Package eu.europa.esig.dss.model.x509

Class CertificateToken

java.lang.Object
eu.europa.esig.dss.model.x509.Token
eu.europa.esig.dss.model.x509.CertificateToken
All Implemented Interfaces:
IdentifierBasedObject, Serializable
public class CertificateToken extends Token
Whenever the signature validation process encounters an X509Certificate a certificateToken is created.
This class encapsulates some frequently used information: a certificate comes from a certain context (Trusted List, CertStore, Signature), has revocation data... To expedite the processing of such information, they are kept in cache.
See Also:

  • Constructor Details

    • CertificateToken

      public CertificateToken(X509Certificate x509Certificate)
      Creates a CertificateToken wrapping the provided X509Certificate.
      Parameters:
      x509Certificate - the X509Certificate object

  • Method Details

    • getAbbreviation

      public String getAbbreviation()
      Description copied from class: Token
      This method returns the DSS abbreviation of the token. It is used for debugging purpose.
      Overrides:
      getAbbreviation in class Token
      Returns:
      an abbreviation for the certificate

    • getEntityKey

      public EntityIdentifier getEntityKey()
      Returns the identifier of the current public key. Several certificate can have the same public key (cross-certificates)
      Returns:
      EntityIdentifier

    • getPublicKey

      public PublicKey getPublicKey()
      Returns the public key associated with the certificate.
      To get the encryption algorithm used with this public key call getAlgorithm() method.
      RFC 2459:
      4.1.2.7 Subject Public Key Info This field is used to carry the public key and identify the algorithm with which the key is used. The algorithm is identified using the AlgorithmIdentifier structure specified in section 4.1.1.2. The object identifiers for the supported algorithms and the methods for encoding the public key materials (public key and parameters) are specified in section 7.3.
      Returns:
      the public key of the certificate

    • getNotAfter

      public Date getNotAfter()
      Returns the expiration date of the certificate.
      Returns:
      the expiration date (notAfter)

    • getNotBefore

      public Date getNotBefore()
      Returns the issuance date of the certificate.
      Returns:
      the issuance date (notBefore)

    • getCreationDate

      public Date getCreationDate()
      Description copied from class: Token
      Returns the creation date of this token. This date is mainly used to retrieve the correct issuer within a collection of renewed certificates (new certificate with the same key pair).
      Specified by:
      getCreationDate in class Token
      Returns:
      the creation date of the token (notBefore for a certificate, productionDate for revocation data,...)

    • isValidOn

      public boolean isValidOn(Date date)
      Checks if the given date is in the validity period of the certificate.
      Parameters:
      date - the date to be tested
      Returns:
      true if the given date is in the certificate period validity

    • isSelfSigned

      public boolean isSelfSigned()
      Checks if the certificate is self-signed. "Self-signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths." [RFC5280]
      Overrides:
      isSelfSigned in class Token
      Returns:
      true if the certificate is a self-sign

    • isSelfIssued

      public boolean isSelfIssued()
      This method returns true if the certificate is self-issued. "Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations." [RFC5280]
      Returns:
      true if the certificate is self-issued

    • isEquivalent

      public boolean isEquivalent(CertificateToken token)
      This method returns true if the given token is equivalent.
      Parameters:
      token - the token to be compared
      Returns:
      true if the given certificate has the same public key

    • getCertificate

      public X509Certificate getCertificate()
      Gets the enclosed X509 Certificate.
      Returns:
      the X509Certificate object

    • getEncoded

      public byte[] getEncoded()
      Returns the encoded form of this certificate. X.509 certificates would be encoded as ASN.1 DER.
      Specified by:
      getEncoded in class Token
      Returns:
      the encoded form of this certificate

    • getSerialNumber

      public BigInteger getSerialNumber()
      Gets the serialNumber value from the encapsulated certificate. The serial number is an integer assigned by the certification authority to each certificate. It must be unique for each certificate issued by a given CA.
      Returns:
      the certificate serial number

    • getSubject

      public X500PrincipalHelper getSubject()
      Returns the subject as wrapped X500Principal with helpful methods
      Returns:
      an instance of X500PrincipalHelper with the SubjectX500Principal

    • getIssuer

      public X500PrincipalHelper getIssuer()
      Returns the issuer as wrapped X500Principal with helpful methods
      Returns:
      an instance of X500PrincipalHelper with the IssuerX500Principal

    • getIssuerX500Principal

      public X500Principal getIssuerX500Principal()
      Returns the X500Principal of the certificate which was used to sign this token.
      Specified by:
      getIssuerX500Principal in class Token
      Returns:
      the issuer's X500Principal

    • checkIsSignedBy

      protected SignatureValidity checkIsSignedBy(PublicKey publicKey)
      Description copied from class: Token
      Verifies if the current token has been signed by the specified publicKey
      Specified by:
      checkIsSignedBy in class Token
      Parameters:
      publicKey - PublicKey of a signing candidate
      Returns:
      SignatureValidity

    • checkKeyUsage

      public boolean checkKeyUsage(KeyUsageBit keyUsageBit)
      This method checks if the certificate contains the given key usage bit.
      Parameters:
      keyUsageBit - the keyUsageBit to be checked.
      Returns:
      true if contains

    • getKeyUsageBits

      public List<KeyUsageBit> getKeyUsageBits()
      This method returns a list KeyUsageBit representing the key usages of the certificate.
      Returns:
      List of KeyUsageBits of different certificate's key usages

    • isCA

      public boolean isCA()
      This method checks if the BasicConstraint is present
      Returns:
      true if the certificate is defined as a CA

    • getPathLenConstraint

      public int getPathLenConstraint()
      This method returns a PathLenConstraint value when BasicConstraint and the attribute itself are present, and cA parameters is set to true.
      Returns:
      PathLenConstraint integer value, when present. -1 otherwise

    • getSignature

      public byte[] getSignature()
      The signature value of the certificate
      Returns:
      the signature value

    • buildTokenIdentifier

      protected TokenIdentifier buildTokenIdentifier()
      Description copied from class: Token
      Builds a token unique identifier
      Specified by:
      buildTokenIdentifier in class Token
      Returns:
      TokenIdentifier

    • toString

      public String toString(String indentStr)
      Description copied from class: Token
      Returns a string representation of the token.
      Specified by:
      toString in class Token
      Parameters:
      indentStr - the indentation to use
      Returns:
      string representation of the token