ITrustCertificateStoreAddin
Whenever an artifact is signed, or a signature validation is performed, the solution needs to validate if the certificate used for signing is trusted. Add-in responsible for maintaining an updated list of all supported types of certificate, as well as performing certificate validations.
| Trigger Event(s): Document validation; Updating or listing the trust certificate store |
| Method | Description | ||
|---|---|---|---|
isIssuerTrusted |
Determines if a certificate issuer is trusted for the given certificateType |
||
Parameter |
Type |
Description |
|
certificate |
X509Certificate |
X509 Certificate used for signing |
|
certificateType |
CertificateType |
Type of the X509 Certificate |
|
date |
Date |
The date to check if the certificate is to be trusted or not |
|
Returns |
Type |
Description |
|
result |
boolean |
True if the certificate issuer is trusted |
|
isTrusted |
Determines if a certificate is trusted for the given certificateType |
||
Parameter |
Type |
Description |
|
certificate |
X509Certificate |
X509 Certificate used for signing |
|
certificateType |
CertificateType |
Type of the X509 Certificate |
|
date |
Date |
The date to check if the certificate is to be trusted or not |
|
Returns |
Type |
Description |
|
result |
boolean |
True if the certificate issuer is trusted |
|
update |
Updates the Trust Certificate list with the given Trust Provider certificates |
||
Parameter |
Type |
Description |
|
providerCertificates |
HashMap<CertificateType, HashMap<String,X509Certificate>> |
Trust Certificate Provider’s certificate list |
|
Returns |
Type |
Description |
|
addedCertificates |
HashMap<CertificateType, List<String>> |
List of the successfully added (to the configured trust store) trust certificates |
|
list |
List the trusted certificates |
||
Parameter |
Type |
Description |
|
- |
- |
- |
|
Returns |
Type |
Description |
|
trustedCertificates |
HashMap<CertificateType, List<String>> |
List the trusted certificates in configured trust store |
|
add |
List the trusted certificates |
||
Parameter |
Type |
Description |
|
certificate |
X509Certificate |
The certificate to add to the store |
|
alias |
String |
The user friendly name to give to the certificate entry |
|
source |
String |
The source of the certificate, usually the direct url to the certificate store or some description of its origin |
|
type |
String |
CA, TSA, INTERNAL, etc… |
|
Returns |
Type |
Description |
|
- |
void |
Throws exception in case of error |
|
delete |
Removes the trusted certificate from the store |
||
Parameter |
Type |
Description |
|
id |
BigInteger |
The id of the certificate to delete from the store |
|
Returns |
Type |
Description |
|
- |
void |
Throws exception in case of error |
|
| eSign brings an out-of-the box implementation for this interface that is described below |
| Implementation | Default | Description |
|---|---|---|
DefaultTrustCertificateStoreAddin |
✓ |
Monitors the trust store and checks if the issuer of the certificate and certificate itself are trusted |
HibernateTrustCertificateStore |
✕ |
Monitors the trust store and checks if the issuer of the certificate and certificate itself are trusted |