Class CRLValidator
- java.lang.Object
-
- com.itextpdf.signatures.validation.v1.CRLValidator
-
public class CRLValidator extends java.lang.Object
Class that allows you to validate a certificate against a Certificate Revocation List (CRL) Response.
-
-
Field Summary
Fields Modifier and Type Field Description (package private) static int
ALL_REASONS
(package private) static java.lang.String
ATTRIBUTE_CERTS_ASSERTED
private ValidatorChainBuilder
builder
(package private) static java.lang.String
CERTIFICATE_IS_EXPIRED
(package private) static java.lang.String
CERTIFICATE_IS_NOT_IN_THE_CRL_SCOPE
(package private) static java.lang.String
CERTIFICATE_IS_UNREVOKED
(package private) static java.lang.String
CERTIFICATE_REVOKED
private IssuingCertificateRetriever
certificateRetriever
private java.util.Map<java.security.cert.Certificate,java.lang.Integer>
checkedReasonsMask
(package private) static java.lang.String
CRL_CHECK
(package private) static java.lang.String
CRL_INVALID
(package private) static java.lang.String
CRL_ISSUER_CHAIN_FAILED
(package private) static java.lang.String
CRL_ISSUER_NO_COMMON_ROOT
(package private) static java.lang.String
CRL_ISSUER_NOT_FOUND
(package private) static java.lang.String
CRL_ISSUER_REQUEST_FAILED
private static IBouncyCastleFactory
FACTORY
(package private) static java.lang.String
FRESHNESS_CHECK
(package private) static java.lang.String
ONLY_SOME_REASONS_CHECKED
private SignatureValidationProperties
properties
(package private) static java.lang.String
SAME_REASONS_CHECK
(package private) static java.lang.String
UPDATE_DATE_BEFORE_CHECK_DATE
-
Constructor Summary
Constructors Modifier Constructor Description protected
CRLValidator(ValidatorChainBuilder builder)
Creates newCRLValidator
instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description private static void
addResponderValidationReport(ValidationReport report, ValidationReport responderReport)
private static int
computeInterimReasonsMask(IIssuingDistributionPoint issuingDistPoint, IDistributionPoint distributionPoint)
private static java.util.Date
getExpiredCertsOnCRLExtensionDate(java.security.cert.X509CRL crl)
private static IIssuingDistributionPoint
getIssuingDistributionPointExtension(java.security.cert.X509CRL crl)
private java.security.cert.Certificate
getRoot(java.security.cert.Certificate cert)
void
validate(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.security.cert.X509CRL crl, java.util.Date validationDate)
Deprecated.starting from 8.0.5.void
validate(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.security.cert.X509CRL crl, java.util.Date validationDate, java.util.Date responseGenerationDate)
Validates a certificate against Certificate Revocation List (CRL) Responses.private void
verifyCrlIntegrity(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.security.cert.X509CRL crl, java.util.Date responseGenerationDate)
private static void
verifyRevocation(ValidationReport report, java.security.cert.X509Certificate certificate, java.util.Date verificationDate, java.security.cert.X509CRL crl)
-
-
-
Field Detail
-
CRL_CHECK
static final java.lang.String CRL_CHECK
- See Also:
- Constant Field Values
-
ATTRIBUTE_CERTS_ASSERTED
static final java.lang.String ATTRIBUTE_CERTS_ASSERTED
- See Also:
- Constant Field Values
-
CERTIFICATE_IS_EXPIRED
static final java.lang.String CERTIFICATE_IS_EXPIRED
- See Also:
- Constant Field Values
-
CERTIFICATE_IS_UNREVOKED
static final java.lang.String CERTIFICATE_IS_UNREVOKED
- See Also:
- Constant Field Values
-
CERTIFICATE_IS_NOT_IN_THE_CRL_SCOPE
static final java.lang.String CERTIFICATE_IS_NOT_IN_THE_CRL_SCOPE
- See Also:
- Constant Field Values
-
CERTIFICATE_REVOKED
static final java.lang.String CERTIFICATE_REVOKED
- See Also:
- Constant Field Values
-
CRL_ISSUER_NOT_FOUND
