|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.itextpdf.text.pdf.security.CertificateVerifier
com.itextpdf.text.pdf.security.RootStoreVerifier
com.itextpdf.text.pdf.security.OCSPVerifier
public class OCSPVerifier
Class that allows you to verify a certificate against one or more OCSP responses.
Field Summary | |
---|---|
protected static Logger |
LOGGER
The Logger instance |
protected java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> |
ocsps
The list of OCSP responses. |
Fields inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier |
---|
rootStore |
Fields inherited from class com.itextpdf.text.pdf.security.CertificateVerifier |
---|
onlineCheckingAllowed, verifier |
Constructor Summary | |
---|---|
OCSPVerifier(CertificateVerifier verifier,
java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps)
Creates an OCSPVerifier instance. |
Method Summary | |
---|---|
org.bouncycastle.cert.ocsp.BasicOCSPResp |
getOcspResponse(java.security.cert.X509Certificate signCert,
java.security.cert.X509Certificate issuerCert)
Gets an OCSP response online and returns it if the status is GOOD (without further checking). |
boolean |
isSignatureValid(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
java.security.cert.Certificate responderCert)
Checks if an OCSP response is genuine |
void |
isValidResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
java.security.cert.X509Certificate issuerCert)
Verifies if an OCSP response is genuine |
boolean |
verify(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
java.security.cert.X509Certificate signCert,
java.security.cert.X509Certificate issuerCert,
java.util.Date signDate)
Verifies a certificate against a single OCSP response |
java.util.List<VerificationOK> |
verify(java.security.cert.X509Certificate signCert,
java.security.cert.X509Certificate issuerCert,
java.util.Date signDate)
Verifies if a a valid OCSP response is found for the certificate. |
boolean |
verifyResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
java.security.cert.X509Certificate responderCert)
Verifies if the signature of the response is valid. |
Methods inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier |
---|
setRootStore |
Methods inherited from class com.itextpdf.text.pdf.security.CertificateVerifier |
---|
setOnlineCheckingAllowed |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected static final Logger LOGGER
protected java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps
Constructor Detail |
---|
public OCSPVerifier(CertificateVerifier verifier, java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps)
verifier
- the next verifier in the chainocsps
- a list of OCSP responsesMethod Detail |
---|
public java.util.List<VerificationOK> verify(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate) throws java.security.GeneralSecurityException, java.io.IOException
verify
in class RootStoreVerifier
signCert
- the certificate that needs to be checkedissuerCert
- its issuersignDate
- the date the certificate needs to be valid
VerificationOK
objects.
The list will be empty if the certificate couldn't be verified.
java.security.GeneralSecurityException
java.io.IOException
RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
public boolean verify(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate) throws java.security.GeneralSecurityException, java.io.IOException
ocspResp
- the OCSP responseserialNumber
- the serial number of the certificate that needs to be checkedissuerCert
- signDate
-
java.security.GeneralSecurityException
java.io.IOException
public void isValidResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.X509Certificate issuerCert) throws java.security.GeneralSecurityException, java.io.IOException
ocspResp
- the OCSP responseissuerCert
- the issuer certificate
java.security.GeneralSecurityException
java.io.IOException
public boolean verifyResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.X509Certificate responderCert)
ocspResp
- the response objectresponderCert
- the certificate that may be used to sign the response
public boolean isSignatureValid(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.Certificate responderCert)
ocspResp
- the OCSP responseresponderCert
- the responder certificate
public org.bouncycastle.cert.ocsp.BasicOCSPResp getOcspResponse(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert)
signCert
- the signing certificateissuerCert
- the issuer certificate
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |