Package com.itextpdf.signatures.validation

Class TrustedCertificatesStore

  • public class TrustedCertificatesStore
extends java.lang.Object
    Trusted certificates storage class to be used to configure trusted certificates in a particular way.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> caTrustedCertificates  
      private java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> crlTrustedCertificates  
      private java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> generallyTrustedCertificates  
      private java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> ocspTrustedCertificates  
      private java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> timestampTrustedCertificates  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addCATrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
      Add collection of certificates to be trusted to be CA certificates.
      private static void addCertificateToMap​(java.security.cert.Certificate certificate, java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> map)  
      void addCrlTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
      Add collection of certificates to be trusted for CRL signing.
      void addGenerallyTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
      Add collection of certificates to be trusted for any possible usage.
      private static void addMatched​(java.util.Set<java.security.cert.Certificate> target, java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> source, java.lang.String certificateName)  
      void addOcspTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
      Add collection of certificates to be trusted for OCSP response signing.
      void addTimestampTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
      Add collection of certificates to be trusted for timestamping.
      java.util.Collection<java.security.cert.Certificate> getAllTrustedCertificates()
      Get all the certificates, which where provided to this storage as trusted certificate.
      java.util.Set<java.security.cert.Certificate> getAllTrustedCertificates​(java.lang.String name)
      Get all the certificates having name as subject, which where provided to this storage as trusted certificate.
      java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForCA​(java.lang.String certificateName)
      Get certificates, if any, which is trusted to be a CA, which corresponds to the provided certificate name.
      java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForCrl​(java.lang.String certificateName)
      Get certificates, if any, which is trusted for CRL generation, which corresponds to the provided certificate name.
      java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForOcsp​(java.lang.String certificateName)
      Get certificates, if any, which is trusted for OCSP response generation, which corresponds to the provided certificate name.
      java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForTimestamp​(java.lang.String certificateName)
      Get certificate, if any, which is trusted for timestamp generation, which corresponds to the provided certificate name.
      java.util.Set<java.security.cert.Certificate> getGenerallyTrustedCertificates​(java.lang.String certificateName)
      Get certificates, if any, which is trusted for any usage, which corresponds to the provided certificate name.
      java.util.Set<java.security.cert.Certificate> getKnownCertificates​(java.lang.String certificateName)
      Get certificates, if any, which corresponds to the provided certificate name.
      boolean isCertificateGenerallyTrusted​(java.security.cert.Certificate certificate)
      Check if provided certificate is configured to be trusted for any purpose.
      boolean isCertificateTrustedForCA​(java.security.cert.Certificate certificate)
      Check if provided certificate is configured to be trusted to be CA.
      boolean isCertificateTrustedForCrl​(java.security.cert.Certificate certificate)
      Check if provided certificate is configured to be trusted for CRL generation.
      boolean isCertificateTrustedForOcsp​(java.security.cert.Certificate certificate)
      Check if provided certificate is configured to be trusted for OCSP response generation.
      boolean isCertificateTrustedForTimestamp​(java.security.cert.Certificate certificate)
      Check if provided certificate is configured to be trusted for timestamp generation.
      private static boolean mapContainsCertificate​(java.security.cert.Certificate certificate, java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> map)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • generallyTrustedCertificates

        private final java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> generallyTrustedCertificates

      • ocspTrustedCertificates

        private final java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> ocspTrustedCertificates

      • timestampTrustedCertificates

        private final java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> timestampTrustedCertificates

      • crlTrustedCertificates

        private final java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> crlTrustedCertificates

      • caTrustedCertificates

        private final java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> caTrustedCertificates

    • Constructor Detail

      • TrustedCertificatesStore

        public TrustedCertificatesStore()

    • Method Detail

      • addGenerallyTrustedCertificates

        public void addGenerallyTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
        Add collection of certificates to be trusted for any possible usage.
        Parameters:
        certificates - Collection of Certificate instances

      • addOcspTrustedCertificates

        public void addOcspTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
        Add collection of certificates to be trusted for OCSP response signing. These certificates are considered to be valid trust anchors for arbitrarily long certificate chain responsible for OCSP response generation.
        Parameters:
        certificates - Collection of Certificate instances

      • addCrlTrustedCertificates

        public void addCrlTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
        Add collection of certificates to be trusted for CRL signing. These certificates are considered to be valid trust anchors for arbitrarily long certificate chain responsible for CRL generation.
        Parameters:
        certificates - Collection of Certificate instances

      • addTimestampTrustedCertificates

        public void addTimestampTrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
        Add collection of certificates to be trusted for timestamping. These certificates are considered to be valid trust anchors for arbitrarily long certificate chain responsible for timestamp generation.
        Parameters:
        certificates - Collection of Certificate instances

