| changeset 40390 | 64541737c7f7 |
| parent 37309 | 8f530b9d18f4 |
| 40389:c6df8bba0b71 | 40390:64541737c7f7 |
|---|---|
62 ObjectIdentifier.newInternal( |
62 ObjectIdentifier.newInternal( |
63 new int[] { 1, 3, 6, 1, 5, 5, 7, 48, 1, 1}); |
63 new int[] { 1, 3, 6, 1, 5, 5, 7, 48, 1, 1}); |
64 private static final SimpleDateFormat utcDateFmt = |
64 private static final SimpleDateFormat utcDateFmt = |
65 new SimpleDateFormat("MMM dd yyyy, HH:mm:ss z"); |
65 new SimpleDateFormat("MMM dd yyyy, HH:mm:ss z"); |
66 |
66 |
67 static final int FREE_PORT = 0; |
|
68 |
|
67 // CertStatus values |
69 // CertStatus values |
68 public static enum CertStatus { |
70 public static enum CertStatus { |
69 CERT_STATUS_GOOD, |
71 CERT_STATUS_GOOD, |
70 CERT_STATUS_REVOKED, |
72 CERT_STATUS_REVOKED, |
71 CERT_STATUS_UNKNOWN, |
73 CERT_STATUS_UNKNOWN, |
86 private boolean logEnabled = false; |
88 private boolean logEnabled = false; |
87 private ExecutorService threadPool; |
89 private ExecutorService threadPool; |
88 private volatile boolean started = false; |
90 private volatile boolean started = false; |
89 private volatile boolean serverReady = false; |
91 private volatile boolean serverReady = false; |
90 private volatile boolean receivedShutdown = false; |
92 private volatile boolean receivedShutdown = false; |
91 private long delayMsec = 0; |
93 private volatile boolean acceptConnections = true; |
94 private volatile long delayMsec = 0; |
|
92 |
95 |
93 // Fields used in the generation of responses |
96 // Fields used in the generation of responses |
94 private long nextUpdateInterval = -1; |
97 private long nextUpdateInterval = -1; |
95 private Date nextUpdate = null; |
98 private Date nextUpdate = null; |
96 private ResponderId respId; |
99 private ResponderId respId; |
114 * @throws IOException if a {@code ResponderId} cannot be generated from |
117 * @throws IOException if a {@code ResponderId} cannot be generated from |
115 * the signer certificate. |
118 * the signer certificate. |
116 */ |
119 */ |
117 public SimpleOCSPServer(KeyStore ks, String password, String issuerAlias, |
120 public SimpleOCSPServer(KeyStore ks, String password, String issuerAlias, |
118 String signerAlias) throws GeneralSecurityException, IOException { |
121 String signerAlias) throws GeneralSecurityException, IOException { |
119 this(null, 0, ks, password, issuerAlias, signerAlias); |
122 this(null, FREE_PORT, ks, password, issuerAlias, signerAlias); |
120 } |
123 } |
121 |
124 |
122 /** |
125 /** |
123 * Construct a SimpleOCSPServer using specific network parameters, |
126 * Construct a SimpleOCSPServer using specific network parameters, |
124 * keystore, password, and alias. |
127 * keystore, password, and alias. |
228 |
231 |
229 // Main dispatch loop |
232 // Main dispatch loop |
230 while (!receivedShutdown) { |
233 while (!receivedShutdown) { |
231 try { |
234 try { |
232 Socket newConnection = servSocket.accept(); |
235 Socket newConnection = servSocket.accept(); |
236 if (!acceptConnections) { |
|
237 try { |
|
238 log("Reject connection"); |
|
239 newConnection.close(); |
|
240 } catch (IOException e) { |
|
241 // ignore |
|
242 } |
|
243 continue; |
|
244 } |
|
233 threadPool.submit(new OcspHandler(newConnection)); |
245 threadPool.submit(new OcspHandler(newConnection)); |
234 } catch (SocketTimeoutException timeout) { |
246 } catch (SocketTimeoutException timeout) { |
235 // Nothing to do here. If receivedShutdown |
247 // Nothing to do here. If receivedShutdown |
236 // has changed to true then the loop will |
248 // has changed to true then the loop will |
237 // exit on its own. |
249 // exit on its own. |
253 serverReady = false; |
265 serverReady = false; |
254 } |
266 } |
255 } |
267 } |
256 }); |
268 }); |
257 } |
269 } |
270 |
|
271 /** |
|
272 * Make the OCSP server reject incoming connections. |
|
273 */ |
|
274 public synchronized void rejectConnections() { |
|
275 log("Reject OCSP connections"); |
|
276 acceptConnections = false; |
|
277 } |
|
278 |
|
279 /** |
|
280 * Make the OCSP server accept incoming connections. |
|
281 */ |
|
282 public synchronized void acceptConnections() { |
|
283 log("Accept OCSP connections"); |
|
284 acceptConnections = true; |
|
285 } |
|
286 |
|
258 |
287 |
259 /** |
288 /** |
260 * Stop the OCSP server. |
289 * Stop the OCSP server. |
261 */ |
290 */ |
262 public synchronized void stop() { |
291 public synchronized void stop() { |
497 * |
526 * |
498 * @param delayMillis the number of milliseconds to wait before acting |
527 * @param delayMillis the number of milliseconds to wait before acting |
499 * on the incoming request. |
528 * on the incoming request. |
500 */ |
529 */ |
501 public void setDelay(long delayMillis) { |
530 public void setDelay(long delayMillis) { |
502 if (!started) { |
531 delayMsec = delayMillis > 0 ? delayMillis : 0; |
503 delayMsec = delayMillis > 0 ? delayMillis : 0; |
532 if (delayMsec > 0) { |
504 if (delayMsec > 0) { |
533 log("OCSP latency set to " + delayMsec + " milliseconds."); |
505 log("OCSP latency set to " + delayMsec + " milliseconds."); |
534 } else { |
506 } else { |
535 log("OCSP latency disabled"); |
507 log("OCSP latency disabled"); |
|
508 } |
|
509 } |
536 } |
510 } |
537 } |
511 |
538 |
512 /** |
539 /** |
513 * Log a message to stdout. |
540 * Log a message to stdout. |