OCSPVerifier (iText, a Free Java-PDF library 5.4.4 API)

java.lang.Object
- com.itextpdf.text.pdf.security.CertificateVerifier
- - com.itextpdf.text.pdf.security.RootStoreVerifier
  - - com.itextpdf.text.pdf.security.OCSPVerifier

```
public class OCSPVerifier
extends RootStoreVerifier
```
Class that allows you to verify a certificate against one or more OCSP responses.

Field Summary

Fields
Modifier and Type	Field and Description
`protected static Logger`	`LOGGER` The Logger instance
`protected java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp>`	`ocsps` The list of OCSP responses.

Fields inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
rootStore

Fields inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
onlineCheckingAllowed, verifier

Constructor Summary

Constructors
Constructor and Description
`OCSPVerifier(CertificateVerifier verifier, java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps)` Creates an OCSPVerifier instance.

Method Summary

Methods
Modifier and Type	Method and Description
`org.bouncycastle.cert.ocsp.BasicOCSPResp`	`getOcspResponse(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert)` Gets an OCSP response online and returns it if the status is GOOD (without further checking).
`boolean`	`isSignatureValid(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.Certificate responderCert)` Checks if an OCSP response is genuine
`void`	`isValidResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.X509Certificate issuerCert)` Verifies if an OCSP response is genuine
`boolean`	`verify(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate)` Verifies a certificate against a single OCSP response
`java.util.List<VerificationOK>`	`verify(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate)` Verifies if a a valid OCSP response is found for the certificate.
`boolean`	`verifyResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp, java.security.cert.X509Certificate responderCert)` Verifies if the signature of the response is valid.

Methods inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
setRootStore

Methods inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
setOnlineCheckingAllowed

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - LOGGER
```
protected static final Logger LOGGER
```
    The Logger instance
  - ocsps
```
protected java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps
```
    The list of OCSP responses.
- Constructor Detail
  - OCSPVerifier
```
public OCSPVerifier(CertificateVerifier verifier,
            java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> ocsps)
```
    Creates an OCSPVerifier instance.
    
    Parameters:
    verifier - the next verifier in the chain
    ocsps - a list of OCSP responses
- Method Detail
  - verify
```
public java.util.List<VerificationOK> verify(java.security.cert.X509Certificate signCert,
                                    java.security.cert.X509Certificate issuerCert,
                                    java.util.Date signDate)
                                      throws java.security.GeneralSecurityException,
                                             java.io.IOException
```
    Verifies if a a valid OCSP response is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any OCSP response that was available.
    
    Overrides:
    
    verify in class RootStoreVerifier
    
    Parameters:
    signCert - the certificate that needs to be checked
    issuerCert - its issuer
    signDate - the date the certificate needs to be valid
    
    Returns:
    a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.
    
    Throws:
    
    java.security.GeneralSecurityException
    
    java.io.IOException
    See Also:
    RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
  - verify
```
public boolean verify(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
             java.security.cert.X509Certificate signCert,
             java.security.cert.X509Certificate issuerCert,
             java.util.Date signDate)
               throws java.security.GeneralSecurityException,
                      java.io.IOException
```
    Verifies a certificate against a single OCSP response
    
    Parameters:
    ocspResp - the OCSP response
    serialNumber - the serial number of the certificate that needs to be checked
    issuerCert -
    signDate -
    
    Returns:
    
    Throws:
    
    java.security.GeneralSecurityException
    
    java.io.IOException
  - isValidResponse
```
public void isValidResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
                   java.security.cert.X509Certificate issuerCert)
                     throws java.security.GeneralSecurityException,
                            java.io.IOException
```
    Verifies if an OCSP response is genuine
    
    Parameters:
    ocspResp - the OCSP response
    issuerCert - the issuer certificate
    
    Throws:
    
    java.security.GeneralSecurityException
    
    java.io.IOException
  - verifyResponse
```
public boolean verifyResponse(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
                     java.security.cert.X509Certificate responderCert)
```
    Verifies if the signature of the response is valid. If it doesn't verify against the responder certificate, it may verify using a trusted anchor.
    
    Parameters:
    ocspResp - the response object
    responderCert - the certificate that may be used to sign the response
    
    Returns:
    true if the response can be trusted
  - isSignatureValid
```
public boolean isSignatureValid(org.bouncycastle.cert.ocsp.BasicOCSPResp ocspResp,
                       java.security.cert.Certificate responderCert)
```
    Checks if an OCSP response is genuine
    
    Parameters:
    ocspResp - the OCSP response
    responderCert - the responder certificate
    
    Returns:
    true if the OCSP response verifies against the responder certificate
  - getOcspResponse
```
public org.bouncycastle.cert.ocsp.BasicOCSPResp getOcspResponse(java.security.cert.X509Certificate signCert,
                                                       java.security.cert.X509Certificate issuerCert)
```
    Gets an OCSP response online and returns it if the status is GOOD (without further checking).
    
    Parameters:
    signCert - the signing certificate
    issuerCert - the issuer certificate
    
    Returns:
    an OCSP response

Class OCSPVerifier

Field Summary

Fields inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier

Fields inherited from class com.itextpdf.text.pdf.security.CertificateVerifier

Constructor Summary

Method Summary

Methods inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier

Methods inherited from class com.itextpdf.text.pdf.security.CertificateVerifier

Methods inherited from class java.lang.Object

Field Detail

LOGGER

ocsps

Constructor Detail

OCSPVerifier

Method Detail

verify

verify

isValidResponse

verifyResponse

isSignatureValid

getOcspResponse