Package com.nimbusds.jose.util
Class X509CertUtils
java.lang.Object
com.nimbusds.jose.util.X509CertUtils
X.509 certificate utilities.
- Version:
- 2022-01-24
- Author:
- Vladimir Dzhuvinov, Simon Kissane
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic Base64URL
Computes the X.509 certificate SHA-256 thumbprint (x5t#S256
).static Provider
Returns the JCA provider to use for certification operations.static X509Certificate
parse
(byte[] derEncodedCert) Parses a DER-encoded X.509 certificate.static X509Certificate
Parses a PEM-encoded X.509 certificate.static X509Certificate
parseWithException
(byte[] derEncodedCert) Parses a DER-encoded X.509 certificate with exception handling.static X509Certificate
parseWithException
(String pemEncodedCert) Parses a PEM-encoded X.509 certificate with exception handling.static void
setProvider
(Provider provider) Sets the JCA provider to use for certification operations.static UUID
store
(KeyStore keyStore, PrivateKey privateKey, char[] keyPassword, X509Certificate cert) Stores a private key with its associated X.509 certificate in a Java key store.static String
toPEMString
(X509Certificate cert) Returns the specified X.509 certificate as PEM-encoded string.static String
toPEMString
(X509Certificate cert, boolean withLineBreaks) Returns the specified X.509 certificate as PEM-encoded string.
-
Field Details
-
PEM_BEGIN_MARKER
The PEM start marker.- See Also:
-
PEM_END_MARKER
The PEM end marker.- See Also:
-
-
Constructor Details
-
X509CertUtils
public X509CertUtils()
-
-
Method Details
-
getProvider
Returns the JCA provider to use for certification operations.- Returns:
- The JCA provider to use for certificate operations,
null
implies the default provider.
-
setProvider
Sets the JCA provider to use for certification operations.- Parameters:
provider
- The JCA provider to use for certificate operations,null
implies the default.
-
parse
Parses a DER-encoded X.509 certificate.- Parameters:
derEncodedCert
- The DER-encoded X.509 certificate, as a byte array. May benull
.- Returns:
- The X.509 certificate,
null
if not specified or parsing failed.
-
parseWithException
Parses a DER-encoded X.509 certificate with exception handling.- Parameters:
derEncodedCert
- The DER-encoded X.509 certificate, as a byte array. Empty ornull
if not specified.- Returns:
- The X.509 certificate,
null
if not specified. - Throws:
CertificateException
- If parsing failed.
-
parse
Parses a PEM-encoded X.509 certificate.- Parameters:
pemEncodedCert
- The PEM-encoded X.509 certificate, as a string. Empty ornull
if not specified.- Returns:
- The X.509 certificate,
null
if parsing failed.
-
parseWithException
Parses a PEM-encoded X.509 certificate with exception handling.- Parameters:
pemEncodedCert
- The PEM-encoded X.509 certificate, as a string. Empty ornull
if not specified.- Returns:
- The X.509 certificate,
null
if parsing failed. - Throws:
CertificateException
-
toPEMString
Returns the specified X.509 certificate as PEM-encoded string.- Parameters:
cert
- The X.509 certificate. Must not benull
.- Returns:
- The PEM-encoded X.509 certificate,
null
if encoding failed.
-
toPEMString
Returns the specified X.509 certificate as PEM-encoded string.- Parameters:
cert
- The X.509 certificate. Must not benull
.withLineBreaks
-false
to suppress line breaks.- Returns:
- The PEM-encoded X.509 certificate,
null
if encoding failed.
-
computeSHA256Thumbprint
Computes the X.509 certificate SHA-256 thumbprint (x5t#S256
).- Parameters:
cert
- The X.509 certificate. Must not benull
.- Returns:
- The SHA-256 thumbprint, BASE64URL-encoded,
null
if a certificate encoding exception is encountered.
-
store
public static UUID store(KeyStore keyStore, PrivateKey privateKey, char[] keyPassword, X509Certificate cert) throws KeyStoreException Stores a private key with its associated X.509 certificate in a Java key store. The name (alias) for the stored entry is a given a random UUID.- Parameters:
keyStore
- The key store. Must be initialised and notnull
.privateKey
- The private key. Must not benull
.keyPassword
- The password to protect the private key, empty array for none. Must not benull
.cert
- The X.509 certificate, its public key and the private key should form a pair. Must not benull
.- Returns:
- The UUID for the stored entry.
- Throws:
KeyStoreException
-