Class CRLVerifier

Namespace: iText.Signatures

Assembly: itext.sign.dll

Class that allows you to verify a certificate against one or more Certificate Revocation Lists.

[Obsolete("starting from 8.0.5.iText.Signatures.Validation.V1.CRLValidator should be used instead.")]
public class CRLVerifier : RootStoreVerifier

Inheritance: object

CertificateVerifier

RootStoreVerifier

CRLVerifier

Inherited Members: RootStoreVerifier.rootStore

RootStoreVerifier.SetRootStore(List<IX509Certificate>)

CertificateVerifier.verifier

CertificateVerifier.onlineCheckingAllowed

CertificateVerifier.SetOnlineCheckingAllowed(bool)

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Constructors

CRLVerifier(CertificateVerifier, IList<IX509Crl>)

Creates a CRLVerifier instance.

public CRLVerifier(CertificateVerifier verifier, IList<IX509Crl> crls)

Parameters

verifier CertificateVerifier: the next verifier in the chain
crls IList<IX509Crl>: a list of CRLs

Fields

LOGGER

The Logger instance

protected static readonly ILogger LOGGER

Field Value

ILogger

Methods

GetCRL(IX509Certificate, IX509Certificate)

Fetches a CRL for a specific certificate online (without further checking).

public virtual IX509Crl GetCRL(IX509Certificate signCert, IX509Certificate issuerCert)

Parameters

signCert IX509Certificate: the certificate
issuerCert IX509Certificate: its issuer left for backwards compatibility

Returns

IX509Crl: an X509CRL object.

IsSignatureValid(IX509Crl, IX509Certificate)

Checks if a CRL verifies against the issuer certificate or a trusted anchor.

public virtual bool IsSignatureValid(IX509Crl crl, IX509Certificate crlIssuer)

Parameters

crl IX509Crl: the CRL
crlIssuer IX509Certificate: the trusted anchor

Returns

bool: true if the CRL can be trusted

Verify(IX509Certificate, IX509Certificate, DateTime)

Verifies whether a valid CRL is found for the certificate.

public override IList<VerificationOK> Verify(IX509Certificate signCert, IX509Certificate issuerCert, DateTime signDate)

Parameters

signCert IX509Certificate: the certificate that needs to be checked
issuerCert IX509Certificate: its issuer
signDate DateTime

Returns

IList<VerificationOK>: a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.

Remarks

Verifies whether a valid CRL is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any CRL that was available.

See Also: Verify(IX509Certificate, IX509Certificate, DateTime)

Verify(IX509Crl, IX509Certificate, IX509Certificate, DateTime)

Verifies a certificate against a single CRL.

public virtual bool Verify(IX509Crl crl, IX509Certificate signCert, IX509Certificate issuerCert, DateTime signDate)

Parameters

crl IX509Crl: the Certificate Revocation List
signCert IX509Certificate: a certificate that needs to be verified
issuerCert IX509Certificate: its issuer
signDate DateTime: the sign date

Returns

bool: true if the verification succeeded

Table of Contents

Class CRLVerifier

Constructors

CRLVerifier(CertificateVerifier, IList<IX509Crl>)

Parameters

Fields

LOGGER

Field Value

Methods

GetCRL(IX509Certificate, IX509Certificate)

Parameters

Returns

IsSignatureValid(IX509Crl, IX509Certificate)

Parameters

Returns

Verify(IX509Certificate, IX509Certificate, DateTime)

Parameters

Returns

Remarks

Verify(IX509Crl, IX509Certificate, IX509Certificate, DateTime)

Parameters

Returns