iaik.x509.ocsp

Class SingleResponse

java.lang.Object

iaik.x509.ocsp.SingleResponse

All Implemented Interfaces:

ASN1Type, CertificateResponse

public class SingleResponse
extends java.lang.Object
implements CertificateResponse

This class implements the OCSP type SingleResponse. Within a BasicOCSPResponse a single response is included for each certificate for which revocation information is requested. Beside an identifier for the certificate in mind a single response contains status information and gives the time at which the status being indicated is known to be correct.

 SingleResponse ::= SEQUENCE {
   certID                       CertID,
   certStatus                   CertStatus,
   thisUpdate                   GeneralizedTime,
   nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
   singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
 

When creating a SingleResponse for a specifiec certificate the CertID of the certificate has to be supplied. The revocation status of the cert is given by its CertStatus and the thisUpdate date indicates the date at which the given status is known as being correct, e.g.:

 // the CertID; got from the request
 CertID certid = request.getCertID();
 // we assume cert status "unknown"
 CertStatus certStatus = new CertStatus(new UnknownInfo());
 // thisUpdate is today
 Date thisUpdate = new Date();
 // create the single response:
 SingleRespone singleResponse = 
   new SingleResponse(certid, certStatus, thisUpdate);
 

After optionally setting the nextUpdate date and adding any extensions the SingleResponse may be included into a BasicOCSPResponse by calling the setSingleResponses method:

 BasicOCSPResponse basicOCSPResponse = ...;
 ...
 basicOCSPResponse.setSingleResponses(new SingleResponse[] { singleResponse });
 

See Also:

CertID, CertStatus, BasicOCSPResponse

Constructor Summary

Constructors

Constructor and Description
SingleResponse() Default constructor.
SingleResponse(ASN1Object obj) Creates a SingleResponse from an ASN1Object.
SingleResponse(CertID certid, CertStatus certStatus, java.util.Date thisUpdateDate) Creates a SingleResponse from CertID, certStatus and thisUpdate date.

Method Summary

Methods

Modifier and Type	Method and Description
void	addExtension(V3Extension e) Adds the given extension.
int	countExtensions() Returns the number of extensions included in this single response.
void	decode(ASN1Object obj) Creates a SingleResponse from an ASN1Object.
java.util.Date	getArchiveCutoff() A convenience method for getting the cutoff time of the ArchiveCutoff extension, if included in this response.
CertID	getCertID() Returns the CertID of this SingleResponse.
CertStatus	getCertStatus() Returns the certStatus of this SingleResponse.
CrlID	getCrlID() A convenience method for getting the CrlID extension, if included in this single response.
V3Extension	getExtension(ObjectID oid) Returns a specific extension, identified by its object identifier.
java.util.Date	getNextUpdate() Returns the nextUpdate date.
java.util.Date	getThisUpdate() Returns the thisUpdate date.
boolean	hasExtensions() Checks, if there are any extensions included in this single response.
boolean	hasUnsupportedCriticalExtension() Returns true if there are unsupported critical extensions.
boolean	isResponseFor(CertID certid) Checks if this is a SingleResponse for a certificate identified by the given CertID identifier.
boolean	isResponseFor(X509Certificate targetCert, X509Certificate issuerCert) Checks if this is a single response for the given certificate identifying information.
java.util.Enumeration	listExtensions() Returns an enumeration of all extensions included in this single response.
void	removeAllExtensions() Removes all extensions from this single response.
boolean	removeExtension(ObjectID oid) Removes the extension specified by its object identifier.
void	setArchiveCutoff(java.util.Date cutoffTime) A convenience method for setting the value of the ArchiveCutoff extension.
void	setCrlID(CrlID crlID) A convenience method for setting the CrlID extension.
void	setNextUpdate(java.util.Date nextUpdateDate) Sets the nextUpdate date.
ASN1Object	toASN1Object() Returns this SingleResponse as an ASN1Object.
java.lang.String	toString() Returns a String representation of this SingleResponse.
java.lang.String	toString(boolean detailed) Returns a String representation of this SingleResponse.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SingleResponse

public SingleResponse()

Default constructor. Creates an empty SingleResponse object. Only used for dynamic object creation. Shall not be called by an application!.

SingleResponse

public SingleResponse(CertID certid,
              CertStatus certStatus,
              java.util.Date thisUpdateDate)

Creates a SingleResponse from CertID, certStatus and thisUpdate date.

