public class OcspServerCertificateValidator extends ChannelInboundHandlerAdapter
OcspServerCertificateValidator validates incoming server's certificate
using OCSP. Once TLS handshake is completed, SslHandshakeCompletionEvent.SUCCESS is fired, validator
will perform certificate validation using OCSP over HTTP/1.1 with the server's certificate issuer OCSP responder.ChannelHandler.Sharable| Modifier and Type | Field and Description |
|---|---|
static AttributeKey<Boolean> |
OCSP_PIPELINE_ATTRIBUTE
An attribute used to mark all channels created by the
OcspServerCertificateValidator. |
| Constructor and Description |
|---|
OcspServerCertificateValidator()
Create a new
OcspServerCertificateValidator instance without nonce validation
on OCSP response, using default IoTransport.DEFAULT instance,
default DnsNameResolver implementation and with closeAndThrowIfNotValid
set to true |
OcspServerCertificateValidator(boolean validateNonce)
Create a new
OcspServerCertificateValidator instance with
default IoTransport.DEFAULT instance and default DnsNameResolver implementation
and closeAndThrowIfNotValid set to true. |
OcspServerCertificateValidator(boolean closeAndThrowIfNotValid,
boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
Create a new
IoTransport instance |
OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport)
Create a new
OcspServerCertificateValidator instance |
OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
|
| Modifier and Type | Method and Description |
|---|---|
protected static DnsNameResolver |
createDefaultResolver(IoTransport ioTransport) |
void |
exceptionCaught(ChannelHandlerContext ctx,
Throwable cause)
Calls
ChannelHandlerContext.fireExceptionCaught(Throwable) to forward
to the next ChannelHandler in the ChannelPipeline. |
void |
userEventTriggered(ChannelHandlerContext ctx,
Object evt)
Calls
ChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline. |
channelActive, channelInactive, channelRead, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChangedensureNotSharable, handlerAdded, handlerRemoved, isSharableclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waithandlerAdded, handlerRemovedpublic static final AttributeKey<Boolean> OCSP_PIPELINE_ATTRIBUTE
OcspServerCertificateValidator.public OcspServerCertificateValidator()
OcspServerCertificateValidator instance without nonce validation
on OCSP response, using default IoTransport.DEFAULT instance,
default DnsNameResolver implementation and with closeAndThrowIfNotValid
set to truepublic OcspServerCertificateValidator(boolean validateNonce)
OcspServerCertificateValidator instance with
default IoTransport.DEFAULT instance and default DnsNameResolver implementation
and closeAndThrowIfNotValid set to true.validateNonce - Set to true if we should force nonce validation on
OCSP response else set to falsepublic OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport)
OcspServerCertificateValidator instancevalidateNonce - Set to true if we should force nonce validation on
OCSP response else set to falseioTransport - IoTransport to usepublic OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
validateNonce - Set to true if we should force nonce validation on
OCSP response else set to falseioTransport - IoTransport to usednsNameResolver - DnsNameResolver implementation to usepublic OcspServerCertificateValidator(boolean closeAndThrowIfNotValid,
boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
IoTransport instancecloseAndThrowIfNotValid - If set to true then we will close the channel and throw an exception
when certificate is not OcspResponse.Status.VALID.
If set to false then we will simply pass the OcspValidationEvent
to the next handler in pipeline and let it decide what to do.validateNonce - Set to true if we should force nonce validation on
OCSP response else set to falseioTransport - IoTransport to usednsNameResolver - DnsNameResolver implementation to useprotected static DnsNameResolver createDefaultResolver(IoTransport ioTransport)
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception
ChannelInboundHandlerAdapterChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline.
Sub-classes may override this method to change behavior.userEventTriggered in interface ChannelInboundHandleruserEventTriggered in class ChannelInboundHandlerAdapterExceptionpublic void exceptionCaught(ChannelHandlerContext ctx, Throwable cause)
ChannelInboundHandlerAdapterChannelHandlerContext.fireExceptionCaught(Throwable) to forward
to the next ChannelHandler in the ChannelPipeline.
Sub-classes may override this method to change behavior.exceptionCaught in interface ChannelHandlerexceptionCaught in interface ChannelInboundHandlerexceptionCaught in class ChannelInboundHandlerAdapterCopyright © 2008–2025 The Netty Project. All rights reserved.