OCSPVerifier (iText - sign 9.2.0 API)

java.lang.Object
- com.itextpdf.signatures.CertificateVerifier
- - com.itextpdf.signatures.RootStoreVerifier
  - - com.itextpdf.signatures.OCSPVerifier

Deprecated.
starting from 8.0.5. OCSPValidator should be used instead.
```
@Deprecated
public class OCSPVerifier
extends RootStoreVerifier
```
Class that allows you to verify a certificate against one or more OCSP responses.

Field Summary

Fields
Modifier and Type	Field and Description
`protected static String`	`id_kp_OCSPSigning` Deprecated.
`protected static org.slf4j.Logger`	`LOGGER` Deprecated. The Logger instance
`protected List<com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp>`	`ocsps` Deprecated. The list of `IBasicOCSPResp` OCSP response wrappers.

Fields inherited from class com.itextpdf.signatures.RootStoreVerifier
rootStore

Fields inherited from class com.itextpdf.signatures.CertificateVerifier
onlineCheckingAllowed, verifier

Constructor Summary

Constructors
Constructor and Description
`OCSPVerifier(CertificateVerifier verifier, List<com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp> ocsps)` Deprecated. Creates an OCSPVerifier instance.

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp`	`getOcspResponse(X509Certificate signCert, X509Certificate issuerCert)` Deprecated. Gets an OCSP response online and returns it without further checking.
`boolean`	`isSignatureValid(com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp ocspResp, Certificate responderCert)` Deprecated. Checks if an OCSP response is genuine.
`void`	`isValidResponse(com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp ocspResp, X509Certificate issuerCert, Date signDate)` Deprecated. Verifies if an OCSP response is genuine.
`void`	`setCrlClient(ICrlClient crlClient)` Deprecated. Sets CRL client to provide CRL responses for verifying of the OCSP signer's certificate (an Authorized Responder) that also should be used in case responder's certificate doesn't have any method of revocation checking.
`void`	`setOcspClient(IOcspClient ocspClient)` Deprecated. Sets OCSP client to provide OCSP responses for verifying of the OCSP signer's certificate (an Authorized Responder).
`boolean`	`verify(com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp ocspResp, X509Certificate signCert, X509Certificate issuerCert, Date signDate)` Deprecated. Verifies a certificate against a single OCSP response.
`List<VerificationOK>`	`verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate)` Deprecated. Verifies if a valid OCSP response is found for the certificate.

Methods inherited from class com.itextpdf.signatures.RootStoreVerifier
setRootStore

Methods inherited from class com.itextpdf.signatures.CertificateVerifier
setOnlineCheckingAllowed

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - LOGGER
```
protected static final org.slf4j.Logger LOGGER
```
    Deprecated.
    
    The Logger instance
  - id_kp_OCSPSigning
```
protected static final String id_kp_OCSPSigning
```
    Deprecated.
    
    See Also:
    
    Constant Field Values
  - ocsps
```
protected List<com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp> ocsps
```
    Deprecated.
    
    The list of IBasicOCSPResp OCSP response wrappers.
- Constructor Detail
  - OCSPVerifier
```
public OCSPVerifier(CertificateVerifier verifier,
                    List<com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp> ocsps)
```
    Deprecated.
    
    Creates an OCSPVerifier instance.
    
    Parameters:
    
    verifier - the next verifier in the chain
    
    ocsps - a list of IBasicOCSPResp OCSP response wrappers for the certificate verification
- Method Detail
  - setOcspClient
```
public void setOcspClient(IOcspClient ocspClient)
```
    Deprecated.
    
    Sets OCSP client to provide OCSP responses for verifying of the OCSP signer's certificate (an Authorized Responder). Also, should be used in case responder's certificate doesn't have any method of revocation checking.
    See RFC6960 4.2.2.2.1. Revocation Checking of an Authorized Responder.
    Optional. Default one is OcspClientBouncyCastle.
    
    Parameters:
    
    ocspClient - IOcspClient to provide an Authorized Responder revocation data.
  - setCrlClient
```
public void setCrlClient(ICrlClient crlClient)
```
    Deprecated.
    
