Package com.itextpdf.signatures
Class IssuingCertificateRetriever
- java.lang.Object
-
- com.itextpdf.signatures.IssuingCertificateRetriever
-
- All Implemented Interfaces:
IIssuingCertificateRetriever
public class IssuingCertificateRetriever extends java.lang.Object implements IIssuingCertificateRetriever
IIssuingCertificateRetriever
default implementation.
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Map<java.lang.String,java.security.cert.Certificate>
knownCertificates
private static org.slf4j.Logger
LOGGER
private TrustedCertificatesStore
trustedCertificatesStore
-
Constructor Summary
Constructors Constructor Description IssuingCertificateRetriever()
CreatesIssuingCertificateRetriever
instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addKnownCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add certificates collection to known certificates storage, which is used for issuer certificates retrieval.void
addTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add trusted certificates collection to trusted certificates storage.java.security.cert.Certificate[]
getCrlIssuerCertificates(java.security.cert.CRL crl)
Retrieves certificates that can be used to verify the signature on the CRL response using CRL Authority Information Access (AIA) Extension.protected java.io.InputStream
getIssuerCertByURI(java.lang.String uri)
Get CA issuers certificates represented asInputStream
.TrustedCertificatesStore
getTrustedCertificatesStore()
GetsTrustedCertificatesStore
to be used to provide more complex trusted certificates configuration.boolean
isCertificateTrusted(java.security.cert.Certificate certificate)
Check if provided certificate is present in trusted certificates storage.protected java.util.Collection<java.security.cert.Certificate>
parseCertificates(java.io.InputStream certsData)
Parses certificates represented as byte array.private java.util.Collection<java.security.cert.Certificate>
processCertificatesFromAIA(java.lang.String url)
java.security.cert.Certificate
retrieveIssuerCertificate(java.security.cert.Certificate certificate)
Retrieve issuer certificate for the provided certificate.java.security.cert.Certificate[]
retrieveMissingCertificates(java.security.cert.Certificate[] chain)
Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.java.security.cert.Certificate
retrieveOCSPResponderCertificate(IBasicOCSPResp ocspResp)
Retrieves OCSP responder certificate either from the response certs or trusted store in case responder certificate isn't found in /Certs.void
setTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Sets trusted certificate list to be used as certificates trusted for any possible usage.
-
-
-
Field Detail
-
LOGGER
private static final org.slf4j.Logger LOGGER
-
trustedCertificatesStore
private final TrustedCertificatesStore trustedCertificatesStore
-
knownCertificates
private final java.util.Map<java.lang.String,java.security.cert.Certificate> knownCertificates
-
-
Constructor Detail
-
IssuingCertificateRetriever
public IssuingCertificateRetriever()
CreatesIssuingCertificateRetriever
instance.
-
-
Method Detail
-
retrieveMissingCertificates
public java.security.cert.Certificate[] retrieveMissingCertificates(java.security.cert.Certificate[] chain)
Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.- Specified by:
retrieveMissingCertificates
in interfaceIIssuingCertificateRetriever
- Parameters:
chain
- certificate chain to restore with at least signing certificate.- Returns:
- full chain of trust or maximum chain that could be restored in case missing certificates cannot be retrieved from AIA extension.
-
retrieveIssuerCertificate
public java.security.cert.Certificate retrieveIssuerCertificate(java.security.cert.Certificate certificate)
Retrieve issuer certificate for the provided certificate.- Parameters:
certificate
-Certificate
for which issuer certificate shall be retrieved- Returns:
- issuer certificate.
null
if there is no issuer certificate, or it cannot be retrieved.
-
retrieveOCSPResponderCertificate
public java.security.cert.Certificate retrieveOCSPResponderCertificate(IBasicOCSPResp ocspResp)
Retrieves OCSP responder certificate either from the response certs or trusted store in case responder certificate isn't found in /Certs.- Parameters:
ocspResp
- basic OCSP response to get responder certificate for- Returns:
- retrieved OCSP responder certificate or null in case it wasn't found.
-
getCrlIssuerCertificates
public java.security.cert.Certificate[] getCrlIssuerCertificates(java.security.cert.CRL crl)
Retrieves certificates that can be used to verify the signature on the CRL response using CRL Authority Information Access (AIA) Extension.- Specified by:
getCrlIssuerCertificates
in interfaceIIssuingCertificateRetriever
- Parameters:
crl
- CRL response to retrieve issuer for.- Returns:
- certificates retrieved from CRL AIA extension or an empty list in case certificates cannot be retrieved.
-
setTrustedCertificates
public void setTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Sets trusted certificate list to be used as certificates trusted for any possible usage. In case more specific trusted is desired to be configuredgetTrustedCertificatesStore()
method is expected to be used.- Specified by:
setTrustedCertificates
in interfaceIIssuingCertificateRetriever
- Parameters:
certificates
- certificate list to be used as certificates trusted for any possible usage.
-
addTrustedCertificates
public void addTrustedCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add trusted certificates collection to trusted certificates storage.- Parameters:
certificates
- certificatesCollection
to be added
-
addKnownCertificates
public void addKnownCertificates(java.util.Collection<java.security.cert.Certificate> certificates)
Add certificates collection to known certificates storage, which is used for issuer certificates retrieval.- Parameters:
certificates
- certificatesCollection
to be added
-
getTrustedCertificatesStore
public TrustedCertificatesStore getTrustedCertificatesStore()
GetsTrustedCertificatesStore
to be used to provide more complex trusted certificates configuration.- Returns:
TrustedCertificatesStore
storage
-
isCertificateTrusted
public boolean isCertificateTrusted(java.security.cert.Certificate certificate)
Check if provided certificate is present in trusted certificates storage.- Parameters:
certificate
-Certificate
to be checked- Returns:
true
if certificate is present in trusted certificates storage,false
otherwise
-
getIssuerCertByURI
protected java.io.InputStream getIssuerCertByURI(java.lang.String uri) throws java.io.IOException
Get CA issuers certificates represented asInputStream
.- Parameters:
uri
-URL
URI, which is expected to be used to get issuer certificates from. Usually CA Issuers value from Authority Information Access (AIA) certificate extension.- Returns:
- CA issuer certificate (or chain) bytes, represented as
InputStream
. - Throws:
java.io.IOException
- if an I/O error occurs.
-
parseCertificates
protected java.util.Collection<java.security.cert.Certificate> parseCertificates(java.io.InputStream certsData) throws java.security.cert.CertificateException
Parses certificates represented as byte array.- Parameters:
certsData
- stream which contains one or more X509 certificates.- Returns:
- a (possibly empty) collection of the certificates read from the given byte array.
- Throws:
java.security.cert.CertificateException
- if parsing error occurs.
-
processCertificatesFromAIA
private java.util.Collection<java.security.cert.Certificate> processCertificatesFromAIA(java.lang.String url)
-
-