Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.itextpdf.text.pdf.security
Class CRLVerifier

java.lang.Object
  extended by com.itextpdf.text.pdf.security.CertificateVerifier
      extended by com.itextpdf.text.pdf.security.RootStoreVerifier
          extended by com.itextpdf.text.pdf.security.CRLVerifier

public class CRLVerifier
extends RootStoreVerifier

Class that allows you to verify a certificate against one or more Certificate Revocation Lists.

Field Summary
protected static Logger LOGGER
          The Logger instance
 
Fields inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
rootStore
 
Fields inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
onlineCheckingAllowed, verifier
 
Constructor Summary
CRLVerifier(CertificateVerifier verifier, java.util.List<java.security.cert.X509CRL> crls)
          Creates a CRLVerifier instance.
 
Method Summary
 java.security.cert.X509CRL getCRL(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert)
          Fetches a CRL for a specific certificate online (without further checking).
 boolean isSignatureValid(java.security.cert.X509CRL crl, java.security.cert.X509Certificate crlIssuer)
          Checks if a CRL verifies against the issuer certificate or a trusted anchor.
 java.util.List<VerificationOK> verify(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate)
          Verifies if a a valid CRL is found for the certificate.
 boolean verify(java.security.cert.X509CRL crl, java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate)
          Verifies a certificate against a single CRL.
 
Methods inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
setRootStore
 
Methods inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
setOnlineCheckingAllowed
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

LOGGER

protected static final Logger LOGGER
The Logger instance

Constructor Detail

CRLVerifier

public CRLVerifier(CertificateVerifier verifier,
                   java.util.List<java.security.cert.X509CRL> crls)
Creates a CRLVerifier instance.

Parameters:
verifier - the next verifier in the chain
crls - a list of CRLs
Method Detail

verify

public java.util.List<VerificationOK> verify(java.security.cert.X509Certificate signCert,
                                             java.security.cert.X509Certificate issuerCert,
                                             java.util.Date signDate)
                                      throws java.security.GeneralSecurityException,
                                             java.io.IOException
Verifies if a a valid CRL is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any CRL that was available.

Overrides:
verify in class RootStoreVerifier
Parameters:
signCert - the certificate that needs to be checked
issuerCert - its issuer
signDate - the date the certificate needs to be valid
Returns:
a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.
Throws:
java.security.GeneralSecurityException
java.io.IOException
See Also:
RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)

verify

public boolean verify(java.security.cert.X509CRL crl,
                      java.security.cert.X509Certificate signCert,
                      java.security.cert.X509Certificate issuerCert,
                      java.util.Date signDate)
               throws java.security.GeneralSecurityException
Verifies a certificate against a single CRL.

Parameters:
crl - the Certificate Revocation List
signCert - a certificate that needs to be verified
issuerCert - its issuer
signDate - the sign date
Returns:
true if the verification succeeded
Throws:
java.security.GeneralSecurityException

getCRL

public java.security.cert.X509CRL getCRL(java.security.cert.X509Certificate signCert,
                                         java.security.cert.X509Certificate issuerCert)
Fetches a CRL for a specific certificate online (without further checking).

Parameters:
signCert - the certificate
issuerCert - its issuer
Returns:
an X509CRL object

isSignatureValid

public boolean isSignatureValid(java.security.cert.X509CRL crl,
                                java.security.cert.X509Certificate crlIssuer)
Checks if a CRL verifies against the issuer certificate or a trusted anchor.

Parameters:
crl - the CRL
crlIssuer - the trusted anchor
Returns:
true if the CRL can be trusted
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013. All Rights Reserved.