Package eu.europa.esig.dss.spi
Class CertificateExtensionsUtils
java.lang.Object
eu.europa.esig.dss.spi.CertificateExtensionsUtils
This class contains utility methods for extraction certificate extension (whether critical or not)
-
Method Summary
Modifier and TypeMethodDescriptionstatic AuthorityInformationAccessgetAuthorityInformationAccess(CertificateToken certificateToken) Returns the authority information access, when presentstatic AuthorityKeyIdentifiergetAuthorityKeyIdentifier(CertificateToken certificateToken) Returns the subject key identifier, when presentstatic BasicConstraintsgetBasicConstraints(CertificateToken certificateToken) Returns a basic constraints extension, when presentgetCAIssuersAccessUrls(CertificateToken certificate) Returns the CA issuers URIs extracted from authorityInfoAccess.caIssuers fieldstatic CertificateExtensionsgetCertificateExtensions(CertificateToken certificateToken) This method extracts the certificate extensions from the givencertificateTokenstatic CertificatePoliciesgetCertificatePolicies(CertificateToken certificateToken) Returns the certificate policies, when presentgetCRLAccessUrls(CertificateToken certificate) Returns the CRL distribution URIs extracted from cRLDistributionPoints fieldstatic CRLDistributionPointsgetCRLDistributionPoints(CertificateToken certificateToken) Returns the CRL distribution points, when presentstatic ExtendedKeyUsagesgetExtendedKeyUsage(CertificateToken certificateToken) Returns the extended key usage, when presentstatic InhibitAnyPolicygetInhibitAnyPolicy(CertificateToken certificateToken) Returns an inhibit anyPolicy extension, when presentstatic KeyUsagegetKeyUsage(CertificateToken certificateToken) Returns the key usage, when presentstatic NameConstraintsgetNameConstraints(CertificateToken certificateToken) Returns a name constraints extension, when presentgetOCSPAccessUrls(CertificateToken certificate) Returns the OCSP URIs extracted from authorityInfoAccess.ocsp fieldstatic OCSPNoCheckgetOcspNoCheck(CertificateToken certificateToken) Returns the ocsp-nocheck extension value, when presentstatic PolicyConstraintsgetPolicyConstraints(CertificateToken certificateToken) Returns a policy constraints extension, when presentstatic QcStatementsgetQcStatements(CertificateToken certificateToken) Returns the qc-statements extension value, when presentstatic SubjectAlternativeNamesgetSubjectAlternativeNames(CertificateToken certificateToken) Returns a subject alternative names, when presentstatic SubjectKeyIdentifiergetSubjectKeyIdentifier(CertificateToken certificateToken) Returns the subject key identifier, when presentstatic ValidityAssuredShortTermgetValAssuredSTCerts(CertificateToken certificateToken) Returns the ext-etsi-valassured-ST-certs extension value, when presentstatic booleanhasOcspNoCheckExtension(CertificateToken certificateToken) Checks if the certificate contains ocsp-nocheck extension indicating if the revocation data should be checked for an OCSP signing certificate.
RFC 6960static booleanhasValAssuredShortTermCertsExtension(CertificateToken certificateToken) Checks if the certificate contains ext-etsi-valassured-ST-certs extension indicating that the validity of the certificate is assured because the certificate is a "short-term certificate".static booleanThis method verifies whetheroidcorresponds to the authority information access extension OIDstatic booleanThis method verifies whetheroidcorresponds to the authority key identifier extension OIDstatic booleanisBasicConstraints(String oid) This method verifies whetheroidcorresponds to the basic constraints extension OIDstatic booleanThis method verifies whetheroidcorresponds to the certificate policies extension OIDstatic booleanThis method verifies whetheroidcorresponds to the CRL distribution points extension OIDstatic booleanisExtendedKeyUsage(String oid) This method verifies whetheroidcorresponds to the extended key usage extension OIDstatic booleanisInhibitAnyPolicy(String oid) This method verifies whetheroidcorresponds to the policy constraints extension OIDstatic booleanisKeyUsage(String oid) This method verifies whetheroidcorresponds to the key usage extension OIDstatic booleanisNameConstraints(String oid) This method verifies whetheroidcorresponds to the name constraints extension OIDstatic booleanisOcspNoCheck(String oid) This method verifies whetheroidcorresponds to the ocsp-nocheck extension OIDstatic booleanThis method verifies whetheroidcorresponds to the policy constraints extension OIDstatic booleanisQcStatements(String oid) This method verifies whetheroidcorresponds to the qc-statements extension OIDstatic booleanThis method verifies whetheroidcorresponds to the subject alternative names extension OIDstatic booleanThis method verifies whetheroidcorresponds to the subject key identifier extension OIDstatic booleanThis method verifies whetheroidcorresponds to the ext-etsi-valassured-ST-certs extension OID
-
Method Details
-
getCertificateExtensions
This method extracts the certificate extensions from the givencertificateToken- Parameters:
certificateToken-CertificateTokento get certificate extension from- Returns:
CertificateExtensions
-
isSubjectAlternativeNames
This method verifies whetheroidcorresponds to the subject alternative names extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the subject alternative names extension OID, FALSE otherwise
-
isAuthorityKeyIdentifier
This method verifies whetheroidcorresponds to the authority key identifier extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the authority key identifier extension OID, FALSE otherwise
-
isSubjectKeyIdentifier
This method verifies whetheroidcorresponds to the subject key identifier extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the subject key identifier extension OID, FALSE otherwise
-
isAuthorityInformationAccess
This method verifies whetheroidcorresponds to the authority information access extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the authority information access extension OID, FALSE otherwise
-
isCRLDistributionPoints
