Package com.itextpdf.signatures

Class IssuingCertificateRetriever

java.lang.Object
com.itextpdf.signatures.IssuingCertificateRetriever
All Implemented Interfaces:
IIssuingCertificateRetriever
public class IssuingCertificateRetriever extends Object implements IIssuingCertificateRetriever
IIssuingCertificateRetriever default implementation.

  • Constructor Details

  • Method Details

    • retrieveMissingCertificates

      public Certificate[] retrieveMissingCertificates (Certificate[] chain)
      Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.
      Specified by:
      retrieveMissingCertificates in interface IIssuingCertificateRetriever
      Parameters:
      chain - certificate chain to restore with at least signing certificate.
      Returns:
      full chain of trust or maximum chain that could be restored in case missing certificates cannot be retrieved from AIA extension.

    • retrieveIssuerCertificate

      public Certificate retrieveIssuerCertificate (Certificate certificate)
      Retrieve issuer certificate for the provided certificate.
      Parameters:
      certificate - Certificate for which issuer certificate shall be retrieved
      Returns:
      issuer certificate. null if there is no issuer certificate, or it cannot be retrieved.

    • retrieveOCSPResponderCertificate

      public Certificate retrieveOCSPResponderCertificate (IBasicOCSPResp ocspResp)
      Retrieves OCSP responder certificate either from the response certs or trusted store in case responder certificate isn't found in /Certs.
      Parameters:
      ocspResp - basic OCSP response to get responder certificate for
      Returns:
      retrieved OCSP responder certificate or null in case it wasn't found.

    • getCrlIssuerCertificates

      public Certificate[] getCrlIssuerCertificates (CRL crl)
      Retrieves certificates that can be used to verify the signature on the CRL response using CRL Authority Information Access (AIA) Extension.
      Specified by:
      getCrlIssuerCertificates in interface IIssuingCertificateRetriever
      Parameters:
      crl - CRL response to retrieve issuer for.
      Returns:
      certificates retrieved from CRL AIA extension or an empty list in case certificates cannot be retrieved.

    • setTrustedCertificates

      public void setTrustedCertificates (Collection<Certificate> certificates)
      Sets trusted certificate list to be used for the missing certificates retrieving by the issuer name.
      Specified by:
      setTrustedCertificates in interface IIssuingCertificateRetriever
      Parameters:
      certificates - certificate list for getting missing certificates in chain or CRL response issuer certificates.

    • addTrustedCertificates

      public void addTrustedCertificates (Collection<Certificate> certificates)
      Add trusted certificates collection to trusted certificates storage.
      Parameters:
      certificates - certificates Collection to be added

    • addKnownCertificates

      public void addKnownCertificates (Collection<Certificate> certificates)
      Add certificates collection to known certificates storage, which is used for issuer certificates retrieval.
      Parameters:
      certificates - certificates Collection to be added

    • isCertificateTrusted

      public boolean isCertificateTrusted (Certificate certificate)
      Check if provided certificate is present in trusted certificates storage.
      Parameters:
      certificate - Certificate to be checked
      Returns:
      true if certificate is present in trusted certificates storage, false otherwise

    • getIssuerCertByURI

      protected InputStream getIssuerCertByURI (String uri) throws IOException
      Get CA issuers certificates represented as InputStream.
      Parameters:
      uri - URL URI, which is expected to be used to get issuer certificates from. Usually CA Issuers value from Authority Information Access (AIA) certificate extension.
      Returns:
      CA issuer certificate (or chain) bytes, represented as InputStream.
      Throws:
      IOException - if an I/O error occurs.

    • parseCertificates

      protected Collection<Certificate> parseCertificates (InputStream certsData) throws CertificateException
      Parses certificates represented as byte array.
      Parameters:
      certsData - stream which contains one or more X509 certificates.
      Returns:
      a (possibly empty) collection of the certificates read from the given byte array.
      Throws:
      CertificateException - if parsing error occurs.