Parameters:

certid - the CertID identifying the certificate for which this single response gives status information

certStatus - the status information for the certificate in mind

thisUpdateDate - the time at which the certStatis is known as being correct

SingleResponse

public SingleResponse(ASN1Object obj)
               throws CodingException,
                      X509ExtensionException

Creates a SingleResponse from an ASN1Object.

Parameters:

obj - the SingleResponse as ASN1Object

Throws:

CodingException - if the ASN1Object has the wrong format

X509ExtensionException - if the extensions cannot be parsed

Method Detail

setNextUpdate

public void setNextUpdate(java.util.Date nextUpdateDate)

Sets the nextUpdate date.

Parameters:

nextUpdateDate - the time at or before newer information will be available about the status of the certificate

getCertID

public CertID getCertID()

Returns the CertID of this SingleResponse.

Specified by:

getCertID in interface CertificateResponse

Returns:

the CertID of this SingleResponse.

getCertStatus

public CertStatus getCertStatus()

Returns the certStatus of this SingleResponse.

Returns:

the certStatus of this SingleResponse.

isResponseFor

public boolean isResponseFor(X509Certificate targetCert,
                    X509Certificate issuerCert)
                      throws OCSPException

Checks if this is a single response for the given certificate identifying information.

If the CertID types are the same in request and response, method isResponseFor can be used for checking if this single response actually is a response referring to the certificate in mind. However, if request and response use a certID with different hash algorithms, this method may be used for trying to "translate" the given cert data into a CertID of the type the CertID of this single response represents for checking if they are equal. Translation thereby is performed according to the following rules:

• If this single response uses a certID, both targetCert and issuerCert have to be supplied. From the given certs, a certID is created and checked for equality with the certID of this single response.

This method only returns true if the supplied information matches the CertID of this single response.

Specified by:

isResponseFor in interface CertificateResponse

Parameters:

targetCert - the target cert, if required

issuerCert - the cert of the target cert issuer, if required

Returns:

true if this is a response for the target certificate asked for; or false if this is not a response for the target certificate in mind or not enough information is provided

Throws:

OCSPException - if some processing error occurs, e.g. if the certID's hash algorithm is not supported by the installed providers

isResponseFor

public boolean isResponseFor(CertID certid)

Checks if this is a SingleResponse for a certificate identified by the given CertID identifier.

Specified by:

isResponseFor in interface CertificateResponse

Parameters:

certid - the CertID identifying the certificate in mind

Returns:

true if this is a single response for the certificate identified by the given CertID, false if not

getThisUpdate

public java.util.Date getThisUpdate()

Returns the thisUpdate date.

Returns:

the thisUpdate date.

getNextUpdate

public java.util.Date getNextUpdate()

Returns the nextUpdate date.

Returns:

the nextUpdate date, if included.

addExtension

public void addExtension(V3Extension e)
                  throws X509ExtensionException

Adds the given extension.

The extension to be added shall be an implemented V3Extension. If an extension with the same object ID already exists, it is replaced.

For reading back some extension use the getExtension(ObjectID) method.

Parameters:

e - the extension to be added

Throws:

X509ExtensionException - if the extension cannot be added

removeExtension

public boolean removeExtension(ObjectID oid)

Removes the extension specified by its object identifier.

Parameters:

objectID - the object ID of the extension to remove

Returns:

true if the extension has been successfully removed, false otherwise

removeAllExtensions

public void removeAllExtensions()

Removes all extensions from this single response.

listExtensions

public java.util.Enumeration listExtensions()

Returns an enumeration of all extensions included in this single response.

The returned enumeration may contain unknown extensions (instances of UnknownExtension if there are any extensions included in this single response, for which there exists no registered implementation, and it may contain error extensions (instances of ErrorExtension) indicating extensions which cannot be parsed properly because of some kind of error.

Returns:

an enumeration of the extensions, or null if there are no extensions present at all

hasExtensions

public boolean hasExtensions()

Checks, if there are any extensions included in this single response.

Returns:

true if there are extensions, false if not

hasUnsupportedCriticalExtension

public boolean hasUnsupportedCriticalExtension()

Returns true if there are unsupported critical extensions.

Returns:

true, if there are unsupported critical extensions

countExtensions

public int countExtensions()

Returns the number of extensions included in this single response.

Returns:

the number of extensions

getExtension

public V3Extension getExtension(ObjectID oid)
                         throws X509ExtensionInitException

Returns a specific extension, identified by its object identifier.

If the extension cannot be initialized for some reason, an X509ExtensionInitException is thrown. If the requested extension is an unknown extension, which is not supported by a registered implementation, this method creates and returns an UnknownExtension which may be queried for obtaining as much information as possible about the unknown extension.

