Package com.itextpdf.signatures
Class CertificateVerification
- java.lang.Object
-
- com.itextpdf.signatures.CertificateVerification
-
public class CertificateVerification extends java.lang.Object
This class consists of some methods that allow you to verify certificates.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
CERTIFICATE_REVOKED
static java.lang.String
HAS_UNSUPPORTED_EXTENSIONS
private static org.slf4j.Logger
LOGGER
The Logger instance.
-
Constructor Summary
Constructors Constructor Description CertificateVerification()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description private static void
logExceptionMessages(java.util.List<java.lang.Exception> exceptionsThrown)
static java.lang.String
verifyCertificate(java.security.cert.X509Certificate cert, java.util.Collection<java.security.cert.CRL> crls)
Verifies a single certificate for the current date.static java.lang.String
verifyCertificate(java.security.cert.X509Certificate cert, java.util.Collection<java.security.cert.CRL> crls, java.util.Calendar calendar)
Verifies a single certificate.static java.util.List<VerificationException>
verifyCertificates(java.security.cert.Certificate[] certs, java.security.KeyStore keystore)
Verifies a certificate chain against a KeyStore for the current date.static java.util.List<VerificationException>
verifyCertificates(java.security.cert.Certificate[] certs, java.security.KeyStore keystore, java.util.Calendar calendar)
Verifies a certificate chain against a KeyStore.static java.util.List<VerificationException>
verifyCertificates(java.security.cert.Certificate[] certs, java.security.KeyStore keystore, java.util.Collection<java.security.cert.CRL> crls)
Verifies a certificate chain against a KeyStore for the current date.static java.util.List<VerificationException>
verifyCertificates(java.security.cert.Certificate[] certs, java.security.KeyStore keystore, java.util.Collection<java.security.cert.CRL> crls, java.util.Calendar calendar)
Verifies a certificate chain against a KeyStore.static boolean
verifyOcspCertificates(IBasicOCSPResp ocsp, java.security.KeyStore keystore, java.lang.String provider)
Verifies an OCSP response against a KeyStore.static boolean
verifyTimestampCertificates(ITimeStampToken ts, java.security.KeyStore keystore, java.lang.String provider)
Verifies a time stamp against a KeyStore.
-
-
-
Field Detail
-
HAS_UNSUPPORTED_EXTENSIONS
public static final java.lang.String HAS_UNSUPPORTED_EXTENSIONS
- See Also:
- Constant Field Values
-
CERTIFICATE_REVOKED
public static final java.lang.String CERTIFICATE_REVOKED
- See Also:
- Constant Field Values
-
LOGGER
private static final org.slf4j.Logger LOGGER
The Logger instance.
-
-
Method Detail
-
verifyCertificate
public static java.lang.String verifyCertificate(java.security.cert.X509Certificate cert, java.util.Collection<java.security.cert.CRL> crls)
Verifies a single certificate for the current date.- Parameters:
cert
- the certificate to verifycrls
- the certificate revocation list ornull
- Returns:
- a
String
with the error description ornull
if no error
-
verifyCertificate
public static java.lang.String verifyCertificate(java.security.cert.X509Certificate cert, java.util.Collection<java.security.cert.CRL> crls, java.util.Calendar calendar)
Verifies a single certificate.- Parameters:
cert
- the certificate to verifycrls
- the certificate revocation list ornull
calendar
- the date, shall not be null- Returns:
- a
String
with the error description ornull
if no error
-
verifyCertificates
public static java.util.List<VerificationException> verifyCertificates(java.security.cert.Certificate[] certs, java.security.KeyStore keystore, java.util.Collection<java.security.cert.CRL> crls) throws java.security.cert.CertificateEncodingException
Verifies a certificate chain against a KeyStore for the current date.- Parameters:
certs
- the certificate chainkeystore
- theKeyStore
crls
- the certificate revocation list ornull
- Returns:
- empty list if the certificate chain could be validated or a
Object[]{cert,error}
wherecert
is the failed certificate anderror
is the error message - Throws:
java.security.cert.CertificateEncodingException
- if an encoding error occurs inCertificate
.
-
verifyCertificates
public static java.util.List<VerificationException> verifyCertificates(java.security.cert.Certificate[] certs, java.security.KeyStore keystore, java.util.Collection<java.security.cert.CRL> crls, java.util.Calendar calendar) throws java.security.cert.CertificateEncodingException
Verifies a certificate chain against a KeyStore.- Parameters:
certs
- the certificate chainkeystore
- theKeyStore
crls
- the certificate revocation list ornull
calendar
- the date, shall not be null- Returns:
- empty list if the certificate chain could be validated or a
Object[]{cert,error}
wherecert
is the failed certificate anderror
is the error message - Throws:
java.security.cert.CertificateEncodingException
- if an encoding error occurs inCertificate
.
-
verifyCertificates
public static java.util.List<VerificationException> verifyCertificates(java.security.cert.Certificate[] certs, java.security.KeyStore keystore) throws java.security.cert.CertificateEncodingException
Verifies a certificate chain against a KeyStore for the current date.- Parameters:
certs
- the certificate chainkeystore
- theKeyStore
- Returns:
null
if the certificate chain could be validated or aObject[]{cert,error}
wherecert
is the failed certificate anderror
is the error message- Throws:
java.security.cert.CertificateEncodingException
- if an encoding error occurs inCertificate
.
-
verifyCertificates
public static java.util.List<VerificationException> verifyCertificates(java.security.cert.Certificate[] certs, java.security.KeyStore keystore, java.util.Calendar calendar) throws java.security.cert.CertificateEncodingException
Verifies a certificate chain against a KeyStore.- Parameters:
certs
- the certificate chainkeystore
- theKeyStore
calendar
- the date, shall not be null- Returns:
null
if the certificate chain could be validated or aObject[]{cert,error}
wherecert
is the failed certificate anderror
is the error message- Throws:
java.security.cert.CertificateEncodingException
- if an encoding error occurs inCertificate
.
-
verifyOcspCertificates
public static boolean verifyOcspCertificates(IBasicOCSPResp ocsp, java.security.KeyStore keystore, java.lang.String provider)
Verifies an OCSP response against a KeyStore.- Parameters:
ocsp
- the OCSP responsekeystore
- theKeyStore
provider
- the provider ornull
to use the BouncyCastle provider- Returns:
true
is a certificate was found
-
verifyTimestampCertificates
public static boolean verifyTimestampCertificates(ITimeStampToken ts, java.security.KeyStore keystore, java.lang.String provider)
Verifies a time stamp against a KeyStore.- Parameters:
ts
- the time stampkeystore
- theKeyStore
provider
- the provider ornull
to use the BouncyCastle provider- Returns:
true
is a certificate was found
-
logExceptionMessages
private static void logExceptionMessages(java.util.List<java.lang.Exception> exceptionsThrown)
-
-