Package eu.europa.esig.dss.diagnostic
Class CertificateWrapper
java.lang.Object
eu.europa.esig.dss.diagnostic.AbstractTokenProxy
eu.europa.esig.dss.diagnostic.CertificateWrapper
- All Implemented Interfaces:
TokenProxy
- Direct Known Subclasses:
RelatedCertificateWrapper
Provides a user-friendly interface of dealing with JAXB
XmlCertificate-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanbyte[]Returns binaries of the token, when presentReturns the Authority Information Access URLsReturns the certificate's Distinguished Name (by RFC 2253)<T extends XmlCertificateExtension>
TgetCertificateExtensionForOid(String oid, Class<T> targetClass) Returns a certificate extension with the givenoidwhen presentReturns a list of all certificate extensionsReturns a list of all certificate extensions OIDsReturns the certificate issuer's Distinguished Name (by RFC 2253)Returns the certificate policies IdsReturns the certificate policies OIDsReturns a list of revocation data relevant to the certificateReturns expiredCertsRevocationInfo extension from TL Trusted ServicedReturns the common nameReturns the country codeReturns the certificate policies URLsReturns the CRL Distribution Points URLsprotected XmlBasicSignatureReturns a basic signature validationprotected List<XmlChainItem> Returns the token's certificate chainprotected XmlSigningCertificateReturns the signing certificate of the tokenReturns the certificate's Digest if presentgetEmail()Returns the emailReturns a string identifier of the certificate's public keyReturns value of the excludedSubtrees field of nameConstraints certificate extension, when presentReturns a list of extended-key-usagesReturns the given namegetId()Returns the unique identifier of the objectintReturns value of the inhibitAnyPolicy certificate extension's valueintReturns value of the inhibitPolicyMapping field of policyConstraints certificate extensionReturns the defined key-usages for the certificateReturns the localityReturns aXmlCertificateContentEquivalencelist corresponding to the matching MRA informationThis method returns a name of a Trusted Service used to apply translation for the certificate QcStatements based on the defined Mutual Recognition Agreement schemeReturns the certificate's notAfter date (the date the certificate cannot be used after)Returns the certificate's notBefore date (the date the certificate cannot be used before)Returns the OCSP Access URLsReturns the organization unitReturns the organization identifierReturns the organization nameReturns a list of QcStatements OIDs not supported by the implementation defined in a third-country Trusted List before MRA mappingReturns a list of QCLegislation Country Codes defined in a third-country Trusted List before MRA mappingReturns a list of QCTypes defined in a third-country Trusted List before MRA mappingReturns a list of QcStatements OIDs not supported by the implementationintReturns value of BasicConstraints.PathLenConstraint if present and BasicConstraints.cA is set to trueReturns value of the permittedSubtrees field of nameConstraints certificate extension, when presentReturns the certificate policies IdsReturns the PSD2 QCStatement (id-etsi-psd2-qcStatement extension, ETSI TS 119 495)Returns the pseudoReturns QcEuRetentionPeriodReturns a list of QCLegislation Country Codes (present inside id-etsi-qcs-QcCClegislation extension)Returns the QCEuLimitValueReturns QcEuPDS LocationsReturns a list of QCTypes (present inside id-etsi-qcs-QcType extension)Returns human-readable certificate nameintReturns value of the requireExplicitPolicy field of policyConstraints certificate extensiongetRevocationDataById(String revocationId) Returns revocation data by its idReturns the semantics identifierReturns the serial number of the certificateReturns a list of sources the certificate has been obtained from (e.g.getState()Returns the stateReturns subject alternative namesbyte[]Returns the Subject Key Identifier certificate extension's value, when presentReturns the subject serial number of the certificateReturns the surnamegetTitle()Returns the titleReturns a list ofXmlTrustServiceProvidersReturns a list ofTrustServiceWrappersinthashCode()booleanisCA()Returns whether the certificate defines BasicConstraints.cA extension set to TRUEbooleanReturns if the MRA has been enactedbooleanChecks if the certificate has an extended-key-usage "ocspSigning" (1.3.6.1.5.5.7.3.9)booleanReturns if the certificate has id-pkix-ocsp-no-check attributebooleanReturns if the certificate has been defined as QC compliant in a third-country Trusted List before MRA mappingbooleanReturns if the certificate has been defined as supported by QSCD in a third-country Trusted List before MRA mappingbooleanReturns if the certificate is QC compliant (has id-etsi-qcs-QcCompliance extension)booleanReturns if the revocation data is available for the certificatebooleanReturns if the certificate is self-signedbooleanReturns if the certificate is supported by QSCD (has id-etsi-qcs-QcSSCD extension)booleanReturns if the certificate is trustedbooleanReturns if the Trusted List has been reached for the particular certificatebooleanReturns if the certificate contains id-etsi-ext-valassured-ST-certs extension, as defined in ETSI EN 319 412-1 "5.2 Certificate Extensions regarding Validity Assured Certificate"Methods inherited from class eu.europa.esig.dss.diagnostic.AbstractTokenProxy
