OCSPVerifier (iText, a Free Java-PDF library 5.5.8 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.itextpdf.text.pdf.security
Class OCSPVerifier

java.lang.Object
  com.itextpdf.text.pdf.security.CertificateVerifier
      com.itextpdf.text.pdf.security.RootStoreVerifier
          com.itextpdf.text.pdf.security.OCSPVerifier

public class OCSPVerifier
extends RootStoreVerifier
extends RootStoreVerifier

Class that allows you to verify a certificate against one or more OCSP responses.

Field Summary
`protected static String`	`id_kp_OCSPSigning`
`protected static Logger`	`LOGGER` The Logger instance
`protected List<org.bouncycastle.cert.ocsp.BasicOCSPResp>`	`ocsps` The list of OCSP responses.

Fields inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
`rootStore`

Fields inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
`onlineCheckingAllowed, verifier`

Constructor Summary
`OCSPVerifier(CertificateVerifier verifier, List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps)` Creates an OCSPVerifier instance.

Method Summary
`org.bouncycastle.cert.ocsp.BasicOCSPResp`	`getOcspResponse(X509Certificate signCert, X509Certificate issuerCert)` Gets an OCSP response online and returns it if the status is GOOD (without further checking).
`boolean`	`isSignatureValid(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, Certificate responderCert)` Checks if an OCSP response is genuine
`void`	`isValidResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, X509Certificate issuerCert)` Verifies if an OCSP response is genuine If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert.
`boolean`	`verify(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, X509Certificate signCert, X509Certificate issuerCert, Date signDate)` Verifies a certificate against a single OCSP response
`List<VerificationOK>`	`verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate)` Verifies if a a valid OCSP response is found for the certificate.
`boolean`	`verifyResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, X509Certificate issuerCert)` Deprecated.

Methods inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
`setRootStore`

Methods inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
`setOnlineCheckingAllowed`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

LOGGER

protected static final Logger LOGGER

The Logger instance

id_kp_OCSPSigning

protected static final String id_kp_OCSPSigning

See Also:: Constant Field Values

ocsps

protected List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps

The list of OCSP responses.

Constructor Detail

OCSPVerifier

public OCSPVerifier(CertificateVerifier verifier,
                    List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps)

Creates an OCSPVerifier instance.

Parameters:: verifier - the next verifier in the chain; ocsps - a list of OCSP responses

Method Detail

verify

public List<VerificationOK> verify(X509Certificate signCert,
                                   X509Certificate issuerCert,
                                   Date signDate)
                            throws GeneralSecurityException,
                                   IOException

Verifies if a a valid OCSP response is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any OCSP response that was available.

Overrides:: verify in class RootStoreVerifier

Parameters:: signCert - the certificate that needs to be checked; issuerCert - its issuer; signDate - the date the certificate needs to be valid
Returns:: a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.
Throws:: GeneralSecurityException; IOException
See Also:: RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)

verify

public boolean verify(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
                      X509Certificate signCert,
                      X509Certificate issuerCert,
                      Date signDate)
               throws GeneralSecurityException,
                      IOException

Verifies a certificate against a single OCSP response

Parameters:: ocspResp - the OCSP response; signCert - the certificate that needs to be checked; issuerCert - the certificate of CA; signDate - sign date
Returns:: true, in case successful check, otherwise false.
Throws:: GeneralSecurityException; IOException

isValidResponse

public void isValidResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
                            X509Certificate issuerCert)
                     throws GeneralSecurityException,
                            IOException

Verifies if an OCSP response is genuine If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert.

Parameters:: ocspResp - the OCSP response; issuerCert - the issuer certificate
Throws:: GeneralSecurityException; IOException

verifyResponse

@Deprecated
public boolean verifyResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
                                         X509Certificate issuerCert)

Deprecated.

Verifies if the response is valid. If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert. NOTE. Use isValidResponse() instead.

Parameters:: ocspResp - the response object; issuerCert - the issuer certificate
Returns:: true if the response can be trusted

isSignatureValid

public boolean isSignatureValid(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
                                Certificate responderCert)

Checks if an OCSP response is genuine

Parameters:: ocspResp - the OCSP response; responderCert - the responder certificate
Returns:: true if the OCSP response verifies against the responder certificate

getOcspResponse

public org.bouncycastle.cert.ocsp.BasicOCSPResp getOcspResponse(X509Certificate signCert,
                                                                X509Certificate issuerCert)

Gets an OCSP response online and returns it if the status is GOOD (without further checking).

Parameters:: signCert - the signing certificate; issuerCert - the issuer certificate
Returns:: an OCSP response

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.itextpdf.text.pdf.security Class OCSPVerifier

LOGGER

id_kp_OCSPSigning

ocsps

OCSPVerifier

verify

verify

isValidResponse

verifyResponse

isSignatureValid

getOcspResponse

com.itextpdf.text.pdf.security
Class OCSPVerifier