public final class CRLVerifier extends Object
|Modifier and Type||Method and Description|
Check whether the certificate was revoked at signing time.
Downloads a CRL from given HTTP/HTTPS/FTP URL, e.g.
Extracts all CRL distribution point URLs from the "CRL Distribution Point" extension in a X.509 certificate.
Extracts the CRL distribution points from the certificate (if available) and checks the certificate revocation status against the CRLs coming from the distribution points.
public static void verifyCertificateCRLs(X509Certificate cert, Date signDate, Set<X509Certificate> additionalCerts) throws CertificateVerificationException, RevokedCertificateException
cert- the certificate to be checked for revocation
signDate- the date when the signing took place
additionalCerts- set of trusted root CA certificates that will be used as "trust anchors" and intermediate CA certificates that will be used as part of the certification chain.
CertificateVerificationException- if the certificate could not be verified
RevokedCertificateException- if the certificate is revoked
public static void checkRevocation(X509CRL crl, X509Certificate cert, Date signDate, String crlDistributionPointsURL) throws RevokedCertificateException
crl- certificate revocation list
cert- certificate to be checked
signDate- date the certificate was used for signing
crlDistributionPointsURL- URL for log message or exception text
RevokedCertificateException- if the certificate was revoked at signing time
public static X509CRL downloadCRLFromWeb(String crlURL) throws IOException, CertificateException, CRLException
public static List<String> getCrlDistributionPoints(X509Certificate cert) throws IOException
Copyright © 2002–2018 The Apache Software Foundation. All rights reserved.