OcspServerCertificateValidator.java — netty Source File

Architecture documentation for OcspServerCertificateValidator.java, a java file in the netty codebase.

File java Buffer Allocators 1 classes

Entity Profile

Buffer→ Allocators→ OcspServerCertificateValidator.java — netty Source File

Relationship Graph

Source Code

/*
 * Copyright 2022 The Netty Project
 *
 * The Netty Project licenses this file to you under the Apache License,
 * version 2.0 (the "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at:
 *
 *   https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations
 * under the License.
 */
package io.netty.handler.ssl.ocsp;

import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import io.netty.resolver.dns.DnsNameResolver;
import io.netty.resolver.dns.DnsNameResolverBuilder;
import io.netty.util.AttributeKey;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import io.netty.util.concurrent.Promise;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.SingleResp;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;

import static io.netty.util.internal.ObjectUtil.checkNotNull;

/**
 * {@link OcspServerCertificateValidator} validates incoming server's certificate
 * using OCSP. Once TLS handshake is completed, {@link SslHandshakeCompletionEvent#SUCCESS} is fired, validator
 * will perform certificate validation using OCSP over HTTP/1.1 with the server's certificate issuer OCSP responder.
 */
public class OcspServerCertificateValidator extends ChannelInboundHandlerAdapter {
    /**
     * An attribute used to mark all channels created by the {@link OcspServerCertificateValidator}.
     */
    public static final AttributeKey<Boolean> OCSP_PIPELINE_ATTRIBUTE =
            AttributeKey.newInstance("io.netty.handler.ssl.ocsp.pipeline");

    private final boolean closeAndThrowIfNotValid;
    private final boolean validateNonce;
    private final IoTransport ioTransport;
    private final DnsNameResolver dnsNameResolver;

    /**
     * Create a new {@link OcspServerCertificateValidator} instance without nonce validation
     * on OCSP response, using default {@link IoTransport#DEFAULT} instance,
     * default {@link DnsNameResolver} implementation and with {@link #closeAndThrowIfNotValid}
     * set to {@code true}
// ... (138 more lines)

Domain

Buffer

Subdomains

Allocators

Classes

OcspServerCertificateValidator

Source

View on GitHub

Frequently Asked Questions

What does OcspServerCertificateValidator.java do?

OcspServerCertificateValidator.java is a source file in the netty codebase, written in java. It belongs to the Buffer domain, Allocators subdomain.

Where is OcspServerCertificateValidator.java in the architecture?

OcspServerCertificateValidator.java is located at handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp/OcspServerCertificateValidator.java (domain: Buffer, subdomain: Allocators, directory: handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp).

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free