OCSPServer Class
Properties Methods Events Configuration Settings Errors
The OCSPServer class provides the functionality of an HTTP-based OCSP server.
Syntax
SecureBlackboxOCSPServer
SecureBlackboxOCSPServerSwift
Remarks
Use this class to quickly set up a working HTTP-based OCSP server.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
- active | Indicates whether the server is active and is listening to new connections. |
- authBasic | Enables or disables basic authentication. |
- authDigest | Enables or disables digest authentication. |
- authDigestExpire | Specifies digest expiration time for digest authentication. |
- authRealm | Specifies authentication realm for digest and NTLM authentication. |
- badEntryCount | The number of records in the BadEntry arrays. |
- badEntryHandle:(int)badEntryIndex | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
- boundPort | Indicates the bound listening port. |
- CACertBytes | Returns raw certificate data in DER format. |
- CACertHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
- endpoint | The virtual path that the server recognizes as the OCSP serving endpoint. |
- errorOrigin | Indicates the endpoint where the error originates from. |
- errorSeverity | The severity of the error that happened. |
- externalCryptoCustomParams | Custom parameters to be passed to the signing service (uninterpreted). |
- externalCryptoData | Additional data to be included in the async state and mirrored back by the requestor. |
- externalCryptoExternalHashCalculation | Specifies whether the message hash is to be calculated at the external endpoint. |
- externalCryptoHashAlgorithm | Specifies the request's signature hash algorithm. |
- externalCryptoKeyID | The ID of the pre-shared key used for DC request authentication. |
- externalCryptoKeySecret | The pre-shared key used for DC request authentication. |
- externalCryptoMethod | Specifies the asynchronous signing method. |
- externalCryptoMode | Specifies the external cryptography mode. |
- externalCryptoPublicKeyAlgorithm | Provide public key algorithm here if the certificate is not available on the pre-signing stage. |
- goodEntryCount | The number of records in the GoodEntry arrays. |
- goodEntryHandle:(int)goodEntryIndex | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
- host | The host to bind the listening port to. |
- pinnedCertCount | The number of records in the PinnedCert arrays. |
- pinnedCertBytes:(int)pinnedCertIndex | Returns raw certificate data in DER format. |
- pinnedCertHandle:(int)pinnedCertIndex | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
- pinnedClientAddress | The client's IP address. |
- pinnedClientChainValidationDetails | The details of a certificate chain validation outcome. |
- pinnedClientChainValidationResult | The outcome of a certificate chain validation routine. |
- pinnedClientCiphersuite | The cipher suite employed by this connection. |
- pinnedClientClientAuthenticated | Specifies whether client authentication was performed during this connection. |
- pinnedClientDigestAlgorithm | The digest algorithm used in a TLS-enabled connection. |
- pinnedClientEncryptionAlgorithm | The symmetric encryption algorithm used in a TLS-enabled connection. |
- pinnedClientID | The client connection's unique identifier. |
- pinnedClientKeyExchangeAlgorithm | The key exchange algorithm used in a TLS-enabled connection. |
- pinnedClientKeyExchangeKeyBits | The length of the key exchange key of a TLS-enabled connection. |
- pinnedClientNamedECCurve | The elliptic curve used in this connection. |
- pinnedClientPFSCipher | Indicates whether the chosen ciphersuite provides perfect forward secrecy (PFS). |
- pinnedClientPort | The remote port of the client connection. |
- pinnedClientPublicKeyBits | The length of the public key. |
- pinnedClientResumedSession | Indicates whether a TLS-enabled connection was spawned from another TLS connection. |
- pinnedClientSecureConnection | Indicates whether TLS or SSL is enabled for this connection. |
- pinnedClientSignatureAlgorithm | The signature algorithm used in a TLS handshake. |
- pinnedClientSymmetricBlockSize | The block size of the symmetric algorithm used. |
- pinnedClientSymmetricKeyBits | The key length of the symmetric algorithm used. |
- pinnedClientTotalBytesReceived | The total number of bytes received over this connection. |
- pinnedClientTotalBytesSent | The total number of bytes sent over this connection. |
- pinnedClientValidationLog | Contains the server certificate's chain validation log. |
- pinnedClientVersion | Indicates the version of SSL/TLS protocol negotiated during this connection. |
- pinnedClientCertCount | The number of records in the PinnedClientCert arrays. |
- pinnedClientCertBytes:(int)pinnedClientCertIndex | Returns raw certificate data in DER format. |
- pinnedClientCertCAKeyID:(int)pinnedClientCertIndex | A unique identifier (fingerprint) of the CA certificate's private key. |
