public class IssuingCertificateRetriever extends Object implements IIssuingCertificateRetriever
IIssuingCertificateRetriever default implementation.| Constructor and Description |
|---|
IssuingCertificateRetriever()
Creates
IssuingCertificateRetriever instance. |
| Modifier and Type | Method and Description |
|---|---|
void |
addKnownCertificates(Collection<Certificate> certificates)
Add certificates collection to known certificates storage, which is used for issuer certificates retrieval.
|
void |
addTrustedCertificates(Collection<Certificate> certificates)
Add trusted certificates collection to trusted certificates storage.
|
Certificate[] |
getCrlIssuerCertificates(CRL crl)
Retrieves certificates that can be used to verify the signature on the CRL response using CRL
Authority Information Access (AIA) Extension.
|
protected InputStream |
getIssuerCertByURI(String uri)
Get CA issuers certificates represented as
InputStream. |
boolean |
isCertificateTrusted(Certificate certificate)
Check if provided certificate is present in trusted certificates storage.
|
protected Collection<Certificate> |
parseCertificates(InputStream certsData)
Parses certificates represented as byte array.
|
Certificate |
retrieveIssuerCertificate(Certificate certificate)
Retrieve issuer certificate for the provided certificate.
|
Certificate[] |
retrieveMissingCertificates(Certificate[] chain)
Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.
|
Certificate |
retrieveOCSPResponderCertificate(com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp ocspResp)
Retrieves OCSP responder certificate either from the response certs or
trusted store in case responder certificate isn't found in /Certs.
|
void |
setTrustedCertificates(Collection<Certificate> certificates)
Sets trusted certificate list to be used for the missing certificates retrieving by the issuer name.
|
public IssuingCertificateRetriever()
IssuingCertificateRetriever instance.public Certificate[] retrieveMissingCertificates(Certificate[] chain)
retrieveMissingCertificates in interface IIssuingCertificateRetrieverchain - certificate chain to restore with at least signing certificate.public Certificate retrieveIssuerCertificate(Certificate certificate)
certificate - Certificate for which issuer certificate shall be retrievednull if there is no issuer certificate, or it cannot be retrieved.public Certificate retrieveOCSPResponderCertificate(com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp ocspResp)
ocspResp - basic OCSP response to get responder certificate forpublic Certificate[] getCrlIssuerCertificates(CRL crl)
getCrlIssuerCertificates in interface IIssuingCertificateRetrievercrl - CRL response to retrieve issuer for.public void setTrustedCertificates(Collection<Certificate> certificates)
setTrustedCertificates in interface IIssuingCertificateRetrievercertificates - certificate list for getting missing certificates in chain
or CRL response issuer certificates.public void addTrustedCertificates(Collection<Certificate> certificates)
certificates - certificates Collection to be addedpublic void addKnownCertificates(Collection<Certificate> certificates)
certificates - certificates Collection to be addedpublic boolean isCertificateTrusted(Certificate certificate)
certificate - Certificate to be checkedtrue if certificate is present in trusted certificates storage, false otherwiseprotected InputStream getIssuerCertByURI(String uri) throws IOException
InputStream.uri - URL URI, which is expected to be used to get issuer certificates from. Usually
CA Issuers value from Authority Information Access (AIA) certificate extension.InputStream.IOException - if an I/O error occurs.protected Collection<Certificate> parseCertificates(InputStream certsData) throws CertificateException
certsData - stream which contains one or more X509 certificates.CertificateException - if parsing error occurs.Copyright © 1998–2024 Apryse Group NV. All rights reserved.