Class CRLVerifier


  • public class CRLVerifier
    extends RootStoreVerifier
    Class that allows you to verify a certificate against one or more Certificate Revocation Lists.
    • Constructor Summary

      Constructors 
      Constructor Description
      CRLVerifier​(CertificateVerifier verifier, java.util.List<java.security.cert.X509CRL> crls)
      Creates a CRLVerifier instance.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.security.cert.X509CRL getCRL​(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert)
      Fetches a CRL for a specific certificate online (without further checking).
      boolean isSignatureValid​(java.security.cert.X509CRL crl, java.security.cert.X509Certificate crlIssuer)
      Checks if a CRL verifies against the issuer certificate or a trusted anchor.
      java.util.List<VerificationOK> verify​(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate)
      Verifies if a a valid CRL is found for the certificate.
      boolean verify​(java.security.cert.X509CRL crl, java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate)
      Verifies a certificate against a single CRL.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • LOGGER

        protected static final Logger LOGGER
        The Logger instance
      • crls

        java.util.List<java.security.cert.X509CRL> crls
        The list of CRLs to check for revocation date.
    • Constructor Detail

      • CRLVerifier

        public CRLVerifier​(CertificateVerifier verifier,
                           java.util.List<java.security.cert.X509CRL> crls)
        Creates a CRLVerifier instance.
        Parameters:
        verifier - the next verifier in the chain
        crls - a list of CRLs
    • Method Detail

      • verify

        public java.util.List<VerificationOK> verify​(java.security.cert.X509Certificate signCert,
                                                     java.security.cert.X509Certificate issuerCert,
                                                     java.util.Date signDate)
                                              throws java.security.GeneralSecurityException,
                                                     java.io.IOException
        Verifies if a a valid CRL is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any CRL that was available.
        Overrides:
        verify in class RootStoreVerifier
        Parameters:
        signCert - the certificate that needs to be checked
        issuerCert - its issuer
        signDate - the date the certificate needs to be valid
        Returns:
        a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.
        Throws:
        java.security.GeneralSecurityException
        java.io.IOException
        See Also:
        RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
      • verify

        public boolean verify​(java.security.cert.X509CRL crl,
                              java.security.cert.X509Certificate signCert,
                              java.security.cert.X509Certificate issuerCert,
                              java.util.Date signDate)
                       throws java.security.GeneralSecurityException
        Verifies a certificate against a single CRL.
        Parameters:
        crl - the Certificate Revocation List
        signCert - a certificate that needs to be verified
        issuerCert - its issuer
        signDate - the sign date
        Returns:
        true if the verification succeeded
        Throws:
        java.security.GeneralSecurityException
      • getCRL

        public java.security.cert.X509CRL getCRL​(java.security.cert.X509Certificate signCert,
                                                 java.security.cert.X509Certificate issuerCert)
        Fetches a CRL for a specific certificate online (without further checking).
        Parameters:
        signCert - the certificate
        issuerCert - its issuer
        Returns:
        an X509CRL object
      • isSignatureValid

        public boolean isSignatureValid​(java.security.cert.X509CRL crl,
                                        java.security.cert.X509Certificate crlIssuer)
        Checks if a CRL verifies against the issuer certificate or a trusted anchor.
        Parameters:
        crl - the CRL
        crlIssuer - the trusted anchor
        Returns:
        true if the CRL can be trusted