Package com.itextpdf.signatures

Class CertificateVerification

java.lang.Object
com.itextpdf.signatures.CertificateVerification
public class CertificateVerification extends Object
This class consists of some methods that allow you to verify certificates.

  • Field Details

  • Constructor Details

    • CertificateVerification

      public CertificateVerification()

  • Method Details

    • verifyCertificate

      public static String verifyCertificate (X509Certificate cert, Collection<CRL> crls)
      Verifies a single certificate for the current date.
      Parameters:
      cert - the certificate to verify
      crls - the certificate revocation list or null
      Returns:
      a String with the error description or null if no error

    • verifyCertificate

      public static String verifyCertificate (X509Certificate cert, Collection<CRL> crls, Calendar calendar)
      Verifies a single certificate.
      Parameters:
      cert - the certificate to verify
      crls - the certificate revocation list or null
      calendar - the date, shall not be null
      Returns:
      a String with the error description or null if no error

    • verifyCertificates

      public static List<VerificationException> verifyCertificates (Certificate[] certs, KeyStore keystore, Collection<CRL> crls) throws CertificateEncodingException
      Verifies a certificate chain against a KeyStore for the current date.
      Parameters:
      certs - the certificate chain
      keystore - the KeyStore
      crls - the certificate revocation list or null
      Returns:
      empty list if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message
      Throws:
      CertificateEncodingException - if an encoding error occurs in Certificate.

    • verifyCertificates

      public static List<VerificationException> verifyCertificates (Certificate[] certs, KeyStore keystore, Collection<CRL> crls, Calendar calendar) throws CertificateEncodingException
      Verifies a certificate chain against a KeyStore.
      Parameters:
      certs - the certificate chain
      keystore - the KeyStore
      crls - the certificate revocation list or null
      calendar - the date, shall not be null
      Returns:
      empty list if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message
      Throws:
      CertificateEncodingException - if an encoding error occurs in Certificate.

    • verifyCertificates

      public static List<VerificationException> verifyCertificates (Certificate[] certs, KeyStore keystore) throws CertificateEncodingException
      Verifies a certificate chain against a KeyStore for the current date.
      Parameters:
      certs - the certificate chain
      keystore - the KeyStore
      Returns:
      null if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message
      Throws:
      CertificateEncodingException - if an encoding error occurs in Certificate.

    • verifyCertificates

      public static List<VerificationException> verifyCertificates (Certificate[] certs, KeyStore keystore, Calendar calendar) throws CertificateEncodingException
      Verifies a certificate chain against a KeyStore.
      Parameters:
      certs - the certificate chain
      keystore - the KeyStore
      calendar - the date, shall not be null
      Returns:
      null if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message
      Throws:
      CertificateEncodingException - if an encoding error occurs in Certificate.

    • verifyOcspCertificates

      public static boolean verifyOcspCertificates (IBasicOCSPResp ocsp, KeyStore keystore, String provider)
      Verifies an OCSP response against a KeyStore.
      Parameters:
      ocsp - the OCSP response
      keystore - the KeyStore
      provider - the provider or null to use the BouncyCastle provider
      Returns:
      true is a certificate was found

    • verifyTimestampCertificates

      public static boolean verifyTimestampCertificates (ITimeStampToken ts, KeyStore keystore, String provider)
      Verifies a time stamp against a KeyStore.
      Parameters:
      ts - the time stamp
      keystore - the KeyStore
      provider - the provider or null to use the BouncyCastle provider
      Returns:
      true is a certificate was found