com.itextpdf.signatures

Class CertificateUtil

java.lang.Object

com.itextpdf.signatures.CertificateUtil

public class CertificateUtil
extends Object

This class contains a series of static methods that allow you to retrieve information from a Certificate.

Constructor Summary

Constructors

Constructor and Description
CertificateUtil()

Method Summary

Modifier and Type	Method and Description
static com.itextpdf.commons.bouncycastle.asn1.IDERSet	createRevocationInfoChoices(Collection<CRL> crls, Collection<com.itextpdf.commons.bouncycastle.asn1.ocsp.IBasicOCSPResponse> ocsps, Collection<com.itextpdf.commons.bouncycastle.asn1.IASN1Sequence> otherRevocationInfoFormats) Creates the revocation info (crls field) for SignedData structure: RevocationInfoChoices ::= SET OF RevocationInfoChoice RevocationInfoChoice ::= CHOICE { crl CertificateList, other [1] IMPLICIT OtherRevocationInfoFormat } OtherRevocationInfoFormat ::= SEQUENCE { otherRevInfoFormat OBJECT IDENTIFIER, otherRevInfo ANY DEFINED BY otherRevInfoFormat } CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING }
static Certificate	generateCertificate(InputStream data) Generates a certificate object and initializes it with the data read from the input stream inStream.
static CRL	getCRL(String url) Gets the CRL object using a CRL URL.
static CRL	getCRL(X509Certificate certificate) Gets a CRL from an X509 certificate.
static String	getCRLURL(X509Certificate certificate) Gets the URL of the Certificate Revocation List for a Certificate
static com.itextpdf.commons.bouncycastle.asn1.IASN1Primitive	getExtensionValue(X509Certificate certificate, String oid)
static String	getIssuerCertURL(CRL crl) Retrieves the URL for the issuer certificate for the given CRL.
static String	getIssuerCertURL(X509Certificate certificate) Retrieves the URL for the issuer lists certificates for the given certificate.
static String	getOCSPURL(X509Certificate certificate) Retrieves the OCSP URL from the given certificate.
static String	getTSAURL(X509Certificate certificate) Gets the URL of the TSA if it's available on the certificate
static void	retrieveRevocationInfoFromSignedData(com.itextpdf.commons.bouncycastle.asn1.IASN1TaggedObject taggedObj, Collection<CRL> crls, Collection<com.itextpdf.commons.bouncycastle.asn1.ocsp.IBasicOCSPResponse> ocsps, Collection<com.itextpdf.commons.bouncycastle.asn1.IASN1Sequence> otherRevocationInfoFormats) Try to retrieve CRL and OCSP responses from the signed data crls field.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertificateUtil

public CertificateUtil()

Method Detail

getCRL

public static CRL getCRL(X509Certificate certificate)
                  throws CertificateException,
                         CRLException,
                         IOException

Gets a CRL from an X509 certificate.

Parameters:

certificate - the X509Certificate to extract the CRL from

Returns:

CRL or null if there's no CRL available

Throws:

IOException - thrown when the URL couldn't be opened properly.

CertificateException - thrown if there's no X509 implementation in the provider.

CRLException - thrown when encountering errors when parsing the CRL.

getCRLURL

public static String getCRLURL(X509Certificate certificate)

Gets the URL of the Certificate Revocation List for a Certificate

Parameters:

certificate - the Certificate

Returns:

the String where you can check if the certificate was revoked

getCRL

public static CRL getCRL(String url)
                  throws IOException,
                         CertificateException,
                         CRLException

Gets the CRL object using a CRL URL.

Parameters:

url - the URL where the CRL is located

Returns:

CRL object

Throws:

IOException - thrown when the URL couldn't be opened properly.

CertificateException - thrown if there's no X509 implementation in the provider.

CRLException - thrown when encountering errors when parsing the CRL.

getIssuerCertURL

public static String getIssuerCertURL(CRL crl)

Retrieves the URL for the issuer certificate for the given CRL.

