Class CRLVerifier
java.lang.Object
org.apache.pdfbox.examples.signature.cert.CRLVerifier
Copied from Apache CXF 2.4.9, initial version:
https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.9/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic voidcheckRevocation(X509CRL crl, X509Certificate cert, Date signDate, String crlDistributionPointsURL) Check whether the certificate was revoked at signing time.private static X509CRLdownloadCRL(String crlURL) Downloads CRL from given URL.private static X509CRLdownloadCRLFromLDAP(String ldapURL) Downloads a CRL from given LDAP url, e.g.static X509CRLdownloadCRLFromWeb(String crlURL) Downloads a CRL from given HTTP/HTTPS/FTP URL, e.g.Extracts all CRL distribution point URLs from the "CRL Distribution Point" extension in a X.509 certificate.static voidverifyCertificateCRLs(X509Certificate cert, Date signDate, Set<X509Certificate> additionalCerts) Extracts the CRL distribution points from the certificate (if available) and checks the certificate revocation status against the CRLs coming from the distribution points.
-
Field Details
-
LOG
private static final org.apache.commons.logging.Log LOG
-
-
Constructor Details
-
CRLVerifier
private CRLVerifier()
-
-
Method Details
-
verifyCertificateCRLs
public static void verifyCertificateCRLs(X509Certificate cert, Date signDate, Set<X509Certificate> additionalCerts) throws CertificateVerificationException, RevokedCertificateException Extracts the CRL distribution points from the certificate (if available) and checks the certificate revocation status against the CRLs coming from the distribution points. Supports HTTP, HTTPS, FTP and LDAP based URLs.- Parameters:
cert- the certificate to be checked for revocationsignDate- the date when the signing took placeadditionalCerts- set of trusted root CA certificates that will be used as "trust anchors" and intermediate CA certificates that will be used as part of the certification chain.- Throws:
CertificateVerificationException- if the certificate could not be verifiedRevokedCertificateException- if the certificate is revoked
-
checkRevocation
public static void checkRevocation(X509CRL crl, X509Certificate cert, Date signDate, String crlDistributionPointsURL) throws RevokedCertificateException Check whether the certificate was revoked at signing time.- Parameters:
crl- certificate revocation listcert- certificate to be checkedsignDate- date the certificate was used for signingcrlDistributionPointsURL- URL for log message or exception text- Throws:
RevokedCertificateException- if the certificate was revoked at signing time
-
downloadCRL
private static X509CRL downloadCRL(String crlURL) throws IOException, CertificateException, CRLException, CertificateVerificationException, NamingException, URISyntaxException Downloads CRL from given URL. Supports http, https, ftp and ldap based URLs. -
downloadCRLFromLDAP
private static X509CRL downloadCRLFromLDAP(String ldapURL) throws CertificateException, NamingException, CRLException, CertificateVerificationException Downloads a CRL from given LDAP url, e.g. ldap://ldap.infonotary.com/dc=identity-ca,dc=infonotary,dc=com -
downloadCRLFromWeb
public static X509CRL downloadCRLFromWeb(String crlURL) throws IOException, CertificateException, CRLException, URISyntaxException Downloads a CRL from given HTTP/HTTPS/FTP URL, e.g. http://crl.infonotary.com/crl/identity-ca.crl -
getCrlDistributionPoints
Extracts all CRL distribution point URLs from the "CRL Distribution Point" extension in a X.509 certificate. If CRL distribution point extension is unavailable, returns an empty list.- Parameters:
cert-- Returns:
- List of CRL distribution point URLs.
- Throws:
IOException
-