Package eu.europa.esig.dss.spi.x509
Interface CertificateSource
- All Superinterfaces:
Serializable
- All Known Subinterfaces:
TrustedCertificateSource,X509URLCertificateSource
- All Known Implementing Classes:
AIACertificateSource,CAdESCertificateSource,CMSCertificateSource,CommonCertificateSource,CommonTrustedCertificateSource,CommonX509URLCertificateSource,EvidenceRecordCertificateSource,JAdESCertificateSource,KeyStoreCertificateSource,KidCertificateSource,ListCertificateSource,OCSPCertificateSource,PAdESCertificateSource,PdfCompositeDssDictCertificateSource,PdfDssDictCertificateSource,RevocationCertificateSource,SignatureCertificateSource,TimestampCertificateSource,TokenCertificateSource,TrustedListsCertificateSource,XAdESCertificateSource
The validation of a certificate requires to access some other certificates from multiple sources (Trusted List, Trust
Store, the signature itself). This interface provides an abstraction for accessing a certificate, regardless of the
source.
-
Method Summary
Modifier and TypeMethodDescriptionaddCertificate(CertificateToken certificate) This method allows to manually add any certificate to the source.findTokensFromCertRef(CertificateRef certificateRef) Returns Set ofCertificateTokens for the providedCertificateRefgetByCertificateDigest(Digest digest) This method returns the Set of certificates with theDigestgetByPublicKey(PublicKey publicKey) This method returns a Set ofCertificateTokenwith the givenPublicKeygetBySignerIdentifier(SignerIdentifier signerIdentifier) This method returns the Set of certificates with theCertificateIdentifiergetBySki(byte[] ski) This method returns a Set ofCertificateTokenwith the given SKI (SubjectKeyIdentifier (SHA-1 of the PublicKey))getBySubject(X500PrincipalHelper subject) This method returns the Set of certificates with the same subjectDN.Retrieves the unmodifiable list of all certificate tokens from this source.This method returns the certificate source type associated to the implementation class.Returns a list of certificates grouped by their public keysbooleanThis method checks if all certificates are self-signedbooleanisCertificateSourceEqual(CertificateSource certificateSource) This method checks if the current and the givenCertificateSources contain the same certificate tokensbooleanisCertificateSourceEquivalent(CertificateSource certificateSource) This method checks if the current and the givenCertificateSources contain the same public keysbooleanisKnown(CertificateToken certificateToken) This method checks if a given certificate is known in the current sourcebooleanisTrusted(CertificateToken certificateToken) This method checks if a given certificate is trusted
-
Method Details
-
addCertificate
This method allows to manually add any certificate to the source. The type of the source is automatically set par each specific implementation.- Parameters:
certificate- the certificate you have to trust- Returns:
- the corresponding certificate token
-
getCertificateSourceType
CertificateSourceType getCertificateSourceType()This method returns the certificate source type associated to the implementation class.- Returns:
- the certificate origin
-
getCertificates
List<CertificateToken> getCertificates()Retrieves the unmodifiable list of all certificate tokens from this source.- Returns:
- all certificates from this source
-
isTrusted
This method checks if a given certificate is trusted- Parameters:
certificateToken- the certificate to be tested- Returns:
- true if the certificate is trusted
-
isKnown
This method checks if a given certificate is known in the current source- Parameters:
certificateToken- the certificate to be tested- Returns:
- true if the certificate is part of the current source
-
getBySubject
This method returns the Set of certificates with the same subjectDN.- Parameters:
subject- the subject to match- Returns:
- If no match is found then an empty set is returned.
-
getBySignerIdentifier
This method returns the Set of certificates with theCertificateIdentifier- Parameters:
signerIdentifier- the certificate identifier to match- Returns:
- If no match is found then an empty set is returned.
-
getByCertificateDigest
This method returns the Set of certificates with theDigest- Parameters:
digest- the certificate digest to be found- Returns:
- the found certificates or an empty Set
-
getByPublicKey
This method returns a Set ofCertificateTokenwith the givenPublicKey- Parameters:
publicKey- the public key to find- Returns:
- a Set of CertificateToken which have the given public key
-
getBySki
This method returns a Set ofCertificateTokenwith the given SKI (SubjectKeyIdentifier (SHA-1 of the PublicKey))- Parameters:
ski- the Subject Key Identifier- Returns:
- a Set of CertificateToken which have the given ski
-
findTokensFromCertRef
Returns Set ofCertificateTokens for the providedCertificateRef- Parameters:
certificateRef- aCertificateRef- Returns:
- Set of
CertificateTokens
-
getEntities
List<CertificateSourceEntity> getEntities()Returns a list of certificates grouped by their public keys- Returns:
- a list of
CertificateSourceEntitys
-
isAllSelfSigned
boolean isAllSelfSigned()This method checks if all certificates are self-signed- Returns:
- true if all certificates are self-signed
-
isCertificateSourceEqual
This method checks if the current and the givenCertificateSources contain the same certificate tokens- Parameters:
certificateSource-CertificateSourceto compare- Returns:
- TRUE if both certificate sources contains the same certificate tokens, FALSE otherwise
-
isCertificateSourceEquivalent
This method checks if the current and the givenCertificateSources contain the same public keys- Parameters:
certificateSource-CertificateSourceto compare- Returns:
- TRUE if both certificate sources contains the same public keys, FALSE otherwise
-