Package com.itextpdf.text.pdf.security

Class CertificateVerification

  • public class CertificateVerification
extends Object
    This class consists of some methods that allow you to verify certificates.

    • Constructor Detail

      • CertificateVerification

        public CertificateVerification()

    • Method Detail

      • verifyCertificate

        public static String verifyCertificate​(X509Certificate cert,
                                       Collection<CRL> crls,
                                       Calendar calendar)
        Verifies a single certificate.
        Parameters:
        cert - the certificate to verify
        crls - the certificate revocation list or null
        calendar - the date or null for the current date
        Returns:
        a String with the error description or null if no error

      • verifyCertificates

        public static List<VerificationException> verifyCertificates​(Certificate[] certs,
                                                             KeyStore keystore,
                                                             Collection<CRL> crls,
                                                             Calendar calendar)
        Verifies a certificate chain against a KeyStore.
        Parameters:
        certs - the certificate chain
        keystore - the KeyStore
        crls - the certificate revocation list or null
        calendar - the date or null for the current date
        Returns:
        null if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message

      • verifyCertificates

        public static List<VerificationException> verifyCertificates​(Certificate[] certs,
                                                             KeyStore keystore,
                                                             Calendar calendar)
        Verifies a certificate chain against a KeyStore.
        Parameters:
        certs - the certificate chain
        keystore - the KeyStore
        calendar - the date or null for the current date
        Returns:
        null if the certificate chain could be validated or a Object[]{cert,error} where cert is the failed certificate and error is the error message

      • verifyOcspCertificates

        public static boolean verifyOcspCertificates​(org.bouncycastle.cert.ocsp.BasicOCSPResp ocsp,
                                             KeyStore keystore,
                                             String provider)
        Verifies an OCSP response against a KeyStore.
        Parameters:
        ocsp - the OCSP response
        keystore - the KeyStore
        provider - the provider or null to use the BouncyCastle provider
        Returns:
        true is a certificate was found

      • verifyTimestampCertificates

        public static boolean verifyTimestampCertificates​(org.bouncycastle.tsp.TimeStampToken ts,
                                                  KeyStore keystore,
                                                  String provider)
        Verifies a time stamp against a KeyStore.
        Parameters:
        ts - the time stamp
        keystore - the KeyStore
        provider - the provider or null to use the BouncyCastle provider
        Returns:
        true is a certificate was found