ol.clave.certificate.impl.ocsp

Extract OCSP responder URLs from a certificate’s AIA extension.

Returns a vector of OCSP URLs, or empty vector if none found.

| key | description | |-----|-------------| | cert | X509Certificate to extract OCSP URLs from |

Create an OCSP request for a certificate.

Requires both the leaf certificate and its issuer certificate. Returns the DER-encoded OCSP request bytes.

Parse an OCSP response and extract status information.

Returns a map with: - :status - One of :good, :revoked, :unknown, or :error - :this-update - When this response was generated - :next-update - When the response expires - :revocation-time - For revoked certs, when it was revoked - :revocation-reason - For revoked certs, the reason code - :raw-bytes - The original DER-encoded response - :error-code - For error responses, the OCSP error code - :message - For error responses, the error message

Fetch OCSP response for a certificate from the specified responder.

| key | description | |-----|-------------| | cert | The X509Certificate to check | | issuer | The issuer certificate | | responder-url | URL of the OCSP responder | | http-opts | HTTP client options map |

Returns a result map: - On success: {:status :success :ocsp-response {…​}} - On failure: {:status :error :message "…​"}

Fetch OCSP response for a certificate bundle.

Extracts the OCSP URL from the leaf certificate and fetches the response. Supports responder URL overrides for testing.

| key | description | |-----|-------------| | bundle | Certificate bundle with :certificate chain | | http-opts | HTTP client options | | responder-overrides | Optional map of original-url → override-url |

Returns a result map: - On success: {:status :success :ocsp-response {…​}} - On failure: {:status :error :message "…​"}