Package org.keycloak.crypto.fips

Class BCFIPSOCSPProvider

java.lang.Object

org.keycloak.utils.OCSPProvider

org.keycloak.crypto.fips.BCFIPSOCSPProvider

public class BCFIPSOCSPProvider
extends OCSPProvider

Since:

10/29/2016

Version:

$Revision: 1 $

Author:

Peter Nalyvayko

Nested Class Summary

Nested classes/interfaces inherited from class org.keycloak.utils.OCSPProvider

OCSPProvider.OCSPRevocationStatus, OCSPProvider.RevocationStatus

Field Summary

Fields inherited from class org.keycloak.utils.OCSPProvider

OCSP_CONNECT_TIMEOUT, TIME_SKEW

Constructor Summary

Constructors

Constructor	Description
BCFIPSOCSPProvider()

Method Summary

Modifier and Type	Method	Description
protected OCSPProvider.OCSPRevocationStatus	check(KeycloakSession session, X509Certificate cert, X509Certificate issuerCertificate, List<URI> responderURIs, X509Certificate responderCert, Date date)	Requests certificate revocation status using OCSP.
protected List<String>	getResponderURIs(X509Certificate cert)	Extracts OCSP responder URI from X509 AIA v3 extension, if available.
protected org.bouncycastle.cert.ocsp.OCSPResp	getResponse(KeycloakSession session, org.bouncycastle.cert.ocsp.OCSPReq ocspReq, URI responderUri)

Methods inherited from class org.keycloak.utils.OCSPProvider

check, check, check, getEncodedOCSPResponse, unknownStatus

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BCFIPSOCSPProvider

public BCFIPSOCSPProvider()

Method Detail

getResponse

protected org.bouncycastle.cert.ocsp.OCSPResp getResponse(KeycloakSession session,
                                                          org.bouncycastle.cert.ocsp.OCSPReq ocspReq,
                                                          URI responderUri)
                                                   throws IOException,
                                                          InterruptedException

Throws:

IOException

InterruptedException

check

protected OCSPProvider.OCSPRevocationStatus check(KeycloakSession session,
                                                  X509Certificate cert,
                                                  X509Certificate issuerCertificate,
                                                  List<URI> responderURIs,
                                                  X509Certificate responderCert,
                                                  Date date)
                                           throws CertPathValidatorException

Requests certificate revocation status using OCSP.

Specified by:

check in class OCSPProvider

Parameters:

cert - the certificate to be checked

issuerCertificate - the issuer certificate

responderURIs - the OCSP responder URIs

responderCert - the OCSP responder certificate

date - if null, the current time is used.

Returns:

a revocation status

Throws:

CertPathValidatorException

getResponderURIs

protected List<String> getResponderURIs(X509Certificate cert)
                                 throws CertificateEncodingException

Extracts OCSP responder URI from X509 AIA v3 extension, if available. There can be multiple responder URIs encoded in the certificate.

Specified by:

getResponderURIs in class OCSPProvider

Parameters:

cert -

Returns:

a list of available responder URIs.

Throws:

CertificateEncodingException