Class RevocationDataValidator
java.lang.Object
com.itextpdf.signatures.validation.RevocationDataValidator
Class that allows you to fetch and validate revocation data for the certificate.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
Class which contains validation related information about CRL response.static class
Class which contains validation related information about single OCSP response. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final IBouncyCastleFactory
(package private) static final String
(package private) static final String
private final IssuingCertificateRetriever
(package private) static final String
(package private) static final String
private final List
<ICrlClient> private final CRLValidator
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
private final List
<IOcspClient> private final OCSPValidator
private final SignatureValidationProperties
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
Creates newRevocationDataValidator
instance to validate certificate revocation data. -
Method Summary
Modifier and TypeMethodDescriptionaddCrlClient
(ICrlClient crlClient) AddICrlClient
to be used for CRL responses receiving.addOcspClient
(IOcspClient ocspClient) AddIOcspClient
to be used for OCSP responses receiving.private static void
fillOcspResponses
(List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, IBasicOCSPResp basicOCSPResp, Date generationDate, TimeBasedContext timeBasedContext) retrieveAllCRLResponses
(ValidationReport report, ValidationContext context, X509Certificate certificate) private static List
<RevocationDataValidator.CrlValidationInfo> retrieveAllCRLResponsesUsingClient
(ValidationReport report, X509Certificate certificate, ICrlClient crlClient) retrieveAllOCSPResponses
(ValidationReport report, ValidationContext context, X509Certificate certificate) private void
tryToFetchRevInfoOnline
(ValidationReport report, ValidationContext context, X509Certificate certificate, List<RevocationDataValidator.CrlValidationInfo> onlineCrlResponses, List<RevocationDataValidator.OcspResponseValidationInfo> onlineOcspResponses) void
validate
(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate) Validates revocation data (Certificate Revocation List (CRL) Responses and OCSP Responses) of the certificate.private void
validateRevocationData
(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate, List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, List<RevocationDataValidator.CrlValidationInfo> crlResponses)
-
Field Details
-
REVOCATION_DATA_CHECK
- See Also:
-
NO_REVOCATION_DATA
- See Also:
-
SELF_SIGNED_CERTIFICATE
- See Also:
-
TRUSTED_OCSP_RESPONDER
- See Also:
-
VALIDITY_ASSURED
- See Also:
-
NO_REV_AVAILABLE
- See Also:
-
NO_REV_AVAILABLE_CA
- See Also:
-
CANNOT_PARSE_OCSP
- See Also:
-
CANNOT_PARSE_CRL
- See Also:
-
ISSUER_RETRIEVAL_FAILED
- See Also:
-
OCSP_CLIENT_FAILURE
- See Also:
-
CRL_CLIENT_FAILURE
- See Also:
-
OCSP_VALIDATOR_FAILURE
- See Also:
-
CRL_VALIDATOR_FAILURE
- See Also:
-
UNABLE_TO_RETRIEVE_REV_DATA_ONLINE
- See Also:
-
BOUNCY_CASTLE_FACTORY
-
ocspClients
-
crlClients
-
properties
-
certificateRetriever
-
ocspValidator
-
crlValidator
-
-
Constructor Details
-
RevocationDataValidator
Creates newRevocationDataValidator
instance to validate certificate revocation data.- Parameters:
builder
- SeeValidatorChainBuilder
-
-
Method Details
-
addCrlClient
AddICrlClient
to be used for CRL responses receiving.- Parameters:
crlClient
-ICrlClient
to be used for CRL responses receiving- Returns:
- same instance of
RevocationDataValidator
.
-
addOcspClient
AddIOcspClient
to be used for OCSP responses receiving.- Parameters:
ocspClient
-IOcspClient
to be used for OCSP responses receiving- Returns:
- same instance of
RevocationDataValidator
.
-
validate
public void validate(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate) Validates revocation data (Certificate Revocation List (CRL) Responses and OCSP Responses) of the certificate.- Parameters:
report
- to store all the verification resultscontext
-ValidationContext
the contextcertificate
- the certificate to check revocation data forvalidationDate
- validation date to check for
-
fillOcspResponses
private static void fillOcspResponses(List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, IBasicOCSPResp basicOCSPResp, Date generationDate, TimeBasedContext timeBasedContext) -
retrieveAllCRLResponsesUsingClient
private static List<RevocationDataValidator.CrlValidationInfo> retrieveAllCRLResponsesUsingClient(ValidationReport report, X509Certificate certificate, ICrlClient crlClient) -
validateRevocationData
private void validateRevocationData(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate, List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, List<RevocationDataValidator.CrlValidationInfo> crlResponses) -
retrieveAllOCSPResponses
private List<RevocationDataValidator.OcspResponseValidationInfo> retrieveAllOCSPResponses(ValidationReport report, ValidationContext context, X509Certificate certificate) -
retrieveAllCRLResponses
private List<RevocationDataValidator.CrlValidationInfo> retrieveAllCRLResponses(ValidationReport report, ValidationContext context, X509Certificate certificate) -
tryToFetchRevInfoOnline
private void tryToFetchRevInfoOnline(ValidationReport report, ValidationContext context, X509Certificate certificate, List<RevocationDataValidator.CrlValidationInfo> onlineCrlResponses, List<RevocationDataValidator.OcspResponseValidationInfo> onlineOcspResponses)
-