Class OCSPValidator
java.lang.Object
com.itextpdf.signatures.validation.v1.OCSPValidator
Class that allows you to validate a single OCSP response.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final IBouncyCastleFactory
private final ValidatorChainBuilder
(package private) static final String
(package private) static final String
private final IssuingCertificateRetriever
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
private final SignatureValidationProperties
(package private) static final String
(package private) static final String
-
Constructor Summary
ConstructorsConstructorDescriptionOCSPValidator
(ValidatorChainBuilder builder) Creates newOCSPValidator
instance. -
Method Summary
Modifier and TypeMethodDescriptionprivate void
addResponderValidationReport
(ValidationReport report, ValidationReport responderReport) void
validate
(ValidationReport report, ValidationContext context, X509Certificate certificate, ISingleResp singleResp, IBasicOCSPResp ocspResp, Date validationDate) Validates a certificate against single OCSP Response.private void
verifyOcspResponder
(ValidationReport report, ValidationContext context, IBasicOCSPResp ocspResp, X509Certificate issuerCert) Verifies if an OCSP response is genuine.
-
Field Details
-
CERT_IS_REVOKED
- See Also:
-
CERT_STATUS_IS_UNKNOWN
- See Also:
-
INVALID_OCSP
- See Also:
-
ISSUERS_DO_NOT_MATCH
- See Also:
-
FRESHNESS_CHECK
- See Also:
-
OCSP_COULD_NOT_BE_VERIFIED
- See Also:
-
OCSP_IS_NO_LONGER_VALID
- See Also:
-
SERIAL_NUMBERS_DO_NOT_MATCH
- See Also:
-
UNABLE_TO_CHECK_IF_ISSUERS_MATCH
- See Also:
-
OCSP_CHECK
- See Also:
-
BOUNCY_CASTLE_FACTORY
-
certificateRetriever
-
properties
-
builder
-
-
Constructor Details
-
OCSPValidator
OCSPValidator(ValidatorChainBuilder builder) Creates newOCSPValidator
instance.- Parameters:
builder
- SeeValidatorChainBuilder
-
-
Method Details
-
validate
public void validate(ValidationReport report, ValidationContext context, X509Certificate certificate, ISingleResp singleResp, IBasicOCSPResp ocspResp, Date validationDate) Validates a certificate against single OCSP Response.- Parameters:
report
- to store all the chain verification resultscontext
- the context in which to perform the validationcertificate
- the certificate to check forsingleResp
- single response to checkocspResp
- basic OCSP response which contains single response to checkvalidationDate
- validation date to check for
-
verifyOcspResponder
private void verifyOcspResponder(ValidationReport report, ValidationContext context, IBasicOCSPResp ocspResp, X509Certificate issuerCert) Verifies if an OCSP response is genuine. If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert.- Parameters:
report
- to store all the chain verification resultscontext
- the context in which to perform the validationocspResp
-IBasicOCSPResp
the OCSP response wrapperissuerCert
- the issuer of the certificate for which the OCSP is checked
-
addResponderValidationReport
private void addResponderValidationReport(ValidationReport report, ValidationReport responderReport)
-