Package com.itextpdf.signatures

Class CertificateUtil

java.lang.Object
com.itextpdf.signatures.CertificateUtil
public class CertificateUtil extends Object
This class contains a series of static methods that allow you to retrieve information from a Certificate.

  • Constructor Details

    • CertificateUtil

      public CertificateUtil()

  • Method Details

    • getCRL

      public static CRL getCRL (X509Certificate certificate) throws CertificateException, CRLException, IOException
      Gets a CRL from an X509 certificate.
      Parameters:
      certificate - the X509Certificate to extract the CRL from
      Returns:
      CRL or null if there's no CRL available
      Throws:
      IOException - thrown when the URL couldn't be opened properly.
      CertificateException - thrown if there's no X509 implementation in the provider.
      CRLException - thrown when encountering errors when parsing the CRL.

    • getCRLURL

      public static String getCRLURL (X509Certificate certificate)
      Gets the URL of the Certificate Revocation List for a Certificate
      Parameters:
      certificate - the Certificate
      Returns:
      the String where you can check if the certificate was revoked

    • getCRL

      public static CRL getCRL (String url) throws IOException, CertificateException, CRLException
      Gets the CRL object using a CRL URL.
      Parameters:
      url - the URL where the CRL is located
      Returns:
      CRL object
      Throws:
      IOException - thrown when the URL couldn't be opened properly.
      CertificateException - thrown if there's no X509 implementation in the provider.
      CRLException - thrown when encountering errors when parsing the CRL.

    • getIssuerCertURL

      public static String getIssuerCertURL (CRL crl)
      Retrieves the URL for the issuer certificate for the given CRL.
      Parameters:
      crl - the CRL response
      Returns:
      the URL or null.

    • getOCSPURL

      public static String getOCSPURL (X509Certificate certificate)
      Retrieves the OCSP URL from the given certificate.
      Parameters:
      certificate - the certificate
      Returns:
      the URL or null

    • getIssuerCertURL

      public static String getIssuerCertURL (X509Certificate certificate)
      Retrieves the URL for the issuer lists certificates for the given certificate.
      Parameters:
      certificate - the certificate
      Returns:
      the URL or null.

    • getTSAURL

      public static String getTSAURL (X509Certificate certificate)
      Gets the URL of the TSA if it's available on the certificate
      Parameters:
      certificate - a certificate
      Returns:
      a TSA URL

    • generateCertificate

      public static Certificate generateCertificate (InputStream data) throws CertificateException
      Generates a certificate object and initializes it with the data read from the input stream inStream.
      Parameters:
      data - the input stream with the certificates.
      Returns:
      a certificate object initialized with the data from the input stream.
      Throws:
      CertificateException - on parsing errors.

    • retrieveRevocationInfoFromSignedData

      public static void retrieveRevocationInfoFromSignedData (IASN1TaggedObject taggedObj, Collection<CRL> crls, Collection<IBasicOCSPResponse> ocsps, Collection<IASN1Sequence> otherRevocationInfoFormats) throws IOException, CertificateException
      Try to retrieve CRL and OCSP responses from the signed data crls field.
      Parameters:
      taggedObj - signed data crls field as IASN1TaggedObject.
      crls - collection to store retrieved CRL responses.
      ocsps - collection of IBasicOCSPResponse wrappers to store retrieved OCSP responses.
      otherRevocationInfoFormats - collection of revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response, stored as IASN1Sequence.
      Throws:
      IOException - if some I/O error occurred.
      CertificateException - if CertificateFactory instance wasn't created.

    • createRevocationInfoChoices

      public static IDERSet createRevocationInfoChoices (Collection<CRL> crls, Collection<IBasicOCSPResponse> ocsps, Collection<IASN1Sequence> otherRevocationInfoFormats) throws CRLException, IOException
      Creates the revocation info (crls field) for SignedData structure: RevocationInfoChoices ::= SET OF RevocationInfoChoice RevocationInfoChoice ::= CHOICE { crl CertificateList, other [1] IMPLICIT OtherRevocationInfoFormat } OtherRevocationInfoFormat ::= SEQUENCE { otherRevInfoFormat OBJECT IDENTIFIER, otherRevInfo ANY DEFINED BY otherRevInfoFormat } CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING }
      Parameters:
      crls - collection of CRL revocation status information.
      ocsps - collection of OCSP revocation status information.
      otherRevocationInfoFormats - collection of revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response, stored as IASN1Sequence.
      Returns:
      crls [1] RevocationInfoChoices field of SignedData structure. Null if SignedData has no revocation data.
      Throws:
      CRLException - if an encoding error occurs.
      IOException - if an I/O error occurs.
      See Also:

    • getExtensionValue

      public static IASN1Primitive getExtensionValue (X509Certificate certificate, String oid) throws IOException
      Parameters:
      certificate - the certificate from which we need the ExtensionValue
      oid - the Object Identifier value for the extension.
      Returns:
      the extension value as an IASN1Primitive object.
      Throws:
      IOException - on processing exception