iText 9.0.0 API
iText.Signatures.CertificateUtil Class Reference

This class contains a series of static methods that allow you to retrieve information from a Certificate. More...

Static Public Member Functions

static IList< IX509Crl GetCRLs (IX509Certificate certificate)
  Gets a CRLs from the X509 certificate. More...
 
static IList< String >  GetCRLURLs (IX509Certificate certificate)
  Gets the list of the Certificate Revocation List URLs for a Certificate. More...
 
static IDistributionPoint  GetDistributionPointByName (IX509Certificate certificate, IDistributionPointName issuingDistributionPointName)
  Gets the Distribution Point from the certificate by name specified in the Issuing Distribution Point from the Certificate Revocation List for a Certificate. More...
 
static IX509Crl  GetCRL (String url)
  Gets the CRL object using a CRL URL. More...
 
static IX509Crl  ParseCrlFromStream (Stream input)
  Parses a CRL from an InputStream. More...
 
static IX509Crl  ParseCrlFromBytes (byte[] crlBytes)
  Parses a CRL from bytes. More...
 
static String  GetIssuerCertURL (IX509Crl crl)
  Retrieves the URL for the issuer certificate for the given CRL. More...
 
static String  GetOCSPURL (IX509Certificate certificate)
  Retrieves the OCSP URL from the given certificate. More...
 
static String  GetIssuerCertURL (IX509Certificate certificate)
  Retrieves the URL for the issuer lists certificates for the given certificate. More...
 
static String  GetTSAURL (IX509Certificate certificate)
  Gets the URL of the TSA if it's available on the certificate More...
 
static IX509Certificate  GenerateCertificate (Stream data)
  Generates a certificate object and initializes it with the data read from the input stream inStream. More...
 
static void  RetrieveRevocationInfoFromSignedData (IAsn1TaggedObject taggedObj, ICollection< IX509Crl > crls, ICollection< IBasicOcspResponse > ocsps, ICollection< IAsn1Sequence > otherRevocationInfoFormats)
  Try to retrieve CRL and OCSP responses from the signed data crls field. More...
 
static IDerSet  CreateRevocationInfoChoices (ICollection< IX509Crl > crls, ICollection< IBasicOcspResponse > ocsps, ICollection< IAsn1Sequence > otherRevocationInfoFormats)
  Creates the revocation info (crls field) for SignedData structure: RevocationInfoChoices ::= SET OF RevocationInfoChoice RevocationInfoChoice ::= CHOICE { crl CertificateList, other [1] IMPLICIT OtherRevocationInfoFormat } OtherRevocationInfoFormat ::= SEQUENCE { otherRevInfoFormat OBJECT IDENTIFIER, otherRevInfo ANY DEFINED BY otherRevInfoFormat } CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } More...
 
static bool  CheckIfIssuersMatch (ICertID certID, IX509Certificate issuerCert)
  Checks if the issuer of the provided certID (specified in the OCSP response) and provided issuer of the certificate in question matches, i.e. checks that issuerNameHash and issuerKeyHash fields of the certID is the hash of the issuer's name and public key. More...
 
static byte[]  GetExtensionValueByOid (IX509Certificate certificate, String id)
  Retrieves certificate extension value by its OID. More...
 
static bool  IsSignatureValid (IBasicOcspResponse ocspResp, IX509Certificate responderCert)
  Checks if an OCSP response is genuine. More...
 
static bool  IsSelfSigned (IX509Certificate certificate)
  Checks if the certificate is self-signed. More...
 
static IAsn1Object  GetExtensionValue (IX509Certificate certificate, String oid)
  Gets certificate extension value. More...
 
static IAsn1Object  GetExtensionValue (IX509Crl crl, String oid)
  Gets CRL extension value. More...
 

Detailed Description

This class contains a series of static methods that allow you to retrieve information from a Certificate.

Member Function Documentation

◆ CheckIfIssuersMatch()

static bool iText.Signatures.CertificateUtil.CheckIfIssuersMatch ( ICertID  certID,
IX509Certificate  issuerCert 
)
inlinestatic

Checks if the issuer of the provided certID (specified in the OCSP response) and provided issuer of the certificate in question matches, i.e. checks that issuerNameHash and issuerKeyHash fields of the certID is the hash of the issuer's name and public key.

