java.lang.Object
- org.keycloak.utils.OCSPProvider
- - org.keycloak.crypto.elytron.ElytronOCSPProvider

public class ElytronOCSPProvider
extends OCSPProvider

Author:: David Anderson

Nested Class Summary
- Nested classes/interfaces inherited from class org.keycloak.utils.OCSPProvider
  OCSPProvider.OCSPRevocationStatus, OCSPProvider.RevocationStatus

Field Summary
- Fields inherited from class org.keycloak.utils.OCSPProvider
  OCSP_CONNECT_TIMEOUT, TIME_SKEW

Constructor Summary

Constructors
Constructor Description

ElytronOCSPProvider()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected OCSPProvider.OCSPRevocationStatus`	`check(KeycloakSession session, X509Certificate cert, X509Certificate issuerCertificate, List<URI> responderURIs, X509Certificate responderCert, Date date)`	Requests certificate revocation status using OCSP.
`protected List<String>`	`getResponderURIs(X509Certificate cert)`	Extracts OCSP responder URI from X509 AIA v3 extension, if available.

Methods inherited from class org.keycloak.utils.OCSPProvider
check, check, check, getEncodedOCSPResponse, unknownStatus

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- ElytronOCSPProvider
```
public ElytronOCSPProvider()
```

Method Detail

check

protected OCSPProvider.OCSPRevocationStatus check(KeycloakSession session,
                                                  X509Certificate cert,
                                                  X509Certificate issuerCertificate,
                                                  List<URI> responderURIs,
                                                  X509Certificate responderCert,
                                                  Date date)
                                           throws CertPathValidatorException

Requests certificate revocation status using OCSP.

Specified by:: check in class OCSPProvider
Parameters:: cert - the certificate to be checked; issuerCertificate - the issuer certificate; responderURIs - the OCSP responder URIs; responderCert - the OCSP responder certificate; date - if null, the current time is used.
Returns:: a revocation status
Throws:: CertPathValidatorException

getResponderURIs
```
protected List<String> getResponderURIs(X509Certificate cert)
                                 throws CertificateEncodingException
```
Extracts OCSP responder URI from X509 AIA v3 extension, if available. There can be multiple responder URIs encoded in the certificate.

Specified by:

getResponderURIs in class OCSPProvider

Parameters:

cert -

Returns:

a list of available responder URIs.

Throws:

CertificateEncodingException

Class ElytronOCSPProvider

Nested Class Summary

Nested classes/interfaces inherited from class org.keycloak.utils.OCSPProvider

Field Summary

Fields inherited from class org.keycloak.utils.OCSPProvider

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.utils.OCSPProvider

Methods inherited from class java.lang.Object

Constructor Detail

ElytronOCSPProvider

Method Detail

check

getResponderURIs