Class RevocationDataValidator
java.lang.Object
com.itextpdf.signatures.validation.v1.RevocationDataValidator
Class that allows you to fetch and validate revocation data for the certificate.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final IBouncyCastleFactory
private final IssuingCertificateRetriever
(package private) static final String
private final List
<ICrlClient> private final CRLValidator
(package private) static final String
private final List
<IOcspClient> private final OCSPValidator
private final SignatureValidationProperties
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
-
Constructor Summary
ConstructorsConstructorDescriptionCreates newRevocationDataValidator
instance to validate certificate revocation data. -
Method Summary
Modifier and TypeMethodDescriptionaddCrlClient
(ICrlClient crlClient) AddICrlClient
to be used for CRL responses receiving.addOcspClient
(IOcspClient ocspClient) AddIOcspClient
to be used for OCSP responses receiving.private void
fillOcspResponsesMap
(Map<ISingleResp, IBasicOCSPResp> ocspResponsesMap, IBasicOCSPResp basicOCSPResp) retrieveAllCRLResponses
(ValidationReport report, ValidationContext context, X509Certificate certificate) retrieveAllCRLResponsesUsingClient
(ValidationReport report, X509Certificate certificate, ICrlClient crlClient) private Map
<ISingleResp, IBasicOCSPResp> retrieveAllOCSPResponses
(ValidationContext context, X509Certificate certificate) void
validate
(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate) Validates revocation data (Certificate Revocation List (CRL) Responses and OCSP Responses) of the certificate.private void
validateRevocationData
(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate, List<ISingleResp> singleResponses, Map<ISingleResp, IBasicOCSPResp> ocspResponsesMap, List<X509CRL> crlResponses)
-
Field Details
-
REVOCATION_DATA_CHECK
- See Also:
-
CRL_PARSING_ERROR
- See Also:
-
NO_REVOCATION_DATA
- See Also:
-
SELF_SIGNED_CERTIFICATE
- See Also:
-
TRUSTED_OCSP_RESPONDER
- See Also:
-
VALIDITY_ASSURED
- See Also:
-
BOUNCY_CASTLE_FACTORY
-
ocspClients
-
crlClients
-
properties
-
certificateRetriever
-
ocspValidator
-
crlValidator
-
-
Constructor Details
-
RevocationDataValidator
RevocationDataValidator(ValidatorChainBuilder builder) Creates newRevocationDataValidator
instance to validate certificate revocation data.- Parameters:
builder
- SeeValidatorChainBuilder
-
-
Method Details
-
addCrlClient
AddICrlClient
to be used for CRL responses receiving.- Parameters:
crlClient
-ICrlClient
to be used for CRL responses receiving- Returns:
- same instance of
RevocationDataValidator
.
-
addOcspClient
AddIOcspClient
to be used for OCSP responses receiving.- Parameters:
ocspClient
-IOcspClient
to be used for OCSP responses receiving- Returns:
- same instance of
RevocationDataValidator
.
-
validate
public void validate(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate) Validates revocation data (Certificate Revocation List (CRL) Responses and OCSP Responses) of the certificate.- Parameters:
report
- to store all the verification resultscontext
-ValidationContext
the contextcertificate
- the certificate to check revocation data forvalidationDate
- validation date to check for
-
validateRevocationData
private void validateRevocationData(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate, List<ISingleResp> singleResponses, Map<ISingleResp, IBasicOCSPResp> ocspResponsesMap, List<X509CRL> crlResponses) -
retrieveAllOCSPResponses
private Map<ISingleResp,IBasicOCSPResp> retrieveAllOCSPResponses(ValidationContext context, X509Certificate certificate) -
fillOcspResponsesMap
private void fillOcspResponsesMap(Map<ISingleResp, IBasicOCSPResp> ocspResponsesMap, IBasicOCSPResp basicOCSPResp) -
retrieveAllCRLResponses
private List<X509CRL> retrieveAllCRLResponses(ValidationReport report, ValidationContext context, X509Certificate certificate) -
retrieveAllCRLResponsesUsingClient
private List<X509CRL> retrieveAllCRLResponsesUsingClient(ValidationReport report, X509Certificate certificate, ICrlClient crlClient)
-