Package io.netty.handler.ssl.ocsp
Class OcspServerCertificateValidator
- java.lang.Object
-
- io.netty.channel.ChannelHandlerAdapter
-
- io.netty.channel.ChannelInboundHandlerAdapter
-
- io.netty.handler.ssl.ocsp.OcspServerCertificateValidator
-
- All Implemented Interfaces:
ChannelHandler
,ChannelInboundHandler
public class OcspServerCertificateValidator extends ChannelInboundHandlerAdapter
OcspServerCertificateValidator
validates incoming server's certificate using OCSP. Once TLS handshake is completed,SslHandshakeCompletionEvent.SUCCESS
is fired, validator will perform certificate validation using OCSP over HTTP/1.1 with the server's certificate issuer OCSP responder.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler
ChannelHandler.Sharable
-
-
Field Summary
Fields Modifier and Type Field Description static AttributeKey<java.lang.Boolean>
OCSP_PIPELINE_ATTRIBUTE
An attribute used to mark all channels created by theOcspServerCertificateValidator
.
-
Constructor Summary
Constructors Constructor Description OcspServerCertificateValidator()
Create a newOcspServerCertificateValidator
instance without nonce validation on OCSP response, using defaultIoTransport.DEFAULT
instance, defaultDnsNameResolver
implementation and withcloseAndThrowIfNotValid
set totrue
OcspServerCertificateValidator(boolean validateNonce)
Create a newOcspServerCertificateValidator
instance with defaultIoTransport.DEFAULT
instance and defaultDnsNameResolver
implementation andcloseAndThrowIfNotValid
set totrue
.OcspServerCertificateValidator(boolean closeAndThrowIfNotValid, boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
Create a newIoTransport
instanceOcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport)
Create a newOcspServerCertificateValidator
instanceOcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected static DnsNameResolver
createDefaultResolver(IoTransport ioTransport)
void
exceptionCaught(ChannelHandlerContext ctx, java.lang.Throwable cause)
CallsChannelHandlerContext.fireExceptionCaught(Throwable)
to forward to the nextChannelHandler
in theChannelPipeline
.void
userEventTriggered(ChannelHandlerContext ctx, java.lang.Object evt)
CallsChannelHandlerContext.fireUserEventTriggered(Object)
to forward to the nextChannelInboundHandler
in theChannelPipeline
.-
Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter
channelActive, channelInactive, channelRead, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged
-
Methods inherited from class io.netty.channel.ChannelHandlerAdapter
ensureNotSharable, handlerAdded, handlerRemoved, isSharable
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface io.netty.channel.ChannelHandler
handlerAdded, handlerRemoved
-
-
-
-
Field Detail
-
OCSP_PIPELINE_ATTRIBUTE
public static final AttributeKey<java.lang.Boolean> OCSP_PIPELINE_ATTRIBUTE
An attribute used to mark all channels created by theOcspServerCertificateValidator
.
-
-
Constructor Detail
-
OcspServerCertificateValidator
public OcspServerCertificateValidator()
Create a newOcspServerCertificateValidator
instance without nonce validation on OCSP response, using defaultIoTransport.DEFAULT
instance, defaultDnsNameResolver
implementation and withcloseAndThrowIfNotValid
set totrue
-
OcspServerCertificateValidator
public OcspServerCertificateValidator(boolean validateNonce)
Create a newOcspServerCertificateValidator
instance with defaultIoTransport.DEFAULT
instance and defaultDnsNameResolver
implementation andcloseAndThrowIfNotValid
set totrue
.- Parameters:
validateNonce
- Set totrue
if we should force nonce validation on OCSP response else set tofalse
-
OcspServerCertificateValidator
public OcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport)
Create a newOcspServerCertificateValidator
instance- Parameters:
validateNonce
- Set totrue
if we should force nonce validation on OCSP response else set tofalse
ioTransport
-IoTransport
to use
-
OcspServerCertificateValidator
public OcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
- Parameters:
validateNonce
- Set totrue
if we should force nonce validation on OCSP response else set tofalse
ioTransport
-IoTransport
to usednsNameResolver
-DnsNameResolver
implementation to use
-
OcspServerCertificateValidator
public OcspServerCertificateValidator(boolean closeAndThrowIfNotValid, boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
Create a newIoTransport
instance- Parameters:
closeAndThrowIfNotValid
- If set totrue
then we will close the channel and throw an exception when certificate is notOcspResponse.Status.VALID
. If set tofalse
then we will simply pass theOcspValidationEvent
to the next handler in pipeline and let it decide what to do.validateNonce
- Set totrue
if we should force nonce validation on OCSP response else set tofalse
ioTransport
-IoTransport
to usednsNameResolver
-DnsNameResolver
implementation to use
-
-
Method Detail
-
createDefaultResolver
protected static DnsNameResolver createDefaultResolver(IoTransport ioTransport)
-
userEventTriggered
public void userEventTriggered(ChannelHandlerContext ctx, java.lang.Object evt) throws java.lang.Exception
Description copied from class:ChannelInboundHandlerAdapter
CallsChannelHandlerContext.fireUserEventTriggered(Object)
to forward to the nextChannelInboundHandler
in theChannelPipeline
. Sub-classes may override this method to change behavior.- Specified by:
userEventTriggered
in interfaceChannelInboundHandler
- Overrides:
userEventTriggered
in classChannelInboundHandlerAdapter
- Throws:
java.lang.Exception
-
exceptionCaught
public void exceptionCaught(ChannelHandlerContext ctx, java.lang.Throwable cause)
Description copied from class:ChannelInboundHandlerAdapter
CallsChannelHandlerContext.fireExceptionCaught(Throwable)
to forward to the nextChannelHandler
in theChannelPipeline
. Sub-classes may override this method to change behavior.- Specified by:
exceptionCaught
in interfaceChannelHandler
- Specified by:
exceptionCaught
in interfaceChannelInboundHandler
- Overrides:
exceptionCaught
in classChannelInboundHandlerAdapter
-
-