    Sets CRL client to provide CRL responses for verifying of the OCSP signer's certificate (an Authorized Responder) that also should be used in case responder's certificate doesn't have any method of revocation checking.
    See RFC6960 4.2.2.2.1. Revocation Checking of an Authorized Responder.
    Optional. Default one is CrlClientOnline.
    
    Parameters:
    
    crlClient - ICrlClient to provide an Authorized Responder revocation data.
  - verify
```
public List<VerificationOK> verify(X509Certificate signCert,
                                   X509Certificate issuerCert,
                                   Date signDate)
                            throws GeneralSecurityException
```
    Deprecated.
    
    Verifies if a valid OCSP response is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any OCSP response that was available.
    
    Overrides:
    
    verify in class RootStoreVerifier
    
    Parameters:
    
    signCert - the certificate that needs to be checked
    
    issuerCert - issuer of the certificate to be checked
    
    signDate - the date the certificate needs to be valid
    
    Returns:
    
    a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.
    
    Throws:
    
    GeneralSecurityException - thrown if the certificate has expired, isn't valid yet, or if an exception has been thrown in Certificate#verify.
    
    See Also:
    
    RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
  - verify
```
public boolean verify(com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp ocspResp,
                      X509Certificate signCert,
                      X509Certificate issuerCert,
                      Date signDate)
               throws GeneralSecurityException
```
    Deprecated.
    
    Verifies a certificate against a single OCSP response.
    
    Parameters:
    
    ocspResp - IBasicOCSPResp the OCSP response wrapper for a certificate verification
    
    signCert - the certificate that needs to be checked
    
    issuerCert - the certificate that issued signCert – immediate parent. This certificate is considered trusted and valid by this method.
    
    signDate - sign date (or the date the certificate needs to be valid)
    
    Returns:
    
    true in case check is successful, false otherwise.
    
    Throws:
    
    GeneralSecurityException - if OCSP response verification cannot be done or failed.
  - isValidResponse
```
public void isValidResponse(com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp ocspResp,
                            X509Certificate issuerCert,
                            Date signDate)
                     throws GeneralSecurityException
```
    Deprecated.
    
    Verifies if an OCSP response is genuine. If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert.
    
    Parameters:
    
    ocspResp - IBasicOCSPResp the OCSP response wrapper
    
    issuerCert - the issuer certificate. This certificate is considered trusted and valid by this method.
    
    signDate - sign date for backwards compatibility
    
    Throws:
    
    GeneralSecurityException - if OCSP response verification cannot be done or failed.
  - isSignatureValid
```
public boolean isSignatureValid(com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp ocspResp,
                                Certificate responderCert)
```
    Deprecated.
    
    Checks if an OCSP response is genuine.
    
    Parameters:
    
    ocspResp - IBasicOCSPResp the OCSP response wrapper
    
    responderCert - the responder certificate
    
    Returns:
    
    true if the OCSP response verifies against the responder certificate.
  - getOcspResponse
```
public com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp getOcspResponse(X509Certificate signCert,
                                                                                  X509Certificate issuerCert)
```
    Deprecated.
    
    Gets an OCSP response online and returns it without further checking.
    
    Parameters:
    
    signCert - the signing certificate
    
    issuerCert - the issuer certificate
    
    Returns:
    
    IBasicOCSPResp an OCSP response wrapper.

Class OCSPVerifier

Field Summary

Fields inherited from class com.itextpdf.signatures.RootStoreVerifier

Fields inherited from class com.itextpdf.signatures.CertificateVerifier

Constructor Summary

Method Summary

Methods inherited from class com.itextpdf.signatures.RootStoreVerifier

Methods inherited from class com.itextpdf.signatures.CertificateVerifier

Methods inherited from class java.lang.Object

Field Detail

LOGGER

id_kp_OCSPSigning

ocsps

Constructor Detail

OCSPVerifier

Method Detail

setOcspClient

setCrlClient

verify

verify

isValidResponse

isSignatureValid

getOcspResponse