foundCertificates, foundRevocations, getCertificateChain, getDigestAlgorithm, getDigestMatchers, getEncryptionAlgorithm, getKeyLengthUsedToSignThisToken, getMaskGenerationFunction, getSignatureAlgorithm, getSigningCertificate, getSigningCertificatePublicKey, getSigningCertificateReference, getSigningCertificateReferences, isCertificateChainFromTrustedStore, isSignatureIntact, isSignatureValid, isSigningCertificateReferencePresent, isSigningCertificateReferenceUnique, isTrustedChain, toString
-
Constructor Details
-
CertificateWrapper
Default constructor- Parameters:
certificate-XmlCertificateto be wrapped
-
-
Method Details
-
getId
Description copied from interface:TokenProxyReturns the unique identifier of the object- Returns:
Stringid
-
getCurrentBasicSignature
Description copied from class:AbstractTokenProxyReturns a basic signature validation- Specified by:
getCurrentBasicSignaturein classAbstractTokenProxy- Returns:
XmlBasicSignature
-
getCurrentCertificateChain
Description copied from class:AbstractTokenProxyReturns the token's certificate chain- Specified by:
getCurrentCertificateChainin classAbstractTokenProxy- Returns:
- a list of
XmlChainItems
-
getCurrentSigningCertificate
Description copied from class:AbstractTokenProxyReturns the signing certificate of the token- Specified by:
getCurrentSigningCertificatein classAbstractTokenProxy- Returns:
XmlSigningCertificate
-
isTrusted
public boolean isTrusted()Returns if the certificate is trusted- Returns:
- TRUE if the certificate is trusted, FALSE otherwise
-
isSelfSigned
public boolean isSelfSigned()Returns if the certificate is self-signed- Returns:
- TRUE if the certificate is self-signed, FALSE otherwise
-
getCertificateExtensions
Returns a list of all certificate extensions- Returns:
- a list of
XmlCertificateExtension
-
getCertificateExtensionForOid
public <T extends XmlCertificateExtension> T getCertificateExtensionForOid(String oid, Class<T> targetClass) Returns a certificate extension with the givenoidwhen present- Parameters:
oid-StringOID of the certificate extension- Returns:
XmlCertificateExtensionwhen present, NULL otherwise
-
getCertificateExtensionsOids
-
getSubjectAlternativeNames
Returns subject alternative names- Returns:
- a list of
Strings
-
isCA
public boolean isCA()Returns whether the certificate defines BasicConstraints.cA extension set to TRUE- Returns:
- TRUE if the BasicConstraints.cA extension is defined and set to true, FALSE otherwise
-
getPathLenConstraint
public int getPathLenConstraint()Returns value of BasicConstraints.PathLenConstraint if present and BasicConstraints.cA is set to true- Returns:
- integer value of BasicConstraints.PathLenConstraint if applicable, -1 otherwise
-
getRequireExplicitPolicy
public int getRequireExplicitPolicy()Returns value of the requireExplicitPolicy field of policyConstraints certificate extension- Returns:
- requireExplicitPolicy value if present, -1 otherwise
-
getInhibitPolicyMapping
public int getInhibitPolicyMapping()Returns value of the inhibitPolicyMapping field of policyConstraints certificate extension- Returns:
- inhibitPolicyMapping value if present, -1 otherwise
-
getInhibitAnyPolicy
public int getInhibitAnyPolicy()Returns value of the inhibitAnyPolicy certificate extension's value- Returns:
- inhibitAnyPolicy certificate extension's value if present, -1 otherwise
-
getPermittedSubtrees
Returns value of the permittedSubtrees field of nameConstraints certificate extension, when present- Returns:
- list of
XmlGeneralSubtreeif field is present, empty list otherwise
-
getExcludedSubtrees
Returns value of the excludedSubtrees field of nameConstraints certificate extension, when present- Returns:
- list of
XmlGeneralSubtreeif field is present, empty list otherwise
-
getKeyUsages
Returns the defined key-usages for the certificate- Returns:
- a list of
KeyUsageBits
-
isRevocationDataAvailable
public boolean isRevocationDataAvailable()Returns if the revocation data is available for the certificate- Returns:
- TRUE if the revocation data is available, FALSE otherwise
-
getSources
Returns a list of sources the certificate has been obtained from (e.g. TRUSTED_LIST, SIGNATURE, AIA, etc.)- Returns:
- a list of
