Class OCSPValidator
java.lang.Object
com.itextpdf.signatures.validation.OCSPValidator
Class that allows you to validate a single OCSP response.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final IBouncyCastleFactory
private final ValidatorChainBuilder
(package private) static final String
(package private) static final String
(package private) static final String
private final IssuingCertificateRetriever
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
private final SignatureValidationProperties
(package private) static final String
(package private) static final String
(package private) static final String
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
OCSPValidator
(ValidatorChainBuilder builder) Creates newOCSPValidator
instance. -
Method Summary
Modifier and TypeMethodDescriptionprivate static void
addResponderValidationReport
(ValidationReport report, ValidationReport responderReport) private Date
getArchiveCutoffExtension
(IBasicOCSPResp ocspResp) void
validate
(ValidationReport report, ValidationContext context, X509Certificate certificate, ISingleResp singleResp, IBasicOCSPResp ocspResp, Date validationDate, Date responseGenerationDate) Validates a certificate against single OCSP Response.private void
verifyOcspResponder
(ValidationReport report, ValidationContext context, IBasicOCSPResp ocspResp, X509Certificate issuerCert, Date responseGenerationDate) Verifies if an OCSP response is genuine.
-
Field Details
-
CERT_IS_EXPIRED
- See Also:
-
CERT_IS_REVOKED
- See Also:
-
CERT_STATUS_IS_UNKNOWN
- See Also:
-
INVALID_OCSP
- See Also:
-
ISSUERS_DO_NOT_MATCH
- See Also:
-
ISSUER_MISSING
- See Also:
-
FRESHNESS_CHECK
- See Also:
-
OCSP_COULD_NOT_BE_VERIFIED
- See Also:
-
OCSP_RESPONDER_NOT_RETRIEVED
- See Also:
-
OCSP_RESPONDER_NOT_VERIFIED
- See Also:
-
OCSP_RESPONDER_DID_NOT_SIGN
- See Also:
-
OCSP_RESPONDER_TRUST_NOT_RETRIEVED
- See Also:
-
OCSP_RESPONDER_TRUSTED
- See Also:
-
OCSP_RESPONDER_IS_CA
- See Also:
-
OCSP_IS_NO_LONGER_VALID
- See Also:
-
SERIAL_NUMBERS_DO_NOT_MATCH
- See Also:
-
UNABLE_TO_CHECK_IF_ISSUERS_MATCH
- See Also:
-
UNABLE_TO_RETRIEVE_ISSUER
- See Also:
-
OCSP_CHECK
- See Also:
-
BOUNCY_CASTLE_FACTORY
-
certificateRetriever
-
properties
-
builder
-
-
Constructor Details
-
OCSPValidator
Creates newOCSPValidator
instance.- Parameters:
builder
- SeeValidatorChainBuilder
-
-
Method Details
-
validate
public void validate(ValidationReport report, ValidationContext context, X509Certificate certificate, ISingleResp singleResp, IBasicOCSPResp ocspResp, Date validationDate, Date responseGenerationDate) Validates a certificate against single OCSP Response.- Parameters:
report
- to store all the chain verification resultscontext
- the context in which to perform the validationcertificate
- the certificate to check forsingleResp
- single response to checkocspResp
- basic OCSP response which contains single response to checkvalidationDate
- validation date to check forresponseGenerationDate
- trusted date at which response is generated
-
verifyOcspResponder
private void verifyOcspResponder(ValidationReport report, ValidationContext context, IBasicOCSPResp ocspResp, X509Certificate issuerCert, Date responseGenerationDate) Verifies if an OCSP response is genuine. If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert.- Parameters:
report
- to store all the chain verification resultscontext
- the context in which to perform the validationocspResp
-IBasicOCSPResp
the OCSP response wrapperissuerCert
- the issuer of the certificate for which the OCSP is checked
-
addResponderValidationReport
private static void addResponderValidationReport(ValidationReport report, ValidationReport responderReport) -
getArchiveCutoffExtension
-