Package eu.europa.esig.dss.diagnostic

Class CertificateWrapper

java.lang.Object
eu.europa.esig.dss.diagnostic.AbstractTokenProxy
eu.europa.esig.dss.diagnostic.CertificateWrapper
All Implemented Interfaces:
TokenProxy
Direct Known Subclasses:
RelatedCertificateWrapper
public class CertificateWrapper extends AbstractTokenProxy
Provides a user-friendly interface of dealing with JAXB XmlCertificate

  • Constructor Details

    • CertificateWrapper

      public CertificateWrapper(XmlCertificate certificate)
      Default constructor
      Parameters:
      certificate - XmlCertificate to be wrapped

  • Method Details

    • getId

      public String getId()
      Description copied from interface: TokenProxy
      Returns the unique identifier of the object
      Returns:
      String id

    • getCurrentBasicSignature

      protected XmlBasicSignature getCurrentBasicSignature()
      Description copied from class: AbstractTokenProxy
      Returns a basic signature validation
      Specified by:
      getCurrentBasicSignature in class AbstractTokenProxy
      Returns:
      XmlBasicSignature

    • getCurrentCertificateChain

      protected List<XmlChainItem> getCurrentCertificateChain()
      Description copied from class: AbstractTokenProxy
      Returns the token's certificate chain
      Specified by:
      getCurrentCertificateChain in class AbstractTokenProxy
      Returns:
      a list of XmlChainItems

    • getCurrentSigningCertificate

      protected XmlSigningCertificate getCurrentSigningCertificate()
      Description copied from class: AbstractTokenProxy
      Returns the signing certificate of the token
      Specified by:
      getCurrentSigningCertificate in class AbstractTokenProxy
      Returns:
      XmlSigningCertificate

    • isTrusted

      public boolean isTrusted()
      Returns if the certificate is trusted
      Returns:
      TRUE if the certificate is trusted, FALSE otherwise

    • getTrustStartDate

      public Date getTrustStartDate()
      Returns a certificate's trust start date, when available. If null is returned and the certificate is trusted, the certificate is considered indefinitely trusted.
      Returns:
      Date trust start date

    • getTrustSunsetDate

      public Date getTrustSunsetDate()
      Returns a certificate's trust end date, when available. If null is returned and the certificate is trusted, the certificate is considered indefinitely trusted.
      Returns:
      Date trust end date

    • isSelfSigned

      public boolean isSelfSigned()
      Returns if the certificate is self-signed
      Returns:
      TRUE if the certificate is self-signed, FALSE otherwise

    • getCertificateExtensions

      public List<XmlCertificateExtension> getCertificateExtensions()
      Returns a list of all certificate extensions
      Returns:
      a list of XmlCertificateExtension

    • getCertificateExtensionForOid

      public <T extends XmlCertificateExtension> T getCertificateExtensionForOid(String oid, Class<T> targetClass)
      Returns a certificate extension with the given oid when present
      Type Parameters:
      T - instance of XmlCertificateExtension corresponding to the targetClass parameter type
      Parameters:
      oid - String OID of the certificate extension
      targetClass - Class to return implementation of
      Returns:
      XmlCertificateExtension when present, NULL otherwise

    • getCertificateExtensionsOids

      public List<String> getCertificateExtensionsOids()
      Returns a list of all certificate extensions OIDs
      Returns:
      a list of String OIDs

    • getSubjectAlternativeNames

      public List<XmlGeneralName> getSubjectAlternativeNames()
      Returns subject alternative names
      Returns:
      a list of Strings

    • isCA

      public boolean isCA()
      Returns whether the certificate defines BasicConstraints.cA extension set to TRUE
      Returns:
      TRUE if the BasicConstraints.cA extension is defined and set to true, FALSE otherwise

    • getPathLenConstraint

      public int getPathLenConstraint()
      Returns value of BasicConstraints.PathLenConstraint if present and BasicConstraints.cA is set to true
      Returns:
      integer value of BasicConstraints.PathLenConstraint if applicable, -1 otherwise

    • getRequireExplicitPolicy

      public int getRequireExplicitPolicy()
      Returns value of the requireExplicitPolicy field of policyConstraints certificate extension
      Returns:
      requireExplicitPolicy value if present, -1 otherwise

    • getInhibitPolicyMapping

      public int getInhibitPolicyMapping()
      Returns value of the inhibitPolicyMapping field of policyConstraints certificate extension
      Returns:
      inhibitPolicyMapping value if present, -1 otherwise

    • getInhibitAnyPolicy

      public int getInhibitAnyPolicy()
      Returns value of the inhibitAnyPolicy certificate extension's value
      Returns:
      inhibitAnyPolicy certificate extension's value if present, -1 otherwise

    • getPermittedSubtrees

      public List<XmlGeneralSubtree> getPermittedSubtrees()
      Returns value of the permittedSubtrees field of nameConstraints certificate extension, when present
      Returns:
      list of XmlGeneralSubtree if field is present, empty list otherwise

    • getExcludedSubtrees

      public List<XmlGeneralSubtree> getExcludedSubtrees()
      Returns value of the excludedSubtrees field of nameConstraints certificate extension, when present
      Returns:
      list of XmlGeneralSubtree if field is present, empty list otherwise

    • getKeyUsages

      public List<KeyUsageBit> getKeyUsages()
      Returns the defined key-usages for the certificate
      Returns:
      a list of KeyUsageBits

    • isRevocationDataAvailable

      public boolean isRevocationDataAvailable()
      Returns if the revocation data is available for the certificate
      Returns:
      TRUE if the revocation data is available, FALSE otherwise

