OcspServerExample Class — netty Architecture

Architecture documentation for the OcspServerExample class in OcspServerExample.java from the netty codebase.

Class java

Entity Profile

Dependency Diagram

graph TD
  128dfd35_ddfc_27f1_9e7e_4d4e80ed4721["OcspServerExample"]
  7fc032de_d44e_a57c_558c_ccccbe2d91c3["OcspServerExample.java"]
  128dfd35_ddfc_27f1_9e7e_4d4e80ed4721 -->|defined in| 7fc032de_d44e_a57c_558c_ccccbe2d91c3
  175105d6_9501_f35a_922c_397c9d3c0bef["main()"]
  128dfd35_ddfc_27f1_9e7e_4d4e80ed4721 -->|method| 175105d6_9501_f35a_922c_397c9d3c0bef
  8c094108_c004_065c_6324_20c19aa12c46["newServerHandler()"]
  128dfd35_ddfc_27f1_9e7e_4d4e80ed4721 -->|method| 8c094108_c004_065c_6324_20c19aa12c46
  5f3f34ef_e852_5dfb_9c5f_86caed8c9a62["parseCertificates()"]
  128dfd35_ddfc_27f1_9e7e_4d4e80ed4721 -->|method| 5f3f34ef_e852_5dfb_9c5f_86caed8c9a62

Relationship Graph

Source Code

example/src/main/java/io/netty/example/ocsp/OcspServerExample.java lines 60–203

@SuppressWarnings("unused")
public class OcspServerExample {
    public static void main(String[] args) throws Exception {
        // We assume there's a private key.
        PrivateKey privateKey = null;

        // Step 1: Load the certificate chain for netty.io. We'll need the certificate
        // and the issuer's certificate and we don't need any of the intermediate certs.
        // The array is assumed to be a certain order to keep things simple.
        X509Certificate[] keyCertChain = parseCertificates(OcspServerExample.class, "netty_io_chain.pem");

        X509Certificate certificate = keyCertChain[0];
        X509Certificate issuer = keyCertChain[keyCertChain.length - 1];

        // Step 2: We need the URL of the CA's OCSP responder server. It's somewhere encoded
        // into the certificate! Notice that it's an HTTP URL.
        URI uri = OcspUtils.ocspUri(certificate);
        System.out.println("OCSP Responder URI: " + uri);

        if (uri == null) {
            throw new IllegalStateException("The CA/certificate doesn't have an OCSP responder");
        }

        // Step 3: Construct the OCSP request
        OCSPReq request = new OcspRequestBuilder()
                .certificate(certificate)
                .issuer(issuer)
                .build();

        // Step 4: Do the request to the CA's OCSP responder
        OCSPResp response = OcspUtils.request(uri, request, 5L, TimeUnit.SECONDS);
        if (response.getStatus() != OCSPResponseStatus.SUCCESSFUL) {
            throw new IllegalStateException("response-status=" + response.getStatus());
        }

        // Step 5: Is my certificate any good or has the CA revoked it?
        BasicOCSPResp basicResponse = (BasicOCSPResp) response.getResponseObject();
        SingleResp first = basicResponse.getResponses()[0];

        CertificateStatus status = first.getCertStatus();
        System.out.println("Status: " + (status == CertificateStatus.GOOD ? "Good" : status));
        System.out.println("This Update: " + first.getThisUpdate());
        System.out.println("Next Update: " + first.getNextUpdate());

        if (status != null) {
            throw new IllegalStateException("certificate-status=" + status);
        }

        BigInteger certSerial = certificate.getSerialNumber();
        BigInteger ocspSerial = first.getCertID().getSerialNumber();
        if (!certSerial.equals(ocspSerial)) {
            throw new IllegalStateException("Bad Serials=" + certSerial + " vs. " + ocspSerial);
        }

        // Step 6: Cache the OCSP response and use it as long as it's not
        // expired. The exact semantics are beyond the scope of this example.

        if (!OpenSsl.isAvailable()) {
            throw new IllegalStateException("OpenSSL is not available!");
        }

        if (!OpenSsl.isOcspSupported()) {
            throw new IllegalStateException("OCSP is not supported!");
        }

        if (privateKey == null) {
            throw new IllegalStateException("Because we don't have a PrivateKey we can't continue past this point.");
        }

        ReferenceCountedOpenSslContext context
            = (ReferenceCountedOpenSslContext) SslContextBuilder.forServer(privateKey, keyCertChain)
                .sslProvider(SslProvider.OPENSSL)
                .enableOcsp(true)
                .build();

        try {
            ServerBootstrap bootstrap = new ServerBootstrap()
                    .childHandler(newServerHandler(context, response));

            // so on and so forth...
        } finally {

Defined In

example/src/main/java/io/netty/example/ocsp/OcspServerExample.java

Source

View on GitHub

Frequently Asked Questions

What is the OcspServerExample class?

OcspServerExample is a class in the netty codebase, defined in example/src/main/java/io/netty/example/ocsp/OcspServerExample.java.

Where is OcspServerExample defined?

OcspServerExample is defined in example/src/main/java/io/netty/example/ocsp/OcspServerExample.java at line 60.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free