This class contains a series of static methods that allow you to retrieve information from a Certificate. More...

Static Public Member Functions
static IX509Crl	GetCRL (IX509Certificate certificate)
	Gets a CRL from an X509 certificate. More...

static IList< IX509Crl >	GetCRLs (IX509Certificate certificate)
	Gets a CRLs from the X509 certificate. More...

static String	GetCRLURL (IX509Certificate certificate)
	Gets the URL of the Certificate Revocation List for a Certificate More...

static IList< String >	GetCRLURLs (IX509Certificate certificate)
	Gets the list of the Certificate Revocation List URLs for a Certificate. More...

static IDistributionPoint	GetDistributionPointByName (IX509Certificate certificate, IDistributionPointName issuingDistributionPointName)
	Gets the Distribution Point from the certificate by name specified in the Issuing Distribution Point from the Certificate Revocation List for a Certificate. More...

static IX509Crl	GetCRL (String url)
	Gets the CRL object using a CRL URL. More...

static IX509Crl	ParseCrlFromStream (Stream input)
	Parses a CRL from an InputStream. More...

static IX509Crl	ParseCrlFromBytes (byte[] crlBytes)
	Parses a CRL from bytes. More...

static String	GetIssuerCertURL (IX509Crl crl)
	Retrieves the URL for the issuer certificate for the given CRL. More...

static String	GetOCSPURL (IX509Certificate certificate)
	Retrieves the OCSP URL from the given certificate. More...

static String	GetIssuerCertURL (IX509Certificate certificate)
	Retrieves the URL for the issuer lists certificates for the given certificate. More...

static String	GetTSAURL (IX509Certificate certificate)
	Gets the URL of the TSA if it's available on the certificate More...

static IX509Certificate	GenerateCertificate (Stream data)
	Generates a certificate object and initializes it with the data read from the input stream inStream. More...

static void	RetrieveRevocationInfoFromSignedData (IAsn1TaggedObject taggedObj, ICollection< IX509Crl > crls, ICollection< IBasicOcspResponse > ocsps, ICollection< IAsn1Sequence > otherRevocationInfoFormats)
	Try to retrieve CRL and OCSP responses from the signed data crls field. More...

static IDerSet	CreateRevocationInfoChoices (ICollection< IX509Crl > crls, ICollection< IBasicOcspResponse > ocsps, ICollection< IAsn1Sequence > otherRevocationInfoFormats)
	Creates the revocation info (crls field) for SignedData structure: RevocationInfoChoices ::= SET OF RevocationInfoChoice RevocationInfoChoice ::= CHOICE { crl CertificateList, other [1] IMPLICIT OtherRevocationInfoFormat } OtherRevocationInfoFormat ::= SEQUENCE { otherRevInfoFormat OBJECT IDENTIFIER, otherRevInfo ANY DEFINED BY otherRevInfoFormat } CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } More...

static bool	CheckIfIssuersMatch (ICertID certID, IX509Certificate issuerCert)
	Checks if the issuer of the provided certID (specified in the OCSP response) and provided issuer of the certificate in question matches, i.e. checks that issuerNameHash and issuerKeyHash fields of the certID is the hash of the issuer's name and public key. More...

static byte[]	GetExtensionValueByOid (IX509Certificate certificate, String id)
	Retrieves certificate extension value by its OID. More...

static bool	IsSignatureValid (IBasicOcspResponse ocspResp, IX509Certificate responderCert)
	Checks if an OCSP response is genuine. More...

static bool	IsSelfSigned (IX509Certificate certificate)
	Checks if the certificate is self-signed. More...

static IAsn1Object	GetExtensionValue (IX509Certificate certificate, String oid)
	Gets certificate extension value. More...

static IAsn1Object	GetExtensionValue (IX509Crl crl, String oid)
	Gets CRL extension value. More...

Detailed Description

This class contains a series of static methods that allow you to retrieve information from a Certificate.

Member Function Documentation

◆ CheckIfIssuersMatch()

static bool iText.Signatures.CertificateUtil.CheckIfIssuersMatch	(	ICertID	certID,
		IX509Certificate	issuerCert
	)

inlinestatic

Checks if the issuer of the provided certID (specified in the OCSP response) and provided issuer of the certificate in question matches, i.e. checks that issuerNameHash and issuerKeyHash fields of the certID is the hash of the issuer's name and public key.

SingleResp contains the basic information of the status of the certificate identified by the certID. The issuer name and serial number identify a unique certificate, so if serial numbers of the certificate in question and certID serial number are equals and issuers match, then SingleResp contains the information about the status of the certificate in question.

