Package com.nimbusds.jose.util

Class X509CertUtils

  • public class X509CertUtils
extends Object
    X.509 certificate utilities.
    Version:
    2022-01-24
    Author:
    Vladimir Dzhuvinov, Simon Kissane

    • Method Detail

      • getProvider

        public static Provider getProvider()
        Returns the JCA provider to use for certification operations.
        Returns:
        The JCA provider to use for certificate operations, null implies the default provider.

      • setProvider

        public static void setProvider​(Provider provider)
        Sets the JCA provider to use for certification operations.
        Parameters:
        provider - The JCA provider to use for certificate operations, null implies the default provider.

      • parse

        public static X509Certificate parse​(byte[] derEncodedCert)
        Parses a DER-encoded X.509 certificate.
        Parameters:
        derEncodedCert - The DER-encoded X.509 certificate, as a byte array. May be null.
        Returns:
        The X.509 certificate, null if not specified or parsing failed.

      • parseWithException

        public static X509Certificate parseWithException​(byte[] derEncodedCert)
                                          throws CertificateException
        Parses a DER-encoded X.509 certificate with exception handling.
        Parameters:
        derEncodedCert - The DER-encoded X.509 certificate, as a byte array. Empty or null if not specified.
        Returns:
        The X.509 certificate, null if not specified.
        Throws:
        CertificateException - If parsing failed.

      • parse

        public static X509Certificate parse​(String pemEncodedCert)
        Parses a PEM-encoded X.509 certificate.
        Parameters:
        pemEncodedCert - The PEM-encoded X.509 certificate, as a string. Empty or null if not specified.
        Returns:
        The X.509 certificate, null if parsing failed.

      • toPEMString

        public static String toPEMString​(X509Certificate cert)
        Returns the specified X.509 certificate as PEM-encoded string.
        Parameters:
        cert - The X.509 certificate. Must not be null.
        Returns:
        The PEM-encoded X.509 certificate, null if encoding failed.

      • toPEMString

        public static String toPEMString​(X509Certificate cert,
                                 boolean withLineBreaks)
        Returns the specified X.509 certificate as PEM-encoded string.
        Parameters:
        cert - The X.509 certificate. Must not be null.
        withLineBreaks - false to suppress line breaks.
        Returns:
        The PEM-encoded X.509 certificate, null if encoding failed.

      • computeSHA256Thumbprint

        public static Base64URL computeSHA256Thumbprint​(X509Certificate cert)
        Computes the X.509 certificate SHA-256 thumbprint (x5t#S256).
        Parameters:
        cert - The X.509 certificate. Must not be null.
        Returns:
        The SHA-256 thumbprint, BASE64URL-encoded, null if a certificate encoding exception is encountered.

      • store

        public static UUID store​(KeyStore keyStore,
                         PrivateKey privateKey,
                         char[] keyPassword,
                         X509Certificate cert)
                  throws KeyStoreException
        Stores a private key with its associated X.509 certificate in a Java key store. The name (alias) for the stored entry is a given a random UUID.
        Parameters:
        keyStore - The key store. Must be initialised and not null.
        privateKey - The private key. Must not be null.
        keyPassword - The password to protect the private key, empty array for none. Must not be null.
        cert - The X.509 certificate, its public key and the private key should form a pair. Must not be null.
        Returns:
        The UUID for the stored entry.
        Throws:
        KeyStoreException