CertificateSourceTypes
-
getCertificateRevocationData
Returns a list of revocation data relevant to the certificate- Returns:
- a list of
CertificateRevocationWrappers
-
getRevocationDataById
Returns revocation data by its id- Parameters:
revocationId-Stringrepresenting id of a revocation data to extract- Returns:
CertificateRevocationWrapper
-
isIdPkixOcspNoCheck
public boolean isIdPkixOcspNoCheck()Returns if the certificate has id-pkix-ocsp-no-check attribute- Returns:
- TRUE if the certificate has id-pkix-ocsp-no-check attribute, FALSE otherwise
-
isIdKpOCSPSigning
public boolean isIdKpOCSPSigning()Checks if the certificate has an extended-key-usage "ocspSigning" (1.3.6.1.5.5.7.3.9)- Returns:
- TRUE if the certificate has extended-key-usage "ocspSigning", FALSE otherwise
-
isValAssuredShortTermCertificate
public boolean isValAssuredShortTermCertificate()Returns if the certificate contains id-etsi-ext-valassured-ST-certs extension, as defined in ETSI EN 319 412-1 "5.2 Certificate Extensions regarding Validity Assured Certificate"- Returns:
- TRUE if the certificate is a validity assured short-term certificate, FALSE otherwise
-
getExtendedKeyUsages
-
getNotBefore
-
getNotAfter
-
getEntityKey
-
getCertificateTSPServiceExpiredCertsRevocationInfo
-
getSerialNumber
-
getSubjectSerialNumber
-
getTitle
-
getCommonName
-
getCountryName
-
getGivenName
-
getOrganizationIdentifier
-
getOrganizationName
-
getOrganizationalUnit
-
getEmail
-
getLocality
-
getState
-
getSurname
-
getPseudo
-
getDigestAlgoAndValue
Returns the certificate's Digest if present- Returns:
XmlDigestAlgoAndValue
-
isTrustedListReached
public boolean isTrustedListReached()Returns if the Trusted List has been reached for the particular certificate- Returns:
- TRUE if the Trusted List has been reached, FALSE otherwise
-
getTrustServiceProviders
Returns a list ofXmlTrustServiceProviders- Returns:
- a list of
XmlTrustServiceProviders
-
getTrustServices
Returns a list ofTrustServiceWrappers- Returns:
- a list of
TrustServiceWrappers
-
getCertificateDN
-
getCertificateIssuerDN
-
getCRLDistributionPoints
-
getCAIssuersAccessUrls
-
getOCSPAccessUrls
-
getSubjectKeyIdentifier
public byte[] getSubjectKeyIdentifier()Returns the Subject Key Identifier certificate extension's value, when present- Returns:
- byte array representing the Subject Key Identifier
-
getCpsUrls
-
getPolicyIds
-
getCertificatePolicies
Returns the certificate policies Ids- Returns:
- a list of
Strings
-
getCertificatePoliciesOids
-
isQcCompliance
public boolean isQcCompliance()Returns if the certificate is QC compliant (has id-etsi-qcs-QcCompliance extension)- Returns:
- TRUE if the certificate is QC compliant, FALSE otherwise
-
isSupportedByQSCD
public boolean isSupportedByQSCD()Returns if the certificate is supported by QSCD (has id-etsi-qcs-QcSSCD extension)- Returns:
- TRUE if the certificate is supported by QSCD, FALSE otherwise
-
getQcTypes
-
getQcLegislationCountryCodes
-
getPSD2Info
Returns the PSD2 QCStatement (id-etsi-psd2-qcStatement extension, ETSI TS 119 495)- Returns:
PSD2InfoWrapper
-
getQCLimitValue
Returns the QCEuLimitValue- Returns:
QCLimitValueWrapper
-
getQCEuRetentionPeriod
-
getQCPDSLocations
Returns QcEuPDS Locations- Returns:
- a list of
XmlLangAndValues
-
getSemanticsIdentifier
Returns the semantics identifier- Returns:
SemanticsIdentifier
-
getOtherQcStatements
-
isEnactedMRA
public boolean isEnactedMRA()Returns if the MRA has been enacted- Returns:
- TRUE if the MRA has been enacted, FALSE otherwise
-
getMRAEnactedTrustServiceLegalIdentifier
-
getMRACertificateContentEquivalenceList
Returns aXmlCertificateContentEquivalencelist corresponding to the matching MRA information- Returns:
- a list of
XmlCertificateContentEquivalences
-
isOriginalThirdCountryQcCompliance
public boolean isOriginalThirdCountryQcCompliance()Returns if the certificate has been defined as QC compliant in a third-country Trusted List before MRA mapping- Returns:
- TRUE if the certificate is QC compliant, FALSE otherwise
-
isOriginalThirdCountrySupportedByQSCD
public boolean isOriginalThirdCountrySupportedByQSCD()Returns if the certificate has been defined as supported by QSCD in a third-country Trusted List before MRA mapping- Returns:
- TRUE if the certificate is supported by QSCD, FALSE otherwise
-
getOriginalThirdCountryQCTypes
-
getOriginalThirdCountryQcLegislationCountryCodes
-
getOriginalThirdCountryOtherQcStatements
-
getBinaries
public byte[] getBinaries()Description copied from class:AbstractTokenProxyReturns binaries of the token, when present- Specified by:
getBinariesin classAbstractTokenProxy- Returns:
- a byte array
-
getReadableCertificateName
-
hashCode
public int hashCode()- Overrides:
hashCodein classAbstractTokenProxy
-
equals
- Overrides:
equalsin classAbstractTokenProxy
-