Class RevocationServer

java.lang.Object
io.netty.pkitesting.RevocationServer
public final class RevocationServer extends Object
A simple HTTP server that serves Certificate Revocation Lists.

Issuer certificates can be registered with the server, and revocations of their certificates and be published and added to the revocation lists.

The server is only intended for testing usage, and runs entirely in a single thread.

  • Method Details

    • getInstance

      public static RevocationServer getInstance() throws Exception
      Get the shared revocation server instance. This will start the server, if it isn't already running, and bind it to a random port on the loopback address.
      Returns:
      The revocation server instance.
      Throws:
      Exception - If the server failed to start.

    • register

      public void register(X509Bundle issuer)
      Register an issuer with the revocation server. This must be done before CRLs can be served for that issuer, and before any of its certificates can be revoked.
      Parameters:
      issuer - The issuer to register.

    • register

      public void register(X509Bundle issuer, Provider provider)
      Register an issuer with the revocation server. This must be done before CRLs can be served for that issuer, and before any of its certificates can be revoked.
      Parameters:
      issuer - The issuer to register.
      provider - The Provider to use (or null to fallback to default)

    • revoke

      public void revoke(X509Bundle cert, Instant time)
      Revoke the given certificate with the given revocation time.

      The issuer of the given certificate must be registered before its certifiactes can be revoked.

      Parameters:
      cert - The certificate to revoke.
      time - The time of revocation.

    • getCrlUri

      public URI getCrlUri(X509Bundle issuer)
      Get the URI of the Certificate Revocation List for the given issuer.
      Parameters:
      issuer - The issuer to get the CRL for.
      Returns:
      The URI to the CRL for the given issuer, or null if the issuer is not registered.