phpdftk API Documentation

OcspClient
in package

FinalYes

OCSP (Online Certificate Status Protocol) client — RFC 6960.

Builds OCSP requests, sends them to the responder specified in the certificate's Authority Information Access extension, and returns the raw DER-encoded OCSP response suitable for embedding in a DSS.

Uses inline ASN.1 DER encoding (same pattern as TsaClient).

Table of Contents

Methods

__construct()  : mixed
buildOcspRequest()  : string
Build an OCSPRequest in ASN.1 DER format.
getOcspResponse()  : string
Fetch an OCSP response for a certificate from its designated responder.
parseOcspResponse()  : void
Parse an OCSPResponse and validate the response status.

Methods

__construct()

public __construct([int $timeout = 30 ]) : mixed
Parameters
$timeout : int = 30

HTTP request timeout in seconds

buildOcspRequest()

Build an OCSPRequest in ASN.1 DER format.

public buildOcspRequest(string $derCert, string $derIssuerCert) : string

OCSPRequest ::= SEQUENCE { tbsRequest TBSRequest } TBSRequest ::= SEQUENCE { version [0] EXPLICIT INTEGER DEFAULT v1, -- omit for v1 requestList SEQUENCE OF Request } Request ::= SEQUENCE { reqCert CertID } CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, issuerKeyHash OCTET STRING, serialNumber CertificateSerialNumber (INTEGER) }

Parameters
$derCert : string
$derIssuerCert : string
Return values
string

getOcspResponse()

Fetch an OCSP response for a certificate from its designated responder.

public getOcspResponse(string $derCert, string $derIssuerCert) : string
Parameters
$derCert : string

DER-encoded certificate to check

$derIssuerCert : string

DER-encoded issuer certificate

Tags
throws
RuntimeException

on network error, missing OCSP URL, or responder error

Return values
string

Raw DER-encoded OCSPResponse

parseOcspResponse()

Parse an OCSPResponse and validate the response status.

public parseOcspResponse(string $derResponse) : void

OCSPResponse ::= SEQUENCE { responseStatus OCSPResponseStatus (ENUMERATED), responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }

OCSPResponseStatus ::= ENUMERATED { successful(0), malformedRequest(1), internalError(2), tryLater(3), sigRequired(5), unauthorized(6) }

Parameters
$derResponse : string
Tags
throws
RuntimeException

if status is not successful(0)


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results