Parameters:

objectID - the object ID of the extension

Returns:

the desired extension or null if the requested extension is not present

Throws:

X509ExtensionInitException - if the extension can not be initialized

setArchiveCutoff

public void setArchiveCutoff(java.util.Date cutoffTime)
                      throws X509ExtensionException

A convenience method for setting the value of the ArchiveCutoff extension.

This method provides an convenient alternative to method addExtension for including the ArchiveCutoff extension in this single response. From the given cuttoff time value a ArchiveCutoff extension object is created an added to the list of single response extensions.

The ArchiveCutoff extension allows a responder to choose to retain revocation information beyond a certificate's expiration. The date obtained by subtracting this retention interval value from the producedAt time in a response is defined as the certificate's "archive cutoff" date. OCSP-enabled applications would use an OCSP archive cutoff date to contribute to a proof that a digital signature was (or was not) reliable on the date it was produced even if the certificate needed to validate the signature has long since expired.

Parameters:

cuttoffTime - the archiv cutoff time

Throws:

X509ExtensionException - if the ArchiveCutoff extension cannot be created

getArchiveCutoff

public java.util.Date getArchiveCutoff()
                                throws X509ExtensionInitException

A convenience method for getting the cutoff time of the ArchiveCutoff extension, if included in this response.

This method provides an convenient alternative to method getExtension for getting the cutoff time of the ArchiveCutoff extension, if included in this single response.

The ArchiveCutoff extension allows a responder to choose to retain revocation information beyond a certificate's expiration. The date obtained by subtracting this retention interval value from the producedAt time in a response is defined as the certificate's "archive cutoff" date. OCSP-enabled applications would use an OCSP archive cutoff date to contribute to a proof that a digital signature was (or was not) reliable on the date it was produced even if the certificate needed to validate the signature has long since expired.

Returns:

the cutoff time of the ArchiveCutoff extension, if included in this single response; otherwise null

Throws:

X509ExtensionInitException - if the ArchiveCutoff extension cannot be initialized from its encoding

setCrlID

public void setCrlID(CrlID crlID)
              throws X509ExtensionException

A convenience method for setting the CrlID extension.

This method provides an convenient alternative to method addExtension for including the CrlID extension in this single response.

The CrlID extension may be used by a responder to indicate the CRL on which a revoked or onHold certificate is found. This can be useful where OCSP is used between repositories, and also as an auditing mechanism. The CRL may be specified by a URL (the URL at which the CRL is available), a number (value of the CRL number extension of the relevant crl) or a time (the time at which the relevant CRL was created).

Parameters:

crlID - the crlID extension

Throws:

X509ExtensionException - if the CrlID extension cannot be added

getCrlID

public CrlID getCrlID()
               throws X509ExtensionInitException

A convenience method for getting the CrlID extension, if included in this single response.

This method provides an convenient alternative to method getExtension for getting the CrlID extension, if included in this single response.

The ArchiveCutoff extension allows a responder to choose to retain revocation information beyond a certificate's expiration. The date obtained by subtracting this retention interval value from the producedAt time in a response is defined as the certificate's "archive cutoff" date. OCSP-enabled applications would use an OCSP archive cutoff date to contribute to a proof that a digital signature was (or was not) reliable on the date it was produced even if the certificate needed to validate the signature has long since expired.

Returns:

the CrlID extension, if included in this single response; otherwise null

Throws:

X509ExtensionInitException - if the CrlID extension cannot be initialized from its encoding

toASN1Object

public ASN1Object toASN1Object()
                        throws CodingException

Returns this SingleResponse as an ASN1Object.

Specified by:

toASN1Object in interface ASN1Type

Returns:

the created ASN1Object

Throws:

CodingException - if an encoding error occurs

decode

public void decode(ASN1Object obj)
            throws CodingException

Creates a SingleResponse from an ASN1Object.

Specified by:

decode in interface ASN1Type

Parameters:

obj - the SingleResponse as ASN1Object

Throws:

CodingException - if the ASN1Object has the wrong format

toString

public java.lang.String toString()

Returns a String representation of this SingleResponse.

Specified by:

toString in interface CertificateResponse

Overrides:

toString in class java.lang.Object

Returns:

a String representation

toString

public java.lang.String toString(boolean detailed)

Returns a String representation of this SingleResponse.

Parameters:

detailed - whether to print detailed information about the extensions

Returns:

a String representation