verify() — netty Function Reference

Architecture documentation for the verify() function in OcspClientExample.java from the netty codebase.

Function java Buffer Telemetry

Entity Profile

Buffer→ Telemetry→ verify() — netty Function Reference

Dependency Diagram

graph TD
  2a4433c3_a383_f7f0_c1d2_eb1493fef9e5["verify()"]
  f002386d_c8a1_f43e_732b_a343ebbe5d63["ExampleOcspClientHandler"]
  2a4433c3_a383_f7f0_c1d2_eb1493fef9e5 -->|defined in| f002386d_c8a1_f43e_732b_a343ebbe5d63
  style 2a4433c3_a383_f7f0_c1d2_eb1493fef9e5 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

example/src/main/java/io/netty/example/ocsp/OcspClientExample.java lines 213–247

        @Override
        protected boolean verify(ChannelHandlerContext ctx, ReferenceCountedOpenSslEngine engine) throws Exception {
            byte[] staple = engine.getOcspResponse();
            if (staple == null) {
                throw new IllegalStateException("Server didn't provide an OCSP staple!");
            }

            OCSPResp response = new OCSPResp(staple);
            if (response.getStatus() != OCSPResponseStatus.SUCCESSFUL) {
                return false;
            }

            SSLSession session = engine.getSession();
            X509Certificate[] chain = session.getPeerCertificateChain();
            BigInteger certSerial = chain[0].getSerialNumber();

            BasicOCSPResp basicResponse = (BasicOCSPResp) response.getResponseObject();
            SingleResp first = basicResponse.getResponses()[0];

            // ATTENTION: CertificateStatus.GOOD is actually a null value! Do not use
            // equals() or you'll NPE!
            CertificateStatus status = first.getCertStatus();
            BigInteger ocspSerial = first.getCertID().getSerialNumber();
            String message = new StringBuilder()
                .append("OCSP status of ").append(ctx.channel().remoteAddress())
                .append("\n  Status: ").append(status == CertificateStatus.GOOD ? "Good" : status)
                .append("\n  This Update: ").append(first.getThisUpdate())
                .append("\n  Next Update: ").append(first.getNextUpdate())
                .append("\n  Cert Serial: ").append(certSerial)
                .append("\n  OCSP Serial: ").append(ocspSerial)
                .toString();
            System.out.println(message);

            return status == CertificateStatus.GOOD && certSerial.equals(ocspSerial);
        }