This method verifies whetheroidcorresponds to the CRL distribution points extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the CRL distribution points extension OID, FALSE otherwise
-
isBasicConstraints
This method verifies whetheroidcorresponds to the basic constraints extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the basic constraints extension OID, FALSE otherwise
-
isNameConstraints
This method verifies whetheroidcorresponds to the name constraints extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the name constraints extension OID, FALSE otherwise
-
isPolicyConstraints
This method verifies whetheroidcorresponds to the policy constraints extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the policy constraints extension OID, FALSE otherwise
-
isKeyUsage
This method verifies whetheroidcorresponds to the key usage extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the key usage extension OID, FALSE otherwise
-
isExtendedKeyUsage
This method verifies whetheroidcorresponds to the extended key usage extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the extended key usage extension OID, FALSE otherwise
-
isInhibitAnyPolicy
This method verifies whetheroidcorresponds to the policy constraints extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the policy constraints extension OID, FALSE otherwise
-
isCertificatePolicies
This method verifies whetheroidcorresponds to the certificate policies extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the certificate policies extension OID, FALSE otherwise
-
isOcspNoCheck
This method verifies whetheroidcorresponds to the ocsp-nocheck extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the ocsp-nocheck extension OID, FALSE otherwise
-
isValidityAssuredShortTerm
This method verifies whetheroidcorresponds to the ext-etsi-valassured-ST-certs extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the ext-etsi-valassured-ST-certs extension OID, FALSE otherwise
-
isQcStatements
This method verifies whetheroidcorresponds to the qc-statements extension OID- Parameters:
oid-String- Returns:
- TRUE if OID corresponds to the qc-statements extension OID, FALSE otherwise
-
getSubjectAlternativeNames
Returns a subject alternative names, when present- Parameters:
certificateToken-CertificateToken- Returns:
SubjectAlternativeNames
-
getAuthorityInformationAccess
public static AuthorityInformationAccess getAuthorityInformationAccess(CertificateToken certificateToken) Returns the authority information access, when present- Parameters:
certificateToken-CertificateToken- Returns:
AuthorityInformationAccess
-
getCAIssuersAccessUrls
Returns the CA issuers URIs extracted from authorityInfoAccess.caIssuers field- Parameters:
certificate-CertificateToken- Returns:
- a list of CA issuers URIs, or empty list if the extension is not present.
-
getOCSPAccessUrls
Returns the OCSP URIs extracted from authorityInfoAccess.ocsp field- Parameters:
certificate-CertificateToken- Returns:
- a list of OCSP URIs, or empty list if the extension is not present.
-
getAuthorityKeyIdentifier
Returns the subject key identifier, when present- Parameters:
certificateToken-CertificateToken- Returns:
SubjectKeyIdentifier
-
getSubjectKeyIdentifier
Returns the subject key identifier, when present- Parameters:
certificateToken-CertificateToken- Returns:
SubjectKeyIdentifier
-
getCRLDistributionPoints
Returns the CRL distribution points, when present- Parameters:
certificateToken-CertificateToken- Returns:
CRLDistributionPoints
-
getCRLAccessUrls
Returns the CRL distribution URIs extracted from cRLDistributionPoints field- Parameters:
certificate-CertificateToken- Returns:
- a list of CA issuers URIs, or empty list if the extension is not present.
-
getBasicConstraints
Returns a basic constraints extension, when present- Parameters:
certificateToken-CertificateToken- Returns:
BasicConstraints
-
getNameConstraints
Returns a name constraints extension, when present- Parameters:
certificateToken-CertificateToken- Returns:
NameConstraints
-
getPolicyConstraints
Returns a policy constraints extension, when present- Parameters:
certificateToken-CertificateToken- Returns:
PolicyConstraints
-
getInhibitAnyPolicy
Returns an inhibit anyPolicy extension, when present- Parameters:
certificateToken-CertificateToken- Returns:
PolicyConstraints
-
getKeyUsage
Returns the key usage, when present- Parameters:
certificateToken-CertificateToken- Returns:
KeyUsage
-
getExtendedKeyUsage
Returns the extended key usage, when present- Parameters:
certificateToken-CertificateToken- Returns:
ExtendedKeyUsages
-
getCertificatePolicies
Returns the certificate policies, when present- Parameters:
certificateToken-CertificateToken- Returns:
CertificatePolicies
-
getOcspNoCheck
Returns the ocsp-nocheck extension value, when present- Parameters:
certificateToken-CertificateToken- Returns:
OCSPNoCheck
-
hasOcspNoCheckExtension
Checks if the certificate contains ocsp-nocheck extension indicating if the revocation data should be checked for an OCSP signing certificate.
RFC 6960- Parameters:
certificateToken- the certificate to be checked- Returns:
- true if the certificate has the id_pkix_ocsp_nocheck extension
-
getValAssuredSTCerts
Returns the ext-etsi-valassured-ST-certs extension value, when present- Parameters:
certificateToken-CertificateToken- Returns:
ValidityAssuredShortTerm
-
hasValAssuredShortTermCertsExtension
Checks if the certificate contains ext-etsi-valassured-ST-certs extension indicating that the validity of the certificate is assured because the certificate is a "short-term certificate". That is, the time as indicated in the certificate attribute from notBefore through notAfter, inclusive, is shorter than the maximum time to process a revocation request as specified by the certificate practice statement or certificate policy.- Parameters:
certificateToken-CertificateToken- Returns:
- TRUE if the certificate has ext-etsi-valassured-ST-certs extension, FALSE otherwise
-
getQcStatements
Returns the qc-statements extension value, when present- Parameters:
certificateToken-CertificateToken- Returns:
QcStatements
-