com.rsa.certj.provider.revocation.ocsp

Class OCSPRequestControl

java.lang.Object
  |
  +--com.rsa.certj.provider.revocation.ocsp.OCSPRequestControl

All Implemented Interfaces:

Cloneable

public final class OCSPRequestControl

extends Object

implements Cloneable

This class holds information that controls how an OCSP request message is composed.

Copyright © RSA Security Inc., 2001. All rights reserved.

Constructor Summary

OCSPRequestControl(X509Certificate requestSignerCert)

Constructs an OCSPRequestControl object containing the given request signing certificate.

OCSPRequestControl(X509Certificate requestSignerCert, String digestAlg, String signatureAlg, X509Certificate[] extraCerts, X509V3Extensions requestExtensions)

Constructs an OCSPRequestControl object with the given values.

Method Summary

Object	clone() Clones this OCSPRequestControl object.
String	getDigestAlgorithm() Returns a String object specifying the algorithm used to hash certificate information to create the certificate identifier that is sent to the responder.
X509Certificate[]	getExtraCerts() Returns an X509Certificate array containing additional certificates that the requestor chooses to send to the OCSP responder.
X509V3Extensions	getRequestExtensions() Returns an X509V3Extensions object containing optional extensions that are to be included in every request.
String	getSignatureAlgorithm() Returns a String object specifying the algorithm to be used to sign the OCSP request.
X509Certificate	getSignerCert() Returns an X509Certificate object containing the certificate whose private key is used to sign the OCSP request.
void	setDigestAlgorithm(String digestAlg) Sets the digest algorithm to use.
void	setExtraCerts(X509Certificate[] extraCerts) Sets a list of extra certificates to send with a request in addition to the set that the service provider determines are necessary.
void	setRequestExtensions(X509V3Extensions requestExtensions) Sets a list of extra extensions to be sent with a request.
void	setSignatureAlgorithm(String signatureAlg) Sets the signature algorithm to use.
void	setSignerCert(X509Certificate cert) Set the certificate to use to sign the request.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OCSPRequestControl

public OCSPRequestControl(X509Certificate requestSignerCert,
                          String digestAlg,
                          String signatureAlg,
                          X509Certificate[] extraCerts,
                          X509V3Extensions requestExtensions)
                   throws InvalidParameterException

Constructs an OCSPRequestControl object with the given values.

Parameters

	requestSignerCert		An X509Certificate object containing the certificate whose private key is used to sign the OCSP request. The private key must be present in the CertPathCtx that is passed to CertJ.checkCertRevocation. This parameter is only required when the OCSP responder requires that the request be signed. If not specified, this parameter should be set to null.
	digestAlg		A String object specifying the algorithm used to hash certificate information to create the certificate identifier that is sent to the responder. Typical values for this parameter are "SHA1" and "MD5".
	signatureAlg		A String object specifying the algorithm to be used to sign the OCSP request. A typical value for this parameter is "RSA".
	extraCerts		An X509Certificate array containing additional certificates that the requestor chooses to send to the OCSP responder. By default, the OCSP Revocation Status service provider sends only the request signer's certificate to the OCSP responder.
	requestExtensions		An X509V3Extensions object containing optional extensions that are to be included in every request. If unused, it must be set to null. The service provider always includes an id-pkix-ocsp-response extension, and unless overridden by the OCSP.OCSP_DISABLE_NONCES flag, the service provider always supplies an id-pkix-ocsp-nonce extension. If the application requires additional extensions, they can be specified in this parameter.

Throws

InvalidParameterException - If any argument is invalid.

OCSPRequestControl

public OCSPRequestControl(X509Certificate requestSignerCert)
                   throws InvalidParameterException

Constructs an OCSPRequestControl object containing the given request signing certificate. The digest algorithm defaults to "SHA1", and the signature algorithm defaults to "RSA", with no additional certificates or request extensions.

Parameters

requestSignerCert

An X509Certificate object containing the certificate with the private-key used to sign the OCSP request. The private key must be present in the CertPathCtx that is passed to CertJ.checkCertRevocation. This parameter is only required when the OCSP responder requires the request to be signed. If not specified, this parameter should be set to null.