static final java.lang.String CRL_ISSUER_NOT_FOUND
- See Also:
- Constant Field Values
-
CRL_ISSUER_REQUEST_FAILED
static final java.lang.String CRL_ISSUER_REQUEST_FAILED
- See Also:
- Constant Field Values
-
CRL_ISSUER_CHAIN_FAILED
static final java.lang.String CRL_ISSUER_CHAIN_FAILED
- See Also:
- Constant Field Values
-
CRL_ISSUER_NO_COMMON_ROOT
static final java.lang.String CRL_ISSUER_NO_COMMON_ROOT
- See Also:
- Constant Field Values
-
CRL_INVALID
static final java.lang.String CRL_INVALID
- See Also:
- Constant Field Values
-
FRESHNESS_CHECK
static final java.lang.String FRESHNESS_CHECK
- See Also:
- Constant Field Values
-
ONLY_SOME_REASONS_CHECKED
static final java.lang.String ONLY_SOME_REASONS_CHECKED
- See Also:
- Constant Field Values
-
SAME_REASONS_CHECK
static final java.lang.String SAME_REASONS_CHECK
- See Also:
- Constant Field Values
-
UPDATE_DATE_BEFORE_CHECK_DATE
static final java.lang.String UPDATE_DATE_BEFORE_CHECK_DATE
- See Also:
- Constant Field Values
-
ALL_REASONS
static final int ALL_REASONS
- See Also:
- Constant Field Values
-
FACTORY
private static final IBouncyCastleFactory FACTORY
-
checkedReasonsMask
private final java.util.Map<java.security.cert.Certificate,java.lang.Integer> checkedReasonsMask
-
certificateRetriever
private final IssuingCertificateRetriever certificateRetriever
-
properties
private final SignatureValidationProperties properties
-
builder
private final ValidatorChainBuilder builder
-
-
Constructor Detail
-
CRLValidator
protected CRLValidator(ValidatorChainBuilder builder)
Creates newCRLValidator
instance.- Parameters:
builder
- SeeValidatorChainBuilder
-
-
Method Detail
-
validate
@Deprecated public void validate(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.security.cert.X509CRL crl, java.util.Date validationDate)
Deprecated.starting from 8.0.5. TODO DEVSIX-8398 To be removed.Validates a certificate against Certificate Revocation List (CRL) Responses.- Parameters:
report
- to store all the chain verification resultscontext
- the context in which to perform the validationcertificate
- the certificate to check against CRL responsecrl
- the crl response to be validatedvalidationDate
- validation date to check for
-
validate
public void validate(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.security.cert.X509CRL crl, java.util.Date validationDate, java.util.Date responseGenerationDate)
Validates a certificate against Certificate Revocation List (CRL) Responses.- Parameters:
report
- to store all the chain verification resultscontext
- the context in which to perform the validationcertificate
- the certificate to check against CRL responsecrl
- the crl response to be validatedvalidationDate
- validation date to check forresponseGenerationDate
- trusted date at which response is generated
-
verifyRevocation
private static void verifyRevocation(ValidationReport report, java.security.cert.X509Certificate certificate, java.util.Date verificationDate, java.security.cert.X509CRL crl)
-
getIssuingDistributionPointExtension
private static IIssuingDistributionPoint getIssuingDistributionPointExtension(java.security.cert.X509CRL crl)
-
getExpiredCertsOnCRLExtensionDate
private static java.util.Date getExpiredCertsOnCRLExtensionDate(java.security.cert.X509CRL crl)
-
computeInterimReasonsMask
private static int computeInterimReasonsMask(IIssuingDistributionPoint issuingDistPoint, IDistributionPoint distributionPoint)
-
verifyCrlIntegrity
private void verifyCrlIntegrity(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.security.cert.X509CRL crl, java.util.Date responseGenerationDate)
-
getRoot
private java.security.cert.Certificate getRoot(java.security.cert.Certificate cert)
-
addResponderValidationReport
private static void addResponderValidationReport(ValidationReport report, ValidationReport responderReport)
-
-