ol.clave.certificate.impl.ocsp

Pure Clojure OCSP (Online Certificate Status Protocol) utilities.

Provides functionality to: - Extract OCSP responder URLs from certificates - Fetch OCSP responses from responders - Parse and validate OCSP responses

extract-ocsp-urls

(extract-ocsp-urls cert)

Extract OCSP responder URLs from a certificate’s AIA extension.

Returns a vector of OCSP URLs, or empty vector if none found.

key description

key	description
`cert`	X509Certificate to extract OCSP URLs from

cert

X509Certificate to extract OCSP URLs from

source

create-ocsp-request

(create-ocsp-request cert issuer)

Create an OCSP request for a certificate.

Requires both the leaf certificate and its issuer certificate. Returns the DER-encoded OCSP request bytes.

source

parse-ocsp-response

(parse-ocsp-response response-bytes)

Parse an OCSP response and extract status information.

Returns a map with: - :status - One of :good, :revoked, :unknown, or :error - :this-update - When this response was generated - :next-update - When the response expires - :revocation-time - For revoked certs, when it was revoked - :revocation-reason - For revoked certs, the reason code - :raw-bytes - The original DER-encoded response - :error-code - For error responses, the OCSP error code - :message - For error responses, the error message

source

fetch-ocsp-response

(fetch-ocsp-response cert issuer responder-url http-opts)

Fetch OCSP response for a certificate from the specified responder.

key description

key	description
`cert`	The X509Certificate to check
`issuer`	The issuer certificate
`responder-url`	URL of the OCSP responder
`http-opts`	HTTP client options map

cert

The X509Certificate to check

issuer

The issuer certificate

responder-url

URL of the OCSP responder

http-opts

HTTP client options map

Returns a result map: - On success: {:status :success :ocsp-response {…}} - On failure: {:status :error :message "…"}

source

fetch-ocsp-for-bundle

(fetch-ocsp-for-bundle bundle http-opts responder-overrides)

Fetch OCSP response for a certificate bundle.

Extracts the OCSP URL from the leaf certificate and fetches the response. Supports responder URL overrides for testing.

key description

key	description
`bundle`	Certificate bundle with `:certificate` chain
`http-opts`	HTTP client options
`responder-overrides`	Optional map of original-url → override-url

bundle

Certificate bundle with :certificate chain

http-opts

HTTP client options

responder-overrides

Optional map of original-url → override-url

Returns a result map: - On success: {:status :success :ocsp-response {…}} - On failure: {:status :error :message "…"}

source