Our libraries jPDFSecure, jPDFImages, jPDFProcess, jPDFViewer, jPDFNotes, jPDFEditor and jPDFWeb will trust Java Trusted Certificate Authorities by default when verifying digital signatures contained in PDF document.
Through the SignatureSettings class located in qoppa.com.pdf package and its static methods, it is possible to customize the trusted authorities by:
- Adding your own certificates
- Removing Java certificates
- Adding Windows store certificates
List of Java Trusted Certificate Authorities
How can I get a list of trusted root certificates (also called authorities or identities) trusted by the JVM?
Trusted authorities in Java are contained in the keystore called cacerts located under the java home/lib/security directory.
Here is a sample code to retrieve the list of trusted CAs.
import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.security.InvalidAlgorithmParameterException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.Iterator; public class Main {public static void main(String[] args) { try { // load the cacerts keystore file String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar); FileInputStream is = new FileInputStream(filename); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); String password = "changeit"; keystore.load(is, password.toCharArray()); //retrieves the most-trusted CAs from the trusted certificate entries PKIXParameters params = new PKIXParameters(keystore); // get the set of trust anchors Iterator it = params.getTrustAnchors().iterator(); while( it.hasNext() ) { TrustAnchor ta = (TrustAnchor)it.next(); // get certificate X509Certificate cert = ta.getTrustedCert(); System.out.println(<span style="font-size: small;">cert.getIssuerDN()</span>); } } catch (CertificateException e) {} catch (KeyStoreException e) {} catch (NoSuchAlgorithmException e) {} catch (InvalidAlgorithmParameterException e) {} catch (IOException e) {} } } |
