Package com.nimbusds.jose.util
Class X509CertUtils
- java.lang.Object
-
- com.nimbusds.jose.util.X509CertUtils
-
public class X509CertUtils extends Object
X.509 certificate utilities.- Version:
- 2022-01-24
- Author:
- Vladimir Dzhuvinov, Simon Kissane
-
-
Field Summary
Fields Modifier and Type Field Description static String
PEM_BEGIN_MARKER
The PEM start marker.static String
PEM_END_MARKER
The PEM end marker.
-
Constructor Summary
Constructors Constructor Description X509CertUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static Base64URL
computeSHA256Thumbprint(X509Certificate cert)
Computes the X.509 certificate SHA-256 thumbprint (x5t#S256
).static Provider
getProvider()
Returns the JCA provider to use for certification operations.static X509Certificate
parse(byte[] derEncodedCert)
Parses a DER-encoded X.509 certificate.static X509Certificate
parse(String pemEncodedCert)
Parses a PEM-encoded X.509 certificate.static X509Certificate
parseWithException(byte[] derEncodedCert)
Parses a DER-encoded X.509 certificate with exception handling.static X509Certificate
parseWithException(String pemEncodedCert)
Parses a PEM-encoded X.509 certificate with exception handling.static void
setProvider(Provider provider)
Sets the JCA provider to use for certification operations.static UUID
store(KeyStore keyStore, PrivateKey privateKey, char[] keyPassword, X509Certificate cert)
Stores a private key with its associated X.509 certificate in a Java key store.static String
toPEMString(X509Certificate cert)
Returns the specified X.509 certificate as PEM-encoded string.static String
toPEMString(X509Certificate cert, boolean withLineBreaks)
Returns the specified X.509 certificate as PEM-encoded string.
-
-
-
Field Detail
-
PEM_BEGIN_MARKER
public static final String PEM_BEGIN_MARKER
The PEM start marker.- See Also:
- Constant Field Values
-
PEM_END_MARKER
public static final String PEM_END_MARKER
The PEM end marker.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
X509CertUtils
public X509CertUtils()
-
-
Method Detail
-
getProvider
public static Provider getProvider()
Returns the JCA provider to use for certification operations.- Returns:
- The JCA provider to use for certificate operations,
null
implies the default provider.
-
setProvider
public static void setProvider(Provider provider)
Sets the JCA provider to use for certification operations.- Parameters:
provider
- The JCA provider to use for certificate operations,null
implies the default provider.
-
parse
public static X509Certificate parse(byte[] derEncodedCert)
Parses a DER-encoded X.509 certificate.- Parameters:
derEncodedCert
- The DER-encoded X.509 certificate, as a byte array. May benull
.- Returns:
- The X.509 certificate,
null
if not specified or parsing failed.
-
parseWithException
public static X509Certificate parseWithException(byte[] derEncodedCert) throws CertificateException
Parses a DER-encoded X.509 certificate with exception handling.- Parameters:
derEncodedCert
- The DER-encoded X.509 certificate, as a byte array. Empty ornull
if not specified.- Returns:
- The X.509 certificate,
null
if not specified. - Throws:
CertificateException
- If parsing failed.
-
parse
public static X509Certificate parse(String pemEncodedCert)
Parses a PEM-encoded X.509 certificate.- Parameters:
pemEncodedCert
- The PEM-encoded X.509 certificate, as a string. Empty ornull
if not specified.- Returns:
- The X.509 certificate,
null
if parsing failed.
-
parseWithException
public static X509Certificate parseWithException(String pemEncodedCert) throws CertificateException
Parses a PEM-encoded X.509 certificate with exception handling.- Parameters:
pemEncodedCert
- The PEM-encoded X.509 certificate, as a string. Empty ornull
if not specified.- Returns:
- The X.509 certificate,
null
if parsing failed. - Throws:
CertificateException
-
toPEMString
public static String toPEMString(X509Certificate cert)
Returns the specified X.509 certificate as PEM-encoded string.- Parameters:
cert
- The X.509 certificate. Must not benull
.- Returns:
- The PEM-encoded X.509 certificate,
null
if encoding failed.
-
toPEMString
public static String toPEMString(X509Certificate cert, boolean withLineBreaks)
Returns the specified X.509 certificate as PEM-encoded string.- Parameters:
cert
- The X.509 certificate. Must not benull
.withLineBreaks
-false
to suppress line breaks.- Returns:
- The PEM-encoded X.509 certificate,
null
if encoding failed.
-
computeSHA256Thumbprint
public static Base64URL computeSHA256Thumbprint(X509Certificate cert)
Computes the X.509 certificate SHA-256 thumbprint (x5t#S256
).- Parameters:
cert
- The X.509 certificate. Must not benull
.- Returns:
- The SHA-256 thumbprint, BASE64URL-encoded,
null
if a certificate encoding exception is encountered.
-
store
public static UUID store(KeyStore keyStore, PrivateKey privateKey, char[] keyPassword, X509Certificate cert) throws KeyStoreException
Stores a private key with its associated X.509 certificate in a Java key store. The name (alias) for the stored entry is a given a random UUID.- Parameters:
keyStore
- The key store. Must be initialised and notnull
.privateKey
- The private key. Must not benull
.keyPassword
- The password to protect the private key, empty array for none. Must not benull
.cert
- The X.509 certificate, its public key and the private key should form a pair. Must not benull
.- Returns:
- The UUID for the stored entry.
- Throws:
KeyStoreException
-
-