public class OcspServerCertificateValidator extends ChannelInboundHandlerAdapter
OcspServerCertificateValidator validates incoming server's certificate
using OCSP. Once TLS handshake is completed, SslHandshakeCompletionEvent.SUCCESS is fired, validator
will perform certificate validation using OCSP over HTTP/1.1 with the server's certificate issuer OCSP responder.ChannelHandler.Sharable| 限定符和类型 | 字段和说明 |
|---|---|
static AttributeKey<java.lang.Boolean> |
OCSP_PIPELINE_ATTRIBUTE
An attribute used to mark all channels created by the
OcspServerCertificateValidator. |
| 构造器和说明 |
|---|
OcspServerCertificateValidator()
Create a new
OcspServerCertificateValidator instance without nonce validation
on OCSP response, using default IoTransport.DEFAULT instance,
default DnsNameResolver implementation and with closeAndThrowIfNotValid
set to true |
OcspServerCertificateValidator(boolean validateNonce)
Create a new
OcspServerCertificateValidator instance with
default IoTransport.DEFAULT instance and default DnsNameResolver implementation
and closeAndThrowIfNotValid set to true. |
OcspServerCertificateValidator(boolean closeAndThrowIfNotValid,
boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
Create a new
IoTransport instance |
OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport)
Create a new
OcspServerCertificateValidator instance |
OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
|
| 限定符和类型 | 方法和说明 |
|---|---|
protected static DnsNameResolver |
createDefaultResolver(IoTransport ioTransport) |
void |
exceptionCaught(ChannelHandlerContext ctx,
java.lang.Throwable cause)
Calls
ChannelHandlerContext.fireExceptionCaught(Throwable) to forward
to the next ChannelHandler in the ChannelPipeline. |
void |
userEventTriggered(ChannelHandlerContext ctx,
java.lang.Object evt)
Calls
ChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline. |
channelActive, channelInactive, channelRead, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChangedensureNotSharable, handlerAdded, handlerRemoved, isSharableclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waithandlerAdded, handlerRemovedpublic static final AttributeKey<java.lang.Boolean> OCSP_PIPELINE_ATTRIBUTE
OcspServerCertificateValidator.public OcspServerCertificateValidator()
OcspServerCertificateValidator instance without nonce validation
on OCSP response, using default IoTransport.DEFAULT instance,
default DnsNameResolver implementation and with closeAndThrowIfNotValid
set to truepublic OcspServerCertificateValidator(boolean validateNonce)
OcspServerCertificateValidator instance with
default IoTransport.DEFAULT instance and default DnsNameResolver implementation
and closeAndThrowIfNotValid set to true.validateNonce - Set to true if we should force nonce validation on
OCSP response else set to falsepublic OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport)
OcspServerCertificateValidator instancevalidateNonce - Set to true if we should force nonce validation on
OCSP response else set to falseioTransport - IoTransport to usepublic OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
validateNonce - Set to true if we should force nonce validation on
OCSP response else set to falseioTransport - IoTransport to usednsNameResolver - DnsNameResolver implementation to usepublic OcspServerCertificateValidator(boolean closeAndThrowIfNotValid,
boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
IoTransport instancecloseAndThrowIfNotValid - If set to true then we will close the channel and throw an exception
when certificate is not OcspResponse.Status.VALID.
If set to false then we will simply pass the OcspValidationEvent
to the next handler in pipeline and let it decide what to do.validateNonce - Set to true if we should force nonce validation on
OCSP response else set to falseioTransport - IoTransport to usednsNameResolver - DnsNameResolver implementation to useprotected static DnsNameResolver createDefaultResolver(IoTransport ioTransport)
public void userEventTriggered(ChannelHandlerContext ctx, java.lang.Object evt) throws java.lang.Exception
ChannelInboundHandlerAdapterChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline.
Sub-classes may override this method to change behavior.userEventTriggered 在接口中 ChannelInboundHandleruserEventTriggered 在类中 ChannelInboundHandlerAdapterjava.lang.Exceptionpublic void exceptionCaught(ChannelHandlerContext ctx, java.lang.Throwable cause)
ChannelInboundHandlerAdapterChannelHandlerContext.fireExceptionCaught(Throwable) to forward
to the next ChannelHandler in the ChannelPipeline.
Sub-classes may override this method to change behavior.exceptionCaught 在接口中 ChannelHandlerexceptionCaught 在接口中 ChannelInboundHandlerexceptionCaught 在类中 ChannelInboundHandlerAdapter