public class OCSPHandler extends Object
Constructor and Description |
---|
OCSPHandler(MerchantContext context) |
Modifier and Type | Method and Description |
---|---|
CertificateStatus |
checkStatus(X509Certificate merchantCert,
PrivateKey pk,
byte[] signature,
List<String> addInfo,
List<String> certificateAccessList,
X509Certificate bankidRootCertificate,
int slot,
byte[] privateKeyLabel,
String billingNonce,
X509Certificate[] bankidRootCertificates) |
CertificateStatus |
checkStatus(X509Certificate merchantCert,
PrivateKey pk,
X509Certificate userCert,
X509Certificate issuerCert,
List<String> addInfo,
List<String> certificateAccessList,
X509Certificate bankidRootCertificate,
int slot,
byte[] privateKeyLabel,
String billingNonce,
X509Certificate[] bankidRootCertificates)
Calls the BankID Validation Authority to get the certificate status of the signer
certificate from the input signature
|
void |
verifyOCSPResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp resp,
X509Certificate bankidRootCertificate,
List<String> certificateAccessList,
boolean checkCertificateExpiration,
X509Certificate[] bankidRootCertificates)
Method to verify the signature in the BasicOCSPResponse from the Validation
Authority
|
public OCSPHandler(MerchantContext context)
public CertificateStatus checkStatus(X509Certificate merchantCert, PrivateKey pk, byte[] signature, List<String> addInfo, List<String> certificateAccessList, X509Certificate bankidRootCertificate, int slot, byte[] privateKeyLabel, String billingNonce, X509Certificate[] bankidRootCertificates) throws BIDException
BIDException
public CertificateStatus checkStatus(X509Certificate merchantCert, PrivateKey pk, X509Certificate userCert, X509Certificate issuerCert, List<String> addInfo, List<String> certificateAccessList, X509Certificate bankidRootCertificate, int slot, byte[] privateKeyLabel, String billingNonce, X509Certificate[] bankidRootCertificates) throws BIDException
merchantCert
- JCRYPTO_X509Certificate The merchant's signer certificatepk
- PrivateKey The private key used to sign the OCSP RequestaddInfo
- List of OCSP Request extension oid labels to send to the VAcertificateAccessList
- HashMap of certificate policy oidsBIDException
- If something failspublic void verifyOCSPResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp resp, X509Certificate bankidRootCertificate, List<String> certificateAccessList, boolean checkCertificateExpiration, X509Certificate[] bankidRootCertificates) throws BIDException
resp
- BasicOCSPResponse to verifyBIDException
- If verfiying fails or data is corruptCopyright © 2017 Nets Branch Norway. All Rights Reserved.