Package io.netty.pkitesting

Class RevocationServer

  • public final class RevocationServer
extends java.lang.Object
    A simple HTTP server that serves Certificate Revocation Lists.

    Issuer certificates can be registered with the server, and revocations of their certificates and be published and added to the revocation lists.

    The server is only intended for testing usage, and runs entirely in a single thread.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.net.URI getCrlUri​(X509Bundle issuer)
      Get the URI of the Certificate Revocation List for the given issuer.
      static RevocationServer getInstance()
      Get the shared revocation server instance.
      void register​(X509Bundle issuer)
      Register an issuer with the revocation server.
      void revoke​(X509Bundle cert, java.time.Instant time)
      Revoke the given certificate with the given revocation time.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • getInstance

        public static RevocationServer getInstance()
                                    throws java.lang.Exception
        Get the shared revocation server instance. This will start the server, if it isn't already running, and bind it to a random port on the loopback address.
        Returns:
        The revocation server instance.
        Throws:
        java.lang.Exception - If the server failed to start.

      • register

        public void register​(X509Bundle issuer)
        Register an issuer with the revocation server. This must be done before CRLs can be served for that issuer, and before any of its certificates can be revoked.
        Parameters:
        issuer - The issuer to register.

      • revoke

        public void revoke​(X509Bundle cert,
                   java.time.Instant time)
        Revoke the given certificate with the given revocation time.

        The issuer of the given certificate must be registered before its certifiactes can be revoked.

        Parameters:
        cert - The certificate to revoke.
        time - The time of revocation.

      • getCrlUri

        public java.net.URI getCrlUri​(X509Bundle issuer)
        Get the URI of the Certificate Revocation List for the given issuer.
        Parameters:
        issuer - The issuer to get the CRL for.
        Returns:
        The URI to the CRL for the given issuer, or null if the issuer is not registered.