com.itextpdf.signatures

Class CertificateVerification

java.lang.Object

com.itextpdf.signatures.CertificateVerification

public class CertificateVerification
extends Object

This class consists of some methods that allow you to verify certificates.

Constructor Summary

Constructors

Constructor and Description
CertificateVerification()

Method Summary

Modifier and Type	Method and Description
static String	verifyCertificate(X509Certificate cert, Collection<CRL> crls) Verifies a single certificate for the current date.
static String	verifyCertificate(X509Certificate cert, Collection<CRL> crls, Calendar calendar) Verifies a single certificate.
static List<VerificationException>	verifyCertificates(Certificate[] certs, KeyStore keystore) Verifies a certificate chain against a KeyStore for the current date.
static List<VerificationException>	verifyCertificates(Certificate[] certs, KeyStore keystore, Calendar calendar) Verifies a certificate chain against a KeyStore.
static List<VerificationException>	verifyCertificates(Certificate[] certs, KeyStore keystore, Collection<CRL> crls) Verifies a certificate chain against a KeyStore for the current date.
static List<VerificationException>	verifyCertificates(Certificate[] certs, KeyStore keystore, Collection<CRL> crls, Calendar calendar) Verifies a certificate chain against a KeyStore.
static boolean	verifyOcspCertificates(org.bouncycastle.cert.ocsp.BasicOCSPResp ocsp, KeyStore keystore, String provider) Verifies an OCSP response against a KeyStore.
static boolean	verifyTimestampCertificates(org.bouncycastle.tsp.TimeStampToken ts, KeyStore keystore, String provider) Verifies a time stamp against a KeyStore.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertificateVerification

public CertificateVerification()

Method Detail

verifyCertificate

public static String verifyCertificate(X509Certificate cert,
                                       Collection<CRL> crls)

Verifies a single certificate for the current date.

Parameters:

cert - the certificate to verify

crls - the certificate revocation list or null

Returns:

a String with the error description or null if no error

verifyCertificate

public static String verifyCertificate(X509Certificate cert,
                                       Collection<CRL> crls,
                                       Calendar calendar)

Verifies a single certificate.

Parameters:

cert - the certificate to verify

crls - the certificate revocation list or null

calendar - the date, shall not be null

Returns:

a String with the error description or null if no error

verifyCertificates

public static List<VerificationException> verifyCertificates(Certificate[] certs,
                                                             KeyStore keystore,
                                                             Collection<CRL> crls)

Verifies a certificate chain against a KeyStore for the current date.

Parameters:

certs - the certificate chain

keystore - the KeyStore

crls - the certificate revocation list or null

Returns:

empty list if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message

verifyCertificates

public static List<VerificationException> verifyCertificates(Certificate[] certs,
                                                             KeyStore keystore,
                                                             Collection<CRL> crls,
                                                             Calendar calendar)

Verifies a certificate chain against a KeyStore.

Parameters:

certs - the certificate chain

keystore - the KeyStore

crls - the certificate revocation list or null

calendar - the date, shall not be null

Returns:

empty list if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message

verifyCertificates

public static List<VerificationException> verifyCertificates(Certificate[] certs,
                                                             KeyStore keystore)

Verifies a certificate chain against a KeyStore for the current date.

Parameters:

certs - the certificate chain

keystore - the KeyStore

Returns:

null if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message

verifyCertificates

public static List<VerificationException> verifyCertificates(Certificate[] certs,
                                                             KeyStore keystore,
                                                             Calendar calendar)

Verifies a certificate chain against a KeyStore.

Parameters:

certs - the certificate chain

keystore - the KeyStore

calendar - the date, shall not be null

Returns:

null if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message

verifyOcspCertificates

public static boolean verifyOcspCertificates(org.bouncycastle.cert.ocsp.BasicOCSPResp ocsp,
                                             KeyStore keystore,
                                             String provider)

Verifies an OCSP response against a KeyStore.

Parameters:

ocsp - the OCSP response

keystore - the KeyStore

provider - the provider or null to use the BouncyCastle provider

Returns:

true is a certificate was found

verifyTimestampCertificates

public static boolean verifyTimestampCertificates(org.bouncycastle.tsp.TimeStampToken ts,
                                                  KeyStore keystore,
                                                  String provider)

Verifies a time stamp against a KeyStore.

Parameters:

ts - the time stamp

keystore - the KeyStore

provider - the provider or null to use the BouncyCastle provider

Returns:

true is a certificate was found