Parameters

certID	certID specified in the OCSP response
issuerCert	the issuer of the certificate in question

Returns: true if the issuers are the same, false otherwise.

◆ CreateRevocationInfoChoices()

static IDerSet iText.Signatures.CertificateUtil.CreateRevocationInfoChoices	(	ICollection< IX509Crl >	crls,
		ICollection< IBasicOcspResponse >	ocsps,
		ICollection< IAsn1Sequence >	otherRevocationInfoFormats
	)

inlinestatic

Creates the revocation info (crls field) for SignedData structure: RevocationInfoChoices ::= SET OF RevocationInfoChoice RevocationInfoChoice ::= CHOICE { crl CertificateList, other [1] IMPLICIT OtherRevocationInfoFormat } OtherRevocationInfoFormat ::= SEQUENCE { otherRevInfoFormat OBJECT IDENTIFIER, otherRevInfo ANY DEFINED BY otherRevInfoFormat } CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING }

RFC 5652 §10.2.1

Parameters

crls	collection of CRL revocation status information.
ocsps	collection of OCSP revocation status information.
otherRevocationInfoFormats	collection of revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response, stored as iText.Commons.Bouncycastle.Asn1.IAsn1Sequence.

Returns

crls [1] RevocationInfoChoices field of SignedData structure. Null if SignedData has no revocation data.

◆ GenerateCertificate()

static IX509Certificate iText.Signatures.CertificateUtil.GenerateCertificate ( Stream data )

inlinestatic

Generates a certificate object and initializes it with the data read from the input stream inStream.

Parameters

data	the input stream with the certificates.

Returns: a certificate object initialized with the data from the input stream.

◆ GetCRL() [1/2]

static IX509Crl iText.Signatures.CertificateUtil.GetCRL ( IX509Certificate certificate )

inlinestatic

Gets a CRL from an X509 certificate.

Parameters

certificate the X509Certificate to extract the CRL from

Returns: CRL or null if there's no CRL available

◆ GetCRL() [2/2]

static IX509Crl iText.Signatures.CertificateUtil.GetCRL ( String url )

inlinestatic

Gets the CRL object using a CRL URL.

Parameters

url	the URL where the CRL is located

Returns: CRL object

◆ GetCRLs()

static IList<IX509Crl> iText.Signatures.CertificateUtil.GetCRLs ( IX509Certificate certificate )

inlinestatic

Gets a CRLs from the X509 certificate.

Parameters

certificate the X509Certificate to extract the CRLs from

Returns: CRL list or null if there's no CRL available

◆ GetCRLURL()

static String iText.Signatures.CertificateUtil.GetCRLURL ( IX509Certificate certificate )

inlinestatic

Gets the URL of the Certificate Revocation List for a Certificate

Parameters

certificate the Certificate

Returns: the String where you can check if the certificate was revoked.

◆ GetCRLURLs()

static IList iText.Signatures.CertificateUtil.GetCRLURLs ( IX509Certificate certificate )

inlinestatic

Gets the list of the Certificate Revocation List URLs for a Certificate.

Parameters

certificate the Certificate to get CRL URLs for

Returns: the list of URL strings where you can check if the certificate is revoked.

◆ GetDistributionPointByName()

static IDistributionPoint iText.Signatures.CertificateUtil.GetDistributionPointByName	(	IX509Certificate	certificate,
		IDistributionPointName	issuingDistributionPointName
	)

inlinestatic

Gets the Distribution Point from the certificate by name specified in the Issuing Distribution Point from the Certificate Revocation List for a Certificate.

Parameters

certificate	the certificate to retrieve Distribution Points
issuingDistributionPointName	distributionPointName retrieved from the IDP of the CRL

Returns: distribution point withthe same name as specified in the IDP.

◆ GetExtensionValue() [1/2]

static IAsn1Object iText.Signatures.CertificateUtil.GetExtensionValue	(	IX509Certificate	certificate,
		String	oid
	)

inlinestatic

Gets certificate extension value.

Parameters

certificate	the certificate from which we need the ExtensionValue
oid	the Object Identifier value for the extension

Returns: the extension value as an iText.Commons.Bouncycastle.Asn1.IAsn1Object object.

◆ GetExtensionValue() [2/2]

static IAsn1Object iText.Signatures.CertificateUtil.GetExtensionValue	(	IX509Crl	crl,
		String	oid
	)

inlinestatic

Gets CRL extension value.

Parameters

crl	the CRL from which we need the ExtensionValue
oid	the Object Identifier value for the extension

Returns: the extension value as an iText.Commons.Bouncycastle.Asn1.IAsn1Object object.

