iaik.security.ssl
Class OCSPCertStatusChainVerifier

java.lang.Object
  iaik.security.ssl.ChainVerifier
      iaik.security.ssl.OCSPCertStatusChainVerifier

Direct Known Subclasses:

TLS13OCSPCertStatusChainVerifier

public class OCSPCertStatusChainVerifier
extends ChainVerifier

This class represents a ChainVerifier to may be used on the client side for checking OCSP certificate status information about the server certificate when the server sends a certificate_status handshake message in response to a status_request extension sent by the client. This class works in the same way as the parent ChainVerifier class, except for that it additionally checks OCSP status information sent by the server.

Since OCSP cannot be handled in a crypto-provider independent way, using this class requires that you have IAIK-JCE (iaik_jce(_full).jar)) in your classpath. Note that by default the standard ChainVerifier is used for certificate chain verification. To enable this OCSPCertStatusChainVerifier set it for your SSLClientContext:

  SSLClientContext clientContext = new SSLClientContext();
  ...
  OCSPCertStatusChainVerifier ocspCertStatusChainVerifier = new OCSPCertStatusChainVerifier();
  clientContext.setChainVerifier(ocspCertStatusChainVerifier);
 

If the server has sent an OCSP certificate_status message, this class -- after having verified the server certificate chain -- checks the provided status information and rejects the server certificate if any of the following conditions occur:

• If the status type is not ocsp
• If the response status is not successful.
• If the response type is not id-pkix-ocsp-basic.
• If the response signature verification fails.
• If the responder is not authorized for signing OCSP responses for the server certificate (this step, for instance, checks if the response signer cert contains an ocsp_signing ExtendedKeyUsage extension (if the response signer is different from the server certificate issuer); or if the response signer is registered as trusted responder (if trusted responders have been set).
• If the OCSP response does not contain a SingleResponse for the server certificate
• If the cert status for the server certificate is not good
• If the single response is out-of-time
• If the status_request message sent to the server contains responder ids they are checked against the id of the responder. If the id does not match the server certificate is rejected and a bad_certificate_status_response alert is sent to the server
• If the status_request message sent to the server contains a Nonce extension it is checked against the Nonce extension contained in the response. If the response does not contain a Nonce extension or does contain a different Nonce extension, the server certificate is rejected and a bad_certificate_status_response alert is sent to the server. Other request extensions are not checked since they cannot be handled in a global way.
• If the response signer is not the server cert issuer, the response signer cert chain is verified and the server certificate is rejected if the verification fails.
• If any of the required response/request/certificate parsing operation fails

See Also:

ChainVerifier, CertificateStatusRequest

Field Summary

Fields inherited from class iaik.security.ssl.ChainVerifier

CACHE_SIZE, cachedCerts, cacheSize, checkServerName, nullTrusted, trustedCerts

Constructor Summary

OCSPCertStatusChainVerifier()
Creates a new ChainVerifier.

Method Summary

void	setAccuracy(long accuracy) Sets the accuracy for time interval checking.
void	setTrustedResponders(TrustedResponders trustedResponders) Sets any trusted responders for mapping trust between responders to ca certificates.
boolean	verifyChain(java.security.cert.X509Certificate[] certs, SSLTransport transport, int statusType, byte[] statusRequest, byte[] statusResponse) Verifies the server certificate chain.
protected boolean	verifyDelegatedResponderCert(X509Certificate responderCertificate, X509Certificate[] responderCertificates, ResponderID responderID, X509Certificate issuerCertificate, SSLTransport transport) Verified the response signer certificate of a delegated OCSP responder.

Methods inherited from class iaik.security.ssl.ChainVerifier

addTrustedCertificate, cacheCertificate, cacheCertificates, clearCachedCertificates, clearTrustedCertificates, dumpCertificateChain, getCertificateChain, getCheckServerName, getIssuerCertificate, getTrustedCertificates, getTrustedCertificatesArray, getTrustedPrincipals, getTrustedPrincipalsArray, isCachedCertificate, isTrustedCertificate, removeTrustedCertificate, setCacheSize, setCheckServerName, size, verifyCertificate, verifyChain, verifyChain, verifyClient, verifyServer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OCSPCertStatusChainVerifier

public OCSPCertStatusChainVerifier()

Creates a new ChainVerifier. Initially the list of trusted certificates is empty.

Method Detail

verifyChain

public boolean verifyChain(java.security.cert.X509Certificate[] certs,
                           SSLTransport transport,
                           int statusType,
                           byte[] statusRequest,
                           byte[] statusResponse)
                    throws SSLCertificateRuntimeException

Verifies the server certificate chain.

This method works in the same way as the same-named method of the parent ChainVerifier class, but additionally also checks an OCSP cert_status message, if sent from the server in response to a certificate status_request extension sent by the client.

