Package eu.europa.esig.dss.spi.x509

Interface CertificateSource

All Superinterfaces:
Serializable
All Known Implementing Classes:
AIACertificateSource, CAdESCertificateSource, CMSCertificateSource, CommonCertificateSource, CommonTrustedCertificateSource, KeyStoreCertificateSource, OCSPCertificateSource, PAdESCertificateSource, RevocationCertificateSource, SignatureCertificateSource, TimestampCertificateSource, TokenCertificateSource, TrustedListsCertificateSource, XAdESCertificateSource
public interface CertificateSource
extends Serializable
The validation of a certificate requires to access some other certificates from multiple sources (Trusted List, Trust Store, the signature itself). This interface provides an abstraction for accessing a certificate, regardless of the source.

  • Method Details

    • addCertificate

      CertificateToken addCertificate​(CertificateToken certificate)
      This method allows to manually add any certificate to the source. The type of the source is automatically set par each specific implementation.
      Parameters:
      certificate - the certificate you have to trust
      Returns:
      the corresponding certificate token

    • getCertificateSourceType

      CertificateSourceType getCertificateSourceType()
      This method returns the certificate source type associated to the implementation class.
      Returns:
      the certificate origin

    • getCertificates

      List<CertificateToken> getCertificates()
      Retrieves the unmodifiable list of all certificate tokens from this source.
      Returns:
      all certificates from this source

    • isTrusted

      boolean isTrusted​(CertificateToken certificateToken)
      This method checks if a given certificate is trusted
      Parameters:
      certificateToken - the certificate to be tested
      Returns:
      true if the certificate is trusted

    • isKnown

      boolean isKnown​(CertificateToken certificateToken)
      This method checks if a given certificate is known in the current source
      Parameters:
      certificateToken - the certificate to be tested
      Returns:
      true if the certificate is part of the current source

    • getBySubject

      Set<CertificateToken> getBySubject​(X500PrincipalHelper subject)
      This method returns the Set of certificates with the same subjectDN.
      Parameters:
      subject - the subject to match
      Returns:
      If no match is found then an empty set is returned.

    • getByCertificateIdentifier

      Set<CertificateToken> getByCertificateIdentifier​(CertificateIdentifier certificateIdentifier)
      This method returns the Set of certificates with the CertificateIdentifier
      Parameters:
      certificateIdentifier - the certificate identifier to match
      Returns:
      If no match is found then an empty set is returned.

    • getByPublicKey

      Set<CertificateToken> getByPublicKey​(PublicKey publicKey)
      This method returns a Set of CertificateToken with the given PublicKey
      Parameters:
      publicKey - the public key to find
      Returns:
      a Set of CertificateToken which have the given public key

    • getBySki

      Set<CertificateToken> getBySki​(byte[] ski)
      This method returns a Set of CertificateToken with the given SKI (SubjectKeyIdentifier (SHA-1 of the PublicKey))
      Parameters:
      ski - the Subject Key Identifier
      Returns:
      a Set of CertificateToken which have the given ski

    • getEntities

      List<eu.europa.esig.dss.spi.x509.CertificateSourceEntity> getEntities()

    • isAllSelfSigned

      boolean isAllSelfSigned()
      This method checks if all certificates are self-signed
      Returns:
      true if all certificates are self-signed