public class OcspServerCertificateValidator extends ByteToMessageDecoder implements ChannelOutboundHandler
OcspServerCertificateValidator validates incoming server's certificate
using OCSP. Once TLS handshake is completed, SslHandshakeCompletionEvent.SUCCESS is fired, validator
will perform certificate validation using OCSP over HTTP/1.1 with the server's certificate issuer OCSP responder.ByteToMessageDecoder.CumulatorChannelHandler.Sharable| Modifier and Type | Field and Description |
|---|---|
static AttributeKey<Boolean> |
OCSP_PIPELINE_ATTRIBUTE
An attribute used to mark all channels created by the
OcspServerCertificateValidator. |
COMPOSITE_CUMULATOR, MERGE_CUMULATOR| Constructor and Description |
|---|
OcspServerCertificateValidator()
Create a new
OcspServerCertificateValidator instance without nonce validation
on OCSP response, using default IoTransport.DEFAULT instance,
default DnsNameResolver implementation and with closeAndThrowIfNotValid
set to true |
OcspServerCertificateValidator(boolean validateNonce)
Create a new
OcspServerCertificateValidator instance with
default IoTransport.DEFAULT instance and default DnsNameResolver implementation
and closeAndThrowIfNotValid set to true. |
OcspServerCertificateValidator(boolean closeAndThrowIfNotValid,
boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
Create a new
IoTransport instance |
OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport)
Create a new
OcspServerCertificateValidator instance |
OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
|
| Modifier and Type | Method and Description |
|---|---|
void |
bind(ChannelHandlerContext ctx,
SocketAddress localAddress,
ChannelPromise promise)
Called once a bind operation is made.
|
void |
close(ChannelHandlerContext ctx,
ChannelPromise promise)
Called once a close operation is made.
|
void |
connect(ChannelHandlerContext ctx,
SocketAddress remoteAddress,
SocketAddress localAddress,
ChannelPromise promise)
Called once a connect operation is made.
|
protected static DnsNameResolver |
createDefaultResolver(IoTransport ioTransport) |
protected void |
decode(ChannelHandlerContext ctx,
ByteBuf in,
List<Object> out)
Decode the from one
ByteBuf to an other. |
void |
deregister(ChannelHandlerContext ctx,
ChannelPromise promise)
Called once a deregister operation is made from the current registered
EventLoop. |
void |
disconnect(ChannelHandlerContext ctx,
ChannelPromise promise)
Called once a disconnect operation is made.
|
void |
exceptionCaught(ChannelHandlerContext ctx,
Throwable cause)
Calls
ChannelHandlerContext.fireExceptionCaught(Throwable) to forward
to the next ChannelHandler in the ChannelPipeline. |
void |
flush(ChannelHandlerContext ctx)
Called once a flush operation is made.
|
void |
read(ChannelHandlerContext ctx)
Intercepts
ChannelHandlerContext.read(). |
void |
userEventTriggered(ChannelHandlerContext ctx,
Object evt)
Calls
ChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline. |
void |
write(ChannelHandlerContext ctx,
Object msg,
ChannelPromise promise)
Called once a write operation is made.
|
actualReadableBytes, callDecode, channelInactive, channelRead, channelReadComplete, decodeLast, discardSomeReadBytes, handlerRemoved, handlerRemoved0, internalBuffer, isSingleDecode, setCumulator, setDiscardAfterReads, setSingleDecodechannelActive, channelRegistered, channelUnregistered, channelWritabilityChangedensureNotSharable, handlerAdded, isSharableclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waithandlerAdded, handlerRemovedpublic static final AttributeKey<Boolean> OCSP_PIPELINE_ATTRIBUTE
OcspServerCertificateValidator.public OcspServerCertificateValidator()
OcspServerCertificateValidator instance without nonce validation
on OCSP response, using default IoTransport.DEFAULT instance,
default DnsNameResolver implementation and with closeAndThrowIfNotValid
set to truepublic OcspServerCertificateValidator(boolean validateNonce)
OcspServerCertificateValidator instance with
default IoTransport.DEFAULT instance and default DnsNameResolver implementation
and closeAndThrowIfNotValid set to true.validateNonce - Set to true if we should force nonce validation on
OCSP response else set to falsepublic OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport)
OcspServerCertificateValidator instancevalidateNonce - Set to true if we should force nonce validation on
OCSP response else set to falseioTransport - IoTransport to usepublic OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
validateNonce - Set to true if we should force nonce validation on
OCSP response else set to falseioTransport - IoTransport to usednsNameResolver - DnsNameResolver implementation to usepublic OcspServerCertificateValidator(boolean closeAndThrowIfNotValid,
boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
IoTransport instancecloseAndThrowIfNotValid - If set to true then we will close the channel and throw an exception
when certificate is not OcspResponse.Status.VALID.
