Class CRLValidator
- java.lang.Object
-
- com.itextpdf.signatures.validation.CRLValidator
-
public class CRLValidator extends java.lang.Object
Class that allows you to validate a certificate against a Certificate Revocation List (CRL) Response.
-
-
Field Summary
Fields Modifier and Type Field Description (package private) static int
ALL_REASONS
(package private) static java.lang.String
ATTRIBUTE_CERTS_ASSERTED
private ValidatorChainBuilder
builder
(package private) static java.lang.String
CERTIFICATE_IN_ISSUER_CHAIN
(package private) static java.lang.String
CERTIFICATE_IS_EXPIRED
(package private) static java.lang.String
CERTIFICATE_IS_NOT_IN_THE_CRL_SCOPE
(package private) static java.lang.String
CERTIFICATE_IS_UNREVOKED
(package private) static java.lang.String
CERTIFICATE_REVOKED
private IssuingCertificateRetriever
certificateRetriever
private java.util.Map<java.security.cert.Certificate,java.lang.Integer>
checkedReasonsMask
(package private) static java.lang.String
CRL_CHECK
(package private) static java.lang.String
CRL_INVALID
(package private) static java.lang.String
CRL_ISSUER_CHAIN_FAILED
(package private) static java.lang.String
CRL_ISSUER_NO_COMMON_ROOT
(package private) static java.lang.String
CRL_ISSUER_NOT_FOUND
(package private) static java.lang.String
CRL_ISSUER_REQUEST_FAILED
private static IBouncyCastleFactory
FACTORY
(package private) static java.lang.String
FRESHNESS_CHECK
(package private) static java.lang.String
ONLY_SOME_REASONS_CHECKED
private SignatureValidationProperties
properties
(package private) static java.lang.String
SAME_REASONS_CHECK
(package private) static java.lang.String
UPDATE_DATE_BEFORE_CHECK_DATE
-
Constructor Summary
Constructors Modifier Constructor Description protected
CRLValidator(ValidatorChainBuilder builder)
Creates newCRLValidator
instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private static void
addResponderValidationReport(ValidationReport report, ValidationReport responderReport)
private static int
computeInterimReasonsMask(IIssuingDistributionPoint issuingDistPoint, IDistributionPoint distributionPoint)
private static java.util.Date
getExpiredCertsOnCRLExtensionDate(java.security.cert.X509CRL crl)
private static IIssuingDistributionPoint
getIssuingDistributionPointExtension(java.security.cert.X509CRL crl)
private java.util.List<java.security.cert.X509Certificate>
getRoots(java.security.cert.Certificate cert)
void
validate(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.security.cert.X509CRL crl, java.util.Date validationDate, java.util.Date responseGenerationDate)
Validates a certificate against Certificate Revocation List (CRL) Responses.private void
verifyCrlIntegrity(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.security.cert.X509CRL crl, java.util.Date responseGenerationDate)
private static void
verifyRevocation(ValidationReport report, java.security.cert.X509Certificate certificate, java.util.Date verificationDate, java.security.cert.X509CRL crl)
-
-
-
Field Detail
-
CRL_CHECK
static final java.lang.String CRL_CHECK
- See Also:
- Constant Field Values
-
ATTRIBUTE_CERTS_ASSERTED
static final java.lang.String ATTRIBUTE_CERTS_ASSERTED
- See Also:
- Constant Field Values
-
CERTIFICATE_IS_EXPIRED
static final java.lang.String CERTIFICATE_IS_EXPIRED
- See Also:
- Constant Field Values
-
CERTIFICATE_IS_UNREVOKED
static final java.lang.String CERTIFICATE_IS_UNREVOKED
- See Also:
- Constant Field Values
-
CERTIFICATE_IS_NOT_IN_THE_CRL_SCOPE
static final java.lang.String CERTIFICATE_IS_NOT_IN_THE_CRL_SCOPE
- See Also:
