Package eu.europa.esig.dss.spi.x509

Class CertificatePool

  • All Implemented Interfaces:
    Serializable
    public class CertificatePool
extends Object
implements Serializable
    This class hosts the set of certificates which is used during the validation process. A certificate can be found in different sources: trusted list, signature, OCSP response... but each certificate is unambiguously identified by its issuer DN and serial number. This class allows to keep only one occurrence of the certificate regardless its provenance. A CertificateSource can be imported with the importCerts(CertificateSource) method .
    See Also:
    Serialized Form

    • Constructor Detail

      • CertificatePool

        public CertificatePool()

    • Method Detail

      • getInstance

        public CertificateToken getInstance​(CertificateToken certificateToAdd,
                                    CertificateSourceType certSource)
        This method returns the instance of a CertificateToken.
        Parameters:
        certificateToAdd - the certificate to add in the pool
        certSource - the source of the given certificate
        Returns:
        the complete CertificateToken instance (merged with the pool content)

      • getIssuers

        public List<CertificateToken> getIssuers​(Token token)
        This method returns all known issuers for the given token.
        Parameters:
        token - the child certificate, timestamp or revocation data for which the issuers are required
        Returns:
        a List of all known CertificateToken

      • getIssuer

        public CertificateToken getIssuer​(Token token)
        THis method returns an issuer for the given token
        Parameters:
        token - the child certificate, timestamp or revocation data for which an issuer is required
        Returns:
        an issuer which is valid on the token creation, or a matched issuer with the public key or null

      • get

        public Set<CertificateToken> get​(X500Principal x500Principal)
        This method returns the Set of certificates with the same subjectDN.
        Parameters:
        x500Principal - subject distinguished name to match.
        Returns:
        If no match is found then an empty list is returned.

      • get

        public List<CertificateToken> get​(PublicKey publicKey)
        This method returns the List of certificates with the same Public key.
        Parameters:
        publicKey - expected public key.
        Returns:
        If no match is found then an empty list is returned.

      • getBySki

        public List<CertificateToken> getBySki​(byte[] expectedSki)
        This method returns the List of certificates with the same SKI (subject key identifier = SHA-1 of the Public Key).
        Parameters:
        expectedSki - expected SKI value.
        Returns:
        If no match is found then an empty list is returned.

      • getBySignerId

        public List<CertificateToken> getBySignerId​(org.bouncycastle.cms.SignerId signerId)
        This method returns the List of certificates with the same SignerId.
        Parameters:
        signerId - expected signerId.
        Returns:
        If no match is found then an empty list is returned.

      • getNumberOfEntities

        public int getNumberOfEntities()
        This method return the number of entities contained by this pool identified by its public key.
        Returns:
        the number of entities

      • getNumberOfCertificates

        public int getNumberOfCertificates()
        This method return the number of certificates contained by this pool.
        Returns:
        the number of certificates