If set to false then we will simply pass the OcspValidationEvent
to the next handler in pipeline and let it decide what to do.validateNonce - Set to true if we should force nonce validation on
OCSP response else set to falseioTransport - IoTransport to usednsNameResolver - DnsNameResolver implementation to useprotected static DnsNameResolver createDefaultResolver(IoTransport ioTransport)
protected void decode(ChannelHandlerContext ctx, ByteBuf in, List<Object> out)
ByteToMessageDecoderByteBuf to an other. This method will be called till either the input
ByteBuf has nothing to read when return from this method or till nothing was read from the input
ByteBuf.decode in class ByteToMessageDecoderctx - the ChannelHandlerContext which this ByteToMessageDecoder belongs toin - the ByteBuf from which to read dataout - the List to which decoded messages should be addedpublic void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception
ChannelInboundHandlerAdapterChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline.
Sub-classes may override this method to change behavior.userEventTriggered in interface ChannelInboundHandleruserEventTriggered in class ByteToMessageDecoderExceptionpublic void exceptionCaught(ChannelHandlerContext ctx, Throwable cause)
ChannelInboundHandlerAdapterChannelHandlerContext.fireExceptionCaught(Throwable) to forward
to the next ChannelHandler in the ChannelPipeline.
Sub-classes may override this method to change behavior.exceptionCaught in interface ChannelHandlerexceptionCaught in interface ChannelInboundHandlerexceptionCaught in class ChannelInboundHandlerAdapterpublic void bind(ChannelHandlerContext ctx, SocketAddress localAddress, ChannelPromise promise) throws Exception
ChannelOutboundHandlerbind in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the bind operation is madelocalAddress - the SocketAddress to which it should boundpromise - the ChannelPromise to notify once the operation completesException - thrown if an error occurspublic void connect(ChannelHandlerContext ctx, SocketAddress remoteAddress, SocketAddress localAddress, ChannelPromise promise) throws Exception
ChannelOutboundHandlerconnect in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the connect operation is maderemoteAddress - the SocketAddress to which it should connectlocalAddress - the SocketAddress which is used as source on connectpromise - the ChannelPromise to notify once the operation completesException - thrown if an error occurspublic void disconnect(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception
ChannelOutboundHandlerdisconnect in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the disconnect operation is madepromise - the ChannelPromise to notify once the operation completesException - thrown if an error occurspublic void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception
ChannelOutboundHandlerclose in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the close operation is madepromise - the ChannelPromise to notify once the operation completesException - thrown if an error occurspublic void deregister(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception
ChannelOutboundHandlerEventLoop.deregister in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the close operation is madepromise - the ChannelPromise to notify once the operation completesException - thrown if an error occurspublic void read(ChannelHandlerContext ctx) throws Exception
ChannelOutboundHandlerChannelHandlerContext.read().read in interface ChannelOutboundHandlerExceptionpublic void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise) throws Exception
ChannelOutboundHandlerChannelPipeline. Those are then ready to be flushed to the actual Channel once
Channel.flush() is calledwrite in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the write operation is mademsg - the message to writepromise - the ChannelPromise to notify once the operation completesException - thrown if an error occurspublic void flush(ChannelHandlerContext ctx) throws Exception
ChannelOutboundHandlerflush in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the flush operation is madeException - thrown if an error occursCopyright © 2008–2026 The Netty Project. All rights reserved.