Package com.itextpdf.signatures

Class IssuingCertificateRetriever

java.lang.Object

com.itextpdf.signatures.IssuingCertificateRetriever

All Implemented Interfaces:

IIssuingCertificateRetriever

 public class IssuingCertificateRetriever extends Object implements IIssuingCertificateRetriever 
      

IIssuingCertificateRetriever default implementation.

Constructor Summary

Constructors

Constructor	Description
IssuingCertificateRetriever()	Creates IssuingCertificateRetriever instance.

Method Summary

Modifier and Type	Method	Description
Certificate[]	getCrlIssuerCertificates(CRL crl)	Retrieves certificates that can be used to verify the signature on the CRL response using CRL Authority Information Access (AIA) Extension.
protected InputStream	getIssuerCertByURI(String uri)	Get CA issuers certificates represented as InputStream.
protected Collection<Certificate>	parseCertificates(InputStream certsData)	Parses certificates represented as byte array.
Certificate[]	retrieveMissingCertificates(Certificate[] chain)	Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.
void	setTrustedCertificates(Collection<Certificate> certificates)	Sets trusted certificate list to be used for the missing certificates retrieving by the issuer name.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

IssuingCertificateRetriever

 public IssuingCertificateRetriever() 
            

Creates IssuingCertificateRetriever instance.

Method Details

retrieveMissingCertificates

 public Certificate[] retrieveMissingCertificates 
             (Certificate[] chain) 
            

Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.

Specified by:

retrieveMissingCertificates in interface IIssuingCertificateRetriever

Parameters:

chain - certificate chain to restore with at least signing certificate.

Returns:

full chain of trust or maximum chain that could be restored in case missing certificates cannot be retrieved from AIA extension.

getCrlIssuerCertificates

 public Certificate[] getCrlIssuerCertificates 
             (CRL crl) 
            

Retrieves certificates that can be used to verify the signature on the CRL response using CRL Authority Information Access (AIA) Extension.

Specified by:

getCrlIssuerCertificates in interface IIssuingCertificateRetriever

Parameters:

crl - CRL response to retrieve issuer for.

Returns:

certificates retrieved from CRL AIA extension or an empty list in case certificates cannot be retrieved.

setTrustedCertificates

 public void setTrustedCertificates 
             (Collection<Certificate> certificates) 
            

Sets trusted certificate list to be used for the missing certificates retrieving by the issuer name.

Specified by:

setTrustedCertificates in interface IIssuingCertificateRetriever

Parameters:

certificates - certificate list for getting missing certificates in chain or CRL response issuer certificates.

getIssuerCertByURI

 protected InputStream getIssuerCertByURI 
             (String uri) throws IOException 
            

Get CA issuers certificates represented as InputStream.

Parameters:

uri - URL URI, which is expected to be used to get issuer certificates from. Usually CA Issuers value from Authority Information Access (AIA) certificate extension.

Returns:

CA issuer certificate (or chain) bytes, represented as InputStream.

Throws:

IOException - if an I/O error occurs.

parseCertificates

 protected Collection<Certificate> parseCertificates 
             (InputStream certsData) throws CertificateException 
            

Parses certificates represented as byte array.

Parameters:

certsData - stream which contains one or more X509 certificates.

Returns:

a (possibly empty) collection of the certificates read from the given byte array.

Throws:

CertificateException - if parsing error occurs.