◆ GetExtensionValueByOid()

static byte [] iText.Signatures.CertificateUtil.GetExtensionValueByOid	(	IX509Certificate	certificate,
		String	id
	)

inlinestatic

Retrieves certificate extension value by its OID.

Parameters

certificate	to get extension from
id	extension OID to retrieve

Returns: encoded extension value.

◆ GetIssuerCertURL() [1/2]

static String iText.Signatures.CertificateUtil.GetIssuerCertURL ( IX509Certificate certificate )

inlinestatic

Retrieves the URL for the issuer lists certificates for the given certificate.

Parameters

certificate the certificate

Returns: the URL or null.

◆ GetIssuerCertURL() [2/2]

static String iText.Signatures.CertificateUtil.GetIssuerCertURL ( IX509Crl crl )

inlinestatic

Retrieves the URL for the issuer certificate for the given CRL.

Parameters

crl	the CRL response

Returns: the URL or null.

◆ GetOCSPURL()

static String iText.Signatures.CertificateUtil.GetOCSPURL ( IX509Certificate certificate )

inlinestatic

Retrieves the OCSP URL from the given certificate.

Parameters

certificate the certificate

Returns: the URL or null

◆ GetTSAURL()

static String iText.Signatures.CertificateUtil.GetTSAURL ( IX509Certificate certificate )

inlinestatic

Gets the URL of the TSA if it's available on the certificate

Parameters

certificate a certificate

Returns: a TSA URL

◆ IsSelfSigned()

static bool iText.Signatures.CertificateUtil.IsSelfSigned ( IX509Certificate certificate )

inlinestatic

Checks if the certificate is self-signed.

Parameters

certificate a certificate to check

Returns: true if the certificate is self-signed.

◆ IsSignatureValid()

static bool iText.Signatures.CertificateUtil.IsSignatureValid	(	IBasicOcspResponse	ocspResp,
		IX509Certificate	responderCert
	)

inlinestatic

Checks if an OCSP response is genuine.

Parameters

ocspResp

iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse the OCSP response wrapper

Parameters

responderCert the responder certificate

Returns: true if the OCSP response verifies against the responder certificate.

◆ ParseCrlFromBytes()

static IX509Crl iText.Signatures.CertificateUtil.ParseCrlFromBytes ( byte[] crlBytes )

inlinestatic

Parses a CRL from bytes.

Parameters

crlBytes the bytes holding the unparsed CRL

Returns: the parsed CRL object.

◆ ParseCrlFromStream()

static IX509Crl iText.Signatures.CertificateUtil.ParseCrlFromStream ( Stream input )

inlinestatic

Parses a CRL from an InputStream.

Parameters

input the InputStream holding the unparsed CRL

Returns: the parsed CRL object.

◆ RetrieveRevocationInfoFromSignedData()

static void iText.Signatures.CertificateUtil.RetrieveRevocationInfoFromSignedData	(	IAsn1TaggedObject	taggedObj,
		ICollection< IX509Crl >	crls,
		ICollection< IBasicOcspResponse >	ocsps,
		ICollection< IAsn1Sequence >	otherRevocationInfoFormats
	)

inlinestatic

Try to retrieve CRL and OCSP responses from the signed data crls field.

Parameters

taggedObj	signed data crls field as iText.Commons.Bouncycastle.Asn1.IAsn1TaggedObject.
crls	collection to store retrieved CRL responses.
ocsps	collection of iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse wrappers to store retrieved OCSP responses.
otherRevocationInfoFormats	collection of revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response, stored as iText.Commons.Bouncycastle.Asn1.IAsn1Sequence.

Static Public Member Functions

Detailed Description

Member Function Documentation

◆ CheckIfIssuersMatch()

◆ CreateRevocationInfoChoices()

◆ GenerateCertificate()

◆ GetCRL() [1/2]

◆ GetCRL() [2/2]

◆ GetCRLs()

◆ GetCRLURL()

◆ GetCRLURLs()

◆ GetDistributionPointByName()

◆ GetExtensionValue() [1/2]

◆ GetExtensionValue() [2/2]

◆ GetExtensionValueByOid()

◆ GetIssuerCertURL() [1/2]

◆ GetIssuerCertURL() [2/2]

◆ GetOCSPURL()

◆ GetTSAURL()

◆ IsSelfSigned()

◆ IsSignatureValid()

◆ ParseCrlFromBytes()

◆ ParseCrlFromStream()

◆ RetrieveRevocationInfoFromSignedData()