Class OcspServerCertificateValidator
java.lang.Object
io.netty.channel.ChannelHandlerAdapter
io.netty.channel.ChannelInboundHandlerAdapter
io.netty.handler.ssl.ocsp.OcspServerCertificateValidator
- All Implemented Interfaces:
ChannelHandler, ChannelInboundHandler
OcspServerCertificateValidator validates incoming server's certificate
using OCSP. Once TLS handshake is completed, SslHandshakeCompletionEvent.SUCCESS is fired, validator
will perform certificate validation using OCSP over HTTP/1.1 with the server's certificate issuer OCSP responder.-
Nested Class Summary
Nested classes/interfaces inherited from interface ChannelHandler
ChannelHandler.Sharable -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final AttributeKey<Boolean> An attribute used to mark all channels created by theOcspServerCertificateValidator. -
Constructor Summary
ConstructorsConstructorDescriptionCreate a newOcspServerCertificateValidatorinstance without nonce validation on OCSP response, using defaultIoTransport.DEFAULTinstance, defaultDnsNameResolverimplementation and withcloseAndThrowIfNotValidset totrueOcspServerCertificateValidator(boolean validateNonce) Create a newOcspServerCertificateValidatorinstance with defaultIoTransport.DEFAULTinstance and defaultDnsNameResolverimplementation andcloseAndThrowIfNotValidset totrue.OcspServerCertificateValidator(boolean closeAndThrowIfNotValid, boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver) Create a newIoTransportinstanceOcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport) Create a newOcspServerCertificateValidatorinstanceOcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver) -
Method Summary
Modifier and TypeMethodDescriptionprotected static DnsNameResolvercreateDefaultResolver(IoTransport ioTransport) voidexceptionCaught(ChannelHandlerContext ctx, Throwable cause) CallsChannelHandlerContext.fireExceptionCaught(Throwable)to forward to the nextChannelHandlerin theChannelPipeline.voiduserEventTriggered(ChannelHandlerContext ctx, Object evt) CallsChannelHandlerContext.fireUserEventTriggered(Object)to forward to the nextChannelInboundHandlerin theChannelPipeline.Methods inherited from class ChannelInboundHandlerAdapter
channelActive, channelInactive, channelRead, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChangedMethods inherited from class ChannelHandlerAdapter
ensureNotSharable, handlerAdded, handlerRemoved, isSharableMethods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface ChannelHandler
handlerAdded, handlerRemoved
-
Field Details
-
OCSP_PIPELINE_ATTRIBUTE
An attribute used to mark all channels created by theOcspServerCertificateValidator.
-
-
Constructor Details
-
OcspServerCertificateValidator
public OcspServerCertificateValidator()Create a newOcspServerCertificateValidatorinstance without nonce validation on OCSP response, using defaultIoTransport.DEFAULTinstance, defaultDnsNameResolverimplementation and withcloseAndThrowIfNotValidset totrue -
OcspServerCertificateValidator
public OcspServerCertificateValidator(boolean validateNonce) Create a newOcspServerCertificateValidatorinstance with defaultIoTransport.DEFAULTinstance and defaultDnsNameResolverimplementation andcloseAndThrowIfNotValidset totrue.- Parameters:
validateNonce- Set totrueif we should force nonce validation on OCSP response else set tofalse
-
OcspServerCertificateValidator
Create a newOcspServerCertificateValidatorinstance- Parameters:
validateNonce- Set totrueif we should force nonce validation on OCSP response else set tofalseioTransport-IoTransportto use
-
OcspServerCertificateValidator
public OcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver) - Parameters:
validateNonce- Set totrueif we should force nonce validation on OCSP response else set tofalseioTransport-IoTransportto usednsNameResolver-DnsNameResolverimplementation to use
-
OcspServerCertificateValidator
public OcspServerCertificateValidator(boolean closeAndThrowIfNotValid, boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver) Create a newIoTransportinstance- Parameters:
closeAndThrowIfNotValid- If set totruethen we will close the channel and throw an exception when certificate is notOcspResponse.Status.VALID. If set tofalsethen we will simply pass theOcspValidationEventto the next handler in pipeline and let it decide what to do.validateNonce- Set totrueif we should force nonce validation on OCSP response else set tofalseioTransport-IoTransportto usednsNameResolver-DnsNameResolverimplementation to use
-
-
Method Details
-
createDefaultResolver
-
userEventTriggered
Description copied from class:ChannelInboundHandlerAdapterCallsChannelHandlerContext.fireUserEventTriggered(Object)to forward to the nextChannelInboundHandlerin theChannelPipeline. Sub-classes may override this method to change behavior.- Specified by:
userEventTriggeredin interfaceChannelInboundHandler- Overrides:
userEventTriggeredin classChannelInboundHandlerAdapter- Throws:
Exception
-
exceptionCaught
Description copied from class:ChannelInboundHandlerAdapterCallsChannelHandlerContext.fireExceptionCaught(Throwable)to forward to the nextChannelHandlerin theChannelPipeline. Sub-classes may override this method to change behavior.- Specified by:
exceptionCaughtin interfaceChannelHandler- Specified by:
exceptionCaughtin interfaceChannelInboundHandler- Overrides:
exceptionCaughtin classChannelInboundHandlerAdapter
-