Package com.itextpdf.text.pdf.security
Class CRLVerifier
- java.lang.Object
-
- com.itextpdf.text.pdf.security.CertificateVerifier
-
- com.itextpdf.text.pdf.security.RootStoreVerifier
-
- com.itextpdf.text.pdf.security.CRLVerifier
-
public class CRLVerifier extends RootStoreVerifier
Class that allows you to verify a certificate against one or more Certificate Revocation Lists.
-
-
Field Summary
Fields Modifier and Type Field Description (package private) java.util.List<java.security.cert.X509CRL>
crls
The list of CRLs to check for revocation date.protected static Logger
LOGGER
The Logger instance-
Fields inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
rootStore
-
Fields inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
onlineCheckingAllowed, verifier
-
-
Constructor Summary
Constructors Constructor Description CRLVerifier(CertificateVerifier verifier, java.util.List<java.security.cert.X509CRL> crls)
Creates a CRLVerifier instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.security.cert.X509CRL
getCRL(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert)
Fetches a CRL for a specific certificate online (without further checking).boolean
isSignatureValid(java.security.cert.X509CRL crl, java.security.cert.X509Certificate crlIssuer)
Checks if a CRL verifies against the issuer certificate or a trusted anchor.java.util.List<VerificationOK>
verify(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate)
Verifies if a a valid CRL is found for the certificate.boolean
verify(java.security.cert.X509CRL crl, java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate)
Verifies a certificate against a single CRL.-
Methods inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
setRootStore
-
Methods inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
setOnlineCheckingAllowed
-
-
-
-
Field Detail
-
LOGGER
protected static final Logger LOGGER
The Logger instance
-
crls
java.util.List<java.security.cert.X509CRL> crls
The list of CRLs to check for revocation date.
-
-
Constructor Detail
-
CRLVerifier
public CRLVerifier(CertificateVerifier verifier, java.util.List<java.security.cert.X509CRL> crls)
Creates a CRLVerifier instance.- Parameters:
verifier
- the next verifier in the chaincrls
- a list of CRLs
-
-
Method Detail
-
verify
public java.util.List<VerificationOK> verify(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate) throws java.security.GeneralSecurityException, java.io.IOException
Verifies if a a valid CRL is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any CRL that was available.- Overrides:
verify
in classRootStoreVerifier
- Parameters:
signCert
- the certificate that needs to be checkedissuerCert
- its issuersignDate
- the date the certificate needs to be valid- Returns:
- a list of
VerificationOK
objects. The list will be empty if the certificate couldn't be verified. - Throws:
java.security.GeneralSecurityException
java.io.IOException
- See Also:
RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
-
verify
public boolean verify(java.security.cert.X509CRL crl, java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate) throws java.security.GeneralSecurityException
Verifies a certificate against a single CRL.- Parameters:
crl
- the Certificate Revocation ListsignCert
- a certificate that needs to be verifiedissuerCert
- its issuersignDate
- the sign date- Returns:
- true if the verification succeeded
- Throws:
java.security.GeneralSecurityException
-
getCRL
public java.security.cert.X509CRL getCRL(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert)
Fetches a CRL for a specific certificate online (without further checking).- Parameters:
signCert
- the certificateissuerCert
- its issuer- Returns:
- an X509CRL object
-
isSignatureValid
public boolean isSignatureValid(java.security.cert.X509CRL crl, java.security.cert.X509Certificate crlIssuer)
Checks if a CRL verifies against the issuer certificate or a trusted anchor.- Parameters:
crl
- the CRLcrlIssuer
- the trusted anchor- Returns:
- true if the CRL can be trusted
-
-