Package eu.europa.esig.dss.model.x509

Class CertificateToken

java.lang.Object

eu.europa.esig.dss.model.x509.Token

eu.europa.esig.dss.model.x509.CertificateToken

All Implemented Interfaces:

IdentifierBasedObject, Serializable

public class CertificateToken
extends Token

Whenever the signature validation process encounters an X509Certificate a certificateToken is created.
This class encapsulates some frequently used information: a certificate comes from a certain context (Trusted List, CertStore, Signature), has revocation data... To expedite the processing of such information, they are kept in cache.

See Also:

• Serialized Form

Field Summary

Fields inherited from class eu.europa.esig.dss.model.x509.Token

publicKeyOfTheSigner, signatureAlgorithm, signatureInvalidityReason, signatureValidity

Constructor Summary

Constructors

Constructor	Description
CertificateToken(X509Certificate x509Certificate)	Creates a CertificateToken wrapping the provided X509Certificate.

Method Summary

Modifier and Type	Method	Description
protected TokenIdentifier	buildTokenIdentifier()	Builds a token unique identifier
protected SignatureValidity	checkIsSignedBy(PublicKey publicKey)	Verifies if the current token has been signed by the specified publicKey
boolean	checkKeyUsage(KeyUsageBit keyUsageBit)	This method checks if the certificate contains the given key usage bit.
String	getAbbreviation()	This method returns the DSS abbreviation of the token.
X509Certificate	getCertificate()	Gets the enclosed X509 Certificate.
Date	getCreationDate()	Returns the creation date of this token.
byte[]	getEncoded()	Returns the encoded form of this certificate.
EntityIdentifier	getEntityKey()	Returns the identifier of the current public key.
X500PrincipalHelper	getIssuer()	Returns the issuer as wrapped X500Principal with helpful methods
X500Principal	getIssuerX500Principal()	Returns the X500Principal of the certificate which was used to sign this token.
List<KeyUsageBit>	getKeyUsageBits()	This method returns a list KeyUsageBit representing the key usages of the certificate.
Date	getNotAfter()	Returns the expiration date of the certificate.
Date	getNotBefore()	Returns the issuance date of the certificate.
int	getPathLenConstraint()	This method returns a PathLenConstraint value when BasicConstraint and the attribute itself are present, and cA parameters is set to true.
PublicKey	getPublicKey()	Returns the public key associated with the certificate. To get the encryption algorithm used with this public key call getAlgorithm() method. RFC 2459: 4.1.2.7 Subject Public Key Info This field is used to carry the public key and identify the algorithm with which the key is used.
BigInteger	getSerialNumber()	Gets the serialNumber value from the encapsulated certificate.
byte[]	getSignature()	The signature value of the certificate
String	getSourceURL()	Gets certificate's source URL
X500PrincipalHelper	getSubject()	Returns the subject as wrapped X500Principal with helpful methods
boolean	isCA()	This method checks if the BasicConstraint is present
boolean	isEquivalent(CertificateToken token)	This method returns true if the given token is equivalent.
boolean	isSelfIssued()	This method returns true if the certificate is self-issued.
boolean	isSelfSigned()	Checks if the certificate is self-signed.
boolean	isValidOn(Date date)	Checks if the given date is in the validity period of the certificate.
void	setSourceURL(String sourceURL)	Sets certificate's source URL
String	toString(String indentStr)	Returns a string representation of the token.

Methods inherited from class eu.europa.esig.dss.model.x509.Token

equals, getDigest, getDSSId, getDSSIdAsString, getInvalidityReason, getPublicKeyOfTheSigner, getSignatureAlgorithm, getSignatureValidity, hashCode, isSignatureIntact, isSignedBy, isSignedBy, isValid, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

CertificateToken

public CertificateToken(X509Certificate x509Certificate)

Creates a CertificateToken wrapping the provided X509Certificate.

Parameters:

x509Certificate - the X509Certificate object

Method Details

getAbbreviation

public String getAbbreviation()

Description copied from class: Token

This method returns the DSS abbreviation of the token. It is used for debugging purpose.

Overrides:

getAbbreviation in class Token

Returns:

an abbreviation for the certificate

getEntityKey

public EntityIdentifier getEntityKey()

Returns the identifier of the current public key. Several certificate can have the same public key (cross-certificates)

Returns:

EntityIdentifier

getPublicKey

public PublicKey getPublicKey()

Returns the public key associated with the certificate.
To get the encryption algorithm used with this public key call getAlgorithm() method.
RFC 2459:
4.1.2.7 Subject Public Key Info This field is used to carry the public key and identify the algorithm with which the key is used. The algorithm is identified using the AlgorithmIdentifier structure specified in section 4.1.1.2. The object identifiers for the supported algorithms and the methods for encoding the public key materials (public key and parameters) are specified in section 7.3.

