iText 9.1.0 API
Public Member Functions | Package Attributes | Static Package Attributes | List of all members
iText.Signatures.OCSPVerifier Class Reference

Class that allows you to verify a certificate against one or more OCSP responses. More...

Inheritance diagram for iText.Signatures.OCSPVerifier:
iText.Signatures.RootStoreVerifier iText.Signatures.CertificateVerifier

Public Member Functions
  OCSPVerifier (CertificateVerifier verifier, IList< IBasicOcspResponse > ocsps)
  Creates an OCSPVerifier instance. More...
 
virtual void  SetOcspClient (IOcspClient ocspClient)
  Sets OCSP client to provide OCSP responses for verifying of the OCSP signer's certificate (an Authorized Responder). More...
 
virtual void  SetCrlClient (ICrlClient crlClient)
  Sets CRL client to provide CRL responses for verifying of the OCSP signer's certificate (an Authorized Responder) that also should be used in case responder's certificate doesn't have any method of revocation checking. More...
 
override IList< VerificationOK Verify (IX509Certificate signCert, IX509Certificate issuerCert, DateTime signDate)
  Verifies if a valid OCSP response is found for the certificate. More...
 
virtual bool  Verify (IBasicOcspResponse ocspResp, IX509Certificate signCert, IX509Certificate issuerCert, DateTime signDate)
  Verifies a certificate against a single OCSP response. More...
 
virtual void  IsValidResponse (IBasicOcspResponse ocspResp, IX509Certificate issuerCert, DateTime signDate)
  Verifies if an OCSP response is genuine. More...
 
virtual bool  IsSignatureValid (IBasicOcspResponse ocspResp, IX509Certificate responderCert)
  Checks if an OCSP response is genuine. More...
 
virtual IBasicOcspResponse  GetOcspResponse (IX509Certificate signCert, IX509Certificate issuerCert)
  Gets an OCSP response online and returns it without further checking. More...
 
- Public Member Functions inherited from iText.Signatures.RootStoreVerifier
  RootStoreVerifier (CertificateVerifier verifier)
  Creates a RootStoreVerifier in a chain of verifiers. More...
 
virtual void  SetRootStore (List< IX509Certificate > keyStore)
  Sets the Key Store against which a certificate can be checked. More...
 
override IList< VerificationOK Verify (IX509Certificate signCert, IX509Certificate issuerCert, DateTime signDate)
  Verifies a single certificate against a key store (if present). More...
 
- Public Member Functions inherited from iText.Signatures.CertificateVerifier
  CertificateVerifier (iText.Signatures.CertificateVerifier verifier)
  Creates the final CertificateVerifier in a chain of verifiers. More...
 
virtual void  SetOnlineCheckingAllowed (bool onlineCheckingAllowed)
  Decide whether or not online checking is allowed. More...
 

Package Attributes
IList< IBasicOcspResponse ocsps
  The list of iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse OCSP response wrappers. More...
 
- Package Attributes inherited from iText.Signatures.RootStoreVerifier
List< IX509Certificate rootStore = null
  A key store against which certificates can be verified. More...
 
- Package Attributes inherited from iText.Signatures.CertificateVerifier
iText.Signatures.CertificateVerifier  verifier
  The previous CertificateVerifier in the chain of verifiers. More...
 
bool  onlineCheckingAllowed = true
  Indicates if going online to verify a certificate is allowed. More...
 

Static Package Attributes
static readonly ILogger  LOGGER
  The Logger instance More...
 
const String  id_kp_OCSPSigning = "1.3.6.1.5.5.7.3.9"
 

Detailed Description

Class that allows you to verify a certificate against one or more OCSP responses.

Constructor & Destructor Documentation

◆ OCSPVerifier()

iText.Signatures.OCSPVerifier.OCSPVerifier ( CertificateVerifier  verifier,
IList< IBasicOcspResponse ocsps 
)
inline

Creates an OCSPVerifier instance.

Parameters
verifier the next verifier in the chain
ocsps a list of iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse OCSP response wrappers for the certificate verification

Member Function Documentation

◆ GetOcspResponse()

virtual IBasicOcspResponse iText.Signatures.OCSPVerifier.GetOcspResponse ( IX509Certificate  signCert,
IX509Certificate  issuerCert 
)
inlinevirtual

Gets an OCSP response online and returns it without further checking.

Parameters
signCert the signing certificate
issuerCert the issuer certificate
Returns

iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse an OCSP response wrapper.

