Class RevocationDataValidator
- java.lang.Object
-
- com.itextpdf.signatures.validation.v1.RevocationDataValidator
-
public class RevocationDataValidator extends java.lang.Object
Class that allows you to fetch and validate revocation data for the certificate.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
RevocationDataValidator.CrlValidationInfo
Class which contains validation related information about CRL response.static class
RevocationDataValidator.OcspResponseValidationInfo
Class which contains validation related information about single OCSP response.
-
Field Summary
Fields Modifier and Type Field Description private static IBouncyCastleFactory
BOUNCY_CASTLE_FACTORY
(package private) static java.lang.String
CANNOT_PARSE_CRL
(package private) static java.lang.String
CANNOT_PARSE_OCSP
private IssuingCertificateRetriever
certificateRetriever
(package private) static java.lang.String
CRL_CLIENT_FAILURE
(package private) static java.lang.String
CRL_VALIDATOR_FAILURE
private java.util.List<ICrlClient>
crlClients
private CRLValidator
crlValidator
(package private) static java.lang.String
ISSUER_RETRIEVAL_FAILED
(package private) static java.lang.String
NO_REVOCATION_DATA
(package private) static java.lang.String
OCSP_CLIENT_FAILURE
(package private) static java.lang.String
OCSP_VALIDATOR_FAILURE
private java.util.List<IOcspClient>
ocspClients
private OCSPValidator
ocspValidator
private SignatureValidationProperties
properties
(package private) static java.lang.String
REVOCATION_DATA_CHECK
(package private) static java.lang.String
SELF_SIGNED_CERTIFICATE
(package private) static java.lang.String
TRUSTED_OCSP_RESPONDER
(package private) static java.lang.String
VALIDITY_ASSURED
-
Constructor Summary
Constructors Modifier Constructor Description protected
RevocationDataValidator(ValidatorChainBuilder builder)
Creates newRevocationDataValidator
instance to validate certificate revocation data.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description RevocationDataValidator
addCrlClient(ICrlClient crlClient)
AddICrlClient
to be used for CRL responses receiving.RevocationDataValidator
addOcspClient(IOcspClient ocspClient)
AddIOcspClient
to be used for OCSP responses receiving.private static void
fillOcspResponses(java.util.List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, IBasicOCSPResp basicOCSPResp, java.util.Date generationDate, TimeBasedContext timeBasedContext)
private java.util.List<RevocationDataValidator.CrlValidationInfo>
retrieveAllCRLResponses(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate)
private static java.util.List<RevocationDataValidator.CrlValidationInfo>
retrieveAllCRLResponsesUsingClient(ValidationReport report, java.security.cert.X509Certificate certificate, ICrlClient crlClient)
private java.util.List<RevocationDataValidator.OcspResponseValidationInfo>
retrieveAllOCSPResponses(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate)
private void
tryToFetchRevInfoOnline(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.List<RevocationDataValidator.CrlValidationInfo> onlineCrlResponses, java.util.List<RevocationDataValidator.OcspResponseValidationInfo> onlineOcspResponses)
void
validate(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.Date validationDate)
Validates revocation data (Certificate Revocation List (CRL) Responses and OCSP Responses) of the certificate.private void
validateRevocationData(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.Date validationDate, java.util.List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, java.util.List<RevocationDataValidator.CrlValidationInfo> crlResponses)
-
-
-
Field Detail
-
REVOCATION_DATA_CHECK
static final java.lang.String REVOCATION_DATA_CHECK
- See Also:
- Constant Field Values
-
NO_REVOCATION_DATA
static final java.lang.String NO_REVOCATION_DATA
- See Also:
- Constant Field Values
-
SELF_SIGNED_CERTIFICATE
static final java.lang.String SELF_SIGNED_CERTIFICATE
- See Also:
- Constant Field Values
-
TRUSTED_OCSP_RESPONDER
