iaik.x509.ocsp

Class Response

java.lang.Object

iaik.x509.ocsp.Response

Direct Known Subclasses:

BasicOCSPResponse

public abstract class Response
extends java.lang.Object

This class is the basic implementation for OCSP Response types. Any class which implements a particular OCSP response type must be derived from this class.

The X.509 Online Certificate Status Protocol (RFC 2560) allows OCSP responses to be of various type. RFC 2560 itself only specifies one basic response type (BasicOCSPResponse) that has to be supported by any conforming implementation. Other response types are identified by their object identifier to be included into the optional responseBytes field of an OCSPResponse message:

 OCSPResponse ::= SEQUENCE {
    responseStatus         OCSPResponseStatus,
    responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }

 ResponseBytes ::=       SEQUENCE {
     responseType   OBJECT IDENTIFIER,
     response       OCTET STRING }
 

Any class implementing a particular reponse type has to extend this class and therefore has to implement the abstract methods decode, getEncoded and getResponseType. The object identifier to be returned by method getResponseType is the one identifying the particular response type and shall be used for registering the corresponding class as implemenation for this response type, e.g.:

 public class MyResponse extends Response {
 ...
 // the response type
   public static final ObjectID responseType = ...;
 ...
 }
 ...
 // register the implementation:
 ResponseBytes.register(MyResponse.responseType, MyResponse.class);
 

When implementing a response by extending this class please be aware that methods getEncoded and decode only have to convert the response itself (and NOT the responseType OID) into respectively from its DER encoding. More precise, the byte arry parameter of method decode(byte[]) supplies the DER encoding of the response, i.e. the value of the OCTET STRING component of the ResponseBytes object:

 ResponseBytes ::=       SEQUENCE {
     responseType   OBJECT IDENTIFIER,
     response       OCTET STRING }
 

And method getEncoded shall return the DER encoding of the particular response to give the value of the OCTET STRING response component of the ResponseBytes object. Please notice that method decode supplies the DER encoding of the response: when decoding a response it might be useful to keep the original encoding for being able to verify a response that has been signed.

Although RFC 2560 does not give any recommentations about the general structure of a response type, this class expects extending classes to additionally implement the abstract method getCertificateResponse allowing the response to be queried for status information about a particular certificate identified by its certid.

See Also:

ResponseBytes, BasicOCSPResponse, CertID, CertificateResponse

Constructor Summary

Constructors

Constructor and Description
Response()

Method Summary

Methods

Modifier and Type	Method and Description
abstract void	decode(byte[] enc) Decodes a response from its DER encoding.
abstract CertificateResponse	getCertificateResponse(CertID certid) Searches the response for status information about the certificate identified by the given CertID.
abstract CertificateResponse	getCertificateResponse(X509Certificate targetCert, X509Certificate issuerCert) Searches this Reponse for status information about the certificate identified by the given certificate information.
abstract byte[]	getEncoded() Returns the DER encoding a particular response.
java.lang.String	getName() Returns the name of the response type.
abstract ObjectID	getResponseType() Returns the OID identifying the particular response type.
abstract java.lang.String	toString() Returns a String representation of the response.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

Response

public Response()

Method Detail

decode

public abstract void decode(byte[] enc)
                     throws CodingException

Decodes a response from its DER encoding. This method is used by class ResponseBytes when decoding the ASN.1 representation of a particular response. This method only expects the DER encoding of the response, but not the corresponding response type. More precise, the given byte array supplies the DER encoding of the value of the OCTET STRING response component of the ResponseBytes object:

 ResponseBytes ::=       SEQUENCE {
     responseType   OBJECT IDENTIFIER,
     response       OCTET STRING }
 

This method shall not be explicitly called by an application.

Parameters:

enc - the DER encoding of the response, i.e. the value of the OCTET STRING component of a ResponseBytes object

Throws:

CodingException - if an error occurs when decoding the response

getEncoded

public abstract byte[] getEncoded()

Returns the DER encoding a particular response.

The DER encoding returned by this method only represents the response but does not include the corresponding response type. The encoding of will give the value of the OCTET STRING component of the ResponseBytes object:

 ResponseBytes ::=       SEQUENCE {
     responseType   OBJECT IDENTIFIER,
     response       OCTET STRING }
 

This method shall not be explicitly called by an application.

Returns:

the response as ASN1Object

getResponseType

public abstract ObjectID getResponseType()

Returns the OID identifying the particular response type.

Returns:

the OID identifying the response type this class implements

getCertificateResponse

public abstract CertificateResponse getCertificateResponse(X509Certificate targetCert,
                                         X509Certificate issuerCert)
                                                    throws OCSPException

Searches this Reponse for status information about the certificate identified by the given certificate information.

Each particular certificate response included is expected to be identified by its CertID When searching an OCSP response for a CertificateResponse the search has to be done by checking the CertID identifiers of the certificate responses included.

If method getCertificateResponse does not find a certificate response for a given CertID it will throwing an OCSPException.

Assumimg, for instance, that you have used method getCertificateResponse for asking if a response for your request is included. The search has stopped by throwing an OCSPException indicating that no certificate response for your CertID is included, but there are certificate responses present having a different CertID type.

Parameters:

targetCert - the target cert, if required

issuerCert - the cert of the target cert issuer, if required

Returns:

a certificate response giving status information about the certificate identified by the given certificate information; or null if no certificate response for the certificate in mind is included

Throws:

OCSPException - if some processing error occurs, e.g. if the CertID of some response represents a CertID but the certID´s hash algorithm is not supported by the installed providers

getCertificateResponse

public abstract CertificateResponse getCertificateResponse(CertID certid)
                                                    throws OCSPException

Searches the response for status information about the certificate identified by the given CertID.

Parameters:

certid - the CertID of the certificate for which status information shall be obtained

Returns:

a certificate response giving status information about the certificate identified by the given CertID; or null if no certificate response for the certificate in mind is included

Throws:

OCSPException - if a single response for the given CertID cannot be found, but single responses include hash algorithms different to the given certID´s one; in this case you may try method getSingleResponse to use the CertID type of the single responses included

toString

public abstract java.lang.String toString()

Returns a String representation of the response.

Overrides:

toString in class java.lang.Object

Returns:

a String representation of the response.

getName

public java.lang.String getName()

Returns the name of the response type.

Returns:

the name of the response type