Package com.itextpdf.signatures
Class IssuingCertificateRetriever
java.lang.Object
com.itextpdf.signatures.IssuingCertificateRetriever
- All Implemented Interfaces:
-
IIssuingCertificateRetriever
IIssuingCertificateRetriever
default implementation.
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
addKnownCertificates
(Collection<Certificate> certificates) Add certificates collection to known certificates storage, which is used for issuer certificates retrieval.void
addTrustedCertificates
(Collection<Certificate> certificates) Add trusted certificates collection to trusted certificates storage.Retrieves certificates that can be used to verify the signature on the CRL response using CRL Authority Information Access (AIA) Extension.protected InputStream
getIssuerCertByURI
(String uri) Get CA issuers certificates represented asInputStream
.boolean
isCertificateTrusted
(Certificate certificate) Check if provided certificate is present in trusted certificates storage.protected Collection<Certificate>
parseCertificates
(InputStream certsData) Parses certificates represented as byte array.retrieveIssuerCertificate
(Certificate certificate) Retrieve issuer certificate for the provided certificate.retrieveMissingCertificates
(Certificate[] chain) Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.Retrieves OCSP responder certificate either from the response certs or trusted store in case responder certificate isn't found in /Certs.void
setTrustedCertificates
(Collection<Certificate> certificates) Sets trusted certificate list to be used for the missing certificates retrieving by the issuer name.
-
Constructor Details
-
IssuingCertificateRetriever
public IssuingCertificateRetriever()CreatesIssuingCertificateRetriever
instance.
-
-
Method Details
-
retrieveMissingCertificates
Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.- Specified by:
-
retrieveMissingCertificates
in interfaceIIssuingCertificateRetriever
- Parameters:
-
chain
- certificate chain to restore with at least signing certificate. - Returns:
- full chain of trust or maximum chain that could be restored in case missing certificates cannot be retrieved from AIA extension.
-
retrieveIssuerCertificate
Retrieve issuer certificate for the provided certificate.- Parameters:
-
certificate
-Certificate
for which issuer certificate shall be retrieved - Returns:
-
issuer certificate.
null
if there is no issuer certificate, or it cannot be retrieved.
-
retrieveOCSPResponderCertificate
Retrieves OCSP responder certificate either from the response certs or trusted store in case responder certificate isn't found in /Certs.- Parameters:
-
ocspResp
- basic OCSP response to get responder certificate for - Returns:
- retrieved OCSP responder certificate or null in case it wasn't found.
-
getCrlIssuerCertificates
Retrieves certificates that can be used to verify the signature on the CRL response using CRL Authority Information Access (AIA) Extension.- Specified by:
-
getCrlIssuerCertificates
in interfaceIIssuingCertificateRetriever
- Parameters:
-
crl
- CRL response to retrieve issuer for. - Returns:
- certificates retrieved from CRL AIA extension or an empty list in case certificates cannot be retrieved.
-
setTrustedCertificates
Sets trusted certificate list to be used for the missing certificates retrieving by the issuer name.- Specified by:
-
setTrustedCertificates
in interfaceIIssuingCertificateRetriever
- Parameters:
-
certificates
- certificate list for getting missing certificates in chain or CRL response issuer certificates.
-
addTrustedCertificates
Add trusted certificates collection to trusted certificates storage.- Parameters:
-
certificates
- certificatesCollection
to be added
-
addKnownCertificates
Add certificates collection to known certificates storage, which is used for issuer certificates retrieval.- Parameters:
-
certificates
- certificatesCollection
to be added
-
isCertificateTrusted
Check if provided certificate is present in trusted certificates storage.- Parameters:
-
certificate
-Certificate
to be checked - Returns:
-
true
if certificate is present in trusted certificates storage,false
otherwise
-
getIssuerCertByURI
Get CA issuers certificates represented asInputStream
.- Parameters:
-
uri
-URL
URI, which is expected to be used to get issuer certificates from. Usually CA Issuers value from Authority Information Access (AIA) certificate extension. - Returns:
-
CA issuer certificate (or chain) bytes, represented as
InputStream
. - Throws:
-
IOException
- if an I/O error occurs.
-
parseCertificates
protected Collection<Certificate> parseCertificates(InputStream certsData) throws CertificateException Parses certificates represented as byte array.- Parameters:
-
certsData
- stream which contains one or more X509 certificates. - Returns:
- a (possibly empty) collection of the certificates read from the given byte array.
- Throws:
-
CertificateException
- if parsing error occurs.
-