Package com.itextpdf.signatures
Class CRLVerifier
java.lang.Object
com.itextpdf.signatures.CertificateVerifier
com.itextpdf.signatures.RootStoreVerifier
com.itextpdf.signatures.CRLVerifier
Class that allows you to verify a certificate against one or more Certificate Revocation Lists.
-
Field Summary
Modifier and TypeFieldDescriptionprotected static final org.slf4j.Logger
The Logger instanceFields inherited from class com.itextpdf.signatures.RootStoreVerifier
rootStore
Fields inherited from class com.itextpdf.signatures.CertificateVerifier
onlineCheckingAllowed, verifier
-
Constructor Summary
ConstructorDescriptionCRLVerifier
(CertificateVerifier verifier, List<X509CRL> crls) Creates a CRLVerifier instance. -
Method Summary
Modifier and TypeMethodDescriptiongetCRL
(X509Certificate signCert, X509Certificate issuerCert) Fetches a CRL for a specific certificate online (without further checking).boolean
isSignatureValid
(X509CRL crl, X509Certificate crlIssuer) Checks if a CRL verifies against the issuer certificate or a trusted anchor.verify
(X509Certificate signCert, X509Certificate issuerCert, Date signDate) Verifies whether a valid CRL is found for the certificate.boolean
verify
(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) Verifies a certificate against a single CRL.Methods inherited from class com.itextpdf.signatures.RootStoreVerifier
setRootStore
Methods inherited from class com.itextpdf.signatures.CertificateVerifier
setOnlineCheckingAllowed
-
Field Details
-
LOGGER
protected static final org.slf4j.Logger LOGGERThe Logger instance
-
-
Constructor Details
-
CRLVerifier
Creates a CRLVerifier instance.- Parameters:
-
verifier
- the next verifier in the chain -
crls
- a list of CRLs
-
-
Method Details
-
verify
public List<VerificationOK> verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException Verifies whether a valid CRL is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any CRL that was available.- Overrides:
-
verify
in classRootStoreVerifier
- Parameters:
-
signCert
- the certificate that needs to be checked -
issuerCert
- its issuer -
signDate
- the date the certificate needs to be valid - Returns:
-
a list of
VerificationOK
objects. The list will be empty if the certificate couldn't be verified. - Throws:
-
GeneralSecurityException
- thrown if the certificate has expired, isn't valid yet, or if an exception has been thrown inCertificate#verify
. - See Also:
-
verify
public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException Verifies a certificate against a single CRL.- Parameters:
-
crl
- the Certificate Revocation List -
signCert
- a certificate that needs to be verified -
issuerCert
- its issuer -
signDate
- the sign date - Returns:
- true if the verification succeeded
- Throws:
-
GeneralSecurityException
- thrown when certificate has been revoked
-
getCRL
Fetches a CRL for a specific certificate online (without further checking).- Parameters:
-
signCert
- the certificate -
issuerCert
- its issuer left for backwards compatibility - Returns:
- an X509CRL object.
-
isSignatureValid
Checks if a CRL verifies against the issuer certificate or a trusted anchor.- Parameters:
-
crl
- the CRL -
crlIssuer
- the trusted anchor - Returns:
- true if the CRL can be trusted
-