Examples of org.ejbca.core.protocol.ocsp.OCSPUnidClient$SimpleVerifier

• org.ejbca.core.protocol.ocsp.OCSPUnidClient
  A simple OCSP lookup client used to query the OCSPUnidExtension. Attributes needed to call the client is a keystore issued from the same CA as has issued the TLS server certificate of the OCSP/Lookup server. The keystore must be a PKCS#12 file. If a keystore is not used, regular OCSP requests can still be made, using normal http. If requesting an Fnr and the fnr rturned is null, even though the OCSP code is good there can be several reasons: 1.The client was not authorized to request an Fnr 2.There was no Unid Fnr mapping available 3.There was no Unid in the certificate (serialNumber DN component) @author Tomas Gustavsson, PrimeKey Solutions AB @version $Id: OCSPUnidClient.java 8261 2009-11-05 16:33:18Z jeklund $

              // It is a certificate serial number instead if a certificate filename
              if (ocspUrlFromCLI == null) {
                System.out.println("OCSP URL is reqired if a serial number is used.");
                    System.exit(-1); // NOPMD, it's not a JEE app
              }
                final OCSPUnidClient client = OCSPUnidClient.getOCSPUnidClient(ksfilename, kspwd, ocspUrlFromCLI, signRequest, ksfilename!=null);
                response = client.lookup(new BigInteger(certfilename, 16), getCertFromPemFile(cacertfilename), useGet);
            } else {
              // It's not a certificate serial number, so treat it as a filename
                final Certificate userCert = getCertFromPemFile(certfilename);
                String ocspUrl = ocspUrlFromCLI;
              if (ocspUrl == null) {
                ocspUrl = CertTools.getAuthorityInformationAccessOcspUrl(userCert);
                if (ocspUrl == null) {
                    System.out.println("OCSP URL is required since none was found in the certificate.");
                        System.exit(-1); // NOPMD, it's not a JEE app
                }
              }
                final OCSPUnidClient client = OCSPUnidClient.getOCSPUnidClient(ksfilename, kspwd, ocspUrl, signRequest, true);
                response = client.lookup(userCert, getCertFromPemFile(cacertfilename), useGet);
            }
            if (response.getErrorCode() != OCSPUnidResponse.ERROR_NO_ERROR) {
              System.out.println("Error querying OCSP server.");
              System.out.println("Error code is: "+response.getErrorCode());
            }