com.nimbusds.jose.util

Class X509CertUtils

java.lang.Object

com.nimbusds.jose.util.X509CertUtils

public class X509CertUtils
extends Object

X.509 certificate utilities.

Version:

2020-10-20

Author:

Vladimir Dzhuvinov, Simon Kissane

Field Summary

Fields

Modifier and Type	Field and Description
static String	PEM_BEGIN_MARKER The PEM start marker.
static String	PEM_END_MARKER The PEM end marker.

Constructor Summary

Constructors

Constructor and Description
X509CertUtils()

Method Summary

Modifier and Type	Method and Description
static Base64URL	computeSHA256Thumbprint(X509Certificate cert) Computes the X.509 certificate SHA-256 thumbprint (x5t#S256).
static Provider	getProvider() Returns the JCA provider to use for certification operations.
static X509Certificate	parse(byte[] derEncodedCert) Parses a DER-encoded X.509 certificate.
static X509Certificate	parse(String pemEncodedCert) Parses a PEM-encoded X.509 certificate.
static X509Certificate	parseWithException(byte[] derEncodedCert) Parses a DER-encoded X.509 certificate with exception handling.
static X509Certificate	parseWithException(String pemEncodedCert) Parses a PEM-encoded X.509 certificate with exception handling.
static void	setProvider(Provider provider) Sets the JCA provider to use for certification operations.
static UUID	store(KeyStore keyStore, PrivateKey privateKey, char[] keyPassword, X509Certificate cert) Stores a private key with its associated X.509 certificate in a Java key store.
static String	toPEMString(X509Certificate cert) Returns the specified X.509 certificate as PEM-encoded string.
static String	toPEMString(X509Certificate cert, boolean withLineBreaks) Returns the specified X.509 certificate as PEM-encoded string.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PEM_BEGIN_MARKER

public static final String PEM_BEGIN_MARKER

The PEM start marker.

See Also:

Constant Field Values

PEM_END_MARKER

public static final String PEM_END_MARKER

The PEM end marker.

See Also:

Constant Field Values

Constructor Detail

X509CertUtils

public X509CertUtils()

Method Detail

getProvider

public static Provider getProvider()

Returns the JCA provider to use for certification operations.

Returns:

The JCA provider to use for certificate operations, null implies the default provider.

setProvider

public static void setProvider(Provider provider)

Sets the JCA provider to use for certification operations.

Parameters:

provider - The JCA provider to use for certificate operations, null implies the default provider.

parse

public static X509Certificate parse(byte[] derEncodedCert)

Parses a DER-encoded X.509 certificate.

Parameters:

derEncodedCert - The DER-encoded X.509 certificate, as a byte array. May be null.

Returns:

The X.509 certificate, null if not specified or parsing failed.

parseWithException

public static X509Certificate parseWithException(byte[] derEncodedCert)
                                          throws CertificateException

Parses a DER-encoded X.509 certificate with exception handling.

Parameters:

derEncodedCert - The DER-encoded X.509 certificate, as a byte array. Empty or null if not specified.

Returns:

The X.509 certificate, null if not specified.

Throws:

CertificateException - If parsing failed.

parse

public static X509Certificate parse(String pemEncodedCert)

Parses a PEM-encoded X.509 certificate.

Parameters:

pemEncodedCert - The PEM-encoded X.509 certificate, as a string. Empty or null if not specified.

Returns:

The X.509 certificate, null if parsing failed.

parseWithException

public static X509Certificate parseWithException(String pemEncodedCert)
                                          throws CertificateException

Parses a PEM-encoded X.509 certificate with exception handling.

Parameters:

pemEncodedCert - The PEM-encoded X.509 certificate, as a string. Empty or null if not specified.

Returns:

The X.509 certificate, null if parsing failed.

Throws:

CertificateException

toPEMString

public static String toPEMString(X509Certificate cert)

Returns the specified X.509 certificate as PEM-encoded string.

Parameters:

cert - The X.509 certificate. Must not be null.

Returns:

The PEM-encoded X.509 certificate, null if encoding failed.

toPEMString

public static String toPEMString(X509Certificate cert,
                                 boolean withLineBreaks)

Returns the specified X.509 certificate as PEM-encoded string.

Parameters:

cert - The X.509 certificate. Must not be null.

withLineBreaks - false to suppress line breaks.

Returns:

The PEM-encoded X.509 certificate, null if encoding failed.

computeSHA256Thumbprint

public static Base64URL computeSHA256Thumbprint(X509Certificate cert)

Computes the X.509 certificate SHA-256 thumbprint (x5t#S256).

Parameters:

cert - The X.509 certificate. Must not be null.

Returns:

The SHA-256 thumbprint, BASE64URL-encoded, null if a certificate encoding exception is encountered.

store

public static UUID store(KeyStore keyStore,
                         PrivateKey privateKey,
                         char[] keyPassword,
                         X509Certificate cert)
                  throws KeyStoreException

Stores a private key with its associated X.509 certificate in a Java key store. The name (alias) for the stored entry is a given a random UUID.

Parameters:

keyStore - The key store. Must be initialised and not null.

privateKey - The private key. Must not be null.

keyPassword - The password to protect the private key, empty array for none. Must not be null.

cert - The X.509 certificate, its public key and the private key should form a pair. Must not be null.

Returns:

The UUID for the stored entry.

Throws:

KeyStoreException