- pinnedClientCertFingerprint:(int)pinnedClientCertIndex | Contains the fingerprint (a hash imprint) of this certificate. |
- pinnedClientCertHandle:(int)pinnedClientCertIndex | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
- pinnedClientCertIssuer:(int)pinnedClientCertIndex | The common name of the certificate issuer (CA), typically a company name. |
- pinnedClientCertIssuerRDN:(int)pinnedClientCertIndex | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer. |
- pinnedClientCertKeyAlgorithm:(int)pinnedClientCertIndex | Specifies the public key algorithm of this certificate. |
- pinnedClientCertKeyBits:(int)pinnedClientCertIndex | Returns the length of the public key. |
- pinnedClientCertKeyFingerprint:(int)pinnedClientCertIndex | Returns a fingerprint of the public key contained in the certificate. |
- pinnedClientCertKeyUsage:(int)pinnedClientCertIndex | Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set. |
- pinnedClientCertPublicKeyBytes:(int)pinnedClientCertIndex | Contains the certificate's public key in DER format. |
- pinnedClientCertSelfSigned:(int)pinnedClientCertIndex | Indicates whether the certificate is self-signed (root) or signed by an external CA. |
- pinnedClientCertSerialNumber:(int)pinnedClientCertIndex | Returns the certificate's serial number. |
- pinnedClientCertSigAlgorithm:(int)pinnedClientCertIndex | Indicates the algorithm that was used by the CA to sign this certificate. |
- pinnedClientCertSubject:(int)pinnedClientCertIndex | The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. |
- pinnedClientCertSubjectKeyID:(int)pinnedClientCertIndex | Contains a unique identifier (fingerprint) of the certificate's private key. |
- pinnedClientCertSubjectRDN:(int)pinnedClientCertIndex | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject). |
- pinnedClientCertValidFrom:(int)pinnedClientCertIndex | The time point at which the certificate becomes valid, in UTC. |
- pinnedClientCertValidTo:(int)pinnedClientCertIndex | The time point at which the certificate expires, in UTC. |
- port | Specifies the port number to listen for connections on. |
- portRangeFrom | Specifies the lower limit of the listening port range for incoming connections. |
- portRangeTo | Specifies the upper limit of the listening port range for incoming connections. |
- serverCertCount | The number of records in the ServerCert arrays. |
- serverCertBytes:(int)serverCertIndex | Returns raw certificate data in DER format. |
- serverCertHandle:(int)serverCertIndex | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
- signingCertBytes | Returns raw certificate data in DER format. |
- signingCertHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
- socketIncomingSpeedLimit | The maximum number of bytes to read from the socket, per second. |
- socketLocalAddress | The local network interface to bind the socket to. |
- socketLocalPort | The local port number to bind the socket to. |
- socketOutgoingSpeedLimit | The maximum number of bytes to write to the socket, per second. |
- socketTimeout | The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful. |
- socketUseIPv6 | Enables or disables IP protocol version 6. |
- TLSAutoValidateCertificates | Specifies whether server-side TLS certificates should be validated automatically using internal validation rules. |
- TLSBaseConfiguration | Selects the base configuration for the TLS settings. |
- TLSCiphersuites | A list of ciphersuites separated with commas or semicolons. |
- TLSECCurves | Defines the elliptic curves to enable. |
- TLSForceResumeIfDestinationChanges | Whether to force TLS session resumption when the destination address changes. |
- TLSPreSharedIdentity | Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated. |
- TLSPreSharedKey | Contains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16. |
- TLSPreSharedKeyCiphersuite | Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation. |
- TLSRenegotiationAttackPreventionMode | Selects renegotiation attack prevention mechanism. |
- TLSRevocationCheck | Specifies the kind(s) of revocation check to perform. |
- TLSSSLOptions | Various SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size. |
- TLSTLSMode | Specifies the TLS mode to use. |
- TLSUseExtendedMasterSecret | Enables Extended Master Secret Extension, as defined in RFC 7627. |
- TLSUseSessionResumption | Enables or disables TLS session resumption capability. |
- TLSVersions | Th SSL/TLS versions to enable by default. |
- updatePeriod | The server's information update period. |
- userCount | The number of records in the User arrays. |
- userAssociatedData:(int)userIndex | Contains the user's Associated Data when SSH AEAD (Authenticated Encryption with Associated Data) algorithm is used. |
- userBasePath:(int)userIndex | Base path for this user in the server's file system. |
