This class provides a simple way to validate an X.509 certificate and its issuer (CA) certificates with a single call.
Use TElX509CertificateValidator to validate X.509 certificate according to validation rules described in RFC 3280. This component performs validation of the certificate itself and its issuer (CA) certificates. Also, if CRL and OCSP validation are enabled, the component uses CRLs and OCSP to perform additional checking of the certificates. Certificates used to sign CRLs and OCSP responses are validated automatically according to the same settings and parameters as the ones used for validation of the main certificate chain.
In Windows, TElX509CertificateValidator automatically uses Windows Certificate Stores to access CA and Root certificates, as well as Trusted and Blocked ceritificate lists. On other platoforms (or in addition to Windows Certificate Stores in Windows) you can specify your own trusted, known and blocked certificate lists.
To retrieve Certificate Revocation Lists (CRLs) TElX509CertificateValidator uses pluggable TElCRLRetriever class and its descendants. HTTP CRL Retriever class is located in SBHTTPCRL unit/namespace. In .NET edition you need to reference SBHTTPCRL namespace from your code, then call SBHTTPCRL.Unit.RegisterHTTPCRLRetrieverFactory() method. In Java edition you need to import SBHTTPCRL package, then call SBHTTPCRL.RegisterHTTPCRLRetrieverFactory() method. In VCL and C++ editions this class is activated automatically; in VCL you just have to add SBHTTPCRL unit to Uses clause. Note: use of HTTP CRL Retriever requires a license for HTTPBlackbox package (or one of the packages that include HTTPBlackbox); use of LDAP CRL Retriever requires a license for LDAPPBlackbox package (or one of the packages that include LDAPPBlackbox). Alternatively, you can disable CRL checks.
For OCSP requests TElX509CertificateValidator uses pluggable TElOCSPClient class and its descendants. HTTP OCSP Client class is located in SBHTTPOCSPClient unit/namespace. In .NET edition you need to reference SBHTTPOCSPClient namespace from your code, then call SBHTTPOCSPClient.Unit.RegisterHTTPOCSPClientFactory() method. In Java edition you need to import SBHTTPOCSPClient package, then call SBHTTPOCSPClient.RegisterHTTPOCSPClientFactory() method. In VCL and C++ editions this class is activated automatically; in VCL you just have to add SBHTTPOCSPClient unit to Uses clause. Note: use of HTTP OCSP Client requires a license for HTTPBlackbox package (or one of the packages that include HTTPBlackbox). Alternatively, you can disable OCSP checks.
To use the component in development and distribution of your projects, you need to purchase one of the licenses:
Any SecureBlackbox package