Class IssuingCertificateRetriever

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addKnownCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
      Add certificates collection to known certificates storage, which is used for issuer certificates retrieval.
      void addTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
      Add trusted certificates collection to trusted certificates storage.
      java.security.cert.Certificate[] getCrlIssuerCertificates​(java.security.cert.CRL crl)
      Retrieves certificates that can be used to verify the signature on the CRL response using CRL Authority Information Access (AIA) Extension.
      protected java.io.InputStream getIssuerCertByURI​(java.lang.String uri)
      Get CA issuers certificates represented as InputStream.
      TrustedCertificatesStore getTrustedCertificatesStore()
      Gets TrustedCertificatesStore to be used to provide more complex trusted certificates configuration.
      boolean isCertificateTrusted​(java.security.cert.Certificate certificate)
      Check if provided certificate is present in trusted certificates storage.
      protected java.util.Collection<java.security.cert.Certificate> parseCertificates​(java.io.InputStream certsData)
      Parses certificates represented as byte array.
      private java.util.Collection<java.security.cert.Certificate> processCertificatesFromAIA​(java.lang.String url)  
      java.security.cert.Certificate retrieveIssuerCertificate​(java.security.cert.Certificate certificate)
      Retrieve issuer certificate for the provided certificate.
      java.security.cert.Certificate[] retrieveMissingCertificates​(java.security.cert.Certificate[] chain)
      Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.
      java.security.cert.Certificate retrieveOCSPResponderCertificate​(IBasicOCSPResp ocspResp)
      Retrieves OCSP responder certificate either from the response certs or trusted store in case responder certificate isn't found in /Certs.
      void setTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
      Sets trusted certificate list to be used as certificates trusted for any possible usage.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • LOGGER

        private static final org.slf4j.Logger LOGGER
      • knownCertificates

        private final java.util.Map<java.lang.String,​java.security.cert.Certificate> knownCertificates
    • Method Detail

      • retrieveMissingCertificates

        public java.security.cert.Certificate[] retrieveMissingCertificates​(java.security.cert.Certificate[] chain)
        Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.
        Specified by:
        retrieveMissingCertificates in interface IIssuingCertificateRetriever
        Parameters:
        chain - certificate chain to restore with at least signing certificate.
        Returns:
        full chain of trust or maximum chain that could be restored in case missing certificates cannot be retrieved from AIA extension.
      • retrieveIssuerCertificate

        public java.security.cert.Certificate retrieveIssuerCertificate​(java.security.cert.Certificate certificate)
        Retrieve issuer certificate for the provided certificate.
        Parameters:
        certificate - Certificate for which issuer certificate shall be retrieved
        Returns:
        issuer certificate. null if there is no issuer certificate, or it cannot be retrieved.
      • retrieveOCSPResponderCertificate

        public java.security.cert.Certificate retrieveOCSPResponderCertificate​(IBasicOCSPResp ocspResp)
        Retrieves OCSP responder certificate either from the response certs or trusted store in case responder certificate isn't found in /Certs.
        Parameters:
        ocspResp - basic OCSP response to get responder certificate for
        Returns:
        retrieved OCSP responder certificate or null in case it wasn't found.
      • getCrlIssuerCertificates

        public java.security.cert.Certificate[] getCrlIssuerCertificates​(java.security.cert.CRL crl)
        Retrieves certificates that can be used to verify the signature on the CRL response using CRL Authority Information Access (AIA) Extension.
        Specified by:
        getCrlIssuerCertificates in interface IIssuingCertificateRetriever
        Parameters:
        crl - CRL response to retrieve issuer for.
        Returns:
        certificates retrieved from CRL AIA extension or an empty list in case certificates cannot be retrieved.
      • setTrustedCertificates

        public void setTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
        Sets trusted certificate list to be used as certificates trusted for any possible usage. In case more specific trusted is desired to be configured getTrustedCertificatesStore() method is expected to be used.
        Specified by:
        setTrustedCertificates in interface IIssuingCertificateRetriever
        Parameters:
        certificates - certificate list to be used as certificates trusted for any possible usage.
      • addTrustedCertificates

        public void addTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
        Add trusted certificates collection to trusted certificates storage.
        Parameters:
        certificates - certificates Collection to be added
      • addKnownCertificates

        public void addKnownCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
        Add certificates collection to known certificates storage, which is used for issuer certificates retrieval.
        Parameters:
        certificates - certificates Collection to be added
      • isCertificateTrusted

        public boolean isCertificateTrusted​(java.security.cert.Certificate certificate)
        Check if provided certificate is present in trusted certificates storage.
        Parameters:
        certificate - Certificate to be checked
        Returns:
        true if certificate is present in trusted certificates storage, false otherwise
      • getIssuerCertByURI

        protected java.io.InputStream getIssuerCertByURI​(java.lang.String uri)
                                                  throws java.io.IOException
        Get CA issuers certificates represented as InputStream.
        Parameters:
        uri - URL URI, which is expected to be used to get issuer certificates from. Usually CA Issuers value from Authority Information Access (AIA) certificate extension.
        Returns:
        CA issuer certificate (or chain) bytes, represented as InputStream.
        Throws:
        java.io.IOException - if an I/O error occurs.
      • parseCertificates

        protected java.util.Collection<java.security.cert.Certificate> parseCertificates​(java.io.InputStream certsData)
                                                                                  throws java.security.cert.CertificateException
        Parses certificates represented as byte array.
        Parameters:
        certsData - stream which contains one or more X509 certificates.
        Returns:
        a (possibly empty) collection of the certificates read from the given byte array.
        Throws:
        java.security.cert.CertificateException - if parsing error occurs.
      • processCertificatesFromAIA

        private java.util.Collection<java.security.cert.Certificate> processCertificatesFromAIA​(java.lang.String url)