java.lang.Object
- io.netty.channel.ChannelHandlerAdapter
- - io.netty.channel.ChannelInboundHandlerAdapter
  - - io.netty.handler.ssl.ocsp.OcspServerCertificateValidator

All Implemented Interfaces:

io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
```
public class OcspServerCertificateValidator
extends io.netty.channel.ChannelInboundHandlerAdapter
```
OcspServerCertificateValidator validates incoming server's certificate using OCSP. Once TLS handshake is completed, SslHandshakeCompletionEvent.SUCCESS is fired, validator will perform certificate validation using OCSP over HTTP/1.1 with the server's certificate issuer OCSP responder.

Nested Class Summary
- Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler
  io.netty.channel.ChannelHandler.Sharable

Field Summary

Fields
Modifier and Type	Field	Description
`static io.netty.util.AttributeKey<Boolean>`	`OCSP_PIPELINE_ATTRIBUTE`	An attribute used to mark all channels created by the `OcspServerCertificateValidator`.

Constructor Summary

Constructors
Constructor	Description
`OcspServerCertificateValidator()`	Create a new `OcspServerCertificateValidator` instance without nonce validation on OCSP response, using default `IoTransport.DEFAULT` instance, default `DnsNameResolver` implementation and with `closeAndThrowIfNotValid` set to `true`
`OcspServerCertificateValidator(boolean validateNonce)`	Create a new `OcspServerCertificateValidator` instance with default `IoTransport.DEFAULT` instance and default `DnsNameResolver` implementation and `closeAndThrowIfNotValid` set to `true`.
`OcspServerCertificateValidator(boolean closeAndThrowIfNotValid, boolean validateNonce, IoTransport ioTransport, io.netty.resolver.dns.DnsNameResolver dnsNameResolver)`	Create a new `IoTransport` instance
`OcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport)`	Create a new `OcspServerCertificateValidator` instance
`OcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport, io.netty.resolver.dns.DnsNameResolver dnsNameResolver)`	Create a new `IoTransport` instance with `closeAndThrowIfNotValid` set to `true`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected static io.netty.resolver.dns.DnsNameResolver`	`createDefaultResolver(IoTransport ioTransport)`
`void`	`exceptionCaught(io.netty.channel.ChannelHandlerContext ctx, Throwable cause)`
`void`	`userEventTriggered(io.netty.channel.ChannelHandlerContext ctx, Object evt)`

Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter
channelActive, channelInactive, channelRead, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged

Methods inherited from class io.netty.channel.ChannelHandlerAdapter
ensureNotSharable, handlerAdded, handlerRemoved, isSharable

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.netty.channel.ChannelHandler
handlerAdded, handlerRemoved

- Field Detail
  - OCSP_PIPELINE_ATTRIBUTE
```
public static final io.netty.util.AttributeKey<Boolean> OCSP_PIPELINE_ATTRIBUTE
```
    An attribute used to mark all channels created by the OcspServerCertificateValidator.
- Constructor Detail
  - OcspServerCertificateValidator
```
public OcspServerCertificateValidator()
```
    Create a new OcspServerCertificateValidator instance without nonce validation on OCSP response, using default IoTransport.DEFAULT instance, default DnsNameResolver implementation and with closeAndThrowIfNotValid set to true
  - OcspServerCertificateValidator
```
public OcspServerCertificateValidator(boolean validateNonce)
```
    Create a new OcspServerCertificateValidator instance with default IoTransport.DEFAULT instance and default DnsNameResolver implementation and closeAndThrowIfNotValid set to true.
    
    Parameters:
    
    validateNonce - Set to true if we should force nonce validation on OCSP response else set to false
  - OcspServerCertificateValidator
```
public OcspServerCertificateValidator(boolean validateNonce,
                                      IoTransport ioTransport)
```
    Create a new OcspServerCertificateValidator instance
    
    Parameters:
    
    validateNonce - Set to true if we should force nonce validation on OCSP response else set to false
    
    ioTransport - IoTransport to use
  - OcspServerCertificateValidator
```
public OcspServerCertificateValidator(boolean validateNonce,
                                      IoTransport ioTransport,
                                      io.netty.resolver.dns.DnsNameResolver dnsNameResolver)
```
    Create a new IoTransport instance with closeAndThrowIfNotValid set to true
    
    Parameters:
    
    validateNonce - Set to true if we should force nonce validation on OCSP response else set to false
    
    ioTransport - IoTransport to use
    
    dnsNameResolver - DnsNameResolver implementation to use
  - OcspServerCertificateValidator
```
public OcspServerCertificateValidator(boolean closeAndThrowIfNotValid,
                                      boolean validateNonce,
                                      IoTransport ioTransport,
                                      io.netty.resolver.dns.DnsNameResolver dnsNameResolver)
```
    Create a new IoTransport instance
    
    Parameters:
    
    closeAndThrowIfNotValid - If set to true then we will close the channel and throw an exception when certificate is not OcspResponse.Status.VALID. If set to false then we will simply pass the OcspValidationEvent to the next handler in pipeline and let it decide what to do.
    
    validateNonce - Set to true if we should force nonce validation on OCSP response else set to false
    
    ioTransport - IoTransport to use
    
    dnsNameResolver - DnsNameResolver implementation to use
- Method Detail
  - createDefaultResolver
```
protected static io.netty.resolver.dns.DnsNameResolver createDefaultResolver(IoTransport ioTransport)
```
  - userEventTriggered
```
public void userEventTriggered(io.netty.channel.ChannelHandlerContext ctx,
                               Object evt)
                        throws Exception
```
    Specified by:
    
    userEventTriggered in interface io.netty.channel.ChannelInboundHandler
    
    Overrides:
    
    userEventTriggered in class io.netty.channel.ChannelInboundHandlerAdapter
    
    Throws:
    
    Exception
  - exceptionCaught
```
public void exceptionCaught(io.netty.channel.ChannelHandlerContext ctx,
                            Throwable cause)
```
    Specified by:
    
    exceptionCaught in interface io.netty.channel.ChannelHandler
    
    Specified by:
    
    exceptionCaught in interface io.netty.channel.ChannelInboundHandler
    
    Overrides:
    
    exceptionCaught in class io.netty.channel.ChannelInboundHandlerAdapter

Class OcspServerCertificateValidator

Nested Class Summary

Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler

Field Summary

Constructor Summary

Method Summary

Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter

Methods inherited from class io.netty.channel.ChannelHandlerAdapter

Methods inherited from class java.lang.Object

Methods inherited from interface io.netty.channel.ChannelHandler

Field Detail

OCSP_PIPELINE_ATTRIBUTE

Constructor Detail

OcspServerCertificateValidator

OcspServerCertificateValidator

OcspServerCertificateValidator

OcspServerCertificateValidator

OcspServerCertificateValidator

Method Detail

createDefaultResolver

userEventTriggered

exceptionCaught