Package com.nimbusds.jose.util

Class X509CertUtils

  • public class X509CertUtils
extends java.lang.Object
    X.509 certificate utilities.
    Version:
    2022-01-24
    Author:
    Vladimir Dzhuvinov, Simon Kissane

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String PEM_BEGIN_MARKER
      The PEM start marker.
      static java.lang.String PEM_END_MARKER
      The PEM end marker.

    • Constructor Summary

      Constructors 
      Constructor Description
      X509CertUtils()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static Base64URL computeSHA256Thumbprint​(java.security.cert.X509Certificate cert)
      Computes the X.509 certificate SHA-256 thumbprint (x5t#S256).
      static java.security.Provider getProvider()
      Returns the JCA provider to use for certification operations.
      static java.security.cert.X509Certificate parse​(byte[] derEncodedCert)
      Parses a DER-encoded X.509 certificate.
      static java.security.cert.X509Certificate parse​(java.lang.String pemEncodedCert)
      Parses a PEM-encoded X.509 certificate.
      static java.security.cert.X509Certificate parseWithException​(byte[] derEncodedCert)
      Parses a DER-encoded X.509 certificate with exception handling.
      static java.security.cert.X509Certificate parseWithException​(java.lang.String pemEncodedCert)
      Parses a PEM-encoded X.509 certificate with exception handling.
      static void setProvider​(java.security.Provider provider)
      Sets the JCA provider to use for certification operations.
      static java.util.UUID store​(java.security.KeyStore keyStore, java.security.PrivateKey privateKey, char[] keyPassword, java.security.cert.X509Certificate cert)
      Stores a private key with its associated X.509 certificate in a Java key store.
      static java.lang.String toPEMString​(java.security.cert.X509Certificate cert)
      Returns the specified X.509 certificate as PEM-encoded string.
      static java.lang.String toPEMString​(java.security.cert.X509Certificate cert, boolean withLineBreaks)
      Returns the specified X.509 certificate as PEM-encoded string.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • PEM_BEGIN_MARKER

        public static final java.lang.String PEM_BEGIN_MARKER
        The PEM start marker.
        See Also:
        Constant Field Values

      • PEM_END_MARKER

        public static final java.lang.String PEM_END_MARKER
        The PEM end marker.
        See Also:
        Constant Field Values

    • Constructor Detail

      • X509CertUtils

        public X509CertUtils()

    • Method Detail

      • getProvider

        public static java.security.Provider getProvider()
        Returns the JCA provider to use for certification operations.
        Returns:
        The JCA provider to use for certificate operations, null implies the default provider.

      • setProvider

        public static void setProvider​(java.security.Provider provider)
        Sets the JCA provider to use for certification operations.
        Parameters:
        provider - The JCA provider to use for certificate operations, null implies the default provider.

      • parse

        public static java.security.cert.X509Certificate parse​(byte[] derEncodedCert)
        Parses a DER-encoded X.509 certificate.
        Parameters:
        derEncodedCert - The DER-encoded X.509 certificate, as a byte array. May be null.
        Returns:
        The X.509 certificate, null if not specified or parsing failed.

      • parseWithException

        public static java.security.cert.X509Certificate parseWithException​(byte[] derEncodedCert)
                                                             throws java.security.cert.CertificateException
        Parses a DER-encoded X.509 certificate with exception handling.
        Parameters:
        derEncodedCert - The DER-encoded X.509 certificate, as a byte array. Empty or null if not specified.
        Returns:
        The X.509 certificate, null if not specified.
        Throws:
        java.security.cert.CertificateException - If parsing failed.

      • parse

        public static java.security.cert.X509Certificate parse​(java.lang.String pemEncodedCert)
        Parses a PEM-encoded X.509 certificate.
        Parameters:
        pemEncodedCert - The PEM-encoded X.509 certificate, as a string. Empty or null if not specified.
        Returns:
        The X.509 certificate, null if parsing failed.

      • parseWithException

        public static java.security.cert.X509Certificate parseWithException​(java.lang.String pemEncodedCert)
                                                             throws java.security.cert.CertificateException
        Parses a PEM-encoded X.509 certificate with exception handling.
        Parameters:
        pemEncodedCert - The PEM-encoded X.509 certificate, as a string. Empty or null if not specified.
        Returns:
        The X.509 certificate, null if parsing failed.
        Throws:
        java.security.cert.CertificateException

      • toPEMString

        public static java.lang.String toPEMString​(java.security.cert.X509Certificate cert)
        Returns the specified X.509 certificate as PEM-encoded string.
        Parameters:
        cert - The X.509 certificate. Must not be null.
        Returns:
        The PEM-encoded X.509 certificate, null if encoding failed.

      • toPEMString

        public static java.lang.String toPEMString​(java.security.cert.X509Certificate cert,
                                           boolean withLineBreaks)
        Returns the specified X.509 certificate as PEM-encoded string.
        Parameters:
        cert - The X.509 certificate. Must not be null.
        withLineBreaks - false to suppress line breaks.
        Returns:
        The PEM-encoded X.509 certificate, null if encoding failed.

      • computeSHA256Thumbprint

        public static Base64URL computeSHA256Thumbprint​(java.security.cert.X509Certificate cert)
        Computes the X.509 certificate SHA-256 thumbprint (x5t#S256).
        Parameters:
        cert - The X.509 certificate. Must not be null.
        Returns:
        The SHA-256 thumbprint, BASE64URL-encoded, null if a certificate encoding exception is encountered.

      • store

        public static java.util.UUID store​(java.security.KeyStore keyStore,
                                   java.security.PrivateKey privateKey,
                                   char[] keyPassword,
                                   java.security.cert.X509Certificate cert)
                            throws java.security.KeyStoreException
        Stores a private key with its associated X.509 certificate in a Java key store. The name (alias) for the stored entry is a given a random UUID.
        Parameters:
        keyStore - The key store. Must be initialised and not null.
        privateKey - The private key. Must not be null.
        keyPassword - The password to protect the private key, empty array for none. Must not be null.
        cert - The X.509 certificate, its public key and the private key should form a pair. Must not be null.
        Returns:
        The UUID for the stored entry.
        Throws:
        java.security.KeyStoreException