ITrustCertificateStoreAddin
Whenever an artifact is signed, or a signature validation is performed, the solution needs to validate if the certificate used for signing is trusted. Add-in responsible for maintaining an updated list of all supported types of certificate, as well as performing certificate validations.
Trigger Event(s): Document validation; Updating or listing the trust certificate store |
Method | Description | ||
---|---|---|---|
isIssuerTrusted |
Determines if a certificate issuer is trusted for the given certificateType |
||
Parameter |
Type |
Description |
|
certificate |
X509Certificate |
X509 Certificate used for signing |
|
certificateType |
CertificateType |
Type of the X509 Certificate |
|
date |
Date |
The date to check if the certificate is to be trusted or not |
|
Returns |
Type |
Description |
|
result |
boolean |
True if the certificate issuer is trusted |
|
isTrusted |
Determines if a certificate is trusted for the given certificateType |
||
Parameter |
Type |
Description |
|
certificate |
X509Certificate |
X509 Certificate used for signing |
|
certificateType |
CertificateType |
Type of the X509 Certificate |
|
date |
Date |
The date to check if the certificate is to be trusted or not |
|
Returns |
Type |
Description |
|
result |
boolean |
True if the certificate issuer is trusted |
|
update |
Updates the Trust Certificate list with the given Trust Provider certificates |
||
Parameter |
Type |
Description |
|
providerCertificates |
HashMap<CertificateType, HashMap<String,X509Certificate>> |
Trust Certificate Provider’s certificate list |
|
Returns |
Type |
Description |
|
addedCertificates |
HashMap<CertificateType, List<String>> |
List of the successfully added (to the configured trust store) trust certificates |
|
list |
List the trusted certificates |
||
Parameter |
Type |
Description |
|
- |
- |
- |
|
Returns |
Type |
Description |
|
trustedCertificates |
HashMap<CertificateType, List<String>> |
List the trusted certificates in configured trust store |
|
add |
List the trusted certificates |
||
Parameter |
Type |
Description |
|
certificate |
X509Certificate |
The certificate to add to the store |
|
alias |
String |
The user friendly name to give to the certificate entry |
|
source |
String |
The source of the certificate, usually the direct url to the certificate store or some description of its origin |
|
type |
String |
CA, TSA, INTERNAL, etc… |
|
Returns |
Type |
Description |
|
- |
void |
Throws exception in case of error |
|
delete |
Removes the trusted certificate from the store |
||
Parameter |
Type |
Description |
|
id |
BigInteger |
The id of the certificate to delete from the store |
|
Returns |
Type |
Description |
|
- |
void |
Throws exception in case of error |
eSign brings an out-of-the box implementation for this interface that is described below |
Implementation | Default | Description |
---|---|---|
DefaultTrustCertificateStoreAddin |
✓ |
Monitors the trust store and checks if the issuer of the certificate and certificate itself are trusted |
HibernateTrustCertificateStore |
✕ |
Monitors the trust store and checks if the issuer of the certificate and certificate itself are trusted |
Configuration
First the add-in needs to be loaded as an extension
"_comment" : "List all the extensions to be used",
"extensions" :
[
...
{
"name": "store-trust-certificate",
"class": "novabase.connect.paperless.esign.core.extensions.impl.DefaultTrustCertificateStoreAddin"
},
...
]
Optionally, set as the default add-in by establishing the class path for the type "trust_certificate_store"
"_comment" : "List all the default addins to be used",
"addins" :
[
...
{
"type": "trust_certificate_store",
"extension": "store-trust-certificate"
},
...
]