Package se.swedenconnect.sigval.cert.utils

Class CertUtils

java.lang.Object
se.swedenconnect.sigval.cert.utils.CertUtils
public class CertUtils extends Object
Utility class for X.509 Certificate related functions.
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

  • Method Details

    • getOCSPUrl

      public static String getOCSPUrl(X509Certificate certificate)
      Get OCSP url from certificate
      Parameters:
      certificate - certificate
      Returns:
      OCSP responder URL or null if no such URL is present

    • getExtensionValue

      public static org.bouncycastle.asn1.ASN1Primitive getExtensionValue(X509Certificate certificate, String oid) throws IOException
      Parameters:
      certificate - the certificate from which we need the ExtensionValue
      oid - the Object Identifier value for the extension.
      Returns:
      the extension value as an ASN1Primitive object
      Throws:
      IOException - on error

    • getCertificateList

      public static List<X509Certificate> getCertificateList(org.bouncycastle.cert.X509CertificateHolder[] certificateHolders) throws CertificateException
      Throws:
      CertificateException

    • getCrlDistPoint

      public static org.bouncycastle.asn1.x509.CRLDistPoint getCrlDistPoint(X509Certificate certificate) throws IOException
      Get CRL Distribution point extension from certificate
      Parameters:
      certificate - certificate
      Returns:
      CRLDistPoint extension or null if no such extension is present
      Throws:
      IOException - on error obtaining extension data

    • getSIAExtension

      public static SubjectInformationAccess getSIAExtension(X509Certificate certificate)
      Get Subject information access extension from certificate
      Parameters:
      certificate - certificate
      Returns:
      SubjectInformationAccess

    • isOCSPNocheckExt

      public static boolean isOCSPNocheckExt(X509Certificate certificate)
      Test if certificate has OCSP no-check extension
      Parameters:
      certificate - certificate
      Returns:
      true if OCSP no-check extension is present

    • isCurrentlyValid

      public static boolean isCurrentlyValid(X509Certificate certificate)
      Verifies that a certificate currently is within its validity period
      Parameters:
      certificate - certificate to check
      Returns:
      true if the certificate is within its validity period

    • isCurrentlyValid

      public static boolean isCurrentlyValid(X509Certificate certificate, Date validationTime)
      Verifies that a certificate at a specified time was within its validity period
      Parameters:
      certificate - certificate to check
      validationTime - the time when the certificate should be valid
      Returns:
      true if the certificate was within its validity period at the specified time

    • getCert

      public static X509Certificate getCert(InputStream inStream) throws CertificateException, IOException
      Get a certificate from input stream
      Parameters:
      inStream - input stream
      Returns:
      certificate
      Throws:
      CertificateException - error parsing certificate data
      IOException - IO errors

    • getResultPath

      public static List<X509Certificate> getResultPath(PKIXCertPathBuilderResult result)
      This method returns the resulting path as a list of certificates starting from the target certificate, ending in the trust anchor certificate
      Parameters:
      result - validated certificate path
      Returns:
      validated certificate path starting with the target certificate and ending with the self signed TA root certificate