Class TrustedCertificatesStore
- java.lang.Object
-
- com.itextpdf.signatures.validation.TrustedCertificatesStore
-
public class TrustedCertificatesStore extends java.lang.Object
Trusted certificates storage class to be used to configure trusted certificates in a particular way.
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>>
caTrustedCertificates
private java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>>
crlTrustedCertificates
private java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>>
generallyTrustedCertificates
private java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>>
ocspTrustedCertificates
private java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>>
timestampTrustedCertificates
-
Constructor Summary
Constructors Constructor Description TrustedCertificatesStore()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addCATrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add collection of certificates to be trusted to be CA certificates.private static void
addCertificateToMap(java.security.cert.Certificate certificate, java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>> map)
void
addCrlTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add collection of certificates to be trusted for CRL signing.void
addGenerallyTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add collection of certificates to be trusted for any possible usage.private static void
addMatched(java.util.Set<java.security.cert.Certificate> target, java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>> source, java.lang.String certificateName)
void
addOcspTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add collection of certificates to be trusted for OCSP response signing.void
addTimestampTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add collection of certificates to be trusted for timestamping.java.util.Collection<java.security.cert.Certificate>
getAllTrustedCertificates()
Get all the certificates, which where provided to this storage as trusted certificate.java.util.Set<java.security.cert.Certificate>
getAllTrustedCertificates(java.lang.String name)
Get all the certificates having name as subject, which where provided to this storage as trusted certificate.java.util.Set<java.security.cert.Certificate>
getCertificatesTrustedForCA(java.lang.String certificateName)
Get certificates, if any, which is trusted to be a CA, which corresponds to the provided certificate name.java.util.Set<java.security.cert.Certificate>
getCertificatesTrustedForCrl(java.lang.String certificateName)
Get certificates, if any, which is trusted for CRL generation, which corresponds to the provided certificate name.java.util.Set<java.security.cert.Certificate>
getCertificatesTrustedForOcsp(java.lang.String certificateName)
Get certificates, if any, which is trusted for OCSP response generation, which corresponds to the provided certificate name.java.util.Set<java.security.cert.Certificate>
getCertificatesTrustedForTimestamp(java.lang.String certificateName)
Get certificate, if any, which is trusted for timestamp generation, which corresponds to the provided certificate name.java.util.Set<java.security.cert.Certificate>
getGenerallyTrustedCertificates(java.lang.String certificateName)
Get certificates, if any, which is trusted for any usage, which corresponds to the provided certificate name.java.util.Set<java.security.cert.Certificate>
getKnownCertificates(java.lang.String certificateName)
Get certificates, if any, which corresponds to the provided certificate name.boolean
isCertificateGenerallyTrusted(java.security.cert.Certificate certificate)
Check if provided certificate is configured to be trusted for any purpose.boolean
isCertificateTrustedForCA(java.security.cert.Certificate certificate)
Check if provided certificate is configured to be trusted to be CA.boolean
isCertificateTrustedForCrl(java.security.cert.Certificate certificate)
Check if provided certificate is configured to be trusted for CRL generation.boolean
isCertificateTrustedForOcsp(java.security.cert.Certificate certificate)
Check if provided certificate is configured to be trusted for OCSP response generation.boolean
isCertificateTrustedForTimestamp(java.security.cert.Certificate certificate)
Check if provided certificate is configured to be trusted for timestamp generation.private static boolean
mapContainsCertificate(java.security.cert.Certificate certificate, java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>> map)
-
-
-
Field Detail
-
generallyTrustedCertificates
private final java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>> generallyTrustedCertificates
-
ocspTrustedCertificates
private final java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>> ocspTrustedCertificates
-
timestampTrustedCertificates
private final java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>> timestampTrustedCertificates
-
crlTrustedCertificates
private final java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>> crlTrustedCertificates
-
caTrustedCertificates
private final java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>> caTrustedCertificates
-
-
Method Detail
-
addGenerallyTrustedCertificates
public void addGenerallyTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add collection of certificates to be trusted for any possible usage.- Parameters:
certificates
-Collection
ofCertificate
instances
-
addOcspTrustedCertificates
public void addOcspTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add collection of certificates to be trusted for OCSP response signing. These certificates are considered to be valid trust anchors for arbitrarily long certificate chain responsible for OCSP response generation.- Parameters:
certificates
-Collection
ofCertificate
instances
-
addCrlTrustedCertificates
public void addCrlTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add collection of certificates to be trusted for CRL signing. These certificates are considered to be valid trust anchors for arbitrarily long certificate chain responsible for CRL generation.- Parameters:
