eu.europa.esig.dss.x509

Class CertificateToken

java.lang.Object

eu.europa.esig.dss.x509.Token

eu.europa.esig.dss.x509.CertificateToken

All Implemented Interfaces:

Serializable

public class CertificateToken
extends Token

Whenever the signature validation process encounters an X509Certificate a certificateToken is created.
This class encapsulates some frequently used information: a certificate comes from a certain context (Trusted List, CertStore, Signature), has revocation data... To expedite the processing of such information, they are kept in cache.

See Also:

Serialized Form

Field Summary

Fields inherited from class eu.europa.esig.dss.x509.Token

extraInfo, issuerToken, issuerX500Principal, signatureAlgorithm, signatureInvalidityReason, signatureValid

Constructor Summary

Constructors

Constructor and Description
CertificateToken(X509Certificate x509Certificate) Creates a CertificateToken wrapping the provided X509Certificate.

Method Summary

Methods

Modifier and Type	Method and Description
void	addRevocationToken(RevocationToken revocationToken)
void	addServiceInfo(ServiceInfo serviceInfo) This method adds the associated trusted service information.
void	addSourceType(CertificateSourceType certSourceType) This method adds the source type of the certificate (what is its origin).
boolean	checkKeyUsage(KeyUsageBit keyUsageBit) This method checks if the certificate contains the given key usage bit.
String	getAbbreviation() This method returns the DSS abbreviation of the token.
Set<ServiceInfo>	getAssociatedTSPS() Gets information about the trusted context of the certificate.
X509Certificate	getCertificate() Gets the enclosed X509 Certificate.
DigestAlgorithm	getDigestAlgorithm()
byte[]	getEncoded() Returns the encoded form of this certificate.
EncryptionAlgorithm	getEncryptionAlgorithm()
Set<KeyUsageBit>	getKeyUsageBits() This method returns a list KeyUsageBit representing the key usages of the certificate.
Date	getNotAfter() Returns .
Date	getNotBefore() Returns .
PublicKey	getPublicKey() Returns the public key associated with the certificate. To get the encryption algorithm used with this public key call getAlgorithm() method. RFC 2459: 4.1.2.7 Subject Public Key Info This field is used to carry the public key and identify the algorithm with which the key is used.
Set<RevocationToken>	getRevocationTokens() Returns the certificate revocation revocationToken object.
BigInteger	getSerialNumber() Gets the serialNumber value from the encapsulated certificate.
byte[]	getSignature()
Set<CertificateSourceType>	getSources() Gets information about the context in which this certificate token was created (TRUSTED_LIST, TRUSTED_STORE, ...).
X500Principal	getSubjectX500Principal() Returns the subject (subject distinguished name) value from the certificate as an X500Principal.
CertificateToken	getTrustAnchor() Returns the trust anchor associated with the certificate.
String	getXmlId()
boolean	isExpiredOn(Date date) Checks if the certificate is expired on the given date.
Boolean	isRevoked() This method indicates if the encapsulated certificate is revoked.
boolean	isSelfSigned() Checks if the certificate is self-signed.
boolean	isSignedBy(CertificateToken issuerToken) Checks if the token is signed by the token given in the parameter.
boolean	isTrusted() Checks if the certificate is provided by the trusted source.
boolean	isValidOn(Date date) Checks if the given date is in the validity period of the certificate.
void	setXmlId(String xmlId) Sets the Id associated with the certificate in case of an XML signature.
String	toString(String indentStr) returns a string representation of the token.

Methods inherited from class eu.europa.esig.dss.x509.Token

equals, extraInfo, getDigest, getDSSId, getDSSIdAsString, getIssuerToken, getIssuerX500Principal, getSignatureAlgorithm, getValidationInfo, hashCode, isSignatureValid, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

CertificateToken

public CertificateToken(X509Certificate x509Certificate)

Creates a CertificateToken wrapping the provided X509Certificate.

Parameters:

x509Certificate - X509Certificate

Method Detail

addSourceType

public void addSourceType(CertificateSourceType certSourceType)

This method adds the source type of the certificate (what is its origin). Each source is present only once.

Parameters:

certSourceType -

addServiceInfo

public void addServiceInfo(ServiceInfo serviceInfo)

This method adds the associated trusted service information.

Parameters:

serviceInfo -

getAbbreviation

public String getAbbreviation()

Description copied from class: Token

This method returns the DSS abbreviation of the token. It is used for debugging purpose.

