final class StatusResponseManager extends Object
| 限定符和类型 | 类和说明 |
|---|---|
(专用程序包) class |
StatusResponseManager.OCSPFetchCall
Inner Callable class that does the actual work of looking up OCSP
responses, first looking at the cache and doing OCSP requests if
a cache miss occurs.
|
(专用程序包) class |
StatusResponseManager.ResponseCacheEntry
Static nested class used as the data kept in the response cache.
|
(专用程序包) static class |
StatusResponseManager.StaplingParameters
Inner class used to hold stapling parameters needed by the handshaker
when stapling is active.
|
(专用程序包) class |
StatusResponseManager.StatusInfo
Inner class used to group request and response data.
|
| 限定符和类型 | 字段和说明 |
|---|---|
private int |
cacheCapacity |
private int |
cacheLifetime |
private static int |
DEFAULT_CACHE_LIFETIME |
private static int |
DEFAULT_CACHE_SIZE |
private static int |
DEFAULT_CORE_THREADS |
private URI |
defaultResponder |
private boolean |
ignoreExtensions |
private sun.security.util.Cache<sun.security.provider.certpath.CertId,StatusResponseManager.ResponseCacheEntry> |
responseCache |
private boolean |
respOverride |
private ScheduledThreadPoolExecutor |
threadMgr |
| 构造器和说明 |
|---|
StatusResponseManager()
Create a StatusResponseManager with default parameters.
|
| 限定符和类型 | 方法和说明 |
|---|---|
(专用程序包) void |
clear()
Clear the status response cache
|
(专用程序包) Map<X509Certificate,byte[]> |
get(CertStatusExtension.CertStatusRequestType type,
CertStatusExtension.CertStatusRequest request,
X509Certificate[] chain,
long delay,
TimeUnit unit)
Get a list of responses for a chain of certificates.
|
(专用程序包) int |
getCacheCapacity()
Get the current maximum cache size.
|
(专用程序包) int |
getCacheLifetime()
Get the current cache lifetime setting
|
(专用程序包) URI |
getDefaultResponder()
Get the default OCSP responder URI, if previously set.
|
private StatusResponseManager.ResponseCacheEntry |
getFromCache(sun.security.provider.certpath.CertId cid,
CertStatusExtension.OCSPStatusRequest ocspRequest)
Check the cache for a given
CertId. |
(专用程序包) boolean |
getIgnoreExtensions()
Get the ignore extensions setting.
|
(专用程序包) URI |
getURI(X509Certificate cert)
Obtain the URI use by the
StatusResponseManager during
lookups. |
(专用程序包) boolean |
getURIOverride()
Get the URI override setting
|
(专用程序包) static StatusResponseManager.StaplingParameters |
processStapling(ServerHandshakeContext shc) |
(专用程序包) void |
shutdown()
Shutdown the thread pool
|
(专用程序包) int |
size()
Returns the number of currently valid objects in the response cache.
|
String |
toString() |
private static final int DEFAULT_CORE_THREADS
private static final int DEFAULT_CACHE_SIZE
private static final int DEFAULT_CACHE_LIFETIME
private final ScheduledThreadPoolExecutor threadMgr
private final sun.security.util.Cache<sun.security.provider.certpath.CertId,StatusResponseManager.ResponseCacheEntry> responseCache
private final URI defaultResponder
private final boolean respOverride
private final int cacheCapacity
private final int cacheLifetime
private final boolean ignoreExtensions
StatusResponseManager()
int getCacheLifetime()
int getCacheCapacity()
URI getDefaultResponder()
null if
it has not been set.boolean getURIOverride()
true if URI override has been set, false
otherwise.boolean getIgnoreExtensions()
true if the StatusResponseManager will not
pass OCSP Extensions in the TLS status_request[_v2]
extensions, false if extensions will be passed (the default).void clear()
int size()
URI getURI(X509Certificate cert)
StatusResponseManager during
lookups.
This method takes into account not only the AIA extension from a
certificate to be checked, but also any default URI and possible
override settings for the response manager.cert - the subject to get the responder URI fromURI containing the address to the OCSP responder,
or null if no AIA extension exists in the certificate
and no default responder has been configured.NullPointerException - if cert is null.void shutdown()
Map<X509Certificate,byte[]> get(CertStatusExtension.CertStatusRequestType type, CertStatusExtension.CertStatusRequest request, X509Certificate[] chain, long delay, TimeUnit unit)
type - the type of request being made of the
StatusResponseManagerrequest - the CertStatusRequest from the
status_request or status_request_v2 ClientHello extension.
A value of null is interpreted as providing no
responder IDs or extensions.chain - an array of 2 or more certificates. Each certificate
must be issued by the next certificate in the chain.delay - the number of time units to delay before returning
responses.unit - the unit of time applied to the delay parameterMap containing the certificate and
its usuallySSLHandshakeException - if an unsupported
CertStatusRequest is provided.private StatusResponseManager.ResponseCacheEntry getFromCache(sun.security.provider.certpath.CertId cid, CertStatusExtension.OCSPStatusRequest ocspRequest)
CertId.cid - the CertId of the response to look upocspRequest - the OCSP request structure sent by the client
in the TLS status_request[_v2] hello extension.ResponseCacheEntry for a specific CertId, or
null if it is not found or a nonce extension has been
requested by the caller.static final StatusResponseManager.StaplingParameters processStapling(ServerHandshakeContext shc)
Copyright © 2023. All rights reserved.