Module jpms_dss_spi
Package eu.europa.esig.dss.spi.x509

Interface CertificateSource

All Superinterfaces:
Serializable
All Known Implementing Classes:
CMSCertificateSource, CommonCertificateSource, CommonTrustedCertificateSource, KeyStoreCertificateSource, ListCertificateSource, OCSPCertificateSource, RevocationCertificateSource, SignatureCertificateSource, TimestampCertificateSource, TokenCertificateSource, TrustedListsCertificateSource
public interface CertificateSource extends Serializable
The validation of a certificate requires to access some other certificates from multiple sources (Trusted List, Trust Store, the signature itself). This interface provides an abstraction for accessing a certificate, regardless of the source.

  • Method Summary

    Modifier and Type
    Method
    Description
    eu.europa.esig.dss.model.x509.CertificateToken
    addCertificate(eu.europa.esig.dss.model.x509.CertificateToken certificate)
    This method allows to manually add any certificate to the source.
    Set<eu.europa.esig.dss.model.x509.CertificateToken>
    findTokensFromCertRef(CertificateRef certificateRef)
    Returns Set of CertificateTokens for the provided CertificateRef
    Set<eu.europa.esig.dss.model.x509.CertificateToken>
    getByCertificateDigest(eu.europa.esig.dss.model.Digest digest)
    This method returns the Set of certificates with the Digest
    Set<eu.europa.esig.dss.model.x509.CertificateToken>
    getByPublicKey(PublicKey publicKey)
    This method returns a Set of CertificateToken with the given PublicKey
    Set<eu.europa.esig.dss.model.x509.CertificateToken>
    getBySignerIdentifier(SignerIdentifier signerIdentifier)
    This method returns the Set of certificates with the CertificateIdentifier
    Set<eu.europa.esig.dss.model.x509.CertificateToken>
    getBySki(byte[] ski)
    This method returns a Set of CertificateToken with the given SKI (SubjectKeyIdentifier (SHA-1 of the PublicKey))
    Set<eu.europa.esig.dss.model.x509.CertificateToken>
    getBySubject(eu.europa.esig.dss.model.x509.X500PrincipalHelper subject)
    This method returns the Set of certificates with the same subjectDN.
    List<eu.europa.esig.dss.model.x509.CertificateToken>
    getCertificates()
    Retrieves the unmodifiable list of all certificate tokens from this source.
    eu.europa.esig.dss.enumerations.CertificateSourceType
    getCertificateSourceType()
    This method returns the certificate source type associated to the implementation class.
    List<eu.europa.esig.dss.spi.x509.CertificateSourceEntity>
    getEntities()
    Returns a list of certificates grouped by their public keys
    boolean
    isAllSelfSigned()
    This method checks if all certificates are self-signed
    boolean
    isCertificateSourceEqual(CertificateSource certificateSource)
    This method checks if the current and the given CertificateSources contain the same certificate tokens
    boolean
    isCertificateSourceEquivalent(CertificateSource certificateSource)
    This method checks if the current and the given CertificateSources contain the same public keys
    boolean
    isKnown(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    This method checks if a given certificate is known in the current source
    boolean
    isTrusted(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    This method checks if a given certificate is trusted

  • Method Details

    • addCertificate

      eu.europa.esig.dss.model.x509.CertificateToken addCertificate(eu.europa.esig.dss.model.x509.CertificateToken certificate)
      This method allows to manually add any certificate to the source. The type of the source is automatically set par each specific implementation.
      Parameters:
      certificate - the certificate you have to trust
      Returns:
      the corresponding certificate token

    • getCertificateSourceType

      eu.europa.esig.dss.enumerations.CertificateSourceType getCertificateSourceType()
      This method returns the certificate source type associated to the implementation class.
      Returns:
      the certificate origin

    • getCertificates

      List<eu.europa.esig.dss.model.x509.CertificateToken> getCertificates()
      Retrieves the unmodifiable list of all certificate tokens from this source.
      Returns:
      all certificates from this source

    • isTrusted

      boolean isTrusted(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      This method checks if a given certificate is trusted
      Parameters:
      certificateToken - the certificate to be tested
      Returns:
      true if the certificate is trusted

    • isKnown

      boolean isKnown(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      This method checks if a given certificate is known in the current source
      Parameters:
      certificateToken - the certificate to be tested
      Returns:
      true if the certificate is part of the current source

    • getBySubject

      Set<eu.europa.esig.dss.model.x509.CertificateToken> getBySubject(eu.europa.esig.dss.model.x509.X500PrincipalHelper subject)
      This method returns the Set of certificates with the same subjectDN.
      Parameters:
      subject - the subject to match
      Returns:
      If no match is found then an empty set is returned.

    • getBySignerIdentifier

      Set<eu.europa.esig.dss.model.x509.CertificateToken> getBySignerIdentifier(SignerIdentifier signerIdentifier)
      This method returns the Set of certificates with the CertificateIdentifier
      Parameters:
      signerIdentifier - the certificate identifier to match
      Returns:
      If no match is found then an empty set is returned.

    • getByCertificateDigest

      Set<eu.europa.esig.dss.model.x509.CertificateToken> getByCertificateDigest(eu.europa.esig.dss.model.Digest digest)
      This method returns the Set of certificates with the Digest
      Parameters:
      digest - the certificate digest to be found
      Returns:
      the found certificates or an empty Set

    • getByPublicKey

      Set<eu.europa.esig.dss.model.x509.CertificateToken> getByPublicKey(PublicKey publicKey)
      This method returns a Set of CertificateToken with the given PublicKey
      Parameters:
      publicKey - the public key to find
      Returns:
      a Set of CertificateToken which have the given public key

    • getBySki

      Set<eu.europa.esig.dss.model.x509.CertificateToken> getBySki(byte[] ski)
      This method returns a Set of CertificateToken with the given SKI (SubjectKeyIdentifier (SHA-1 of the PublicKey))
      Parameters:
      ski - the Subject Key Identifier
      Returns:
      a Set of CertificateToken which have the given ski

    • findTokensFromCertRef

      Set<eu.europa.esig.dss.model.x509.CertificateToken> findTokensFromCertRef(CertificateRef certificateRef)
      Returns Set of CertificateTokens for the provided CertificateRef
      Parameters:
      certificateRef - a CertificateRef
      Returns:
      Set of CertificateTokens

    • getEntities

      List<eu.europa.esig.dss.spi.x509.CertificateSourceEntity> getEntities()
      Returns a list of certificates grouped by their public keys
      Returns:
      a list of CertificateSourceEntitys

    • isAllSelfSigned

      boolean isAllSelfSigned()
      This method checks if all certificates are self-signed
      Returns:
      true if all certificates are self-signed

    • isCertificateSourceEqual

      boolean isCertificateSourceEqual(CertificateSource certificateSource)
      This method checks if the current and the given CertificateSources contain the same certificate tokens
      Parameters:
      certificateSource - CertificateSource to compare
      Returns:
      TRUE if both certificate sources contains the same certificate tokens, FALSE otherwise

    • isCertificateSourceEquivalent

      boolean isCertificateSourceEquivalent(CertificateSource certificateSource)
      This method checks if the current and the given CertificateSources contain the same public keys
      Parameters:
      certificateSource - CertificateSource to compare
      Returns:
      TRUE if both certificate sources contains the same public keys, FALSE otherwise