ITrustCertificateStoreAddin

Whenever an artifact is signed, or a signature validation is performed, the solution needs to validate if the certificate used for signing is trusted. Add-in responsible for maintaining an updated list of all supported types of certificate, as well as performing certificate validations.

Trigger Event(s): Document validation; Updating or listing the trust certificate store
Table 1. ITrustCertificateStoreAddin interface methods declaration and description
Method Description

isIssuerTrusted

Determines if a certificate issuer is trusted for the given certificateType

Parameter

Type

Description

certificate

X509Certificate

X509 Certificate used for signing

certificateType

CertificateType

Type of the X509 Certificate

date

Date

The date to check if the certificate is to be trusted or not

Returns

Type

Description

result

boolean

True if the certificate issuer is trusted

isTrusted

Determines if a certificate is trusted for the given certificateType

Parameter

Type

Description

certificate

X509Certificate

X509 Certificate used for signing

certificateType

CertificateType

Type of the X509 Certificate

date

Date

The date to check if the certificate is to be trusted or not

Returns

Type

Description

result

boolean

True if the certificate issuer is trusted

update

Updates the Trust Certificate list with the given Trust Provider certificates

Parameter

Type

Description

providerCertificates

HashMap<CertificateType, HashMap<String,X509Certificate>>

Trust Certificate Provider’s certificate list

Returns

Type

Description

addedCertificates

HashMap<CertificateType, List<String>>

List of the successfully added (to the configured trust store) trust certificates

list

List the trusted certificates

Parameter

Type

Description

-

-

-

Returns

Type

Description

trustedCertificates

HashMap<CertificateType, List<String>>

List the trusted certificates in configured trust store

add

List the trusted certificates

Parameter

Type

Description

certificate

X509Certificate

The certificate to add to the store

alias

String

The user friendly name to give to the certificate entry

source

String

The source of the certificate, usually the direct url to the certificate store or some description of its origin

type

String

CA, TSA, INTERNAL, etc…

Returns

Type

Description

-

void

Throws exception in case of error

delete

Removes the trusted certificate from the store

Parameter

Type

Description

id

BigInteger

The id of the certificate to delete from the store

Returns

Type

Description

-

void

Throws exception in case of error

eSign brings an out-of-the box implementation for this interface that is described below
Table 2. Available implementations for ITrustCertificateStoreAddin
Implementation Default Description

DefaultTrustCertificateStoreAddin

Monitors the trust store and checks if the issuer of the certificate and certificate itself are trusted

HibernateTrustCertificateStore

Monitors the trust store and checks if the issuer of the certificate and certificate itself are trusted

Configuration

First the add-in needs to be loaded as an extension

"_comment" : "List all the extensions to be used",
"extensions" :
[
	...

	{
        "name": "store-trust-certificate",
        "class": "novabase.connect.paperless.esign.core.extensions.impl.DefaultTrustCertificateStoreAddin"

    },

	...
]

Optionally, set as the default add-in by establishing the class path for the type "trust_certificate_store"

"_comment" : "List all the default addins to be used",
"addins" :
[
    ...

    {
        "type": "trust_certificate_store",
        "extension": "store-trust-certificate"
    },

    ...
]