Package eu.europa.esig.dss.spi.x509

Class CertificatePool

java.lang.Object

eu.europa.esig.dss.spi.x509.CertificatePool

All Implemented Interfaces:

Serializable

public class CertificatePool
extends Object
implements Serializable

This class hosts the set of certificates which is used during the validation process. A certificate can be found in different sources: trusted list, signature, OCSP response... but each certificate is unambiguously identified by its issuer DN and serial number. This class allows to keep only one occurrence of the certificate regardless its provenance. A CertificateSource can be imported with the importCerts(CertificateSource) method .

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor	Description
CertificatePool()

Method Summary

Modifier and Type	Method	Description
List<CertificateToken>	get(PublicKey publicKey)	This method returns the List of certificates with the same Public key.
Set<CertificateToken>	get(X500Principal x500Principal)	This method returns the Set of certificates with the same subjectDN.
List<CertificateToken>	getBySignerId(org.bouncycastle.cms.SignerId signerId)	This method returns the List of certificates with the same SignerId.
List<CertificateToken>	getBySki(byte[] expectedSki)	This method returns the List of certificates with the same SKI (subject key identifier = SHA-1 of the Public Key).
List<CertificateToken>	getCertificateTokens()
CertificateToken	getInstance(CertificateToken certificateToAdd, CertificateSourceType certSource)	This method returns the instance of a CertificateToken.
CertificateToken	getIssuer(Token token)	THis method returns an issuer for the given token
List<CertificateToken>	getIssuers(Token token)	This method returns all known issuers for the given token.
int	getNumberOfCertificates()	This method return the number of certificates contained by this pool.
int	getNumberOfEntities()	This method return the number of entities contained by this pool identified by its public key.
Set<CertificateSourceType>	getSources(CertificateToken certificateToken)
CertificateToken	getTrustAnchor(CertificateToken cert)
void	importCerts(CertificateSource certificateSource)	This method allows to imports certificates from a CommonCertificateSource.
boolean	isTrusted(CertificateToken cert)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CertificatePool

public CertificatePool()

Method Details

getInstance

public CertificateToken getInstance(CertificateToken certificateToAdd, CertificateSourceType certSource)

This method returns the instance of a CertificateToken.

Parameters:

certificateToAdd - the certificate to add in the pool

certSource - the source of the given certificate

Returns:

the complete CertificateToken instance (merged with the pool content)

isTrusted

public boolean isTrusted(CertificateToken cert)

getSources

public Set<CertificateSourceType> getSources(CertificateToken certificateToken)

getIssuers

public List<CertificateToken> getIssuers(Token token)

This method returns all known issuers for the given token.

Parameters:

token - the child certificate, timestamp or revocation data for which the issuers are required

Returns:

a List of all known CertificateToken

getIssuer

public CertificateToken getIssuer(Token token)

THis method returns an issuer for the given token

Parameters:

token - the child certificate, timestamp or revocation data for which an issuer is required

Returns:

an issuer which is valid on the token creation, or a matched issuer with the public key or null

getTrustAnchor

public CertificateToken getTrustAnchor(CertificateToken cert)

get

public Set<CertificateToken> get(X500Principal x500Principal)

This method returns the Set of certificates with the same subjectDN.

Parameters:

x500Principal - subject distinguished name to match.

Returns:

If no match is found then an empty list is returned.

get

public List<CertificateToken> get(PublicKey publicKey)

This method returns the List of certificates with the same Public key.

Parameters:

publicKey - expected public key.

Returns:

If no match is found then an empty list is returned.

getBySki

public List<CertificateToken> getBySki(byte[] expectedSki)

This method returns the List of certificates with the same SKI (subject key identifier = SHA-1 of the Public Key).

Parameters:

expectedSki - expected SKI value.

Returns:

If no match is found then an empty list is returned.

getBySignerId

public List<CertificateToken> getBySignerId(org.bouncycastle.cms.SignerId signerId)

This method returns the List of certificates with the same SignerId.

Parameters:

signerId - expected signerId.

Returns:

If no match is found then an empty list is returned.

importCerts

public void importCerts(CertificateSource certificateSource)

This method allows to imports certificates from a CommonCertificateSource. If an instance of the CertificateToken already exists in this pool only the CertificateSourceType are added.

Parameters:

certificateSource - the certificate source where certificates will be copied

getNumberOfEntities

public int getNumberOfEntities()

This method return the number of entities contained by this pool identified by its public key.

Returns:

the number of entities

getNumberOfCertificates

public int getNumberOfCertificates()

This method return the number of certificates contained by this pool.

Returns:

the number of certificates

getCertificateTokens

public List<CertificateToken> getCertificateTokens()