I am looking into OCSP support in Java.
I see that there are some APIs offered in plain java for this(i.e. without using some third-party library e.g. Bouncy Castle).
Now I know, that OCSP can be implemented via Direct Trust Model and Delegated Trust Model.
From various posts I get the impression that the direct trust model is supported e.g I have seen something like:
X509Certificate ocspCert = getCertFromFile(OCSP_SERVER_CERT);
certSet.add(ocspCert);
CertStoreParameters storeParams = new CollectionCertStoreParameters(certSet);
CertStore store = CertStore.getInstance("Collection", storeParams);
// init PKIX parameters
PKIXParameters params = null;
params = new PKIXParameters (trustedCertsSet);
params.addCertStore(store);
and as I understand the code, the OSCP server certificate is being passed to the framework for validation.
My question is the following: Is the Delegated Trust Model supported as well? If some example was provided, it would be very helpful.
Thanks
RedHat has an open source OCSP Tools written in Java.