Overrides:

getAbbreviation in class Token

Returns:

addRevocationToken

public void addRevocationToken(RevocationToken revocationToken)

Parameters:

revocationToken - This is the reference to the CertificateStatus. The object type is used because of the organisation of module.

getRevocationTokens

public Set<RevocationToken> getRevocationTokens()

Returns the certificate revocation revocationToken object.

getPublicKey

public PublicKey getPublicKey()

Returns the public key associated with the certificate.
To get the encryption algorithm used with this public key call getAlgorithm() method.
RFC 2459:
4.1.2.7 Subject Public Key Info This field is used to carry the public key and identify the algorithm with which the key is used. The algorithm is identified using the AlgorithmIdentifier structure specified in section 4.1.1.2. The object identifiers for the supported algorithms and the methods for encoding the public key materials (public key and parameters) are specified in section 7.3.

Returns:

getNotAfter

public Date getNotAfter()

Returns .

Returns:

getNotBefore

public Date getNotBefore()

Returns .

Returns:

isExpiredOn

public boolean isExpiredOn(Date date)

Checks if the certificate is expired on the given date.

Parameters:

date -

Returns:

isValidOn

public boolean isValidOn(Date date)

Checks if the given date is in the validity period of the certificate.

Parameters:

date -

Returns:

isRevoked

public Boolean isRevoked()

This method indicates if the encapsulated certificate is revoked.

Returns:

null if the revocation data cannot be checked, or true or false

isTrusted

public boolean isTrusted()

Checks if the certificate is provided by the trusted source.

Overrides:

isTrusted in class Token

Returns:

isSelfSigned

public boolean isSelfSigned()

Checks if the certificate is self-signed.

Overrides:

isSelfSigned in class Token

Returns:

getCertificate

public X509Certificate getCertificate()

Gets the enclosed X509 Certificate.

Returns:

getEncoded

public byte[] getEncoded()

Returns the encoded form of this certificate. X.509 certificates would be encoded as ASN.1 DER.

Specified by:

getEncoded in class Token

Returns:

the encoded form of this certificate

getSources

public Set<CertificateSourceType> getSources()

Gets information about the context in which this certificate token was created (TRUSTED_LIST, TRUSTED_STORE, ...). This method does not guarantee that the token is trusted or not.

Returns:

getAssociatedTSPS

public Set<ServiceInfo> getAssociatedTSPS()

Gets information about the trusted context of the certificate. See ServiceInfo for more information.

Returns:

getSerialNumber

public BigInteger getSerialNumber()

Gets the serialNumber value from the encapsulated certificate. The serial number is an integer assigned by the certification authority to each certificate. It must be unique for each certificate issued by a given CA.

Returns:

getSubjectX500Principal

public X500Principal getSubjectX500Principal()

Returns the subject (subject distinguished name) value from the certificate as an X500Principal. If the subject value is empty, then the getName() method of the returned X500Principal object returns an empty string ("").

Returns:

isSignedBy

public boolean isSignedBy(CertificateToken issuerToken)

Description copied from class: Token

Checks if the token is signed by the token given in the parameter. Each check changes the associated with the token signer's certificate. If the issuerToken is already known, and the current check fail the issuerToken stays unchanged. It is up to the calling function to make sure that the signer's certificate was found.

Specified by:

isSignedBy in class Token

Returns:

getDigestAlgorithm

public DigestAlgorithm getDigestAlgorithm()

getEncryptionAlgorithm

public EncryptionAlgorithm getEncryptionAlgorithm()

getTrustAnchor

public CertificateToken getTrustAnchor()

Returns the trust anchor associated with the certificate. If it is the self-signed certificate then this is returned.

Returns:

checkKeyUsage

public boolean checkKeyUsage(KeyUsageBit keyUsageBit)

This method checks if the certificate contains the given key usage bit.

Parameters:

keyUsageBit - the keyUsageBit to be checked.

Returns:

true if contains

toString

public String toString(String indentStr)

Description copied from class: Token

returns a string representation of the token.

Specified by:

toString in class Token

Returns:

getXmlId

public String getXmlId()

Returns:

return the id associated with the certificate in case of an XML signature, or null

setXmlId

public void setXmlId(String xmlId)

Sets the Id associated with the certificate in case of an XML signature.

Parameters:

xmlId - id

getKeyUsageBits

public Set<KeyUsageBit> getKeyUsageBits()

This method returns a list KeyUsageBit representing the key usages of the certificate.

Returns:

List of KeyUsageBits of different certificate's key usages

getSignature

public byte[] getSignature()