Class CertificateVerification

java.lang.Object
com.itextpdf.signatures.CertificateVerification

@Deprecated public class CertificateVerification extends Object
Deprecated.
starting from 9.0.0. CertificateChainValidator should be used instead.
This class consists of some methods that allow you to verify certificates.
  • Field Details

  • Constructor Details

    • CertificateVerification

      public CertificateVerification()
      Deprecated.
  • Method Details

    • verifyCertificate

      public static String verifyCertificate (X509Certificate cert, Collection<CRL> crls)
      Deprecated.
      Verifies a single certificate for the current date.
      Parameters:
      cert - the certificate to verify
      crls - the certificate revocation list or null
      Returns:
      a String with the error description or null if no error
    • verifyCertificate

      public static String verifyCertificate (X509Certificate cert, Collection<CRL> crls, Calendar calendar)
      Deprecated.
      Verifies a single certificate.
      Parameters:
      cert - the certificate to verify
      crls - the certificate revocation list or null
      calendar - the date, shall not be null
      Returns:
      a String with the error description or null if no error
    • verifyCertificates

      public static List<VerificationException> verifyCertificates (Certificate[] certs, KeyStore keystore, Collection<CRL> crls) throws CertificateEncodingException
      Deprecated.
      Verifies a certificate chain against a KeyStore for the current date.
      Parameters:
      certs - the certificate chain
      keystore - the KeyStore
      crls - the certificate revocation list or null
      Returns:
      empty list if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message
      Throws:
      CertificateEncodingException - if an encoding error occurs in Certificate.
    • verifyCertificates

      public static List<VerificationException> verifyCertificates (Certificate[] certs, KeyStore keystore, Collection<CRL> crls, Calendar calendar) throws CertificateEncodingException
      Deprecated.
      Verifies a certificate chain against a KeyStore.
      Parameters:
      certs - the certificate chain
      keystore - the KeyStore
      crls - the certificate revocation list or null
      calendar - the date, shall not be null
      Returns:
      empty list if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message
      Throws:
      CertificateEncodingException - if an encoding error occurs in Certificate.
    • verifyCertificates

      public static List<VerificationException> verifyCertificates (Certificate[] certs, KeyStore keystore) throws CertificateEncodingException
      Deprecated.
      Verifies a certificate chain against a KeyStore for the current date.
      Parameters:
      certs - the certificate chain
      keystore - the KeyStore
      Returns:
      null if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message
      Throws:
      CertificateEncodingException - if an encoding error occurs in Certificate.
    • verifyCertificates

      public static List<VerificationException> verifyCertificates (Certificate[] certs, KeyStore keystore, Calendar calendar) throws CertificateEncodingException
      Deprecated.
      Verifies a certificate chain against a KeyStore.
      Parameters:
      certs - the certificate chain
      keystore - the KeyStore
      calendar - the date, shall not be null
      Returns:
      null if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message
      Throws:
      CertificateEncodingException - if an encoding error occurs in Certificate.
    • verifyOcspCertificates

      public static boolean verifyOcspCertificates (IBasicOCSPResp ocsp, KeyStore keystore, String provider)
      Deprecated.
      Verifies an OCSP response against a KeyStore.
      Parameters:
      ocsp - the OCSP response
      keystore - the KeyStore
      provider - the provider or null to use the BouncyCastle provider
      Returns:
      true is a certificate was found
    • verifyTimestampCertificates

      public static boolean verifyTimestampCertificates (ITimeStampToken ts, KeyStore keystore, String provider)
      Deprecated.
      Verifies a time stamp against a KeyStore.
      Parameters:
      ts - the time stamp
      keystore - the KeyStore
      provider - the provider or null to use the BouncyCastle provider
      Returns:
      true is a certificate was found
    • hasUnsupportedCriticalExtension

      protected static boolean hasUnsupportedCriticalExtension (X509Certificate cert)
      Deprecated.
      Check if the provided certificate has a critical extension that iText doesn't support.
      Parameters:
      cert - X509Certificate instance to check
      Returns:
      true if there are unsupported critical extensions, false if there are none