public class OCSPVerifier extends RootStoreVerifier
Modifier and Type | Field and Description |
---|---|
protected static String |
id_kp_OCSPSigning |
protected static org.slf4j.Logger |
LOGGER
The Logger instance
|
protected List |
ocsps
The list of OCSP responses.
|
rootStore
onlineCheckingAllowed, verifier
Constructor and Description |
---|
OCSPVerifier(CertificateVerifier verifier, List
Creates an OCSPVerifier instance.
|
Modifier and Type | Method and Description |
---|---|
org.bouncycastle.cert.ocsp.BasicOCSPResp |
getOcspResponse(X509Certificate signCert, X509Certificate issuerCert)
Gets an OCSP response online and returns it if the status is GOOD (without further checking!).
|
boolean |
isSignatureValid(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, Certificate responderCert)
Checks if an OCSP response is genuine
|
void |
isValidResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, X509Certificate issuerCert)
Verifies if an OCSP response is genuine If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert.
|
boolean |
verify(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, X509Certificate signCert, X509Certificate issuerCert, Date signDate)
Verifies a certificate against a single OCSP response
|
List<VerificationOK> |
verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate)
Verifies if a a valid OCSP response is found for the certificate.
|
boolean |
verifyResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, X509Certificate issuerCert)
Deprecated.
|
setRootStore
setOnlineCheckingAllowed
protected static final org.slf4j.Logger LOGGER
protected static final String id_kp_OCSPSigning
protected Listocsps
public OCSPVerifier(CertificateVerifier verifier, Listocsps)
verifier
- the next verifier in the chain
ocsps
- a list of OCSP responses
public List<VerificationOK> verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException, IOException
verify
in class RootStoreVerifier
signCert
- the certificate that needs to be checked
issuerCert
- its issuer
signDate
- the date the certificate needs to be valid
VerificationOK
objects. The list will be empty if the certificate couldn't be verified.
GeneralSecurityException
IOException
RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
public boolean verify(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException, IOException
ocspResp
- the OCSP response
signCert
- the certificate that needs to be checked
issuerCert
- the certificate of CA
signDate
- sign date
true
, in case successful check, otherwise false.
GeneralSecurityException
IOException
public void isValidResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, X509Certificate issuerCert) throws GeneralSecurityException, IOException
ocspResp
- the OCSP response
issuerCert
- the issuer certificate
GeneralSecurityException
IOException
@Deprecated public boolean verifyResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, X509Certificate issuerCert)
isValidResponse()
instead.
ocspResp
- the response object
issuerCert
- the issuer certificate
public boolean isSignatureValid(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, Certificate responderCert)
ocspResp
- the OCSP response
responderCert
- the responder certificate
public org.bouncycastle.cert.ocsp.BasicOCSPResp getOcspResponse(X509Certificate signCert, X509Certificate issuerCert)
signCert
- the signing certificate
issuerCert
- the issuer certificate
Copyright © 1998–2017 iText Group NV. All rights reserved.