CRLVerifier (iText 7 7.1.19 API)

java.lang.Object
- com.itextpdf.signatures.CertificateVerifier
- - com.itextpdf.signatures.RootStoreVerifier
  - - com.itextpdf.signatures.CRLVerifier

```
public class CRLVerifier
extends RootStoreVerifier
```
Class that allows you to verify a certificate against one or more Certificate Revocation Lists.

Field Summary

Fields
Modifier and Type	Field and Description
`protected static Logger`	`LOGGER` The Logger instance

Fields inherited from class com.itextpdf.signatures.RootStoreVerifier
rootStore

Fields inherited from class com.itextpdf.signatures.CertificateVerifier
onlineCheckingAllowed, verifier

Constructor Summary

Constructors
Constructor and Description
`CRLVerifier(CertificateVerifier verifier, List<X509CRL> crls)` Creates a CRLVerifier instance.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`X509CRL`	`getCRL(X509Certificate signCert, X509Certificate issuerCert)` Fetches a CRL for a specific certificate online (without further checking).
`boolean`	`isSignatureValid(X509CRL crl, X509Certificate crlIssuer)` Checks if a CRL verifies against the issuer certificate or a trusted anchor.
`List<VerificationOK>`	`verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate)` Verifies if a a valid CRL is found for the certificate.
`boolean`	`verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate)` Verifies a certificate against a single CRL.

Methods inherited from class com.itextpdf.signatures.RootStoreVerifier
setRootStore

Methods inherited from class com.itextpdf.signatures.CertificateVerifier
setOnlineCheckingAllowed

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - LOGGER
```
protected static final Logger LOGGER
```
    The Logger instance
- Constructor Detail
  - CRLVerifier
```
public CRLVerifier(CertificateVerifier verifier,
                   List<X509CRL> crls)
```
    Creates a CRLVerifier instance.
    
    Parameters:
    
    verifier - the next verifier in the chain
    
    crls - a list of CRLs
- Method Detail
  - verify
```
public List<VerificationOK> verify(X509Certificate signCert,
                                   X509Certificate issuerCert,
                                   Date signDate)
                            throws GeneralSecurityException,
                                   IOException
```
    Verifies if a a valid CRL is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any CRL that was available.
    
    Overrides:
    
    verify in class RootStoreVerifier
    
    Parameters:
    
    signCert - the certificate that needs to be checked
    
    issuerCert - its issuer
    
    signDate - the date the certificate needs to be valid
    
    Returns:
    
    a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.
    
    Throws:
    
    GeneralSecurityException - thrown if the certificate has expired, isn't valid yet, or if an exception has been thrown in Certificate#verify.
    
    IOException - Deprecated
    
    See Also:
    
    RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
  - verify
```
public boolean verify(X509CRL crl,
                      X509Certificate signCert,
                      X509Certificate issuerCert,
                      Date signDate)
               throws GeneralSecurityException
```
    Verifies a certificate against a single CRL.
    
    Parameters:
    
    crl - the Certificate Revocation List
    
    signCert - a certificate that needs to be verified
    
    issuerCert - its issuer
    
    signDate - the sign date
    
    Returns:
    
    true if the verification succeeded
    
    Throws:
    
    GeneralSecurityException - thrown when certificate has been revoked
  - getCRL
```
public X509CRL getCRL(X509Certificate signCert,
                      X509Certificate issuerCert)
```
    Fetches a CRL for a specific certificate online (without further checking).
    
    Parameters:
    
    signCert - the certificate
    
    issuerCert - its issuer
    
    Returns:
    
    an X509CRL object
  - isSignatureValid
```
public boolean isSignatureValid(X509CRL crl,
                                X509Certificate crlIssuer)
```
    Checks if a CRL verifies against the issuer certificate or a trusted anchor.
    
    Parameters:
    
    crl - the CRL
    
    crlIssuer - the trusted anchor
    
    Returns:
    
    true if the CRL can be trusted

Class CRLVerifier

Field Summary

Fields inherited from class com.itextpdf.signatures.RootStoreVerifier

Fields inherited from class com.itextpdf.signatures.CertificateVerifier

Constructor Summary

Method Summary

Methods inherited from class com.itextpdf.signatures.RootStoreVerifier

Methods inherited from class com.itextpdf.signatures.CertificateVerifier

Methods inherited from class java.lang.Object

Field Detail

LOGGER

Constructor Detail

CRLVerifier

Method Detail

verify

verify

getCRL

isSignatureValid