Class RevocationDataValidator
- java.lang.Object
-
- com.itextpdf.signatures.validation.RevocationDataValidator
-
public class RevocationDataValidator extends java.lang.ObjectClass that allows you to fetch and validate revocation data for the certificate.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classRevocationDataValidator.CrlValidationInfoClass which contains validation related information about CRL response.static classRevocationDataValidator.OcspResponseValidationInfoClass which contains validation related information about single OCSP response.
-
Field Summary
Fields Modifier and Type Field Description private static IBouncyCastleFactoryBOUNCY_CASTLE_FACTORYprivate ValidatorChainBuilderbuilder(package private) static java.lang.StringCANNOT_PARSE_CRL(package private) static java.lang.StringCANNOT_PARSE_OCSPprivate IssuingCertificateRetrievercertificateRetriever(package private) static java.lang.StringCRL_CLIENT_FAILURE(package private) static java.lang.StringCRL_VALIDATOR_FAILUREprivate java.util.List<ICrlClient>crlClientsprivate CRLValidatorcrlValidator(package private) static java.lang.StringISSUER_RETRIEVAL_FAILED(package private) static java.lang.StringNO_REV_AVAILABLE(package private) static java.lang.StringNO_REV_AVAILABLE_CA(package private) static java.lang.StringNO_REVOCATION_DATA(package private) static java.lang.StringOCSP_CLIENT_FAILURE(package private) static java.lang.StringOCSP_VALIDATOR_FAILUREprivate java.util.List<IOcspClient>ocspClientsprivate OCSPValidatorocspValidatorprivate SignatureValidationPropertiesproperties(package private) static java.lang.StringREVOCATION_DATA_CHECK(package private) static java.lang.StringSELF_SIGNED_CERTIFICATE(package private) static java.lang.StringTRUSTED_OCSP_RESPONDER(package private) static java.lang.StringUNABLE_TO_RETRIEVE_REV_DATA_ONLINE(package private) static java.lang.StringVALIDITY_ASSURED
-
Constructor Summary
Constructors Modifier Constructor Description protectedRevocationDataValidator(ValidatorChainBuilder builder)Creates newRevocationDataValidatorinstance to validate certificate revocation data.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description RevocationDataValidatoraddCrlClient(ICrlClient crlClient)AddICrlClientto be used for CRL responses receiving.RevocationDataValidatoraddOcspClient(IOcspClient ocspClient)AddIOcspClientto be used for OCSP responses receiving.private static voidfillOcspResponses(java.util.List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, IBasicOCSPResp basicOCSPResp, java.util.Date generationDate, TimeBasedContext timeBasedContext)private java.util.List<RevocationDataValidator.CrlValidationInfo>retrieveAllCRLResponses(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate)private static java.util.List<RevocationDataValidator.CrlValidationInfo>retrieveAllCRLResponsesUsingClient(ValidationReport report, java.security.cert.X509Certificate certificate, ICrlClient crlClient)private java.util.List<RevocationDataValidator.OcspResponseValidationInfo>retrieveAllOCSPResponses(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate)private voidtryToFetchRevInfoOnline(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.List<RevocationDataValidator.CrlValidationInfo> onlineCrlResponses, java.util.List<RevocationDataValidator.OcspResponseValidationInfo> onlineOcspResponses)voidvalidate(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.Date validationDate)Validates revocation data (Certificate Revocation List (CRL) Responses and OCSP Responses) of the certificate.private voidvalidateRevocationData(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.Date validationDate, java.util.List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, java.util.List<RevocationDataValidator.CrlValidationInfo> crlResponses)
-
-
-
Field Detail
-
REVOCATION_DATA_CHECK
static final java.lang.String REVOCATION_DATA_CHECK
- See Also:
- Constant Field Values
-
NO_REVOCATION_DATA
static final java.lang.String NO_REVOCATION_DATA
- See Also:
- Constant Field Values
-
SELF_SIGNED_CERTIFICATE
static final java.lang.String SELF_SIGNED_CERTIFICATE
- See Also:
- Constant Field Values
-
TRUSTED_OCSP_RESPONDER
static final java.lang.String TRUSTED_OCSP_RESPONDER
- See Also:
- Constant Field Values
-
VALIDITY_ASSURED
static final java.lang.String VALIDITY_ASSURED
- See Also:
- Constant Field Values
-
NO_REV_AVAILABLE
static final java.lang.String NO_REV_AVAILABLE