Checks if the issuer of the provided certID (specified in the OCSP response) and provided issuer of the certificate in question matches, i.e. checks that issuerNameHash and issuerKeyHash fields of the certID is the hash of the issuer's name and public key.

SingleResp contains the basic information of the status of the certificate identified by the certID. The issuer name and serial number identify a unique certificate, so if serial numbers of the certificate in question and certID serial number are equals and issuers match, then SingleResp contains the information about the status of the certificate in question.

Parameters
certID certID specified in the OCSP response
issuerCert the issuer of the certificate in question
Returns
true if the issuers are the same, false otherwise.

◆ CreateRevocationInfoChoices()

static IDerSet iText.Signatures.CertificateUtil.CreateRevocationInfoChoices ( ICollection< IX509Crl crls,
ICollection< IBasicOcspResponse ocsps,
ICollection< IAsn1Sequence otherRevocationInfoFormats 
)
inlinestatic

Creates the revocation info (crls field) for SignedData structure: RevocationInfoChoices ::= SET OF RevocationInfoChoice RevocationInfoChoice ::= CHOICE { crl CertificateList, other [1] IMPLICIT OtherRevocationInfoFormat } OtherRevocationInfoFormat ::= SEQUENCE { otherRevInfoFormat OBJECT IDENTIFIER, otherRevInfo ANY DEFINED BY otherRevInfoFormat } CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING }

RFC 5652 §10.2.1

Parameters
crls collection of CRL revocation status information.
ocsps collection of OCSP revocation status information.
otherRevocationInfoFormats collection of revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response, stored as iText.Commons.Bouncycastle.Asn1.IAsn1Sequence.
Returns

crls [1] RevocationInfoChoices field of SignedData structure. Null if SignedData has no revocation data.

◆ GenerateCertificate()

static IX509Certificate iText.Signatures.CertificateUtil.GenerateCertificate ( Stream  data )
inlinestatic

Generates a certificate object and initializes it with the data read from the input stream inStream.

Parameters
data the input stream with the certificates.
Returns
a certificate object initialized with the data from the input stream.

◆ GetCRL()

static IX509Crl iText.Signatures.CertificateUtil.GetCRL ( String  url )
inlinestatic

Gets the CRL object using a CRL URL.

Parameters
url the URL where the CRL is located
Returns
CRL object

◆ GetCRLs()

static IList<IX509Crl> iText.Signatures.CertificateUtil.GetCRLs ( IX509Certificate  certificate )
inlinestatic

Gets a CRLs from the X509 certificate.

Parameters
certificate the X509Certificate to extract the CRLs from
Returns
CRL list or null if there's no CRL available

◆ GetCRLURLs()

static IList iText.Signatures.CertificateUtil.GetCRLURLs ( IX509Certificate  certificate )
inlinestatic

Gets the list of the Certificate Revocation List URLs for a Certificate.

Parameters
certificate the Certificate to get CRL URLs for
Returns
the list of URL strings where you can check if the certificate is revoked.

◆ GetDistributionPointByName()

static IDistributionPoint iText.Signatures.CertificateUtil.GetDistributionPointByName ( IX509Certificate  certificate,
IDistributionPointName  issuingDistributionPointName 
)
inlinestatic

Gets the Distribution Point from the certificate by name specified in the Issuing Distribution Point from the Certificate Revocation List for a Certificate.

Parameters
certificate the certificate to retrieve Distribution Points
issuingDistributionPointName distributionPointName retrieved from the IDP of the CRL
Returns
distribution point withthe same name as specified in the IDP.

◆ GetExtensionValue() [1/2]

static IAsn1Object iText.Signatures.CertificateUtil.GetExtensionValue ( IX509Certificate  certificate,
String  oid 
)
inlinestatic

Gets certificate extension value.

Parameters
certificate the certificate from which we need the ExtensionValue
oid the Object Identifier value for the extension
Returns
the extension value as an iText.Commons.Bouncycastle.Asn1.IAsn1Object object.

