Package eu.europa.esig.dss.model.x509

Class CertificateToken

  • All Implemented Interfaces:
    Serializable
    public class CertificateToken
extends Token
    Whenever the signature validation process encounters an X509Certificate a certificateToken is created.
    This class encapsulates some frequently used information: a certificate comes from a certain context (Trusted List, CertStore, Signature), has revocation data... To expedite the processing of such information, they are kept in cache.
    See Also:
    Serialized Form

    • Constructor Detail

      • CertificateToken

        public CertificateToken​(X509Certificate x509Certificate)
        Creates a CertificateToken wrapping the provided X509Certificate.
        Parameters:
        x509Certificate - the X509Certificate object

    • Method Detail

      • getAbbreviation

        public String getAbbreviation()
        Description copied from class: Token
        This method returns the DSS abbreviation of the token. It is used for debugging purpose.
        Overrides:
        getAbbreviation in class Token
        Returns:
        an abbreviation for the certificate

      • getEntityKey

        public String getEntityKey()
        Returns the digest of the current public key. Several certificate can have the same public key (cross-certificates)
        Returns:

      • getPublicKey

        public PublicKey getPublicKey()
        Returns the public key associated with the certificate.
        To get the encryption algorithm used with this public key call getAlgorithm() method.
        RFC 2459:
        4.1.2.7 Subject Public Key Info This field is used to carry the public key and identify the algorithm with which the key is used. The algorithm is identified using the AlgorithmIdentifier structure specified in section 4.1.1.2. The object identifiers for the supported algorithms and the methods for encoding the public key materials (public key and parameters) are specified in section 7.3.
        Returns:
        the public key of the certificate

      • getCanonicalizedSubject

        public String getCanonicalizedSubject()

      • getNotAfter

        public Date getNotAfter()
        Returns the expiration date of the certificate.
        Returns:
        the expiration date (notAfter)

      • getNotBefore

        public Date getNotBefore()
        Returns the issuance date of the certificate.
        Returns:
        the issuance date (notBefore)

      • getCreationDate

        public Date getCreationDate()
        Description copied from class: Token
        Returns the creation date of this token. This date is mainly used to retrieve the correct issuer within a collection of renewed certificates (new certificate with the same key pair).
        Specified by:
        getCreationDate in class Token
        Returns:
        the creation date of the token (notBefore for a certificate, productionDate for revocation data,...)

      • isExpiredOn

        public boolean isExpiredOn​(Date date)
        Checks if the certificate is expired on the given date.
        Parameters:
        date - the date to be tested
        Returns:
        true if the certificate was expired on the given date

      • isValidOn

        public boolean isValidOn​(Date date)
        Checks if the given date is in the validity period of the certificate.
        Parameters:
        date - the date to be tested
        Returns:
        true if the given date is in the certificate period validity

      • isSelfSigned

        public boolean isSelfSigned()
        Checks if the certificate is self-signed. "Self-signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths." [RFC5280]
        Overrides:
        isSelfSigned in class Token
        Returns:
        true if the certificate is a self-sign

      • isSelfIssued

        public boolean isSelfIssued()
        This method returns true if the certificate is self-issued. "Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations." [RFC5280]
        Returns:
        true if the certificate is self-issued

      • isEquivalent

        public boolean isEquivalent​(CertificateToken token)
        This method returns true if the given token is equivalent.
        Parameters:
        token - the token to be compared
        Returns:
        true if the given certificate has the same public key

      • getCertificate

        public X509Certificate getCertificate()
        Gets the enclosed X509 Certificate.
        Returns:
        the X509Certificate object

      • getEncoded

        public byte[] getEncoded()
        Returns the encoded form of this certificate. X.509 certificates would be encoded as ASN.1 DER.
        Specified by:
        getEncoded in class Token
        Returns:
        the encoded form of this certificate

      • getSerialNumber

        public BigInteger getSerialNumber()
        Gets the serialNumber value from the encapsulated certificate. The serial number is an integer assigned by the certification authority to each certificate. It must be unique for each certificate issued by a given CA.
        Returns:
        the certificate serial number

      • getSubjectX500Principal

        public X500Principal getSubjectX500Principal()
        Returns the subject (subject distinguished name) value from the certificate as an X500Principal. If the subject value is empty, then the getName() method of the returned X500Principal object returns an empty string ("").
        Returns:
        the Subject X500Principal

      • getIssuerX500Principal

        public X500Principal getIssuerX500Principal()
        Returns the X500Principal of the certificate which was used to sign this token.
        Specified by:
        getIssuerX500Principal in class Token
        Returns:
        the issuer's X500Principal

      • checkKeyUsage

        public boolean checkKeyUsage​(KeyUsageBit keyUsageBit)
        This method checks if the certificate contains the given key usage bit.
        Parameters:
        keyUsageBit - the keyUsageBit to be checked.
        Returns:
        true if contains

      • toString

        public String toString​(String indentStr)
        Description copied from class: Token
        Returns a string representation of the token.
        Specified by:
        toString in class Token
        Parameters:
        indentStr - the indentation to use
        Returns:
        string representation of the token

      • getKeyUsageBits

        public List<KeyUsageBit> getKeyUsageBits()
        This method returns a list KeyUsageBit representing the key usages of the certificate.
        Returns:
        List of KeyUsageBits of different certificate's key usages

      • isCA

        public boolean isCA()
        This method checks if the BasicConstaint is present
        Returns:
        true if the certificate is defined as a CA

      • getSignature

        public byte[] getSignature()
        The signature value of the certificate
        Returns:
        the signature value

      • getDSSIdAsString

        public String getDSSIdAsString()
        Description copied from class: Token
        Returns a string representation of the unique DSS token identifier.
        Overrides:
        getDSSIdAsString in class Token
        Returns:
        the unique string for the token