• Home
• org.ejbca.cesecore
• cesecore-common
• 7.0.0.1
• source code
• OCSPExtension.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.cesecore.certificates.ocsp.extension.OCSPExtension Maven / Gradle / Ivy

/*************************************************************************
 *                                                                       *
 *  CESeCore: CE Security Core                                           *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/

package org.cesecore.certificates.ocsp.extension;

import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.Set;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.cesecore.keybind.InternalKeyBinding;

/**
 * Interface that must be implemented by OCSP extensions that are added to the OCSPServlet
 * 
 * @version $Id: OCSPExtension.java 28881 2018-05-08 18:18:11Z anatom $
 */
public interface OCSPExtension {

    /** Called after construction
     * 
     */
    void init();

    /**
     * Called by OCSP responder when the configured extension is found in the request.
     * 
     * @param requestCertificates
     *            A certificate array from the original HttpServletRequest, used for authorization.
     * @param remoteAddress
     *            Extracted from the HttpServletRequest.
     * @param remoteHost
     *            DEPRECATED. Currently set to the same as remoteAddress. An extension that relies on this value must perform the remote lookup by itself.
     * @param cert
     *            X509Certificate the caller asked for in the OCSP request
     * @param status
     *            CertificateStatus the status the certificate has according to the OCSP responder, null means the cert is good
     * 
     * @param internalKeyBinding
     *            Used to get the trusted ca cert etc.
     * 
     * @return Hashtable with X509Extensions  that will be added to responseExtensions by OCSP responder, or null if an
     *         error occurs
     * @throws IOException 
     */
    Map process(final X509Certificate[] requestCertificates, final String remoteAddress, final String remoteHost,
            final X509Certificate cert, final CertificateStatus status, final InternalKeyBinding internalKeyBinding);

    /**
     * Returns the last error that occured during process(), when process returns null
     * 
     * @return error code as defined by implementing class
     */
    int getLastErrorCode();
    
    /**
     * Returns a set of valid positions where the extension may be added.
     * 
     * @return a set of valid positions where the extension may be added. The returned Set should contain at least one value. Never returns null.
     */
    Set getExtensionType();
    
    /**
     * @return Extension OID
     */
    String getOid();
    
    /**
     * @return Human readable extension name
     */
    String getName();
}