Returns:

the public key of the certificate

getNotAfter

public Date getNotAfter()

Returns the expiration date of the certificate.

Returns:

the expiration date (notAfter)

getNotBefore

public Date getNotBefore()

Returns the issuance date of the certificate.

Returns:

the issuance date (notBefore)

getCreationDate

public Date getCreationDate()

Description copied from class: Token

Returns the creation date of this token. This date is mainly used to retrieve the correct issuer within a collection of renewed certificates (new certificate with the same key pair).

Specified by:

getCreationDate in class Token

Returns:

the creation date of the token (notBefore for a certificate, productionDate for revocation data,...)

getSourceURL

public String getSourceURL()

Gets certificate's source URL

Returns:

String

setSourceURL

public void setSourceURL(String sourceURL)

Sets certificate's source URL

Parameters:

sourceURL - String

isValidOn

public boolean isValidOn(Date date)

Checks if the given date is in the validity period of the certificate.

Parameters:

date - the date to be tested

Returns:

true if the given date is in the certificate period validity

isSelfSigned

public boolean isSelfSigned()

Checks if the certificate is self-signed.

"Self-signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths." [RFC5280]

Overrides:

isSelfSigned in class Token

Returns:

true if the certificate is a self-sign

isSelfIssued

public boolean isSelfIssued()

This method returns true if the certificate is self-issued.

"Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations." [RFC5280]

Returns:

true if the certificate is self-issued

isEquivalent

public boolean isEquivalent(CertificateToken token)

This method returns true if the given token is equivalent.

Parameters:

token - the token to be compared

Returns:

true if the given certificate has the same public key

getCertificate

public X509Certificate getCertificate()

Gets the enclosed X509 Certificate.

Returns:

the X509Certificate object

getEncoded

public byte[] getEncoded()

Returns the encoded form of this certificate. X.509 certificates would be encoded as ASN.1 DER.

Specified by:

getEncoded in class Token

Returns:

the encoded form of this certificate

getSerialNumber

public BigInteger getSerialNumber()

Gets the serialNumber value from the encapsulated certificate. The serial number is an integer assigned by the certification authority to each certificate. It must be unique for each certificate issued by a given CA.

Returns:

the certificate serial number

getSubject

public X500PrincipalHelper getSubject()

Returns the subject as wrapped X500Principal with helpful methods

Returns:

an instance of X500PrincipalHelper with the SubjectX500Principal

getIssuer

public X500PrincipalHelper getIssuer()

Returns the issuer as wrapped X500Principal with helpful methods

Returns:

an instance of X500PrincipalHelper with the IssuerX500Principal

getIssuerX500Principal

public X500Principal getIssuerX500Principal()

Returns the X500Principal of the certificate which was used to sign this token.

Specified by:

getIssuerX500Principal in class Token

Returns:

the issuer's X500Principal

checkIsSignedBy

protected SignatureValidity checkIsSignedBy(PublicKey publicKey)

Description copied from class: Token

Verifies if the current token has been signed by the specified publicKey

Specified by:

checkIsSignedBy in class Token

Parameters:

publicKey - PublicKey of a signing candidate

Returns:

SignatureValidity

checkKeyUsage

public boolean checkKeyUsage(KeyUsageBit keyUsageBit)

This method checks if the certificate contains the given key usage bit.

Parameters:

keyUsageBit - the keyUsageBit to be checked.

Returns:

true if contains

getKeyUsageBits

public List<KeyUsageBit> getKeyUsageBits()

This method returns a list KeyUsageBit representing the key usages of the certificate.

Returns:

List of KeyUsageBits of different certificate's key usages

isCA

public boolean isCA()

This method checks if the BasicConstraint is present

Returns:

true if the certificate is defined as a CA

getPathLenConstraint

public int getPathLenConstraint()

This method returns a PathLenConstraint value when BasicConstraint and the attribute itself are present, and cA parameters is set to true.

Returns:

PathLenConstraint integer value, when present. -1 otherwise

getSignature

public byte[] getSignature()

The signature value of the certificate

Returns:

the signature value

buildTokenIdentifier

protected TokenIdentifier buildTokenIdentifier()

Description copied from class: Token

Builds a token unique identifier

Specified by:

buildTokenIdentifier in class Token

Returns:

TokenIdentifier

toString

public String toString(String indentStr)

Description copied from class: Token

Returns a string representation of the token.

Specified by:

toString in class Token

Parameters:

indentStr - the indentation to use

Returns:

string representation of the token