Class RevocationDataValidator

java.lang.Object

com.itextpdf.signatures.validation.RevocationDataValidator

public class RevocationDataValidator
extends Object

Class that allows you to fetch and validate revocation data for the certificate.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	RevocationDataValidator.CrlValidationInfo	Class which contains validation related information about CRL response.
static class	RevocationDataValidator.OcspResponseValidationInfo	Class which contains validation related information about single OCSP response.

Field Summary

Fields

Modifier and Type	Field	Description
private static final IBouncyCastleFactory	BOUNCY_CASTLE_FACTORY
private final ValidatorChainBuilder	builder
(package private) static final String	CANNOT_PARSE_CRL
(package private) static final String	CANNOT_PARSE_OCSP
private final IssuingCertificateRetriever	certificateRetriever
(package private) static final String	CRL_CLIENT_FAILURE
(package private) static final String	CRL_VALIDATOR_FAILURE
private final List<ICrlClient>	crlClients
private final CRLValidator	crlValidator
(package private) static final String	ISSUER_RETRIEVAL_FAILED
(package private) static final String	NO_REV_AVAILABLE
(package private) static final String	NO_REV_AVAILABLE_CA
(package private) static final String	NO_REVOCATION_DATA
(package private) static final String	OCSP_CLIENT_FAILURE
(package private) static final String	OCSP_VALIDATOR_FAILURE
private final List<IOcspClient>	ocspClients
private final OCSPValidator	ocspValidator
private final SignatureValidationProperties	properties
(package private) static final String	REVOCATION_DATA_CHECK
(package private) static final String	SELF_SIGNED_CERTIFICATE
(package private) static final String	TRUSTED_OCSP_RESPONDER
(package private) static final String	UNABLE_TO_RETRIEVE_REV_DATA_ONLINE
(package private) static final String	VALIDITY_ASSURED

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	RevocationDataValidator(ValidatorChainBuilder builder)	Creates new RevocationDataValidator instance to validate certificate revocation data.

Method Summary

Modifier and Type	Method	Description
RevocationDataValidator	addCrlClient(ICrlClient crlClient)	Add ICrlClient to be used for CRL responses receiving.
RevocationDataValidator	addOcspClient(IOcspClient ocspClient)	Add IOcspClient to be used for OCSP responses receiving.
private static void	fillOcspResponses(List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, IBasicOCSPResp basicOCSPResp, Date generationDate, TimeBasedContext timeBasedContext)
private List<RevocationDataValidator.CrlValidationInfo>	retrieveAllCRLResponses(ValidationReport report, ValidationContext context, X509Certificate certificate)
private static List<RevocationDataValidator.CrlValidationInfo>	retrieveAllCRLResponsesUsingClient(ValidationReport report, X509Certificate certificate, ICrlClient crlClient)
private List<RevocationDataValidator.OcspResponseValidationInfo>	retrieveAllOCSPResponses(ValidationReport report, ValidationContext context, X509Certificate certificate)
private void	tryToFetchRevInfoOnline(ValidationReport report, ValidationContext context, X509Certificate certificate, List<RevocationDataValidator.CrlValidationInfo> onlineCrlResponses, List<RevocationDataValidator.OcspResponseValidationInfo> onlineOcspResponses)
void	validate(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate)	Validates revocation data (Certificate Revocation List (CRL) Responses and OCSP Responses) of the certificate.
private void	validateRevocationData(ValidationReport report, ValidationContext context, X509Certificate certificate, Date validationDate, List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses, List<RevocationDataValidator.CrlValidationInfo> crlResponses)

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

REVOCATION_DATA_CHECK

static final String REVOCATION_DATA_CHECK

See Also:

• Constant Field Values

NO_REVOCATION_DATA

static final String NO_REVOCATION_DATA

See Also:

• Constant Field Values

SELF_SIGNED_CERTIFICATE

static final String SELF_SIGNED_CERTIFICATE

See Also:

• Constant Field Values

TRUSTED_OCSP_RESPONDER

static final String TRUSTED_OCSP_RESPONDER

See Also:

• Constant Field Values

VALIDITY_ASSURED

static final String VALIDITY_ASSURED

See Also:

• Constant Field Values

NO_REV_AVAILABLE

static final String NO_REV_AVAILABLE

See Also:

• Constant Field Values

NO_REV_AVAILABLE_CA

static final String NO_REV_AVAILABLE_CA

See Also:

