org.keycloak.authentication.authenticators.x509.CertificateValidator.BouncyCastleOCSPChecker クラス

org.keycloak.authentication.authenticators.x509.CertificateValidator.BouncyCastleOCSPChecker の継承関係図

org.keycloak.authentication.authenticators.x509.CertificateValidator.BouncyCastleOCSPChecker 連携図

公開メンバ関数
OCSPUtils.OCSPRevocationStatus	check (X509Certificate cert, X509Certificate issuerCertificate) throws CertPathValidatorException

関数
	BouncyCastleOCSPChecker (String responderUri)

非公開変数類
final String	responderUri

詳解

構築子と解体子

BouncyCastleOCSPChecker()

org.keycloak.authentication.authenticators.x509.CertificateValidator.BouncyCastleOCSPChecker.BouncyCastleOCSPChecker ( String  responderUri )

inlinepackage

                                                     {
            this.responderUri = responderUri;
        }

関数詳解

check()

OCSPUtils.OCSPRevocationStatus org.keycloak.authentication.authenticators.x509.CertificateValidator.BouncyCastleOCSPChecker.check ( X509Certificate  cert, X509Certificate  issuerCertificate  ) throws CertPathValidatorException

inline

                                                                                                                                               {

            OCSPUtils.OCSPRevocationStatus ocspRevocationStatus = null;
            if (responderUri == null || responderUri.trim().length() == 0) {
                // Obtains revocation status of a certificate using OCSP and assuming
                // most common defaults. If responderUri is not specified,
                // then OCS responder URI is retrieved from the
                // certificate's AIA extension.
                // OCSP responses must be signed with the issuer certificate
                // or with another certificate that must be:
                // 1) signed by the issuer certificate,
                // 2) Includes the value of OCSPsigning in ExtendedKeyUsage v3 extension
                // 3) Certificate is valid at the time
                ocspRevocationStatus = OCSPUtils.check(cert, issuerCertificate);
            }
            else {
                URI uri;
                try {
                    uri = new URI(responderUri);
                } catch (URISyntaxException e) {
                    String message = String.format("Unable to check certificate revocation status using OCSP.\n%s", e.getMessage());
                    throw new CertPathValidatorException(message, e);
                }
                logger.tracef("Responder URI \"%s\" will be used to verify revocation status of the certificate using OCSP", uri.toString());
                // Obtains the revocation status of a certificate using OCSP.
                // OCSP responder's certificate is assumed to be the issuer's certificate
                // certificate.
                // responderUri overrides the contents (if any) of the certificate's AIA extension
                ocspRevocationStatus = OCSPUtils.check(cert, issuerCertificate, uri, null, null);
            }
            return ocspRevocationStatus;
        }

メンバ詳解

responderUri

final String org.keycloak.authentication.authenticators.x509.CertificateValidator.BouncyCastleOCSPChecker.responderUri

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java