query() — netty Function Reference
Architecture documentation for the query() function in OcspClient.java from the netty codebase.
Entity Profile
Dependency Diagram
graph TD a95f2426_2f96_5a1e_b38a_6852764f680c["query()"] b3812cec_6383_4848_72ed_d7aa9ab08546["OcspClient"] a95f2426_2f96_5a1e_b38a_6852764f680c -->|defined in| b3812cec_6383_4848_72ed_d7aa9ab08546 665d2265_ea4a_1a24_17a6_15e9efedc3f9["validateResponse()"] a95f2426_2f96_5a1e_b38a_6852764f680c -->|calls| 665d2265_ea4a_1a24_17a6_15e9efedc3f9 2ae01693_26e4_487c_a466_ead1c07ac63e["Initializer()"] a95f2426_2f96_5a1e_b38a_6852764f680c -->|calls| 2ae01693_26e4_487c_a466_ead1c07ac63e style a95f2426_2f96_5a1e_b38a_6852764f680c fill:#6366f1,stroke:#818cf8,color:#fff
Relationship Graph
Source Code
handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp/OcspClient.java lines 107–180
static Promise<BasicOCSPResp> query(final X509Certificate x509Certificate,
final X509Certificate issuer, final boolean validateResponseNonce,
final IoTransport ioTransport, final DnsNameResolver dnsNameResolver) {
final EventLoop eventLoop = ioTransport.eventLoop();
final Promise<BasicOCSPResp> responsePromise = eventLoop.newPromise();
eventLoop.execute(new Runnable() {
@Override
public void run() {
try {
CertificateID certificateID = new CertificateID(new JcaDigestCalculatorProviderBuilder()
.build().get(HASH_SHA1), new JcaX509CertificateHolder(issuer),
x509Certificate.getSerialNumber());
// Initialize OCSP Request Builder and add CertificateID into it.
OCSPReqBuilder builder = new OCSPReqBuilder();
builder.addRequest(certificateID);
// Generate 16-bytes (octets) of nonce and add it into OCSP Request builder.
// Because as per RFC-8954#2.1:
//
// OCSP responders MUST accept lengths of at least
// 16 octets and MAY choose to ignore the Nonce extension for requests
// where the length of the nonce is less than 16 octets.
byte[] nonce = new byte[16];
SECURE_RANDOM.nextBytes(nonce);
final DEROctetString derNonce = new DEROctetString(nonce);
builder.setRequestExtensions(new Extensions(new Extension(id_pkix_ocsp_nonce, false, derNonce)));
// Get OCSP URL from Certificate and query it.
URL uri = new URL(parseOcspUrlFromCertificate(x509Certificate));
// Find port
int port = uri.getPort();
if (port == -1) {
port = uri.getDefaultPort();
}
// Configure path
String path = uri.getPath();
if (path.isEmpty()) {
path = "/";
} else {
if (uri.getQuery() != null) {
path = path + '?' + uri.getQuery();
}
}
Promise<OCSPResp> ocspResponsePromise = query(eventLoop,
Unpooled.wrappedBuffer(builder.build().getEncoded()),
uri.getHost(), port, path, ioTransport, dnsNameResolver);
// Validate OCSP response
ocspResponsePromise.addListener((GenericFutureListener<Future<OCSPResp>>) future -> {
// If Future was successful then we have received OCSP response
// We will now validate it.
if (future.isSuccess()) {
try {
BasicOCSPResp resp = (BasicOCSPResp) future.getNow().getResponseObject();
validateResponse(responsePromise, resp, derNonce, issuer, validateResponseNonce);
} catch (Throwable t) {
responsePromise.tryFailure(t);
}
} else {
responsePromise.tryFailure(future.cause());
}
});
} catch (Exception ex) {
responsePromise.tryFailure(ex);
}
}
});
return responsePromise;
}Domain
Subdomains
Source
Frequently Asked Questions
What does query() do?
query() is a function in the netty codebase, defined in handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp/OcspClient.java.
Where is query() defined?
query() is defined in handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp/OcspClient.java at line 107.
What does query() call?
query() calls 2 function(s): Initializer, validateResponse.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free