- userCert:(int)userIndex | Contains the user's certificate. |
- userData:(int)userIndex | Contains uninterpreted user-defined data that should be associated with the user account, such as comments or custom settings. |
- userHandle:(int)userIndex | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
- userHashAlgorithm:(int)userIndex | Specifies the hash algorithm used to generate TOTP (Time-based One-Time Passwords) passwords for this user. |
- userIncomingSpeedLimit:(int)userIndex | Specifies the incoming speed limit for this user. |
- userOutgoingSpeedLimit:(int)userIndex | Specifies the outgoing speed limit for this user. |
- userPassword:(int)userIndex | The user's authentication password. |
- userSharedSecret:(int)userIndex | Contains the user's secret key, which is essentially a shared secret between the client and server. |
- userUsername:(int)userIndex | The registered name (login) of the user. |
- useTLS | Enables or disables the TLS requirement. |
- websiteName | Specifies the web site name to use in the certificate. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
- config | Sets or retrieves a configuration setting. |
- dropClient | Terminates a client connection. |
- getRequestBytes | Returns the contents of the client's HTTP request. |
- getRequestHeader | Returns a request header value. |
- getRequestUsername | Returns the username for a connection. |
- importBadCertificates | Imports revoked certificates. |
- importGoodCertificates | Imports good certificates. |
- listClients | Enumerates the connected clients. |
- pinClient | Takes a snapshot of the connection's properties. |
- processGenericRequest | Processes a generic OCSP status request. |
- start | Starts the server. |
- stop | Stops the server. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
- onAccept | Reports an incoming connection. |
- onAuthAttempt | Fires when a connected client makes an authentication attempt. |
- onCertificateValidate | Fires when a client certificate needs to be validated. |
- onConnect | Reports an accepted connection. |
- onDisconnect | Fires to report a disconnected client. |
- onError | Information about errors during data delivery. |
- onExternalSign | Handles remote or external signing initiated by the server protocol. |
- onNotification | This event notifies the application about an underlying control flow event. |
- onStatusRequest | Requests a certificate status from the application. |
- onTLSEstablished | Reports the setup of a TLS session. |
- onTLSPSK | Requests a pre-shared key for TLS-PSK. |
- onTLSShutdown | Reports closure of a TLS session. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
AllowOptionsResponseWithoutAuth | Enables unauthenticated responses to OPTIONS requests. |
ClientAuth | Enables or disables certificate-based client authentication. |
DualStack | Allows the use of ip4 and ip6 simultaneously. |
HomePage | Specifies the home page resource name. |
Host | The host to bind to. |
RequestFilter | The request string modifier. |
ServerSSLDHKeyLength | Sets the size of the TLS DHE key exchange group. |
TLSExtensions | Provides access to TLS extensions. |
WebsiteName | The website name for the TLS certificate. |
CheckKeyIntegrityBeforeUse | Enables or disable private key integrity check before use. |
CookieCaching | Specifies whether a cookie cache should be used for HTTP(S) transports. |
Cookies | Gets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only). |
DefDeriveKeyIterations | Specifies the default key derivation algorithm iteration count. |
EnableClientSideSSLFFDHE | Enables or disables finite field DHE key exchange support in TLS clients. |
GlobalCookies | Gets or sets global cookies for all the HTTP transports. |
HttpUserAgent | Specifies the user agent name to be used by all HTTP clients. |
LogDestination | Specifies the debug log destination. |
LogDetails | Specifies the debug log details to dump. |
LogFile | Specifies the debug log filename. |
LogFilters | Specifies the debug log filters. |
LogFlushMode | Specifies the log flush mode. |
LogLevel | Specifies the debug log level. |
LogMaxEventCount | Specifies the maximum number of events to cache before further action is taken. |
LogRotationMode | Specifies the log rotation mode. |
MaxASN1BufferLength | Specifies the maximal allowed length for ASN.1 primitive tag data. |
MaxASN1TreeDepth | Specifies the maximal depth for processed ASN.1 trees. |
OCSPHashAlgorithm | Specifies the hash algorithm to be used to identify certificates in OCSP requests. |
UseOwnDNSResolver | Specifies whether the client classes should use own DNS resolver. |
UseSharedSystemStorages | Specifies whether the validation engine should use a global per-process copy of the system certificate stores. |
UseSystemOAEPAndPSS | Enforces or disables the use of system-driven RSA OAEP and PSS computations. |
UseSystemRandom | Enables or disables the use of the OS PRNG. |