com.itextpdf.signatures

Class IssuingCertificateRetriever

java.lang.Object

com.itextpdf.signatures.IssuingCertificateRetriever

All Implemented Interfaces:

IIssuingCertificateRetriever

public class IssuingCertificateRetriever
extends Object
implements IIssuingCertificateRetriever

IIssuingCertificateRetriever default implementation.

Constructor Summary

Constructors

Constructor and Description
IssuingCertificateRetriever() Creates IssuingCertificateRetriever instance.

Method Summary

Modifier and Type	Method and Description
Certificate[]	getCrlIssuerCertificates(CRL crl) Retrieves certificates that can be used to verify the signature on the CRL response using CRL Authority Information Access (AIA) Extension.
protected InputStream	getIssuerCertByURI(String uri) Get CA issuers certificates represented as InputStream.
protected Collection<Certificate>	parseCertificates(InputStream certsData) Parses certificates represented as byte array.
Certificate[]	retrieveMissingCertificates(Certificate[] chain) Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.
void	setTrustedCertificates(Collection<Certificate> certificates) Sets trusted certificate list to be used for the missing certificates retrieving by the issuer name.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

IssuingCertificateRetriever

public IssuingCertificateRetriever()

Creates IssuingCertificateRetriever instance.

Method Detail

retrieveMissingCertificates

public Certificate[] retrieveMissingCertificates(Certificate[] chain)

Retrieves missing certificates in chain using certificate Authority Information Access (AIA) Extension.

Specified by:

retrieveMissingCertificates in interface IIssuingCertificateRetriever

Parameters:

chain - certificate chain to restore with at least signing certificate.

Returns:

full chain of trust or maximum chain that could be restored in case missing certificates cannot be retrieved from AIA extension.

getCrlIssuerCertificates

public Certificate[] getCrlIssuerCertificates(CRL crl)

Retrieves certificates that can be used to verify the signature on the CRL response using CRL Authority Information Access (AIA) Extension.

Specified by:

getCrlIssuerCertificates in interface IIssuingCertificateRetriever

Parameters:

crl - CRL response to retrieve issuer for.

Returns:

certificates retrieved from CRL AIA extension or an empty list in case certificates cannot be retrieved.

setTrustedCertificates

public void setTrustedCertificates(Collection<Certificate> certificates)

Sets trusted certificate list to be used for the missing certificates retrieving by the issuer name.

Specified by:

setTrustedCertificates in interface IIssuingCertificateRetriever

Parameters:

certificates - certificate list for getting missing certificates in chain or CRL response issuer certificates.

getIssuerCertByURI

protected InputStream getIssuerCertByURI(String uri)
                                  throws IOException

Get CA issuers certificates represented as InputStream.

Parameters:

uri - URL URI, which is expected to be used to get issuer certificates from. Usually CA Issuers value from Authority Information Access (AIA) certificate extension.

Returns:

CA issuer certificate (or chain) bytes, represented as InputStream.

Throws:

IOException - if an I/O error occurs.

parseCertificates

protected Collection<Certificate> parseCertificates(InputStream certsData)
                                             throws CertificateException

Parses certificates represented as byte array.

Parameters:

certsData - stream which contains one or more X509 certificates.

Returns:

a (possibly empty) collection of the certificates read from the given byte array.

Throws:

CertificateException - if parsing error occurs.