certificates
-Collection
ofCertificate
instances
-
addTimestampTrustedCertificates
public void addTimestampTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add collection of certificates to be trusted for timestamping. These certificates are considered to be valid trust anchors for arbitrarily long certificate chain responsible for timestamp generation.- Parameters:
certificates
-Collection
ofCertificate
instances
-
addCATrustedCertificates
public void addCATrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add collection of certificates to be trusted to be CA certificates. These certificates are considered to be valid trust anchors for certificate generation.- Parameters:
certificates
-Collection
ofCertificate
instances
-
isCertificateGenerallyTrusted
public boolean isCertificateGenerallyTrusted(java.security.cert.Certificate certificate)
Check if provided certificate is configured to be trusted for any purpose.- Parameters:
certificate
-Certificate
to be checked- Returns:
true
is provided certificate is generally trusted,false
otherwise
-
isCertificateTrustedForOcsp
public boolean isCertificateTrustedForOcsp(java.security.cert.Certificate certificate)
Check if provided certificate is configured to be trusted for OCSP response generation.- Parameters:
certificate
-Certificate
to be checked- Returns:
true
is provided certificate is trusted for OCSP generation,false
otherwise
-
isCertificateTrustedForCrl
public boolean isCertificateTrustedForCrl(java.security.cert.Certificate certificate)
Check if provided certificate is configured to be trusted for CRL generation.- Parameters:
certificate
-Certificate
to be checked- Returns:
true
is provided certificate is trusted for CRL generation,false
otherwise
-
isCertificateTrustedForTimestamp
public boolean isCertificateTrustedForTimestamp(java.security.cert.Certificate certificate)
Check if provided certificate is configured to be trusted for timestamp generation.- Parameters:
certificate
-Certificate
to be checked- Returns:
true
is provided certificate is trusted for timestamp generation,false
otherwise
-
isCertificateTrustedForCA
public boolean isCertificateTrustedForCA(java.security.cert.Certificate certificate)
Check if provided certificate is configured to be trusted to be CA.- Parameters:
certificate
-Certificate
to be checked- Returns:
true
is provided certificate is trusted for certificates generation,false
otherwise
-
getGenerallyTrustedCertificates
public java.util.Set<java.security.cert.Certificate> getGenerallyTrustedCertificates(java.lang.String certificateName)
Get certificates, if any, which is trusted for any usage, which corresponds to the provided certificate name.- Parameters:
certificateName
-String
certificate name- Returns:
- set of
Certificate
which correspond to the provided certificate name
-
getCertificatesTrustedForOcsp
public java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForOcsp(java.lang.String certificateName)
Get certificates, if any, which is trusted for OCSP response generation, which corresponds to the provided certificate name.- Parameters:
certificateName
-String
certificate name- Returns:
- set of
Certificate
which correspond to the provided certificate name
-
getCertificatesTrustedForCrl
public java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForCrl(java.lang.String certificateName)
Get certificates, if any, which is trusted for CRL generation, which corresponds to the provided certificate name.- Parameters:
certificateName
-String
certificate name- Returns:
- set of
Certificate
which correspond to the provided certificate name
-
getCertificatesTrustedForTimestamp
public java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForTimestamp(java.lang.String certificateName)
Get certificate, if any, which is trusted for timestamp generation, which corresponds to the provided certificate name.- Parameters:
certificateName
-String
certificate name- Returns:
- set of
Certificate
which correspond to the provided certificate name
-
getCertificatesTrustedForCA
public java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForCA(java.lang.String certificateName)
Get certificates, if any, which is trusted to be a CA, which corresponds to the provided certificate name.- Parameters:
certificateName
-String
certificate name- Returns:
- set of
Certificate
which correspond to the provided certificate name
-
getKnownCertificates
public java.util.Set<java.security.cert.Certificate> getKnownCertificates(java.lang.String certificateName)
Get certificates, if any, which corresponds to the provided certificate name.- Parameters:
certificateName
-String
certificate name- Returns:
- set of
Certificate
which correspond to the provided certificate name
-
getAllTrustedCertificates
public java.util.Collection<java.security.cert.Certificate> getAllTrustedCertificates()
Get all the certificates, which where provided to this storage as trusted certificate.- Returns:
Collection
ofCertificate
instances
-
getAllTrustedCertificates
public java.util.Set<java.security.cert.Certificate> getAllTrustedCertificates(java.lang.String name)
Get all the certificates having name as subject, which where provided to this storage as trusted certificate.- Parameters:
name
- the subject name value for which to retrieve all trusted certificate- Returns:
- set of
Certificate
which correspond to the provided certificate name
-
addCertificateToMap
private static void addCertificateToMap(java.security.cert.Certificate certificate, java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>> map)
-
mapContainsCertificate
private static boolean mapContainsCertificate(java.security.cert.Certificate certificate, java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>> map)
-
addMatched
private static void addMatched(java.util.Set<java.security.cert.Certificate> target, java.util.Map<java.lang.String,java.util.Set<java.security.cert.Certificate>> source, java.lang.String certificateName)
-
-