◆ IsSignatureValid()

virtual bool iText.Signatures.OCSPVerifier.IsSignatureValid ( IBasicOcspResponse  ocspResp,
IX509Certificate  responderCert 
)
inlinevirtual

Checks if an OCSP response is genuine.

Parameters
ocspResp

iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse the OCSP response wrapper

Parameters
responderCert the responder certificate
Returns
true if the OCSP response verifies against the responder certificate.

◆ IsValidResponse()

virtual void iText.Signatures.OCSPVerifier.IsValidResponse ( IBasicOcspResponse  ocspResp,
IX509Certificate  issuerCert,
DateTime  signDate 
)
inlinevirtual

Verifies if an OCSP response is genuine.

Verifies if an OCSP response is genuine. If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert.

Parameters
ocspResp

iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse the OCSP response wrapper

Parameters
issuerCert the issuer certificate. This certificate is considered trusted and valid by this method.
signDate sign date for backwards compatibility

◆ SetCrlClient()

virtual void iText.Signatures.OCSPVerifier.SetCrlClient ( ICrlClient  crlClient )
inlinevirtual

Sets CRL client to provide CRL responses for verifying of the OCSP signer's certificate (an Authorized Responder) that also should be used in case responder's certificate doesn't have any method of revocation checking.

Sets CRL client to provide CRL responses for verifying of the OCSP signer's certificate (an Authorized Responder) that also should be used in case responder's certificate doesn't have any method of revocation checking.

See RFC6960 4.2.2.2.1. Revocation Checking of an Authorized Responder.

Optional. Default one is CrlClientOnline.

Parameters
crlClient

ICrlClient to provide an Authorized Responder revocation data.

◆ SetOcspClient()

virtual void iText.Signatures.OCSPVerifier.SetOcspClient ( IOcspClient  ocspClient )
inlinevirtual

Sets OCSP client to provide OCSP responses for verifying of the OCSP signer's certificate (an Authorized Responder).

Sets OCSP client to provide OCSP responses for verifying of the OCSP signer's certificate (an Authorized Responder). Also, should be used in case responder's certificate doesn't have any method of revocation checking.

See RFC6960 4.2.2.2.1. Revocation Checking of an Authorized Responder.

Optional. Default one is OcspClientBouncyCastle.

Parameters
ocspClient

IOcspClient to provide an Authorized Responder revocation data.

◆ Verify() [1/2]

virtual bool iText.Signatures.OCSPVerifier.Verify ( IBasicOcspResponse  ocspResp,
IX509Certificate  signCert,
IX509Certificate  issuerCert,
DateTime  signDate 
)
inlinevirtual

Verifies a certificate against a single OCSP response.

Parameters
ocspResp

iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse the OCSP response wrapper for a certificate verification

Parameters
signCert the certificate that needs to be checked
issuerCert the certificate that issued signCert – immediate parent. This certificate is considered trusted and valid by this method.
signDate sign date (or the date the certificate needs to be valid)
Returns

true in case check is successful, false otherwise.

◆ Verify() [2/2]

override IList<VerificationOK> iText.Signatures.OCSPVerifier.Verify ( IX509Certificate  signCert,
IX509Certificate  issuerCert,
DateTime  signDate 
)
inlinevirtual

Verifies if a valid OCSP response is found for the certificate.

Verifies if a valid OCSP response is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any OCSP response that was available.

Parameters
signCert the certificate that needs to be checked
issuerCert issuer of the certificate to be checked
signDate the date the certificate needs to be valid
Returns
a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.
See also
RootStoreVerifier.Verify(iText.Commons.Bouncycastle.Cert.IX509Certificate, iText.Commons.Bouncycastle.Cert.IX509Certificate, System.DateTime)

Reimplemented from iText.Signatures.CertificateVerifier.

Member Data Documentation

◆ LOGGER

readonly ILogger iText.Signatures.OCSPVerifier.LOGGER
staticpackage
Initial value:
= ITextLogManager.GetLogger(typeof(iText.Signatures.OCSPVerifier
))

The Logger instance

◆ ocsps

IList<IBasicOcspResponse> iText.Signatures.OCSPVerifier.ocsps
package

The list of iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse OCSP response wrappers.

iText.Signatures.OCSPVerifier
Class that allows you to verify a certificate against one or more OCSP responses.
Definition: OCSPVerifier.cs:46
iText.Signatures
Definition: AccessPermissions.cs:23
iText
Definition: Barcode128.cs:35