Class CertificateChainValidator
java.lang.Object
com.itextpdf.signatures.validation.CertificateChainValidator
Validator class, which is expected to be used for certificates chain validation.
-
Field Summary
FieldsModifier and TypeFieldDescription(package private) static final String(package private) static final String(package private) static final Stringprivate final IssuingCertificateRetriever(package private) static final String(package private) static final String(package private) static final String(package private) static final String(package private) static final String(package private) static final String(package private) static final String(package private) static final Stringprivate final SignatureValidationProperties(package private) static final Stringprivate final RevocationDataValidator(package private) static final String(package private) static final String(package private) static final String -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate booleancheckIfCertIsTrusted(ValidationReport result, ValidationContext context, X509Certificate certificate) private booleanstopValidation(ValidationReport result, ValidationContext context) validate(ValidationReport result, ValidationContext context, X509Certificate certificate, Date validationDate) Validate given certificate using provided validation date and required extensions.private ValidationReportvalidate(ValidationReport result, ValidationContext context, X509Certificate certificate, Date validationDate, int certificateChainSize) validateCertificate(ValidationContext context, X509Certificate certificate, Date validationDate) Validate given certificate using provided validation date and required extensions.private voidvalidateChain(ValidationReport result, ValidationContext context, X509Certificate certificate, Date validationDate, int certificateChainSize) private voidvalidateRequiredExtensions(ValidationReport result, ValidationContext context, X509Certificate certificate, int certificateChainSize) private voidvalidateRevocationData(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate) private voidvalidateValidityPeriod(ValidationReport result, X509Certificate certificate, Date validationDate)
-
Field Details
-
CERTIFICATE_CHECK
- See Also:
-
VALIDITY_CHECK
- See Also:
-
EXTENSIONS_CHECK
- See Also:
-
CERTIFICATE_TRUSTED
- See Also:
-
CERTIFICATE_TRUSTED_FOR_DIFFERENT_CONTEXT
- See Also:
-
EXTENSION_MISSING
- See Also:
-
ISSUER_MISSING
- See Also:
-
EXPIRED_CERTIFICATE
- See Also:
-
NOT_YET_VALID_CERTIFICATE
- See Also:
-
ISSUER_CANNOT_BE_VERIFIED
- See Also:
-
ISSUER_VERIFICATION_FAILED
- See Also:
-
ISSUER_RETRIEVAL_FAILED
- See Also:
-
TRUSTSTORE_RETRIEVAL_FAILED
- See Also:
-
REVOCATION_VALIDATION_FAILED
- See Also:
-
VALIDITY_PERIOD_CHECK_FAILED
- See Also:
-
properties
-
certificateRetriever
-
revocationDataValidator
-
-
Constructor Details
-
CertificateChainValidator
Create new instance ofCertificateChainValidator.- Parameters:
builder- SeeValidatorChainBuilder
-
-
Method Details
-
validateCertificate
public ValidationReport validateCertificate(ValidationContext context, X509Certificate certificate, Date validationDate) Validate given certificate using provided validation date and required extensions.- Parameters:
context- the validation context in which to validate the certificate chaincertificate-X509Certificateto be validatedvalidationDate-Dateagainst which certificate is expected to be validated. Usually signing date- Returns:
ValidationReportwhich contains detailed validation results.
-
validate
public ValidationReport validate(ValidationReport result, ValidationContext context, X509Certificate certificate, Date validationDate) Validate given certificate using provided validation date and required extensions. Result is added into provided report.- Parameters:
result-ValidationReportwhich is populated with detailed validation resultscontext- the context in which to perform the validationcertificate-X509Certificateto be validatedvalidationDate-Dateagainst which certificate is expected to be validated. Usually signing date- Returns:
ValidationReportwhich contains both provided and new validation results.
-
validate
private ValidationReport validate(ValidationReport result, ValidationContext context, X509Certificate certificate, Date validationDate, int certificateChainSize) -
checkIfCertIsTrusted
private boolean checkIfCertIsTrusted(ValidationReport result, ValidationContext context, X509Certificate certificate) -
stopValidation
-
validateValidityPeriod
private void validateValidityPeriod(ValidationReport result, X509Certificate certificate, Date validationDate) -
validateRequiredExtensions
private void validateRequiredExtensions(ValidationReport result, ValidationContext context, X509Certificate certificate, int certificateChainSize) -
validateRevocationData
private void validateRevocationData(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate) -
validateChain
private void validateChain(ValidationReport result, ValidationContext context, X509Certificate certificate, Date validationDate, int certificateChainSize)
-