static final java.lang.String TRUSTED_OCSP_RESPONDER
- See Also:
- Constant Field Values
-
VALIDITY_ASSURED
static final java.lang.String VALIDITY_ASSURED
- See Also:
- Constant Field Values
-
CANNOT_PARSE_OCSP
static final java.lang.String CANNOT_PARSE_OCSP
- See Also:
- Constant Field Values
-
CANNOT_PARSE_CRL
static final java.lang.String CANNOT_PARSE_CRL
- See Also:
- Constant Field Values
-
ISSUER_RETRIEVAL_FAILED
static final java.lang.String ISSUER_RETRIEVAL_FAILED
- See Also:
- Constant Field Values
-
OCSP_CLIENT_FAILURE
static final java.lang.String OCSP_CLIENT_FAILURE
- See Also:
- Constant Field Values
-
CRL_CLIENT_FAILURE
static final java.lang.String CRL_CLIENT_FAILURE
- See Also:
- Constant Field Values
-
OCSP_VALIDATOR_FAILURE
static final java.lang.String OCSP_VALIDATOR_FAILURE
- See Also:
- Constant Field Values
-
CRL_VALIDATOR_FAILURE
static final java.lang.String CRL_VALIDATOR_FAILURE
- See Also:
- Constant Field Values
-
BOUNCY_CASTLE_FACTORY
private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY
-
ocspClients
private final java.util.List<IOcspClient> ocspClients
-
crlClients
private final java.util.List<ICrlClient> crlClients
-
properties
private final SignatureValidationProperties properties
-
certificateRetriever
private final IssuingCertificateRetriever certificateRetriever
-
ocspValidator
private final OCSPValidator ocspValidator
-
crlValidator
private final CRLValidator crlValidator
-
-
Constructor Detail
-
RevocationDataValidator
protected RevocationDataValidator(ValidatorChainBuilder builder)
Creates newRevocationDataValidator
instance to validate certificate revocation data.- Parameters:
builder
- SeeValidatorChainBuilder
-
-
Method Detail
-
addCrlClient
public RevocationDataValidator addCrlClient(ICrlClient crlClient)
AddICrlClient
to be used for CRL responses receiving.- Parameters:
crlClient
-ICrlClient
to be used for CRL responses receiving- Returns:
- same instance of
RevocationDataValidator
.
-
addOcspClient
public RevocationDataValidator addOcspClient(IOcspClient ocspClient)
AddIOcspClient
to be used for OCSP responses receiving.- Parameters:
ocspClient
-IOcspClient
to be used for OCSP responses receiving- Returns:
- same instance of
RevocationDataValidator
.
-
validate
public void validate(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.Date validationDate)
Validates revocation data (Certificate Revocation List (CRL) Responses and OCSP Responses) of the certificate.- Parameters:
report
- to store all the verification resultscontext
-ValidationContext
the contextcertificate
- the certificate to check revocation data forvalidationDate
- validation date to check for
-
fillOcspResponses
private static void fillOcspResponses(java.util.List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, IBasicOCSPResp basicOCSPResp, java.util.Date generationDate, TimeBasedContext timeBasedContext)
-
retrieveAllCRLResponsesUsingClient
private static java.util.List<RevocationDataValidator.CrlValidationInfo> retrieveAllCRLResponsesUsingClient(ValidationReport report, java.security.cert.X509Certificate certificate, ICrlClient crlClient)
-
validateRevocationData
private void validateRevocationData(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.Date validationDate, java.util.List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, java.util.List<RevocationDataValidator.CrlValidationInfo> crlResponses)
-
retrieveAllOCSPResponses
private java.util.List<RevocationDataValidator.OcspResponseValidationInfo> retrieveAllOCSPResponses(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate)
-
retrieveAllCRLResponses
private java.util.List<RevocationDataValidator.CrlValidationInfo> retrieveAllCRLResponses(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate)
-
tryToFetchRevInfoOnline
private void tryToFetchRevInfoOnline(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.List<RevocationDataValidator.CrlValidationInfo> onlineCrlResponses, java.util.List<RevocationDataValidator.OcspResponseValidationInfo> onlineOcspResponses)
-
-