public class OcspServerCertificateValidator extends ChannelInboundHandlerAdapter
OcspServerCertificateValidator
validates incoming server's certificate
using OCSP. Once TLS handshake is completed, SslHandshakeCompletionEvent.SUCCESS
is fired, validator
will perform certificate validation using OCSP over HTTP/1.1 with the server's certificate issuer OCSP responder.ChannelHandler.Sharable
限定符和类型 | 字段和说明 |
---|---|
static AttributeKey<java.lang.Boolean> |
OCSP_PIPELINE_ATTRIBUTE
An attribute used to mark all channels created by the
OcspServerCertificateValidator . |
构造器和说明 |
---|
OcspServerCertificateValidator()
Create a new
OcspServerCertificateValidator instance without nonce validation
on OCSP response, using default IoTransport.DEFAULT instance,
default DnsNameResolver implementation and with closeAndThrowIfNotValid
set to true |
OcspServerCertificateValidator(boolean validateNonce)
Create a new
OcspServerCertificateValidator instance with
default IoTransport.DEFAULT instance and default DnsNameResolver implementation
and closeAndThrowIfNotValid set to true . |
OcspServerCertificateValidator(boolean closeAndThrowIfNotValid,
boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
Create a new
IoTransport instance |
OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport)
Create a new
OcspServerCertificateValidator instance |
OcspServerCertificateValidator(boolean validateNonce,
IoTransport ioTransport,
DnsNameResolver dnsNameResolver)
|
限定符和类型 | 方法和说明 |
---|---|
protected static DnsNameResolver |
createDefaultResolver(IoTransport ioTransport) |
void |
exceptionCaught(ChannelHandlerContext ctx,
java.lang.Throwable cause)
Calls
ChannelHandlerContext.fireExceptionCaught(Throwable) to forward
to the next ChannelHandler in the ChannelPipeline . |
void |
userEventTriggered(ChannelHandlerContext ctx,
java.lang.Object evt)
Calls
ChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline . |
channelActive, channelInactive, channelRead, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged
ensureNotSharable, handlerAdded, handlerRemoved, isSharable
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
handlerAdded, handlerRemoved
public static final AttributeKey<java.lang.Boolean> OCSP_PIPELINE_ATTRIBUTE
OcspServerCertificateValidator
.public OcspServerCertificateValidator()
OcspServerCertificateValidator
instance without nonce validation
on OCSP response, using default IoTransport.DEFAULT
instance,
default DnsNameResolver
implementation and with closeAndThrowIfNotValid
set to true
public OcspServerCertificateValidator(boolean validateNonce)
OcspServerCertificateValidator
instance with
default IoTransport.DEFAULT
instance and default DnsNameResolver
implementation
and closeAndThrowIfNotValid
set to true
.validateNonce
- Set to true
if we should force nonce validation on
OCSP response else set to false
public OcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport)
OcspServerCertificateValidator
instancevalidateNonce
- Set to true
if we should force nonce validation on
OCSP response else set to false
ioTransport
- IoTransport
to usepublic OcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
validateNonce
- Set to true
if we should force nonce validation on
OCSP response else set to false
ioTransport
- IoTransport
to usednsNameResolver
- DnsNameResolver
implementation to usepublic OcspServerCertificateValidator(boolean closeAndThrowIfNotValid, boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver)
IoTransport
instancecloseAndThrowIfNotValid
- If set to true
then we will close the channel and throw an exception
when certificate is not OcspResponse.Status.VALID
.
If set to false
then we will simply pass the OcspValidationEvent
to the next handler in pipeline and let it decide what to do.validateNonce
- Set to true
if we should force nonce validation on
OCSP response else set to false
ioTransport
- IoTransport
to usednsNameResolver
- DnsNameResolver
implementation to useprotected static DnsNameResolver createDefaultResolver(IoTransport ioTransport)
public void userEventTriggered(ChannelHandlerContext ctx, java.lang.Object evt) throws java.lang.Exception
ChannelInboundHandlerAdapter
ChannelHandlerContext.fireUserEventTriggered(Object)
to forward
to the next ChannelInboundHandler
in the ChannelPipeline
.
Sub-classes may override this method to change behavior.userEventTriggered
在接口中 ChannelInboundHandler
userEventTriggered
在类中 ChannelInboundHandlerAdapter
java.lang.Exception
public void exceptionCaught(ChannelHandlerContext ctx, java.lang.Throwable cause)
ChannelInboundHandlerAdapter
ChannelHandlerContext.fireExceptionCaught(Throwable)
to forward
to the next ChannelHandler
in the ChannelPipeline
.
Sub-classes may override this method to change behavior.exceptionCaught
在接口中 ChannelHandler
exceptionCaught
在接口中 ChannelInboundHandler
exceptionCaught
在类中 ChannelInboundHandlerAdapter