Class CertInformationCollector
java.lang.Object
org.apache.pdfbox.examples.signature.validation.CertInformationCollector
This class helps to extract data/information from a signature. The information is held in
CertSignatureInformation. Some information is needed for validation processing of the
participating certificates.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classData class to hold Signature, Certificate (and its chain(s)) and revocation Information -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final org.bouncycastle.cert.jcajce.JcaX509CertificateConverterprivate final Set<X509Certificate> private static final org.apache.commons.logging.Logprivate static final int -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate voidaddAllCerts(Collection<org.bouncycastle.cert.X509CertificateHolder> certHolders) Adds multiple Certificates out of a Collection of X509CertificateHolder into certificateSet.voidaddAllCertsFromHolders(org.bouncycastle.cert.X509CertificateHolder[] certHolders) Gets a list of X509Certificate out of an array of X509CertificateHolder.private voidaddTimestampCerts(org.bouncycastle.cms.SignerInformation signerInformation) Processes an embedded signed timestamp, that has been placed into a signature.private voidgetAlternativeIssuerCertificate(CertInformationCollector.CertSignatureInformation certInfo, int maxDepth) Get alternative certificate chain, from the Authority Information (a url).private X509CertificategetCertFromHolder(org.bouncycastle.cert.X509CertificateHolder certificateHolder) Gets the X509Certificate out of the X509CertificateHolder.Get the set of all processed certificates until now.getCertInfo(byte[] signatureContent) Processes one signature and its including certificates.(package private) CertInformationCollector.CertSignatureInformationgetCertInfo(X509Certificate certificate) Traverse a certificate.getLastCertInfo(PDSignature signature, String fileName) Gets the certificate information of a signature.private org.bouncycastle.cms.SignerInformationprocessSignerStore(org.bouncycastle.cms.CMSSignedData signedData, CertInformationCollector.CertSignatureInformation certInfo) Processes a signer store and goes through the signers certificate-chain.private voidtraverseChain(X509Certificate certificate, CertInformationCollector.CertSignatureInformation certInfo, int maxDepth) Traverse through the Cert-Chain of the given Certificate and add it to the CertInfo recursively.
-
Field Details
-
LOG
private static final org.apache.commons.logging.Log LOG -
MAX_CERTIFICATE_CHAIN_DEPTH
private static final int MAX_CERTIFICATE_CHAIN_DEPTH- See Also:
-
certificateSet
-
urlSet
-
certConverter
private final org.bouncycastle.cert.jcajce.JcaX509CertificateConverter certConverter -
rootCertInfo
-
-
Constructor Details
-
CertInformationCollector
public CertInformationCollector()
-
-
Method Details
-
getLastCertInfo
public CertInformationCollector.CertSignatureInformation getLastCertInfo(PDSignature signature, String fileName) throws CertificateProccessingException, IOException Gets the certificate information of a signature.- Parameters:
signature- the signature of the document.fileName- of the document.- Returns:
- the CertSignatureInformation containing all certificate information
- Throws:
CertificateProccessingException- when there is an error processing the certificatesIOException- on a data processing error
-
getCertInfo
private CertInformationCollector.CertSignatureInformation getCertInfo(byte[] signatureContent) throws CertificateProccessingException, IOException Processes one signature and its including certificates.- Parameters:
signatureContent- the byte[]-Content of the signature- Returns:
- the CertSignatureInformation for this signature
- Throws:
IOExceptionCertificateProccessingException
-
addTimestampCerts
private void addTimestampCerts(org.bouncycastle.cms.SignerInformation signerInformation) throws IOException, CertificateProccessingException Processes an embedded signed timestamp, that has been placed into a signature. The certificates and its chain(s) will be processed the same way as the signature itself.- Parameters:
signerInformation- of the signature, to get unsigned attributes from it.- Throws:
IOExceptionCertificateProccessingException
-
processSignerStore
private org.bouncycastle.cms.SignerInformation processSignerStore(org.bouncycastle.cms.CMSSignedData signedData, CertInformationCollector.CertSignatureInformation certInfo) throws IOException, CertificateProccessingException Processes a signer store and goes through the signers certificate-chain. Adds the found data to the certInfo. Handles only the first signer, although multiple would be possible, but is not yet practicable.- Parameters:
signedData- data from which to get the SignerInformationcertInfo- where to add certificate information- Returns:
- Signer Information of the processed certificatesStore for further usage.
- Throws:
IOException- on data-processing errorCertificateProccessingException- on a specific error with a certificate
-
traverseChain
private void traverseChain(X509Certificate certificate, CertInformationCollector.CertSignatureInformation certInfo, int maxDepth) throws IOException, CertificateProccessingException Traverse through the Cert-Chain of the given Certificate and add it to the CertInfo recursively.- Parameters:
certificate- Actual Certificate to be processedcertInfo- where to add the Certificate (and chain) informationmaxDepth- Max depth from this point to go through CertChain (could be infinite)- Throws:
IOException- on data-processing errorCertificateProccessingException- on a specific error with a certificate
-
getAlternativeIssuerCertificate
private void getAlternativeIssuerCertificate(CertInformationCollector.CertSignatureInformation certInfo, int maxDepth) throws CertificateProccessingException Get alternative certificate chain, from the Authority Information (a url). If the chain is not included in the signature, this is the main chain. Otherwise there might be a second chain. Exceptions which happen on this chain will be logged and ignored, because the cert might not be available at the time or other reasons.- Parameters:
certInfo- base Certificate Information, on which to put the alternative CertificatemaxDepth- Maximum depth to dig through the chain from here on.- Throws:
CertificateProccessingException- on a specific error with a certificate
-
getCertFromHolder
private X509Certificate getCertFromHolder(org.bouncycastle.cert.X509CertificateHolder certificateHolder) throws CertificateProccessingException Gets the X509Certificate out of the X509CertificateHolder.- Parameters:
certificateHolder- to get the certificate from- Returns:
- a X509Certificate or
nullwhen there was an Error with the Certificate - Throws:
CertificateProccessingException- on failed conversion from X509CertificateHolder to X509Certificate
-
addAllCerts
Adds multiple Certificates out of a Collection of X509CertificateHolder into certificateSet.- Parameters:
certHolders- Collection of X509CertificateHolder
-
addAllCertsFromHolders
public void addAllCertsFromHolders(org.bouncycastle.cert.X509CertificateHolder[] certHolders) throws CertificateProccessingException Gets a list of X509Certificate out of an array of X509CertificateHolder. The certificates will be added to certificateSet.- Parameters:
certHolders- Array of X509CertificateHolder- Throws:
CertificateProccessingException- when one of the Certificates could not be parsed.
-
getCertInfo
CertInformationCollector.CertSignatureInformation getCertInfo(X509Certificate certificate) throws CertificateProccessingException Traverse a certificate.- Parameters:
certificate-- Returns:
- Throws:
CertificateProccessingException
-
getCertificateSet
Get the set of all processed certificates until now.- Returns:
- a set of serial numbers to certificates.
-