      • addCATrustedCertificates

        public void addCATrustedCertificates​(java.util.Collection<java.security.cert.Certificate> certificates)
        Add collection of certificates to be trusted to be CA certificates. These certificates are considered to be valid trust anchors for certificate generation.
        Parameters:
        certificates - Collection of Certificate instances

      • isCertificateGenerallyTrusted

        public boolean isCertificateGenerallyTrusted​(java.security.cert.Certificate certificate)
        Check if provided certificate is configured to be trusted for any purpose.
        Parameters:
        certificate - Certificate to be checked
        Returns:
        true is provided certificate is generally trusted, false otherwise

      • isCertificateTrustedForOcsp

        public boolean isCertificateTrustedForOcsp​(java.security.cert.Certificate certificate)
        Check if provided certificate is configured to be trusted for OCSP response generation.
        Parameters:
        certificate - Certificate to be checked
        Returns:
        true is provided certificate is trusted for OCSP generation, false otherwise

      • isCertificateTrustedForCrl

        public boolean isCertificateTrustedForCrl​(java.security.cert.Certificate certificate)
        Check if provided certificate is configured to be trusted for CRL generation.
        Parameters:
        certificate - Certificate to be checked
        Returns:
        true is provided certificate is trusted for CRL generation, false otherwise

      • isCertificateTrustedForTimestamp

        public boolean isCertificateTrustedForTimestamp​(java.security.cert.Certificate certificate)
        Check if provided certificate is configured to be trusted for timestamp generation.
        Parameters:
        certificate - Certificate to be checked
        Returns:
        true is provided certificate is trusted for timestamp generation, false otherwise

      • isCertificateTrustedForCA

        public boolean isCertificateTrustedForCA​(java.security.cert.Certificate certificate)
        Check if provided certificate is configured to be trusted to be CA.
        Parameters:
        certificate - Certificate to be checked
        Returns:
        true is provided certificate is trusted for certificates generation, false otherwise

      • getGenerallyTrustedCertificates

        public java.util.Set<java.security.cert.Certificate> getGenerallyTrustedCertificates​(java.lang.String certificateName)
        Get certificates, if any, which is trusted for any usage, which corresponds to the provided certificate name.
        Parameters:
        certificateName - String certificate name
        Returns:
        set of Certificate which correspond to the provided certificate name

      • getCertificatesTrustedForOcsp

        public java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForOcsp​(java.lang.String certificateName)
        Get certificates, if any, which is trusted for OCSP response generation, which corresponds to the provided certificate name.
        Parameters:
        certificateName - String certificate name
        Returns:
        set of Certificate which correspond to the provided certificate name

      • getCertificatesTrustedForCrl

        public java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForCrl​(java.lang.String certificateName)
        Get certificates, if any, which is trusted for CRL generation, which corresponds to the provided certificate name.
        Parameters:
        certificateName - String certificate name
        Returns:
        set of Certificate which correspond to the provided certificate name

      • getCertificatesTrustedForTimestamp

        public java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForTimestamp​(java.lang.String certificateName)
        Get certificate, if any, which is trusted for timestamp generation, which corresponds to the provided certificate name.
        Parameters:
        certificateName - String certificate name
        Returns:
        set of Certificate which correspond to the provided certificate name

      • getCertificatesTrustedForCA

        public java.util.Set<java.security.cert.Certificate> getCertificatesTrustedForCA​(java.lang.String certificateName)
        Get certificates, if any, which is trusted to be a CA, which corresponds to the provided certificate name.
        Parameters:
        certificateName - String certificate name
        Returns:
        set of Certificate which correspond to the provided certificate name

      • getKnownCertificates

        public java.util.Set<java.security.cert.Certificate> getKnownCertificates​(java.lang.String certificateName)
        Get certificates, if any, which corresponds to the provided certificate name.
        Parameters:
        certificateName - String certificate name
        Returns:
        set of Certificate which correspond to the provided certificate name

      • getAllTrustedCertificates

        public java.util.Collection<java.security.cert.Certificate> getAllTrustedCertificates()
        Get all the certificates, which where provided to this storage as trusted certificate.
        Returns:
        Collection of Certificate instances

      • getAllTrustedCertificates

        public java.util.Set<java.security.cert.Certificate> getAllTrustedCertificates​(java.lang.String name)
        Get all the certificates having name as subject, which where provided to this storage as trusted certificate.
        Parameters:
        name - the subject name value for which to retrieve all trusted certificate
        Returns:
        set of Certificate which correspond to the provided certificate name

      • addCertificateToMap

        private static void addCertificateToMap​(java.security.cert.Certificate certificate,
                                        java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> map)

      • mapContainsCertificate

        private static boolean mapContainsCertificate​(java.security.cert.Certificate certificate,
                                              java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> map)

      • addMatched

        private static void addMatched​(java.util.Set<java.security.cert.Certificate> target,
                               java.util.Map<java.lang.String,​java.util.Set<java.security.cert.Certificate>> source,
                               java.lang.String certificateName)