Package com.itextpdf.signatures
Class CertificateVerification
java.lang.Object
com.itextpdf.signatures.CertificateVerification
This class consists of some methods that allow you to verify certificates.
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic String
verifyCertificate
(X509Certificate cert, Collection<CRL> crls) Verifies a single certificate for the current date.static String
verifyCertificate
(X509Certificate cert, Collection<CRL> crls, Calendar calendar) Verifies a single certificate.static List<VerificationException>
verifyCertificates
(Certificate[] certs, KeyStore keystore) Verifies a certificate chain against a KeyStore for the current date.static List<VerificationException>
verifyCertificates
(Certificate[] certs, KeyStore keystore, Calendar calendar) Verifies a certificate chain against a KeyStore.static List<VerificationException>
verifyCertificates
(Certificate[] certs, KeyStore keystore, Collection<CRL> crls) Verifies a certificate chain against a KeyStore for the current date.static List<VerificationException>
verifyCertificates
(Certificate[] certs, KeyStore keystore, Collection<CRL> crls, Calendar calendar) Verifies a certificate chain against a KeyStore.static boolean
verifyOcspCertificates
(org.bouncycastle.cert.ocsp.BasicOCSPResp ocsp, KeyStore keystore, String provider) Verifies an OCSP response against a KeyStore.static boolean
verifyTimestampCertificates
(org.bouncycastle.tsp.TimeStampToken ts, KeyStore keystore, String provider) Verifies a time stamp against a KeyStore.
-
Field Details
-
HAS_UNSUPPORTED_EXTENSIONS
- See Also:
-
CERTIFICATE_REVOKED
- See Also:
-
-
Constructor Details
-
CertificateVerification
public CertificateVerification()
-
-
Method Details
-
verifyCertificate
Verifies a single certificate for the current date.- Parameters:
-
cert
- the certificate to verify -
crls
- the certificate revocation list ornull
- Returns:
-
a
String
with the error description ornull
if no error
-
verifyCertificate
public static String verifyCertificate(X509Certificate cert, Collection<CRL> crls, Calendar calendar) Verifies a single certificate.- Parameters:
-
cert
- the certificate to verify -
crls
- the certificate revocation list ornull
-
calendar
- the date, shall not be null - Returns:
-
a
String
with the error description ornull
if no error
-
verifyCertificates
public static List<VerificationException> verifyCertificates(Certificate[] certs, KeyStore keystore, Collection<CRL> crls) Verifies a certificate chain against a KeyStore for the current date.- Parameters:
-
certs
- the certificate chain -
keystore
- theKeyStore
-
crls
- the certificate revocation list ornull
- Returns:
-
empty list if the certificate chain could be validated or a
Object[]{cert,error}
wherecert
is the failed certificate anderror
is the error message
-
verifyCertificates
public static List<VerificationException> verifyCertificates(Certificate[] certs, KeyStore keystore, Collection<CRL> crls, Calendar calendar) Verifies a certificate chain against a KeyStore.- Parameters:
-
certs
- the certificate chain -
keystore
- theKeyStore
-
crls
- the certificate revocation list ornull
-
calendar
- the date, shall not be null - Returns:
-
empty list if the certificate chain could be validated or a
Object[]{cert,error}
wherecert
is the failed certificate anderror
is the error message
-
verifyCertificates
public static List<VerificationException> verifyCertificates(Certificate[] certs, KeyStore keystore) Verifies a certificate chain against a KeyStore for the current date.- Parameters:
-
certs
- the certificate chain -
keystore
- theKeyStore
- Returns:
-
null
if the certificate chain could be validated or aObject[]{cert,error}
wherecert
is the failed certificate anderror
is the error message
-
verifyCertificates
public static List<VerificationException> verifyCertificates(Certificate[] certs, KeyStore keystore, Calendar calendar) Verifies a certificate chain against a KeyStore.- Parameters:
-
certs
- the certificate chain -
keystore
- theKeyStore
-
calendar
- the date, shall not be null - Returns:
-
null
if the certificate chain could be validated or aObject[]{cert,error}
wherecert
is the failed certificate anderror
is the error message
-
verifyOcspCertificates
public static boolean verifyOcspCertificates(org.bouncycastle.cert.ocsp.BasicOCSPResp ocsp, KeyStore keystore, String provider) Verifies an OCSP response against a KeyStore.- Parameters:
-
ocsp
- the OCSP response -
keystore
- theKeyStore
-
provider
- the provider ornull
to use the BouncyCastle provider - Returns:
-
true
is a certificate was found
-
verifyTimestampCertificates
public static boolean verifyTimestampCertificates(org.bouncycastle.tsp.TimeStampToken ts, KeyStore keystore, String provider) Verifies a time stamp against a KeyStore.- Parameters:
-
ts
- the time stamp -
keystore
- theKeyStore
-
provider
- the provider ornull
to use the BouncyCastle provider - Returns:
-
true
is a certificate was found
-