public class CRLVerifier extends RootStoreVerifier
Modifier and Type | Field and Description |
---|---|
protected static Logger |
LOGGER
The Logger instance
|
rootStore
onlineCheckingAllowed, verifier
Constructor and Description |
---|
CRLVerifier(CertificateVerifier verifier, List<X509CRL> crls)
Creates a CRLVerifier instance.
|
Modifier and Type | Method and Description |
---|---|
X509CRL |
getCRL(X509Certificate signCert, X509Certificate issuerCert)
Fetches a CRL for a specific certificate online (without further checking).
|
boolean |
isSignatureValid(X509CRL crl, X509Certificate crlIssuer)
Checks if a CRL verifies against the issuer certificate or a trusted anchor.
|
List<VerificationOK> |
verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate)
Verifies if a a valid CRL is found for the certificate.
|
boolean |
verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate)
Verifies a certificate against a single CRL.
|
setRootStore
setOnlineCheckingAllowed
protected static final Logger LOGGER
public CRLVerifier(CertificateVerifier verifier, List<X509CRL> crls)
verifier
- the next verifier in the chain
crls
- a list of CRLs
public List<VerificationOK> verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException, IOException
verify
in class RootStoreVerifier
signCert
- the certificate that needs to be checked
issuerCert
- its issuer
signDate
- the date the certificate needs to be valid
VerificationOK
objects. The list will be empty if the certificate couldn't be verified.
GeneralSecurityException
- thrown if the certificate has expired, isn't valid yet, or if an exception has been thrown in Certificate#verify
.
IOException
- Deprecated
RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException
crl
- the Certificate Revocation List
signCert
- a certificate that needs to be verified
issuerCert
- its issuer
signDate
- the sign date
GeneralSecurityException
public X509CRL getCRL(X509Certificate signCert, X509Certificate issuerCert)
signCert
- the certificate
issuerCert
- its issuer
public boolean isSignatureValid(X509CRL crl, X509Certificate crlIssuer)
crl
- the CRL
crlIssuer
- the trusted anchor
Copyright © 1998–2020 iText Group NV. All rights reserved.