Package eu.europa.esig.dss.spi.x509

Interface CertificateSource

All Superinterfaces:
Serializable
All Known Implementing Classes:
AIACertificateSource, CAdESCertificateSource, CMSCertificateSource, CommonCertificateSource, CommonTrustedCertificateSource, JAdESCertificateSource, KeyStoreCertificateSource, KidCertificateSource, OCSPCertificateSource, PAdESCertificateSource, PdfCompositeDssDictCertificateSource, PdfDssDictCertificateSource, RevocationCertificateSource, SignatureCertificateSource, TimestampCertificateSource, TokenCertificateSource, TrustedListsCertificateSource, XAdESCertificateSource
public interface CertificateSource extends Serializable
The validation of a certificate requires to access some other certificates from multiple sources (Trusted List, Trust Store, the signature itself). This interface provides an abstraction for accessing a certificate, regardless of the source.

  • Method Details

    • addCertificate

      CertificateToken addCertificate(CertificateToken certificate)
      This method allows to manually add any certificate to the source. The type of the source is automatically set par each specific implementation.
      Parameters:
      certificate - the certificate you have to trust
      Returns:
      the corresponding certificate token

    • getCertificateSourceType

      CertificateSourceType getCertificateSourceType()
      This method returns the certificate source type associated to the implementation class.
      Returns:
      the certificate origin

    • getCertificates

      List<CertificateToken> getCertificates()
      Retrieves the unmodifiable list of all certificate tokens from this source.
      Returns:
      all certificates from this source

    • isTrusted

      boolean isTrusted(CertificateToken certificateToken)
      This method checks if a given certificate is trusted
      Parameters:
      certificateToken - the certificate to be tested
      Returns:
      true if the certificate is trusted

    • isKnown

      boolean isKnown(CertificateToken certificateToken)
      This method checks if a given certificate is known in the current source
      Parameters:
      certificateToken - the certificate to be tested
      Returns:
      true if the certificate is part of the current source

    • getBySubject

      Set<CertificateToken> getBySubject(X500PrincipalHelper subject)
      This method returns the Set of certificates with the same subjectDN.
      Parameters:
      subject - the subject to match
      Returns:
      If no match is found then an empty set is returned.

    • getBySignerIdentifier

      Set<CertificateToken> getBySignerIdentifier(SignerIdentifier signerIdentifier)
      This method returns the Set of certificates with the CertificateIdentifier
      Parameters:
      signerIdentifier - the certificate identifier to match
      Returns:
      If no match is found then an empty set is returned.

    • getByCertificateDigest

      Set<CertificateToken> getByCertificateDigest(Digest digest)
      This method returns the Set of certificates with the Digest
      Parameters:
      digest - the certificate digest to be found
      Returns:
      the found certificates or an empty Set

    • getByPublicKey

      Set<CertificateToken> getByPublicKey(PublicKey publicKey)
      This method returns a Set of CertificateToken with the given PublicKey
      Parameters:
      publicKey - the public key to find
      Returns:
      a Set of CertificateToken which have the given public key

    • getBySki

      Set<CertificateToken> getBySki(byte[] ski)
      This method returns a Set of CertificateToken with the given SKI (SubjectKeyIdentifier (SHA-1 of the PublicKey))
      Parameters:
      ski - the Subject Key Identifier
      Returns:
      a Set of CertificateToken which have the given ski

    • findTokensFromCertRef

      Set<CertificateToken> findTokensFromCertRef(CertificateRef certificateRef)
      Returns Set of CertificateTokens for the provided CertificateRef
      Parameters:
      certificateRef - a CertificateRef
      Returns:
      Set of CertificateTokens

    • getEntities

      List<eu.europa.esig.dss.spi.x509.CertificateSourceEntity> getEntities()
      Returns a list of certificates grouped by their public keys
      Returns:
      a list of CertificateSourceEntitys

    • isAllSelfSigned

      boolean isAllSelfSigned()
      This method checks if all certificates are self-signed
      Returns:
      true if all certificates are self-signed

    • isCertificateSourceEqual

      boolean isCertificateSourceEqual(CertificateSource certificateSource)
      This method checks if the current and the given CertificateSources contain the same certificate tokens
      Parameters:
      certificateSource - CertificateSource to compare
      Returns:
      TRUE if both certificate sources contains the same certificate tokens, FALSE otherwise

    • isCertificateSourceEquivalent

      boolean isCertificateSourceEquivalent(CertificateSource certificateSource)
      This method checks if the current and the given CertificateSources contain the same public keys
      Parameters:
      certificateSource - CertificateSource to compare
      Returns:
      TRUE if both certificate sources contains the same public keys, FALSE otherwise