Package com.itextpdf.signatures.validation

Class CertificateChainValidator

java.lang.Object
com.itextpdf.signatures.validation.CertificateChainValidator
public class CertificateChainValidator extends Object
Validator class, which is expected to be used for certificates chain validation.

  • Constructor Details

  • Method Details

    • validateCertificate

      public ValidationReport validateCertificate (ValidationContext context, X509Certificate certificate, Date validationDate)
      Validate given certificate using provided validation date and required extensions.
      Parameters:
      context - the validation context in which to validate the certificate chain
      certificate - X509Certificate to be validated
      validationDate - Date against which certificate is expected to be validated. Usually signing date
      Returns:
      ValidationReport which contains detailed validation results.

    • validate

      public ValidationReport validate (ValidationReport result, ValidationContext context, X509Certificate certificate, Date validationDate)
      Validate given certificate using provided validation date and required extensions. Result is added into provided report.
      Parameters:
      result - ValidationReport which is populated with detailed validation results
      context - the context in which to perform the validation
      certificate - X509Certificate to be validated
      validationDate - Date against which certificate is expected to be validated. Usually signing date
      Returns:
      ValidationReport which contains both provided and new validation results.

    • validateNameConstraints

      protected void validateNameConstraints (ValidationReport report, List<X509Certificate> previousCertificates, X509Certificate trustedCertificate)
      Validates name constraint extension for complete certificate chain.
      Parameters:
      report - ValidationReport which is populated with detailed validation results
      previousCertificates - List of X509Certificate, which represent a complete chain, without a trusted root. List starts with a signing certificate.
      trustedCertificate - X509Certificate trusted root of this chain