The statusRequest and statusResponse parameters are only meaningful on the client side and only if client and server have agreed that the server shall provide certificate status information in response to a CertificateStatusRequest extension sent by the client.
In this case, if both statusRequest and statusResponse are not null, they represent the (TLS) encoded request field of a CertificateStatusRequest TLS extension sent to the server and the (TLS) encoded response field of the CertificateStatus handshake message received from the server (see RFC 4366). This ChainVerifier then uses this information to check the revocation status of the server certificate.

Overrides:

verifyChain in class ChainVerifier

Parameters:

certs - the certificate chain to be verified

transport - the SSLTransport, maybe required to query for information (e.g. client mode) and/or printing debug information

statusType - the type of the certificate status request sent to the server (and of the status response received from the server), or -1 if no status_request extension has been sent to the server (or we are on the server side)

statusRequest - the (TLS) encoded status request sent to the server, or null if no status_request extension has been sent to the server, or we are on the server side

statusResponse - the (TLS) encoded status response of the requested type containing (revocation) status information for the certificates sent by the server, or null if no status response has been sent by the server (or we are on the server side)

Throws:

SSLCertificateRuntimeException - maybe used by an application to wrap an exception thrown by some self-designed ChainVerifier implementation

See Also:

OCSPCertStatusChainVerifier

setTrustedResponders

public void setTrustedResponders(TrustedResponders trustedResponders)

Sets any trusted responders for mapping trust between responders to ca certificates.

If a basic OCSP response is not signed by the same issuer that has signed the target certificate it has to be checked if the response signer is authorized to sign the response. In this case the certificate of the response signer has to be issued by the issuer of the target certificate and has to contain the ExtendedKeyUsage extension indicating the id-kp-OCSPSigning purpose.
You can use this method to set trusted responders for specifying the set of CAs for which each responder is trusted.

An OCSP Responder is identified by its ResponderID. Each entry contained in the given TrustedResponders repository maps the ID of the responder in mind to a CA certificate which has authorized this responder for signing the response, e.g.:

 // serverCerts[0] contains the server certificate for which revocation information shall be requested
 // serverCerts[0] is signed by serverCerts[1]
 X509Certificate[] serverCerts = ...;
 // responder cert is the cert used by the responder for signing a response
 X509Certificate responderCert = ...;
 // we want to trust this responder for signing responses for certs issued by serverCerts[1]
 TrustedResponders trustedResponders = new TrustedResponders();
 ResponderID responderID = new ResponderID((Name)responderCert.getSubjectDN());
 trustedResponders.addTrustedResponderEntry(responderID, serverCerts[1]);
 // add to ChainVerifier
 OCSPCertStatusChainVerifier chainVerifier = new OCSPCertStatusChainVerifier();
 ...
 chainVerifier.setTrustedResponders(trustedResponders);
 

Parameters:

trustedResponders - the trusted responders

setAccuracy

public void setAccuracy(long accuracy)

Sets the accuracy for time interval checking. The accuracy is used when checking if the ocsp response (thisUpdate, nextUpdate interval) is just-in-time. Since the responder may have a different timimg source the accuracy may specify tolerance bounds to the timing interval (default: 1 minute)

Parameters:

accuracy - the accuracy (in milliseconds) for time checking; default: 60000 (1 minute)

verifyDelegatedResponderCert

protected boolean verifyDelegatedResponderCert(X509Certificate responderCertificate,
                                               X509Certificate[] responderCertificates,
                                               ResponderID responderID,
                                               X509Certificate issuerCertificate,
                                               SSLTransport transport)
                                        throws SSLCertificateException

Verified the response signer certificate of a delegated OCSP responder.
This method is only called if the certificate of the response signer is not equal to the certificate that has issued the server certificate. In this case we have a delegated OCSP responder whose certificate is checked by this method in the following way:

• If trusted responder information has been configured, this method checks if the responder cert does contain an ocsp-signing ExtendedKeyUsage extension and has been authorized by the server certificate issuer for signing OCSP responses for the server certificate.
• If no trusted responder information has been configured, this method prints a WARNING message if the responder cert has not been issued by the server certificate issuer or has not been authorized for signing OCSP responses
• The certificate chain of the responder is checked of leading to any of the trust anchors of this ChainVerifier

Parameters:

responderCertificate - the certificate of the response signer

responderCertificates - the responder certificates (as contained in the BasicOCSPResponse); may have to be sorted

responderID - the responder id

issuerCertificate - the certificate that has issued the server certificate for which we have got an OCSP response

transport - the SSLTransport (used for debugging info)

Returns:

true if the responder cert has been successfully verified, false if it has not been successfully verified

Throws:

SSLCertificateException - if an error occurs while checking the responder certificate