Package com.itextpdf.signatures
Class CRLVerifier
java.lang.Object
com.itextpdf.signatures.CertificateVerifier
com.itextpdf.signatures.RootStoreVerifier
com.itextpdf.signatures.CRLVerifier
Class that allows you to verify a certificate against one or more Certificate Revocation Lists.
-
Field Summary
FieldsFields inherited from class com.itextpdf.signatures.RootStoreVerifier
rootStoreFields inherited from class com.itextpdf.signatures.CertificateVerifier
onlineCheckingAllowed, verifier -
Constructor Summary
ConstructorsConstructorDescriptionCRLVerifier(CertificateVerifier verifier, List<X509CRL> crls) Creates a CRLVerifier instance. -
Method Summary
Modifier and TypeMethodDescriptiongetCRL(X509Certificate signCert, X509Certificate issuerCert) Fetches a CRL for a specific certificate online (without further checking).booleanisSignatureValid(X509CRL crl, X509Certificate crlIssuer) Checks if a CRL verifies against the issuer certificate or a trusted anchor.verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) Verifies if a a valid CRL is found for the certificate.booleanverify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) Verifies a certificate against a single CRL.Methods inherited from class com.itextpdf.signatures.RootStoreVerifier
setRootStoreMethods inherited from class com.itextpdf.signatures.CertificateVerifier
setOnlineCheckingAllowed
-
Field Details
-
LOGGER
The Logger instance
-
-
Constructor Details
-
CRLVerifier
Creates a CRLVerifier instance.- Parameters:
-
verifier- the next verifier in the chain -
crls- a list of CRLs
-
-
Method Details
-
verify
public List<VerificationOK> verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException Verifies if a a valid CRL is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any CRL that was available.- Overrides:
-
verifyin classRootStoreVerifier - Parameters:
-
signCert- the certificate that needs to be checked -
issuerCert- its issuer -
signDate- the date the certificate needs to be valid - Returns:
-
a list of
VerificationOKobjects. The list will be empty if the certificate couldn't be verified. - Throws:
-
GeneralSecurityException- thrown if the certificate has expired, isn't valid yet, or if an exception has been thrown inCertificate#verify. - See Also:
-
verify
public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException Verifies a certificate against a single CRL.- Parameters:
-
crl- the Certificate Revocation List -
signCert- a certificate that needs to be verified -
issuerCert- its issuer -
signDate- the sign date - Returns:
- true if the verification succeeded
- Throws:
-
GeneralSecurityException- thrown when certificate has been revoked
-
getCRL
Fetches a CRL for a specific certificate online (without further checking).- Parameters:
-
signCert- the certificate -
issuerCert- its issuer - Returns:
- an X509CRL object
-
isSignatureValid
Checks if a CRL verifies against the issuer certificate or a trusted anchor.- Parameters:
-
crl- the CRL -
crlIssuer- the trusted anchor - Returns:
- true if the CRL can be trusted
-