSPResponse as byte array

Throws:

CodingException - if the ASN1Object cannot be parsed or the response status is invalid

UnknownResponseException - if the response is a successful response but the ResponseBytes included contain an response of unknown (= unsupported) type

Method Detail

setResponseBytes

public void setResponseBytes(ResponseBytes responseBytes)

Sets the response bytes of this OCSPResponse. The response status is set to "successful" (1).

Parameters:

responseBytes - the response bytes

setResponse

public void setResponse(Response response)

Sets the response of this OCSPResponse. The response status is set to "successful" (1). ResponseBytes are internally creates from the given response.

Parameters:

response - the response

getResponseBytes

public ResponseBytes getResponseBytes()

Returns the response bytes, if included.

getResponse

public Response getResponse()

Returns the response component of the ResponseBytes, if included. This method only provides an alternative for getting immediately to the response instead of calling getResponseBytes().getResponse(). This method returns null, if no response bytes are included.

getResponseType

public ObjectID getResponseType()

Returns the response type oid of the ResponseBytes, if included. This method only provides an alternative for getting immediately to the response type instead of calling getResponseBytes().getResponseType(). This method returns null, if no response bytes are included.

getResponseStatus

public int getResponseStatus()

Returns the response status.

• successful: 0
• malformedRequest: 1
• internalError: 2
• tryLater: 3
• sigRequired: 5
• unauthorized: 6
• noMoreData: 7

getResponseStatusName

public String getResponseStatusName()

Returns the response status as String.

• successful: 0
• malformedRequest: 1
• internalError: 2
• tryLater: 3
• sigRequired: 5
• unauthorized: 6
• noMoreData: 7

decode

public void decode(ASN1Object obj)
            throws CodingException,
                   UnknownResponseException

Decodes an OCSPResponse from its ASN.1 representation.

If the reponse is a successful one, response bytes are present. When parsing the response bytes, an unknown response type may be included. In this case this method throws an UnknownResponseException to be queried for information about the unknown response.

Parameters:

obj - the OCSPResponse as ASN1Object

Throws:

CodingException - if the ASN1Object cannot be parsed or the response status is invalid

UnknownResponseException - if ResponseBytes are included containing an response of unknown (= unsupported) type

decode

public void decode(InputStream is)
            throws IOException,
                   UnknownResponseException

Decodes an OCSPResponse from its DER encoding.

If the reponse is a successful one, response bytes are present. When parsing the response bytes, an unknown response type may be included. In this case this method throws an UnknownResponseException to be queried for information about the unknown response.

Parameters:

is - the input stream supplying the DER encoded OCSPResponse

Throws:

IOException - if the ASN1Object cannot be parsed or the response status is invalid

UnknownResponseException - if ResponseBytes are included containing an response of unknown (= unsupported) type

toASN1Object

public ASN1Object toASN1Object()

Returns this OCSP response as ASN1Object.

Returns:

this OCSP response as ASN1Objecz.

getEncoded

public byte[] getEncoded()

DER encodes this OCSP response.

Returns:

the DER encoding of this OCSP response

writeTo

public void writeTo(OutputStream os)
             throws IOException

Writes this OCSPResponse DER encoded to the given output stream.

Parameters:

os - the output stream to which to write the response

Throws:

IOException - if an error occurs while writing to the stream

toString

public String toString()

Returns a String representation of this OCSP response.

Overrides:

toString in class Object

Returns:

a string representation of this OCSP response