BasicOCSPResp bestBasicOCSPResp = null; SingleResp bestSingleResp = null; final CertificateID certId = DSSRevocationUtils.getCertificateID(certificateToken); for (final BasicOCSPResp basicOCSPResp : containedOCSPResponses) {
@Override public OCSPToken getOCSPToken(final CertificateToken certificateToken, final CertificatePool certificatePool) { if (certificateToken == null) { return null; } if (certificateToken.getIssuerToken() == null) { return null; } final String ocspAccessLocation = getAccessLocation(certificateToken); if (DSSUtils.isEmpty(ocspAccessLocation)) { return null; } final CertificateID certificateId = DSSRevocationUtils.getCertificateID(certificateToken); // The nonce extension is used to bind the request to the response, to prevent replay attacks. final NonceContainer nonceContainer = getNonceContainer(); final byte[] ocspRequest = buildOCSPRequest(certificateId, nonceContainer); final boolean refresh = shouldCacheBeRefreshed(certificateId); final BasicOCSPResp basicOCSPResp = buildBasicOCSPResp(ocspAccessLocation, ocspRequest, refresh); checkNonce(certificateToken.getDSSIdAsString(), basicOCSPResp, nonceContainer); final SingleResp bestSingleResp = getBestSingleResp(certificateId, basicOCSPResp); if (bestSingleResp == null) { return null; } final OCSPToken ocspToken = new OCSPToken(basicOCSPResp, bestSingleResp, certificatePool); ocspToken.setSourceURI(ocspAccessLocation); certificateToken.setRevocationToken(ocspToken); updateCacheIfRefreshed(certificateId, refresh, ocspToken); return ocspToken; }