Throws

InvalidParameterException - If the argument is invalid.

Method Detail

clone

public Object clone()
             throws CloneNotSupportedException

Clones this OCSPRequestControl object.

Returns

An Object containing the clone.

Throws

CloneNotSupportedException - If an error occurs during the cloning operation.

setDigestAlgorithm

public void setDigestAlgorithm(String digestAlg)
                        throws InvalidParameterException

Sets the digest algorithm to use. The validity or appropriateness of the given digest algorithm may not be determined until its actual use.

Parameters

digestAlg

A String object specifying the algorithm used to hash certificate information to create the certificate identifier that is sent to the responder.

Throws

InvalidParameterException - If the argument can be determined to be invalid.

setSignatureAlgorithm

public void setSignatureAlgorithm(String signatureAlg)
                           throws InvalidParameterException

Sets the signature algorithm to use. The validity or appropriateness of the given signature algorithm can not be determined until its actual use.

Parameters

signatureAlg

A String object specifying the algorithm to use to sign OCSP requests.

Throws

InvalidParameterException - If the argument can be determined to be invalid.

setExtraCerts

public void setExtraCerts(X509Certificate[] extraCerts)
                   throws InvalidParameterException

Sets a list of extra certificates to send with a request in addition to the set that the service provider determines are necessary.

Parameters

extraCerts

An X509Certificate array containing additional certificates to include in every OCSP request.

Throws

InvalidParameterException - If the argument is invalid.

setSignerCert

public void setSignerCert(X509Certificate cert)
                   throws InvalidParameterException

Set the certificate to use to sign the request.

Parameters

cert

An X509Certificate object containing the certificate with the private-key used to sign the OCSP request. The private key must be present in the CertPathCtx that is passed to CertJ.checkCertRevocation. This parameter is only required when the OCSP responder requires the request to be signed.

Throws

InvalidParameterException - If the argument is invalid.

setRequestExtensions

public void setRequestExtensions(X509V3Extensions requestExtensions)
                          throws InvalidParameterException

Sets a list of extra extensions to be sent with a request.

Parameters

requestExtensions

An X509V3Extensions object containing additional extensions that the requestor chooses to include in every OCSP request.

Throws

InvalidParameterException - If the argument is invalid.

getDigestAlgorithm

public String getDigestAlgorithm()

Returns a String object specifying the algorithm used to hash certificate information to create the certificate identifier that is sent to the responder. Typical values for this parameter are "SHA1" and "MD5".

Returns

a String object specifying the algorithm used to hash certificate information to create the certificate identifier that is sent to the responder.

getSignatureAlgorithm

public String getSignatureAlgorithm()

Returns a String object specifying the algorithm to be used to sign the OCSP request. A typical value for this parameter is "RSA".

Returns

A String object specifying the algorithm to be used to sign the OCSP request.

getSignerCert

public X509Certificate getSignerCert()

Returns an X509Certificate object containing the certificate whose private key is used to sign the OCSP request. The private key must be present in the CertPathCtx that is passed to CertJ.checkCertRevocation. This parameter is only required when the OCSP responder requires that the request be signed. If not specified, this parameter should be set to null.

Returns

an X509Certificate object containing the certificate whose private key is used to sign the OCSP request.

getExtraCerts

public X509Certificate[] getExtraCerts()

Returns an X509Certificate array containing additional certificates that the requestor chooses to send to the OCSP responder. By default, the OCSP Revocation Status service provider sends only the request signer's certificate to the OCSP responder.

Returns

an X509Certificate array containing additional certificates that the requestor chooses to send to the OCSP responder.

getRequestExtensions

public X509V3Extensions getRequestExtensions()

Returns an X509V3Extensions object containing optional extensions that are to be included in every request. If unused, then it must be set to null. The service provider always includes an id-pkix-ocsp-response extension, and unless overridden by the OCSP.OCSP_DISABLE_NONCES flag, the service provider always supplies an id-pkix-ocsp-nonce extension. If the application requires additional extensions, they can be specified in this parameter.

Returns

An X509V3Extensions object containing optional extensions that are to be included in every request.