◆ GetExtensionValue() [2/2]

static IAsn1Object iText.Signatures.CertificateUtil.GetExtensionValue ( IX509Crl  crl,
String  oid 
)
inlinestatic

Gets CRL extension value.

Parameters
crl the CRL from which we need the ExtensionValue
oid the Object Identifier value for the extension
Returns
the extension value as an iText.Commons.Bouncycastle.Asn1.IAsn1Object object.

◆ GetExtensionValueByOid()

static byte [] iText.Signatures.CertificateUtil.GetExtensionValueByOid ( IX509Certificate  certificate,
String  id 
)
inlinestatic

Retrieves certificate extension value by its OID.

Parameters
certificate to get extension from
id extension OID to retrieve
Returns
encoded extension value.

◆ GetIssuerCertURL() [1/2]

static String iText.Signatures.CertificateUtil.GetIssuerCertURL ( IX509Certificate  certificate )
inlinestatic

Retrieves the URL for the issuer lists certificates for the given certificate.

Parameters
certificate the certificate
Returns
the URL or null.

◆ GetIssuerCertURL() [2/2]

static String iText.Signatures.CertificateUtil.GetIssuerCertURL ( IX509Crl  crl )
inlinestatic

Retrieves the URL for the issuer certificate for the given CRL.

Parameters
crl the CRL response
Returns
the URL or null.

◆ GetOCSPURL()

static String iText.Signatures.CertificateUtil.GetOCSPURL ( IX509Certificate  certificate )
inlinestatic

Retrieves the OCSP URL from the given certificate.

Parameters
certificate the certificate
Returns
the URL or null

◆ GetTSAURL()

static String iText.Signatures.CertificateUtil.GetTSAURL ( IX509Certificate  certificate )
inlinestatic

Gets the URL of the TSA if it's available on the certificate

Parameters
certificate a certificate
Returns
a TSA URL

◆ IsSelfSigned()

static bool iText.Signatures.CertificateUtil.IsSelfSigned ( IX509Certificate  certificate )
inlinestatic

Checks if the certificate is self-signed.

Parameters
certificate a certificate to check
Returns
true if the certificate is self-signed.

◆ IsSignatureValid()

static bool iText.Signatures.CertificateUtil.IsSignatureValid ( IBasicOcspResponse  ocspResp,
IX509Certificate  responderCert 
)
inlinestatic

Checks if an OCSP response is genuine.

Parameters
ocspResp

iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse the OCSP response wrapper

Parameters
responderCert the responder certificate
Returns
true if the OCSP response verifies against the responder certificate.

◆ ParseCrlFromBytes()

static IX509Crl iText.Signatures.CertificateUtil.ParseCrlFromBytes ( byte[]  crlBytes )
inlinestatic

Parses a CRL from bytes.

Parameters
crlBytes the bytes holding the unparsed CRL
Returns
the parsed CRL object.

◆ ParseCrlFromStream()

static IX509Crl iText.Signatures.CertificateUtil.ParseCrlFromStream ( Stream  input )
inlinestatic

Parses a CRL from an InputStream.

Parameters
input the InputStream holding the unparsed CRL
Returns
the parsed CRL object.

◆ RetrieveRevocationInfoFromSignedData()

static void iText.Signatures.CertificateUtil.RetrieveRevocationInfoFromSignedData ( IAsn1TaggedObject  taggedObj,
ICollection< IX509Crl crls,
ICollection< IBasicOcspResponse ocsps,
ICollection< IAsn1Sequence otherRevocationInfoFormats 
)
inlinestatic

Try to retrieve CRL and OCSP responses from the signed data crls field.

Parameters
taggedObj signed data crls field as iText.Commons.Bouncycastle.Asn1.IAsn1TaggedObject.
crls collection to store retrieved CRL responses.
ocsps collection of iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse wrappers to store retrieved OCSP responses.
otherRevocationInfoFormats collection of revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response, stored as iText.Commons.Bouncycastle.Asn1.IAsn1Sequence.