Parameters:

crl - the CRL response

Returns:

the URL or null.

getOCSPURL

public static String getOCSPURL(X509Certificate certificate)

Retrieves the OCSP URL from the given certificate.

Parameters:

certificate - the certificate

Returns:

the URL or null

getIssuerCertURL

public static String getIssuerCertURL(X509Certificate certificate)

Retrieves the URL for the issuer lists certificates for the given certificate.

Parameters:

certificate - the certificate

Returns:

the URL or null.

getTSAURL

public static String getTSAURL(X509Certificate certificate)

Gets the URL of the TSA if it's available on the certificate

Parameters:

certificate - a certificate

Returns:

a TSA URL

generateCertificate

public static Certificate generateCertificate(InputStream data)
                                       throws CertificateException

Generates a certificate object and initializes it with the data read from the input stream inStream.

Parameters:

data - the input stream with the certificates.

Returns:

a certificate object initialized with the data from the input stream.

Throws:

CertificateException - on parsing errors.

retrieveRevocationInfoFromSignedData

public static void retrieveRevocationInfoFromSignedData(com.itextpdf.commons.bouncycastle.asn1.IASN1TaggedObject taggedObj,
                                                        Collection<CRL> crls,
                                                        Collection<com.itextpdf.commons.bouncycastle.asn1.ocsp.IBasicOCSPResponse> ocsps,
                                                        Collection<com.itextpdf.commons.bouncycastle.asn1.IASN1Sequence> otherRevocationInfoFormats)
                                                 throws IOException,
                                                        CertificateException

Try to retrieve CRL and OCSP responses from the signed data crls field.

Parameters:

taggedObj - signed data crls field as IASN1TaggedObject.

crls - collection to store retrieved CRL responses.

ocsps - collection of IBasicOCSPResponse wrappers to store retrieved OCSP responses.

otherRevocationInfoFormats - collection of revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response, stored as IASN1Sequence.

Throws:

IOException - if some I/O error occurred.

CertificateException - if CertificateFactory instance wasn't created.

createRevocationInfoChoices

public static com.itextpdf.commons.bouncycastle.asn1.IDERSet createRevocationInfoChoices(Collection<CRL> crls,
                                                                                         Collection<com.itextpdf.commons.bouncycastle.asn1.ocsp.IBasicOCSPResponse> ocsps,
                                                                                         Collection<com.itextpdf.commons.bouncycastle.asn1.IASN1Sequence> otherRevocationInfoFormats)
                                                                                  throws CRLException,
                                                                                         IOException

Creates the revocation info (crls field) for SignedData structure: RevocationInfoChoices ::= SET OF RevocationInfoChoice RevocationInfoChoice ::= CHOICE { crl CertificateList, other [1] IMPLICIT OtherRevocationInfoFormat } OtherRevocationInfoFormat ::= SEQUENCE { otherRevInfoFormat OBJECT IDENTIFIER, otherRevInfo ANY DEFINED BY otherRevInfoFormat } CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING }

Parameters:

crls - collection of CRL revocation status information.

ocsps - collection of OCSP revocation status information.

otherRevocationInfoFormats - collection of revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response, stored as IASN1Sequence.

Returns:

crls [1] RevocationInfoChoices field of SignedData structure. Null if SignedData has no revocation data.

Throws:

CRLException - if an encoding error occurs.

IOException - if an I/O error occurs.

See Also:

RFC 5652 §10.2.1

getExtensionValue

public static com.itextpdf.commons.bouncycastle.asn1.IASN1Primitive getExtensionValue(X509Certificate certificate,
                                                                                      String oid)
                                                                               throws IOException

Parameters:

certificate - the certificate from which we need the ExtensionValue

oid - the Object Identifier value for the extension.

Returns:

the extension value as an IASN1Primitive object.

Throws:

IOException - on processing exception