• Constant Field Values

CANNOT_PARSE_OCSP

static final String CANNOT_PARSE_OCSP

See Also:

• Constant Field Values

CANNOT_PARSE_CRL

static final String CANNOT_PARSE_CRL

See Also:

• Constant Field Values

ISSUER_RETRIEVAL_FAILED

static final String ISSUER_RETRIEVAL_FAILED

See Also:

• Constant Field Values

OCSP_CLIENT_FAILURE

static final String OCSP_CLIENT_FAILURE

See Also:

• Constant Field Values

CRL_CLIENT_FAILURE

static final String CRL_CLIENT_FAILURE

See Also:

• Constant Field Values

OCSP_VALIDATOR_FAILURE

static final String OCSP_VALIDATOR_FAILURE

See Also:

• Constant Field Values

CRL_VALIDATOR_FAILURE

static final String CRL_VALIDATOR_FAILURE

See Also:

• Constant Field Values

UNABLE_TO_RETRIEVE_REV_DATA_ONLINE

static final String UNABLE_TO_RETRIEVE_REV_DATA_ONLINE

See Also:

• Constant Field Values

BOUNCY_CASTLE_FACTORY

private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY

ocspClients

private final List<IOcspClient> ocspClients

crlClients

private final List<ICrlClient> crlClients

properties

private final SignatureValidationProperties properties

certificateRetriever

private final IssuingCertificateRetriever certificateRetriever

ocspValidator

private final OCSPValidator ocspValidator

crlValidator

private final CRLValidator crlValidator

builder

private final ValidatorChainBuilder builder

Constructor Details

RevocationDataValidator

protected RevocationDataValidator(ValidatorChainBuilder builder)

Creates new RevocationDataValidator instance to validate certificate revocation data.

Parameters:

builder - See ValidatorChainBuilder

Method Details

addCrlClient

public RevocationDataValidator addCrlClient(ICrlClient crlClient)

Add ICrlClient to be used for CRL responses receiving. These clients will be used regardless of the SignatureValidationProperties.OnlineFetching settings

Parameters:

crlClient - ICrlClient to be used for CRL responses receiving

Returns:

same instance of RevocationDataValidator.

addOcspClient

public RevocationDataValidator addOcspClient(IOcspClient ocspClient)

Add IOcspClient to be used for OCSP responses receiving. These clients will be used regardless of the SignatureValidationProperties.OnlineFetching settings

Parameters:

ocspClient - IOcspClient to be used for OCSP responses receiving

Returns:

same instance of RevocationDataValidator.

validate

public void validate(ValidationReport report,
 ValidationContext context,
 X509Certificate certificate,
 Date validationDate)

Validates revocation data (Certificate Revocation List (CRL) Responses and OCSP Responses) of the certificate.

Parameters:

report - to store all the verification results

context - ValidationContext the context

certificate - the certificate to check revocation data for

validationDate - validation date to check for

fillOcspResponses

private static void fillOcspResponses(List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses,
 IBasicOCSPResp basicOCSPResp,
 Date generationDate,
 TimeBasedContext timeBasedContext)

retrieveAllCRLResponsesUsingClient

private static List<RevocationDataValidator.CrlValidationInfo> retrieveAllCRLResponsesUsingClient(ValidationReport report,
 X509Certificate certificate,
 ICrlClient crlClient)

validateRevocationData

private void validateRevocationData(ValidationReport report,
 ValidationContext context,
 X509Certificate certificate,
 Date validationDate,
 List<RevocationDataValidator.OcspResponseValidationInfo> ocspResponses,
 List<RevocationDataValidator.CrlValidationInfo> crlResponses)

retrieveAllOCSPResponses

private List<RevocationDataValidator.OcspResponseValidationInfo> retrieveAllOCSPResponses(ValidationReport report,
 ValidationContext context,
 X509Certificate certificate)

retrieveAllCRLResponses

private List<RevocationDataValidator.CrlValidationInfo> retrieveAllCRLResponses(ValidationReport report,
 ValidationContext context,
 X509Certificate certificate)

tryToFetchRevInfoOnline

private void tryToFetchRevInfoOnline(ValidationReport report,
 ValidationContext context,
 X509Certificate certificate,
 List<RevocationDataValidator.CrlValidationInfo> onlineCrlResponses,
 List<RevocationDataValidator.OcspResponseValidationInfo> onlineOcspResponses)