org.apache.pdfbox.examples.signature.cert

Class CRLVerifier

java.lang.Object

org.apache.pdfbox.examples.signature.cert.CRLVerifier

public final class CRLVerifier
extends Object

Copied from Apache CXF 2.4.9, initial version: https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.9/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/

Method Summary

Modifier and Type	Method and Description
static void	checkRevocation(X509CRL crl, X509Certificate cert, Date signDate, String crlDistributionPointsURL) Check whether the certificate was revoked at signing time.
static X509CRL	downloadCRLFromWeb(String crlURL) Downloads a CRL from given HTTP/HTTPS/FTP URL, e.g.
static List<String>	getCrlDistributionPoints(X509Certificate cert) Extracts all CRL distribution point URLs from the "CRL Distribution Point" extension in a X.509 certificate.
static void	verifyCertificateCRLs(X509Certificate cert, Date signDate, Set<X509Certificate> additionalCerts) Extracts the CRL distribution points from the certificate (if available) and checks the certificate revocation status against the CRLs coming from the distribution points.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

verifyCertificateCRLs

public static void verifyCertificateCRLs(X509Certificate cert,
                                         Date signDate,
                                         Set<X509Certificate> additionalCerts)
                                  throws CertificateVerificationException,
                                         RevokedCertificateException

Extracts the CRL distribution points from the certificate (if available) and checks the certificate revocation status against the CRLs coming from the distribution points. Supports HTTP, HTTPS, FTP and LDAP based URLs.

Parameters:

cert - the certificate to be checked for revocation

signDate - the date when the signing took place

additionalCerts - set of trusted root CA certificates that will be used as "trust anchors" and intermediate CA certificates that will be used as part of the certification chain.

Throws:

CertificateVerificationException - if the certificate could not be verified

RevokedCertificateException - if the certificate is revoked

checkRevocation

public static void checkRevocation(X509CRL crl,
                                   X509Certificate cert,
                                   Date signDate,
                                   String crlDistributionPointsURL)
                            throws RevokedCertificateException

Check whether the certificate was revoked at signing time.

Parameters:

crl - certificate revocation list

cert - certificate to be checked

signDate - date the certificate was used for signing

crlDistributionPointsURL - URL for log message or exception text

Throws:

RevokedCertificateException - if the certificate was revoked at signing time

downloadCRLFromWeb

public static X509CRL downloadCRLFromWeb(String crlURL)
                                  throws IOException,
                                         CertificateException,
                                         CRLException

Downloads a CRL from given HTTP/HTTPS/FTP URL, e.g. http://crl.infonotary.com/crl/identity-ca.crl

Throws:

IOException

CertificateException

CRLException

getCrlDistributionPoints

public static List<String> getCrlDistributionPoints(X509Certificate cert)
                                             throws IOException

Extracts all CRL distribution point URLs from the "CRL Distribution Point" extension in a X.509 certificate. If CRL distribution point extension is unavailable, returns an empty list.

Parameters:

cert -

Returns:

List of CRL distribution point URLs.

Throws:

IOException