OcspServerCertificateValidator Class — netty Architecture

Architecture documentation for the OcspServerCertificateValidator class in OcspServerCertificateValidator.java from the netty codebase.

Class java

Entity Profile

Dependency Diagram

graph TD
  9363e93c_cd10_a153_073c_7d3699279505["OcspServerCertificateValidator"]
  d06ffd21_1901_a1c1_bbf7_6c2337435c0d["OcspServerCertificateValidator.java"]
  9363e93c_cd10_a153_073c_7d3699279505 -->|defined in| d06ffd21_1901_a1c1_bbf7_6c2337435c0d
  fe34637c_0bfa_158c_a413_a2f370e4ad98["OcspServerCertificateValidator()"]
  9363e93c_cd10_a153_073c_7d3699279505 -->|method| fe34637c_0bfa_158c_a413_a2f370e4ad98
  6bed8694_3d8a_727e_810d_a71857317779["DnsNameResolver()"]
  9363e93c_cd10_a153_073c_7d3699279505 -->|method| 6bed8694_3d8a_727e_810d_a71857317779
  78a8e421_58dc_582f_0ed1_dd0455df80ed["userEventTriggered()"]
  9363e93c_cd10_a153_073c_7d3699279505 -->|method| 78a8e421_58dc_582f_0ed1_dd0455df80ed
  f1ccd157_ec5f_ce6a_c85b_44355b61501e["exceptionCaught()"]
  9363e93c_cd10_a153_073c_7d3699279505 -->|method| f1ccd157_ec5f_ce6a_c85b_44355b61501e

Relationship Graph

Source Code

handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp/OcspServerCertificateValidator.java lines 44–197

public class OcspServerCertificateValidator extends ChannelInboundHandlerAdapter {
    /**
     * An attribute used to mark all channels created by the {@link OcspServerCertificateValidator}.
     */
    public static final AttributeKey<Boolean> OCSP_PIPELINE_ATTRIBUTE =
            AttributeKey.newInstance("io.netty.handler.ssl.ocsp.pipeline");

    private final boolean closeAndThrowIfNotValid;
    private final boolean validateNonce;
    private final IoTransport ioTransport;
    private final DnsNameResolver dnsNameResolver;

    /**
     * Create a new {@link OcspServerCertificateValidator} instance without nonce validation
     * on OCSP response, using default {@link IoTransport#DEFAULT} instance,
     * default {@link DnsNameResolver} implementation and with {@link #closeAndThrowIfNotValid}
     * set to {@code true}
     */
    public OcspServerCertificateValidator() {
        this(false);
    }

    /**
     * Create a new {@link OcspServerCertificateValidator} instance with
     * default {@link IoTransport#DEFAULT} instance and default {@link DnsNameResolver} implementation
     * and {@link #closeAndThrowIfNotValid} set to {@code true}.
     *
     * @param validateNonce Set to {@code true} if we should force nonce validation on
     *                      OCSP response else set to {@code false}
     */
    public OcspServerCertificateValidator(boolean validateNonce) {
        this(validateNonce, IoTransport.DEFAULT);
    }

    /**
     * Create a new {@link OcspServerCertificateValidator} instance
     *
     * @param validateNonce Set to {@code true} if we should force nonce validation on
     *                      OCSP response else set to {@code false}
     * @param ioTransport   {@link IoTransport} to use
     */
    public OcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport) {
        this(validateNonce, ioTransport, createDefaultResolver(ioTransport));
    }

    /**
     * Create a new {@link IoTransport} instance with {@link #closeAndThrowIfNotValid} set to {@code true}
     *
     * @param validateNonce   Set to {@code true} if we should force nonce validation on
     *                        OCSP response else set to {@code false}
     * @param ioTransport     {@link IoTransport} to use
     * @param dnsNameResolver {@link DnsNameResolver} implementation to use
     */
    public OcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport,
                                          DnsNameResolver dnsNameResolver) {
        this(true, validateNonce, ioTransport, dnsNameResolver);
    }

    /**
     * Create a new {@link IoTransport} instance
     *
     * @param closeAndThrowIfNotValid If set to {@code true} then we will close the channel and throw an exception
     *                                when certificate is not {@link OcspResponse.Status#VALID}.
     *                                If set to {@code false} then we will simply pass the {@link OcspValidationEvent}
     *                                to the next handler in pipeline and let it decide what to do.
     * @param validateNonce           Set to {@code true} if we should force nonce validation on
     *                                OCSP response else set to {@code false}
     * @param ioTransport             {@link IoTransport} to use
     * @param dnsNameResolver         {@link DnsNameResolver} implementation to use
     */
    public OcspServerCertificateValidator(boolean closeAndThrowIfNotValid, boolean validateNonce,
                                          IoTransport ioTransport, DnsNameResolver dnsNameResolver) {
        this.closeAndThrowIfNotValid = closeAndThrowIfNotValid;
        this.validateNonce = validateNonce;
        this.ioTransport = checkNotNull(ioTransport, "IoTransport");
        this.dnsNameResolver = checkNotNull(dnsNameResolver, "DnsNameResolver");
    }

    protected static DnsNameResolver createDefaultResolver(final IoTransport ioTransport) {
        return new DnsNameResolverBuilder()
                .eventLoop(ioTransport.eventLoop())

Defined In

handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp/OcspServerCertificateValidator.java

Source

View on GitHub

Frequently Asked Questions

What is the OcspServerCertificateValidator class?

OcspServerCertificateValidator is a class in the netty codebase, defined in handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp/OcspServerCertificateValidator.java.

Where is OcspServerCertificateValidator defined?

OcspServerCertificateValidator is defined in handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp/OcspServerCertificateValidator.java at line 44.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free