Class CRLValidator
java.lang.Object
com.itextpdf.signatures.validation.v1.CRLValidator
Class that allows you to validate a certificate against a Certificate Revocation List (CRL) Response.
-
Field Summary
FieldsModifier and TypeFieldDescription(package private) static final int
(package private) static final String
private final ValidatorChainBuilder
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
private final IssuingCertificateRetriever
private final Map
<Certificate, Integer> (package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
private static final IBouncyCastleFactory
(package private) static final String
(package private) static final String
private final SignatureValidationProperties
(package private) static final String
(package private) static final String
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
CRLValidator
(ValidatorChainBuilder builder) Creates newCRLValidator
instance. -
Method Summary
Modifier and TypeMethodDescriptionprivate static void
addResponderValidationReport
(ValidationReport report, ValidationReport responderReport) private static int
computeInterimReasonsMask
(IIssuingDistributionPoint issuingDistPoint, IDistributionPoint distributionPoint) private static Date
private static IIssuingDistributionPoint
private Certificate
getRoot
(Certificate cert) void
validate
(ValidationReport report, ValidationContext context, X509Certificate certificate, X509CRL crl, Date validationDate) Deprecated.starting from 8.0.5.void
validate
(ValidationReport report, ValidationContext context, X509Certificate certificate, X509CRL crl, Date validationDate, Date responseGenerationDate) Validates a certificate against Certificate Revocation List (CRL) Responses.private void
verifyCrlIntegrity
(ValidationReport report, ValidationContext context, X509Certificate certificate, X509CRL crl, Date responseGenerationDate) private static void
verifyRevocation
(ValidationReport report, X509Certificate certificate, Date verificationDate, X509CRL crl)
-
Field Details
-
CRL_CHECK
- See Also:
-
ATTRIBUTE_CERTS_ASSERTED
- See Also:
-
CERTIFICATE_IS_EXPIRED
- See Also:
-
CERTIFICATE_IS_UNREVOKED
- See Also:
-
CERTIFICATE_IS_NOT_IN_THE_CRL_SCOPE
- See Also:
-
CERTIFICATE_REVOKED
- See Also:
-
CRL_ISSUER_NOT_FOUND
- See Also:
-
CRL_ISSUER_REQUEST_FAILED
- See Also:
-
CRL_ISSUER_CHAIN_FAILED
- See Also:
-
CRL_ISSUER_NO_COMMON_ROOT
- See Also:
-
CRL_INVALID
- See Also:
-
FRESHNESS_CHECK
- See Also:
-
ONLY_SOME_REASONS_CHECKED
- See Also:
-
SAME_REASONS_CHECK
- See Also:
-
UPDATE_DATE_BEFORE_CHECK_DATE
- See Also:
-
ALL_REASONS
static final int ALL_REASONS- See Also:
-
FACTORY
-
checkedReasonsMask
-
certificateRetriever
-
properties
-
builder
-
-
Constructor Details
-
CRLValidator
Creates newCRLValidator
instance.- Parameters:
builder
- SeeValidatorChainBuilder
-
-
Method Details
-
validate
@Deprecated public void validate(ValidationReport report, ValidationContext context, X509Certificate certificate, X509CRL crl, Date validationDate) Deprecated.starting from 8.0.5. TODO DEVSIX-8398 To be removed.Validates a certificate against Certificate Revocation List (CRL) Responses.- Parameters:
report
- to store all the chain verification resultscontext
- the context in which to perform the validationcertificate
- the certificate to check against CRL responsecrl
- the crl response to be validatedvalidationDate
- validation date to check for
-
validate
public void validate(ValidationReport report, ValidationContext context, X509Certificate certificate, X509CRL crl, Date validationDate, Date responseGenerationDate) Validates a certificate against Certificate Revocation List (CRL) Responses.- Parameters:
report
- to store all the chain verification resultscontext
- the context in which to perform the validationcertificate
- the certificate to check against CRL responsecrl
- the crl response to be validatedvalidationDate
- validation date to check forresponseGenerationDate
- trusted date at which response is generated
-
verifyRevocation
private static void verifyRevocation(ValidationReport report, X509Certificate certificate, Date verificationDate, X509CRL crl) -
getIssuingDistributionPointExtension
-
getExpiredCertsOnCRLExtensionDate
-
computeInterimReasonsMask
private static int computeInterimReasonsMask(IIssuingDistributionPoint issuingDistPoint, IDistributionPoint distributionPoint) -
verifyCrlIntegrity
private void verifyCrlIntegrity(ValidationReport report, ValidationContext context, X509Certificate certificate, X509CRL crl, Date responseGenerationDate) -
getRoot
-
addResponderValidationReport
private static void addResponderValidationReport(ValidationReport report, ValidationReport responderReport)
-