- Constant Field Values
-
CERTIFICATE_REVOKED
static final java.lang.String CERTIFICATE_REVOKED
- See Also:
- Constant Field Values
-
CRL_ISSUER_NOT_FOUND
static final java.lang.String CRL_ISSUER_NOT_FOUND
- See Also:
- Constant Field Values
-
CRL_ISSUER_REQUEST_FAILED
static final java.lang.String CRL_ISSUER_REQUEST_FAILED
- See Also:
- Constant Field Values
-
CRL_ISSUER_CHAIN_FAILED
static final java.lang.String CRL_ISSUER_CHAIN_FAILED
- See Also:
- Constant Field Values
-
CRL_ISSUER_NO_COMMON_ROOT
static final java.lang.String CRL_ISSUER_NO_COMMON_ROOT
- See Also:
- Constant Field Values
-
CRL_INVALID
static final java.lang.String CRL_INVALID
- See Also:
- Constant Field Values
-
FRESHNESS_CHECK
static final java.lang.String FRESHNESS_CHECK
- See Also:
- Constant Field Values
-
ONLY_SOME_REASONS_CHECKED
static final java.lang.String ONLY_SOME_REASONS_CHECKED
- See Also:
- Constant Field Values
-
SAME_REASONS_CHECK
static final java.lang.String SAME_REASONS_CHECK
- See Also:
- Constant Field Values
-
UPDATE_DATE_BEFORE_CHECK_DATE
static final java.lang.String UPDATE_DATE_BEFORE_CHECK_DATE
- See Also:
- Constant Field Values
-
CERTIFICATE_IN_ISSUER_CHAIN
static final java.lang.String CERTIFICATE_IN_ISSUER_CHAIN
- See Also:
- Constant Field Values
-
ALL_REASONS
static final int ALL_REASONS
- See Also:
- Constant Field Values
-
FACTORY
private static final IBouncyCastleFactory FACTORY
-
checkedReasonsMask
private final java.util.Map<java.security.cert.Certificate,java.lang.Integer> checkedReasonsMask
-
certificateRetriever
private final IssuingCertificateRetriever certificateRetriever
-
properties
private final SignatureValidationProperties properties
-
builder
private final ValidatorChainBuilder builder
-
-
Constructor Detail
-
CRLValidator
protected CRLValidator(ValidatorChainBuilder builder)
Creates newCRLValidator
instance.- Parameters:
builder
- SeeValidatorChainBuilder
-
-
Method Detail
-
validate
public void validate(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.security.cert.X509CRL crl, java.util.Date validationDate, java.util.Date responseGenerationDate)
Validates a certificate against Certificate Revocation List (CRL) Responses.- Parameters:
report
- to store all the chain verification resultscontext
- the context in which to perform the validationcertificate
- the certificate to check against CRL responsecrl
- the crl response to be validatedvalidationDate
- validation date to check forresponseGenerationDate
- trusted date at which response is generated
-
verifyRevocation
private static void verifyRevocation(ValidationReport report, java.security.cert.X509Certificate certificate, java.util.Date verificationDate, java.security.cert.X509CRL crl)
-
getIssuingDistributionPointExtension
private static IIssuingDistributionPoint getIssuingDistributionPointExtension(java.security.cert.X509CRL crl)
-
getExpiredCertsOnCRLExtensionDate
private static java.util.Date getExpiredCertsOnCRLExtensionDate(java.security.cert.X509CRL crl)
-
computeInterimReasonsMask
private static int computeInterimReasonsMask(IIssuingDistributionPoint issuingDistPoint, IDistributionPoint distributionPoint)
-
verifyCrlIntegrity
private void verifyCrlIntegrity(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.security.cert.X509CRL crl, java.util.Date responseGenerationDate)
-
getRoots
private java.util.List<java.security.cert.X509Certificate> getRoots(java.security.cert.Certificate cert)
-
addResponderValidationReport
private static void addResponderValidationReport(ValidationReport report, ValidationReport responderReport)
-
-