'How to get revocation status of an X509 certificate with DSS?
I am trying to validate an X509 certificate based on its revocation status using DSS framework, where do you find it?
I am using this piece of code to validate the certificate with CRL and OCSP. I want to find out if the toValidateToken has been revoked.
CertificateToken class has methods like isSignatureValid, isExpired, isValidOn, but no methods related to revocation.
I found an isRevoked() method in other forums but I don't have it. I'm sure I have all the dependencies installed.
CommonCertificateSource adjunctCertificateSource = new CommonCertificateSource();
// Firstly, we load the certificate to be validated
CertificateToken toValidate = getCertificateFromSignature(documentPath);
CertificateToken toValidateToken = adjunctCertificateSource.addCertificate(toValidate);
//Configure the certificate verifier using the trust store and the intermediate certificates
//OnlineOCSPSource and OnlineCRLSource will invoke the OCSP service and CRL
//distribution point extracting the URL from the certificate
CertificateVerifier certificateVerifier = new CommonCertificateVerifier();
certificateVerifier.setAdjunctCertSource(adjunctCertificateSource);
certificateVerifier.setCrlSource(new OnlineCRLSource());
certificateVerifier.setOcspSource(new OnlineOCSPSource());
//Perform validation
CertificatePool validationPool = certificateVerifier.createValidationPool();
SignatureValidationContext validationContext = new SignatureValidationContext(validationPool);
validationContext.addCertificateTokenForVerification(toValidateToken);
validationContext.validate();
I only need a simple true/false as a result.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|