- See Also:
- Constant Field Values
-
NO_REV_AVAILABLE_CA
static final java.lang.String NO_REV_AVAILABLE_CA
- See Also:
- Constant Field Values
-
CANNOT_PARSE_OCSP
static final java.lang.String CANNOT_PARSE_OCSP
- See Also:
- Constant Field Values
-
CANNOT_PARSE_CRL
static final java.lang.String CANNOT_PARSE_CRL
- See Also:
- Constant Field Values
-
ISSUER_RETRIEVAL_FAILED
static final java.lang.String ISSUER_RETRIEVAL_FAILED
- See Also:
- Constant Field Values
-
OCSP_CLIENT_FAILURE
static final java.lang.String OCSP_CLIENT_FAILURE
- See Also:
- Constant Field Values
-
CRL_CLIENT_FAILURE
static final java.lang.String CRL_CLIENT_FAILURE
- See Also:
- Constant Field Values
-
OCSP_VALIDATOR_FAILURE
static final java.lang.String OCSP_VALIDATOR_FAILURE
- See Also:
- Constant Field Values
-
CRL_VALIDATOR_FAILURE
static final java.lang.String CRL_VALIDATOR_FAILURE
- See Also:
- Constant Field Values
-
UNABLE_TO_RETRIEVE_REV_DATA_ONLINE
static final java.lang.String UNABLE_TO_RETRIEVE_REV_DATA_ONLINE
- See Also:
- Constant Field Values
-
BOUNCY_CASTLE_FACTORY
private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY
-
ocspClients
private final java.util.List<IOcspClient> ocspClients
-
crlClients
private final java.util.List<ICrlClient> crlClients
-
properties
private final SignatureValidationProperties properties
-
certificateRetriever
private final IssuingCertificateRetriever certificateRetriever
-
ocspValidator
private final OCSPValidator ocspValidator
-
crlValidator
private final CRLValidator crlValidator
-
builder
private final ValidatorChainBuilder builder
-
-
Constructor Detail
-
RevocationDataValidator
protected RevocationDataValidator(ValidatorChainBuilder builder)
Creates newRevocationDataValidatorinstance to validate certificate revocation data.- Parameters:
builder- SeeValidatorChainBuilder
-
-
Method Detail
-
addCrlClient
public RevocationDataValidator addCrlClient(ICrlClient crlClient)
AddICrlClientto be used for CRL responses receiving. These clients will be used regardless of theSignatureValidationProperties.OnlineFetchingsettings- Parameters:
crlClient-ICrlClientto be used for CRL responses receiving- Returns:
- same instance of
RevocationDataValidator.
-
addOcspClient
public RevocationDataValidator addOcspClient(IOcspClient ocspClient)
AddIOcspClientto be used for OCSP responses receiving. These clients will be used regardless of theSignatureValidationProperties.OnlineFetchingsettings- Parameters:
ocspClient-IOcspClientto be used for OCSP responses receiving- Returns:
- same instance of
RevocationDataValidator.
-
validate
public void validate(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.Date validationDate)
Validates revocation data (Certificate Revocation List (CRL) Responses and OCSP Responses) of the certificate.- Parameters:
report- to store all the verification resultscontext-ValidationContextthe contextcertificate- the certificate to check revocation data forvalidationDate- validation date to check for
-
fillOcspResponses
private static void fillOcspResponses(java.util.List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, IBasicOCSPResp basicOCSPResp, java.util.Date generationDate, TimeBasedContext timeBasedContext)
-
retrieveAllCRLResponsesUsingClient
private static java.util.List<RevocationDataValidator.CrlValidationInfo> retrieveAllCRLResponsesUsingClient(ValidationReport report, java.security.cert.X509Certificate certificate, ICrlClient crlClient)
-
validateRevocationData
private void validateRevocationData(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.Date validationDate, java.util.List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, java.util.List<RevocationDataValidator.CrlValidationInfo> crlResponses)
-
retrieveAllOCSPResponses
private java.util.List<RevocationDataValidator.OcspResponseValidationInfo> retrieveAllOCSPResponses(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate)
-
retrieveAllCRLResponses
private java.util.List<RevocationDataValidator.CrlValidationInfo> retrieveAllCRLResponses(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate)
-
tryToFetchRevInfoOnline
private void tryToFetchRevInfoOnline(ValidationReport report, ValidationContext context, java.security.cert.X509Certificate certificate, java.util.List<RevocationDataValidator.CrlValidationInfo> onlineCrlResponses, java.util.List<RevocationDataValidator.OcspResponseValidationInfo> onlineOcspResponses)
-
-