Class that allows you to verify a certificate against one or more OCSP responses. More...
Public Member Functions |
|
| OCSPVerifier (CertificateVerifier verifier, IList< IBasicOcspResponse > ocsps) | |
| Creates an OCSPVerifier instance. More... |
|
| virtual void | SetOcspClient (IOcspClient ocspClient) |
| Sets OCSP client to provide OCSP responses for verifying of the OCSP signer's certificate (an Authorized Responder). More... |
|
| virtual void | SetCrlClient (ICrlClient crlClient) |
| Sets CRL client to provide CRL responses for verifying of the OCSP signer's certificate (an Authorized Responder) that also should be used in case responder's certificate doesn't have any method of revocation checking. More... |
|
| override IList< VerificationOK > | Verify (IX509Certificate signCert, IX509Certificate issuerCert, DateTime signDate) |
| Verifies if a valid OCSP response is found for the certificate. More... |
|
| virtual bool | Verify (IBasicOcspResponse ocspResp, IX509Certificate signCert, IX509Certificate issuerCert, DateTime signDate) |
| Verifies a certificate against a single OCSP response. More... |
|
| virtual void | IsValidResponse (IBasicOcspResponse ocspResp, IX509Certificate issuerCert, DateTime signDate) |
| Verifies if an OCSP response is genuine. More... |
|
| virtual bool | IsSignatureValid (IBasicOcspResponse ocspResp, IX509Certificate responderCert) |
| Checks if an OCSP response is genuine. More... |
|
| virtual IBasicOcspResponse | GetOcspResponse (IX509Certificate signCert, IX509Certificate issuerCert) |
| Gets an OCSP response online and returns it without further checking. More... |
|
 Public Member Functions inherited from iText.Signatures.RootStoreVerifier |
|
| RootStoreVerifier (CertificateVerifier verifier) | |
| Creates a RootStoreVerifier in a chain of verifiers. More... |
|
| virtual void | SetRootStore (List< IX509Certificate > keyStore) |
| Sets the Key Store against which a certificate can be checked. More... |
|
| override IList< VerificationOK > | Verify (IX509Certificate signCert, IX509Certificate issuerCert, DateTime signDate) |
| Verifies a single certificate against a key store (if present). More... |
|
| Public Member Functions inherited from iText.Signatures.CertificateVerifier |
|
| CertificateVerifier (iText.Signatures.CertificateVerifier verifier) | |
| Creates the final CertificateVerifier in a chain of verifiers. More... |
|
| virtual void | SetOnlineCheckingAllowed (bool onlineCheckingAllowed) |
| Decide whether or not online checking is allowed. More... |
|
Detailed Description
Class that allows you to verify a certificate against one or more OCSP responses.
Constructor & Destructor Documentation
◆ OCSPVerifier()
|
inline |
Creates an OCSPVerifier instance.
- Parameters
-
verifier the next verifier in the chain ocsps a list of iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse OCSP response wrappers for the certificate verification
Member Function Documentation
◆ GetOcspResponse()
|
inlinevirtual |
Gets an OCSP response online and returns it without further checking.
- Parameters
-
signCert the signing certificate issuerCert the issuer certificate
- Returns
-
iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse an OCSP response wrapper.
◆ IsSignatureValid()
|
inlinevirtual |
Checks if an OCSP response is genuine.
- Parameters
-
ocspResp
iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse the OCSP response wrapper
- Parameters
-
responderCert the responder certificate
- Returns
- true if the OCSP response verifies against the responder certificate.
◆ IsValidResponse()
|
inlinevirtual |
Verifies if an OCSP response is genuine.
Verifies if an OCSP response is genuine. If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert.
- Parameters
-
ocspResp
iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse the OCSP response wrapper
- Parameters
-
issuerCert the issuer certificate. This certificate is considered trusted and valid by this method. signDate sign date for backwards compatibility
◆ SetCrlClient()
|
inlinevirtual |
Sets CRL client to provide CRL responses for verifying of the OCSP signer's certificate (an Authorized Responder) that also should be used in case responder's certificate doesn't have any method of revocation checking.
Sets CRL client to provide CRL responses for verifying of the OCSP signer's certificate (an Authorized Responder) that also should be used in case responder's certificate doesn't have any method of revocation checking.
See RFC6960 4.2.2.2.1. Revocation Checking of an Authorized Responder.
Optional. Default one is CrlClientOnline.
- Parameters
-
crlClient
ICrlClient to provide an Authorized Responder revocation data.
◆ SetOcspClient()
|
inlinevirtual |
Sets OCSP client to provide OCSP responses for verifying of the OCSP signer's certificate (an Authorized Responder).
Sets OCSP client to provide OCSP responses for verifying of the OCSP signer's certificate (an Authorized Responder). Also, should be used in case responder's certificate doesn't have any method of revocation checking.
See RFC6960 4.2.2.2.1. Revocation Checking of an Authorized Responder.
Optional. Default one is OcspClientBouncyCastle.
- Parameters
-
ocspClient
IOcspClient to provide an Authorized Responder revocation data.
◆ Verify() [1/2]
|
inlinevirtual |
Verifies a certificate against a single OCSP response.
- Parameters
-
ocspResp
iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse the OCSP response wrapper for a certificate verification
- Parameters
-
signCert the certificate that needs to be checked issuerCert the certificate that issued signCert – immediate parent. This certificate is considered trusted and valid by this method. signDate sign date (or the date the certificate needs to be valid)
- Returns
-
truein case check is successful, false otherwise.
◆ Verify() [2/2]
|
inlinevirtual |
Verifies if a valid OCSP response is found for the certificate.
Verifies if a valid OCSP response is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any OCSP response that was available.
- Parameters
-
signCert the certificate that needs to be checked issuerCert issuer of the certificate to be checked signDate the date the certificate needs to be valid
- Returns
-
a list of
VerificationOKobjects. The list will be empty if the certificate couldn't be verified.
- See also
- RootStoreVerifier.Verify(iText.Commons.Bouncycastle.Cert.IX509Certificate, iText.Commons.Bouncycastle.Cert.IX509Certificate, System.DateTime)
Reimplemented from iText.Signatures.CertificateVerifier.
