com.itextpdf.signatures

Class CertificateVerifier

java.lang.Object

com.itextpdf.signatures.CertificateVerifier

Direct Known Subclasses:

RootStoreVerifier

public class CertificateVerifier
extends Object

Superclass for a series of certificate verifiers that will typically be used in a chain. It wraps another CertificateVerifier that is the next element in the chain of which the verify() method will be called.

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	onlineCheckingAllowed Indicates if going online to verify a certificate is allowed.
protected CertificateVerifier	verifier The previous CertificateVerifier in the chain of verifiers.

Constructor Summary

Constructors

Constructor and Description
CertificateVerifier(CertificateVerifier verifier) Creates the final CertificateVerifier in a chain of verifiers.

Method Summary

Modifier and Type	Method and Description
void	setOnlineCheckingAllowed(boolean onlineCheckingAllowed) Decide whether or not online checking is allowed.
List<VerificationOK>	verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) Checks the validity of the certificate, and calls the next verifier in the chain, if any.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

verifier

protected CertificateVerifier verifier

The previous CertificateVerifier in the chain of verifiers.

onlineCheckingAllowed

protected boolean onlineCheckingAllowed

Indicates if going online to verify a certificate is allowed.

Constructor Detail

CertificateVerifier

public CertificateVerifier(CertificateVerifier verifier)

Creates the final CertificateVerifier in a chain of verifiers.

Parameters:

verifier - the previous verifier in the chain

Method Detail

setOnlineCheckingAllowed

public void setOnlineCheckingAllowed(boolean onlineCheckingAllowed)

Decide whether or not online checking is allowed.

Parameters:

onlineCheckingAllowed - a boolean indicating whether the certificate can be verified using online verification results.

verify

public List<VerificationOK> verify(X509Certificate signCert,
                                   X509Certificate issuerCert,
                                   Date signDate)
                            throws GeneralSecurityException

Checks the validity of the certificate, and calls the next verifier in the chain, if any.

Parameters:

signCert - the certificate that needs to be checked

issuerCert - its issuer

signDate - the date the certificate needs to be valid

Returns:

a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.

Throws:

GeneralSecurityException - thrown if the certificate has expired, isn't valid yet, or if an exception has been thrown in Certificate#verify.