Table of Contents

Class CertificateUtil

Namespace
iText.Signatures
Assembly
itext.sign.dll

This class contains a series of static methods that allow you to retrieve information from a Certificate.

public class CertificateUtil
Inheritance
CertificateUtil
Inherited Members

Constructors

CertificateUtil() 

public CertificateUtil()

Methods

CheckIfIssuersMatch(ICertID, IX509Certificate)

Checks if the issuer of the provided certID (specified in the OCSP response) and provided issuer of the certificate in question matches, i.e. checks that issuerNameHash and issuerKeyHash fields of the certID is the hash of the issuer's name and public key.

public static bool CheckIfIssuersMatch(ICertID certID, IX509Certificate issuerCert)

Parameters

certID ICertID

certID specified in the OCSP response

issuerCert IX509Certificate

the issuer of the certificate in question

Returns

bool

true if the issuers are the same, false otherwise.

Remarks

Checks if the issuer of the provided certID (specified in the OCSP response) and provided issuer of the certificate in question matches, i.e. checks that issuerNameHash and issuerKeyHash fields of the certID is the hash of the issuer's name and public key.

SingleResp contains the basic information of the status of the certificate identified by the certID. The issuer name and serial number identify a unique certificate, so if serial numbers of the certificate in question and certID serial number are equals and issuers match, then SingleResp contains the information about the status of the certificate in question.

CreateRevocationInfoChoices(ICollection<IX509Crl>, ICollection<IBasicOcspResponse>, ICollection<IAsn1Sequence>)

Creates the revocation info (crls field) for SignedData structure: RevocationInfoChoices ::= SET OF RevocationInfoChoice RevocationInfoChoice ::= CHOICE { crl CertificateList, other [1] IMPLICIT OtherRevocationInfoFormat } OtherRevocationInfoFormat ::= SEQUENCE { otherRevInfoFormat OBJECT IDENTIFIER, otherRevInfo ANY DEFINED BY otherRevInfoFormat } CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING }

public static IDerSet CreateRevocationInfoChoices(ICollection<IX509Crl> crls, ICollection<IBasicOcspResponse> ocsps, ICollection<IAsn1Sequence> otherRevocationInfoFormats)

Parameters

crls ICollection<IX509Crl>

collection of CRL revocation status information.

ocsps ICollection<IBasicOcspResponse>

collection of OCSP revocation status information.

otherRevocationInfoFormats ICollection<IAsn1Sequence>

collection of revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response, stored as iText.Commons.Bouncycastle.Asn1.IAsn1Sequence.

Returns

IDerSet

crls [1] RevocationInfoChoices field of SignedData structure. Null if SignedData has no revocation data.

GenerateCertificate(Stream)

Generates a certificate object and initializes it with the data read from the input stream inStream.

public static IX509Certificate GenerateCertificate(Stream data)

Parameters

data Stream

the input stream with the certificates.

Returns

IX509Certificate

a certificate object initialized with the data from the input stream.

GetCRL(string)

Gets the CRL object using a CRL URL.

public static IX509Crl GetCRL(string url)

Parameters

url string

the URL where the CRL is located

Returns

IX509Crl

CRL object

GetCRL(IX509Certificate)

Gets a CRL from an X509 certificate.

[Obsolete("use GetCRLs(iText.Commons.Bouncycastle.Cert.IX509Certificate) .")]
public static IX509Crl GetCRL(IX509Certificate certificate)

Parameters

certificate IX509Certificate

the X509Certificate to extract the CRL from

Returns

IX509Crl

CRL or null if there's no CRL available

GetCRLURL(IX509Certificate)

Gets the URL of the Certificate Revocation List for a Certificate

[Obsolete("use GetCRLURLs(iText.Commons.Bouncycastle.Cert.IX509Certificate) .")]
public static string GetCRLURL(IX509Certificate certificate)

Parameters

certificate IX509Certificate

the Certificate

Returns

string

the String where you can check if the certificate was revoked.

GetCRLURLs(IX509Certificate)

Gets the list of the Certificate Revocation List URLs for a Certificate.

public static IList<string> GetCRLURLs(IX509Certificate certificate)

Parameters

certificate IX509Certificate

the Certificate to get CRL URLs for

Returns

IList<string>

the list of URL strings where you can check if the certificate is revoked.

GetCRLs(IX509Certificate)

Gets a CRLs from the X509 certificate.

public static IList<IX509Crl> GetCRLs(IX509Certificate certificate)

Parameters

certificate IX509Certificate

the X509Certificate to extract the CRLs from

Returns

IList<IX509Crl>

CRL list or null if there's no CRL available

GetDistributionPointByName(IX509Certificate, IDistributionPointName)

Gets the Distribution Point from the certificate by name specified in the Issuing Distribution Point from the Certificate Revocation List for a Certificate.

public static IDistributionPoint GetDistributionPointByName(IX509Certificate certificate, IDistributionPointName issuingDistributionPointName)

Parameters

certificate IX509Certificate

the certificate to retrieve Distribution Points

issuingDistributionPointName IDistributionPointName

distributionPointName retrieved from the IDP of the CRL

Returns

IDistributionPoint

distribution point withthe same name as specified in the IDP.

