netty Architecture Docs
Home / Function/ validateSignature() — netty Function Reference

validateSignature() — netty Function Reference

Architecture documentation for the validateSignature() function in OcspClient.java from the netty codebase.

Function java Buffer Allocators calls 1 called by 1

Entity Profile

Dependency Diagram

graph TD
  af12db0d_0585_7f39_ea00_ea888c0f0445["validateSignature()"]
  b3812cec_6383_4848_72ed_d7aa9ab08546["OcspClient"]
  af12db0d_0585_7f39_ea00_ea888c0f0445 -->|defined in| b3812cec_6383_4848_72ed_d7aa9ab08546
  665d2265_ea4a_1a24_17a6_15e9efedc3f9["validateResponse()"]
  665d2265_ea4a_1a24_17a6_15e9efedc3f9 -->|calls| af12db0d_0585_7f39_ea00_ea888c0f0445
  50598886_9268_4a91_78f1_ceeb719d9600["validateCertificateChain()"]
  af12db0d_0585_7f39_ea00_ea888c0f0445 -->|calls| 50598886_9268_4a91_78f1_ceeb719d9600
  style af12db0d_0585_7f39_ea00_ea888c0f0445 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp/OcspClient.java lines 281–314

    static void validateSignature(BasicOCSPResp resp, X509Certificate issuerCertificate) throws OCSPException {
        try {
            X509CertificateHolder[] certs = resp.getCerts();
            JcaContentVerifierProviderBuilder providerBuilder = new JcaContentVerifierProviderBuilder();

            // If responder certificate is included, validate the chain
            if (certs != null && certs.length > 0) {

                // Use the first included certificate to verify the OCSP response signature.
                X509CertificateHolder responderCert = certs[0];

                // Verify OCSP response signature using responder cert
                ContentVerifierProvider responderVerifier = providerBuilder.build(responderCert);

                if (!resp.isSignatureValid(responderVerifier)) {
                    throw new OCSPException("OCSP response signature is not valid");
                }

                // Build chain from responder certificate to issuer using CertPathBuilder
                validateCertificateChain(responderCert, certs, issuerCertificate);
            } else {
                // Validate signature using issuer certificate
                ContentVerifierProvider issuerVerifier = providerBuilder.build(issuerCertificate);

                if (!resp.isSignatureValid(issuerVerifier)) {
                    throw new OCSPException("OCSP response signature is not valid");
                }
            }
        } catch (OperatorCreationException e) {
            throw new OCSPException("Error validating OCSP-Signature", e);
        } catch (CertificateException e) {
            throw new OCSPException("Error while processing certificates for OCSP signature validation", e);
        }
    }

Domain

Subdomains

Defined In

Calls

Called By

Source

Frequently Asked Questions

What does validateSignature() do?
validateSignature() is a function in the netty codebase, defined in handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp/OcspClient.java.
Where is validateSignature() defined?
validateSignature() is defined in handler-ssl-ocsp/src/main/java/io/netty/handler/ssl/ocsp/OcspClient.java at line 281.
What does validateSignature() call?
validateSignature() calls 1 function(s): validateCertificateChain.
What calls validateSignature()?
validateSignature() is called by 1 function(s): validateResponse.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free