Package org.apache.pdfbox.examples.signature.validation

Class CertInformationCollector

  • public class CertInformationCollector
extends java.lang.Object
    This class helps to extract data/information from a signature. The information is held in CertSignatureInformation. Some information is needed for validation processing of the participating certificates.

    • Field Detail

      • LOG

        private static final org.apache.commons.logging.Log LOG

      • MAX_CERTIFICATE_CHAIN_DEPTH

        private static final int MAX_CERTIFICATE_CHAIN_DEPTH
        See Also:
        Constant Field Values

      • certificateSet

        private final java.util.Set<java.security.cert.X509Certificate> certificateSet

      • urlSet

        private final java.util.Set<java.lang.String> urlSet

      • certConverter

        private final org.bouncycastle.cert.jcajce.JcaX509CertificateConverter certConverter

    • Constructor Detail

      • CertInformationCollector

        public CertInformationCollector()

    • Method Detail

      • addTimestampCerts

        private void addTimestampCerts​(org.bouncycastle.cms.SignerInformation signerInformation)
                        throws java.io.IOException,
                               CertificateProccessingException
        Processes an embedded signed timestamp, that has been placed into a signature. The certificates and its chain(s) will be processed the same way as the signature itself.
        Parameters:
        signerInformation - of the signature, to get unsigned attributes from it.
        Throws:
        java.io.IOException
        CertificateProccessingException

      • processSignerStore

        private org.bouncycastle.cms.SignerInformation processSignerStore​(org.bouncycastle.cms.CMSSignedData signedData,
                                                                  CertInformationCollector.CertSignatureInformation certInfo)
                                                           throws java.io.IOException,
                                                                  CertificateProccessingException
        Processes a signer store and goes through the signers certificate-chain. Adds the found data to the certInfo. Handles only the first signer, although multiple would be possible, but is not yet practicable.
        Parameters:
        signedData - data from which to get the SignerInformation
        certInfo - where to add certificate information
        Returns:
        Signer Information of the processed certificatesStore for further usage.
        Throws:
        java.io.IOException - on data-processing error
        CertificateProccessingException - on a specific error with a certificate

      • traverseChain

        private void traverseChain​(java.security.cert.X509Certificate certificate,
                           CertInformationCollector.CertSignatureInformation certInfo,
                           int maxDepth)
                    throws java.io.IOException,
                           CertificateProccessingException
        Traverse through the Cert-Chain of the given Certificate and add it to the CertInfo recursively.
        Parameters:
        certificate - Actual Certificate to be processed
        certInfo - where to add the Certificate (and chain) information
        maxDepth - Max depth from this point to go through CertChain (could be infinite)
        Throws:
        java.io.IOException - on data-processing error
        CertificateProccessingException - on a specific error with a certificate

      • getAlternativeIssuerCertificate

        private void getAlternativeIssuerCertificate​(CertInformationCollector.CertSignatureInformation certInfo,
                                             int maxDepth)
                                      throws CertificateProccessingException
        Get alternative certificate chain, from the Authority Information (a url). If the chain is not included in the signature, this is the main chain. Otherwise there might be a second chain. Exceptions which happen on this chain will be logged and ignored, because the cert might not be available at the time or other reasons.
        Parameters:
        certInfo - base Certificate Information, on which to put the alternative Certificate
        maxDepth - Maximum depth to dig through the chain from here on.
        Throws:
        CertificateProccessingException - on a specific error with a certificate

      • getCertFromHolder

        private java.security.cert.X509Certificate getCertFromHolder​(org.bouncycastle.cert.X509CertificateHolder certificateHolder)
                                                      throws CertificateProccessingException
        Gets the X509Certificate out of the X509CertificateHolder.
        Parameters:
        certificateHolder - to get the certificate from
        Returns:
        a X509Certificate or null when there was an Error with the Certificate
        Throws:
        CertificateProccessingException - on failed conversion from X509CertificateHolder to X509Certificate

      • addAllCerts

        private void addAllCerts​(java.util.Collection<org.bouncycastle.cert.X509CertificateHolder> certHolders)
        Adds multiple Certificates out of a Collection of X509CertificateHolder into certificateSet.
        Parameters:
        certHolders - Collection of X509CertificateHolder

      • addAllCertsFromHolders

        public void addAllCertsFromHolders​(org.bouncycastle.cert.X509CertificateHolder[] certHolders)
                            throws CertificateProccessingException
        Gets a list of X509Certificate out of an array of X509CertificateHolder. The certificates will be added to certificateSet.
        Parameters:
        certHolders - Array of X509CertificateHolder
        Throws:
        CertificateProccessingException - when one of the Certificates could not be parsed.

      • getCertificateSet

        public java.util.Set<java.security.cert.X509Certificate> getCertificateSet()
        Get the set of all processed certificates until now.
        Returns:
        a set of serial numbers to certificates.