GetExtensionValue(IX509Certificate, string)

Gets certificate extension value.

public static IAsn1Object GetExtensionValue(IX509Certificate certificate, string oid)

Parameters

certificate IX509Certificate

the certificate from which we need the ExtensionValue

oid string

the Object Identifier value for the extension

Returns

IAsn1Object

the extension value as an iText.Commons.Bouncycastle.Asn1.IAsn1Object object.

GetExtensionValue(IX509Crl, string)

Gets CRL extension value.

public static IAsn1Object GetExtensionValue(IX509Crl crl, string oid)

Parameters

crl IX509Crl

the CRL from which we need the ExtensionValue

oid string

the Object Identifier value for the extension

Returns

IAsn1Object

the extension value as an iText.Commons.Bouncycastle.Asn1.IAsn1Object object.

GetExtensionValueByOid(IX509Certificate, string)

Retrieves certificate extension value by its OID.

public static byte[] GetExtensionValueByOid(IX509Certificate certificate, string id)

Parameters

certificate IX509Certificate

to get extension from

id string

extension OID to retrieve

Returns

byte[]

encoded extension value.

GetIssuerCertURL(IX509Certificate)

Retrieves the URL for the issuer lists certificates for the given certificate.

public static string GetIssuerCertURL(IX509Certificate certificate)

Parameters

certificate IX509Certificate

the certificate

Returns

string

the URL or null.

GetIssuerCertURL(IX509Crl)

Retrieves the URL for the issuer certificate for the given CRL.

public static string GetIssuerCertURL(IX509Crl crl)

Parameters

crl IX509Crl

the CRL response

Returns

string

the URL or null.

GetOCSPURL(IX509Certificate)

Retrieves the OCSP URL from the given certificate.

public static string GetOCSPURL(IX509Certificate certificate)

Parameters

certificate IX509Certificate

the certificate

Returns

string

the URL or null

GetTSAURL(IX509Certificate)

Gets the URL of the TSA if it's available on the certificate

public static string GetTSAURL(IX509Certificate certificate)

Parameters

certificate IX509Certificate

a certificate

Returns

string

a TSA URL

IsSelfSigned(IX509Certificate)

Checks if the certificate is self-signed.

public static bool IsSelfSigned(IX509Certificate certificate)

Parameters

certificate IX509Certificate

a certificate to check

Returns

bool

true if the certificate is self-signed.

IsSignatureValid(IBasicOcspResponse, IX509Certificate)

Checks if an OCSP response is genuine.

public static bool IsSignatureValid(IBasicOcspResponse ocspResp, IX509Certificate responderCert)

Parameters

ocspResp IBasicOcspResponse

iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse the OCSP response wrapper

responderCert IX509Certificate

the responder certificate

Returns

bool

true if the OCSP response verifies against the responder certificate.

ParseCrlFromBytes(byte[])

Parses a CRL from bytes.

public static IX509Crl ParseCrlFromBytes(byte[] crlBytes)

Parameters

crlBytes byte[]

the bytes holding the unparsed CRL

Returns

IX509Crl

the parsed CRL object.

ParseCrlFromStream(Stream)

Parses a CRL from an InputStream.

public static IX509Crl ParseCrlFromStream(Stream input)

Parameters

input Stream

the InputStream holding the unparsed CRL

Returns

IX509Crl

the parsed CRL object.

RetrieveRevocationInfoFromSignedData(IAsn1TaggedObject, ICollection<IX509Crl>, ICollection<IBasicOcspResponse>, ICollection<IAsn1Sequence>)

Try to retrieve CRL and OCSP responses from the signed data crls field.

public static void RetrieveRevocationInfoFromSignedData(IAsn1TaggedObject taggedObj, ICollection<IX509Crl> crls, ICollection<IBasicOcspResponse> ocsps, ICollection<IAsn1Sequence> otherRevocationInfoFormats)

Parameters

taggedObj IAsn1TaggedObject

signed data crls field as iText.Commons.Bouncycastle.Asn1.IAsn1TaggedObject.

crls ICollection<IX509Crl>

collection to store retrieved CRL responses.

ocsps ICollection<IBasicOcspResponse>

collection of iText.Commons.Bouncycastle.Asn1.Ocsp.IBasicOcspResponse wrappers to store retrieved OCSP responses.

otherRevocationInfoFormats ICollection<IAsn1Sequence>

collection of revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response, stored as iText.Commons.Bouncycastle.Asn1.IAsn1Sequence.