Example usage for com.itextpdf.text.pdf.security CertificateVerification verifyCertificates

List of usage examples for com.itextpdf.text.pdf.security CertificateVerification verifyCertificates

Introduction

In this page you can find the example usage for com.itextpdf.text.pdf.security CertificateVerification verifyCertificates.

Prototype

public static List<VerificationException> verifyCertificates(Certificate certs[], KeyStore keystore,
        Calendar calendar) 

Source Link

Document

Verifies a certificate chain against a KeyStore.

Usage

From source file:org.opencps.pki.BaseVerifier.java

License:Open Source License

/**
 * (non-Javadoc)/*from   w w w  .  j av  a2 s.c  o  m*/
 * @see org.opencps.pki.Signer#validateCertificate()
 */
@Override
public Boolean validateCertificate(X509Certificate cert, KeyStore ks) {
    try {
        List<VerificationException> errors = CertificateVerification
                .verifyCertificates(new Certificate[] { cert }, ks, Calendar.getInstance());
        if (errors.size() == 0) {
            CRL crl = CertificateUtil.getCRL(cert);
            if (crl != null) {
                return !crl.isRevoked(cert);
            }
            return true;
        } else {
            return false;
        }
    } catch (Exception e) {
        throw new RuntimeException(e.getMessage(), e);
    }
}

From source file:org.opencps.pki.PdfVerifier.java

License:Open Source License

/**
 * (non-Javadoc)//ww w .  jav a  2  s  .co  m
 * @throws SignatureException 
 * @see org.opencps.pki.Verifier#verifySignature()
 */
public Boolean verifySignature(InputStream inputStream, KeyStore ks) throws SignatureException {
    Boolean verified = false;
    try {
        PdfReader reader = new PdfReader(inputStream);
        AcroFields fields = reader.getAcroFields();
        ArrayList<String> names = fields.getSignatureNames();
        for (String name : names) {
            PdfPKCS7 pkcs7 = fields.verifySignature(name);
            if (pkcs7.verify()) {
                Certificate[] certs = pkcs7.getSignCertificateChain();
                Calendar cal = pkcs7.getSignDate();
                List<VerificationException> errors = CertificateVerification.verifyCertificates(certs, ks, cal);
                if (errors.size() == 0) {
                    X509Certificate signCert = (X509Certificate) certs[0];
                    X509Certificate issuerCert = (certs.length > 1 ? (X509Certificate) certs[1] : null);
                    verified = checkSignatureRevocation(pkcs7, signCert, issuerCert, cal.getTime())
                            && checkSignatureRevocation(pkcs7, signCert, issuerCert, new Date());
                }
            }
        }
        reader.close();
    } catch (Exception e) {
        throw new SignatureException(e.getMessage(), e);
    }
    return verified;
}