    • getSources

      public List<CertificateSourceType> getSources()
      Returns a list of sources the certificate has been obtained from (e.g. TRUSTED_LIST, SIGNATURE, AIA, etc.)
      Returns:
      a list of CertificateSourceTypes

    • getCertificateRevocationData

      public List<CertificateRevocationWrapper> getCertificateRevocationData()
      Returns a list of revocation data relevant to the certificate
      Returns:
      a list of CertificateRevocationWrappers

    • getRevocationDataById

      public CertificateRevocationWrapper getRevocationDataById(String revocationId)
      Returns revocation data by its id
      Parameters:
      revocationId - String representing id of a revocation data to extract
      Returns:
      CertificateRevocationWrapper

    • isIdPkixOcspNoCheck

      public boolean isIdPkixOcspNoCheck()
      Returns if the certificate has id-pkix-ocsp-no-check attribute
      Returns:
      TRUE if the certificate has id-pkix-ocsp-no-check attribute, FALSE otherwise

    • isIdKpOCSPSigning

      public boolean isIdKpOCSPSigning()
      Checks if the certificate has an extended-key-usage "ocspSigning" (1.3.6.1.5.5.7.3.9)
      Returns:
      TRUE if the certificate has extended-key-usage "ocspSigning", FALSE otherwise

    • isValAssuredShortTermCertificate

      public boolean isValAssuredShortTermCertificate()
      Returns if the certificate contains id-etsi-ext-valassured-ST-certs extension, as defined in ETSI EN 319 412-1 "5.2 Certificate Extensions regarding Validity Assured Certificate"
      Returns:
      TRUE if the certificate is a validity assured short-term certificate, FALSE otherwise

    • isNoRevAvail

      public boolean isNoRevAvail()
      Returns if the certificate contains noRevAvail extension, as defined in RFC 9608 "No Revocation Available for X.509 Public Key Certificates"
      Returns:
      TRUE if the certificate contains no revocation available certificate extension, FALSE otherwise

    • getExtendedKeyUsages

      public List<XmlOID> getExtendedKeyUsages()
      Returns a list of extended-key-usages
      Returns:
      a list of XmlOIDs

    • getNotBefore

      public Date getNotBefore()
      Returns the certificate's notBefore date (the date the certificate cannot be used before)
      Returns:
      Date notBefore

    • getNotAfter

      public Date getNotAfter()
      Returns the certificate's notAfter date (the date the certificate cannot be used after)
      Returns:
      Date notAfter

    • getEntityKey

      public String getEntityKey()
      Returns a string identifier of the certificate's entity key
      Returns:
      String entity key's identifier

    • getIssuerEntityKey

      public String getIssuerEntityKey()
      Returns a string identifier of the certificate's issuer entity key
      Returns:
      String issuer entity key's identifier

    • isMatchingIssuerKey

      public boolean isMatchingIssuerKey()
      Checks whether the issuer's public key matches to the key used to sign this token
      Returns:
      TRUE if the issue's public key matches the key used to sign the current token

    • isMatchingIssuerSubjectName

      public boolean isMatchingIssuerSubjectName()
      Checks whether the issuer's subject name matches to the key used to sign this token
      Returns:
      TRUE if the issue's subject name matches the key used to sign the current token

    • getCertificateTSPServiceExpiredCertsRevocationInfo

      public Date getCertificateTSPServiceExpiredCertsRevocationInfo()
      Returns expiredCertsRevocationInfo extension from TL Trusted Serviced
      Returns:
      Date expiredCertsRevocationInfo extension

    • getSerialNumber

      public String getSerialNumber()
      Returns the serial number of the certificate
      Returns:
      String

    • getSubjectSerialNumber

      public String getSubjectSerialNumber()
      Returns the subject serial number of the certificate
      Returns:
      String

    • getTitle

      public String getTitle()
      Returns the title
      Returns:
      String

    • getCommonName

      public String getCommonName()
      Returns the common name
      Returns:
      String

    • getCountryName

      public String getCountryName()
      Returns the country code
      Returns:
      String

    • getGivenName

      public String getGivenName()
      Returns the given name
      Returns:
      String

    • getOrganizationIdentifier

      public String getOrganizationIdentifier()
      Returns the organization identifier
      Returns:
      String

    • getOrganizationName

      public String getOrganizationName()
      Returns the organization name
      Returns:
      String

    • getOrganizationalUnit

      public String getOrganizationalUnit()
      Returns the organization unit
      Returns:
      String

    • getEmail

      public String getEmail()
      Returns the email
      Returns:
      String

    • getLocality

      public String getLocality()
      Returns the locality
      Returns:
      String

    • getState

      public String getState()
      Returns the state
      Returns:
      String

    • getSurname

      public String getSurname()
      Returns the surname
      Returns:
      String

    • getPseudo

      public String getPseudo()
      Returns the pseudo
      Returns:
      String

    • getDigestAlgoAndValue

      public XmlDigestAlgoAndValue getDigestAlgoAndValue()
      Returns the certificate's Digest if present
      Returns:
      XmlDigestAlgoAndValue

    • isTrustedListReached

      public boolean isTrustedListReached()
      Returns if the Trusted List has been reached for the particular certificate
      Returns:
      TRUE if the Trusted List has been reached, FALSE otherwise

    • getTrustServiceProviders

      public List<XmlTrustServiceProvider> getTrustServiceProviders()
      Returns a list of XmlTrustServiceProviders
      Returns:
      a list of XmlTrustServiceProviders

    • getTrustServices

      public List<TrustServiceWrapper> getTrustServices()
      Returns a list of TrustServiceWrappers
      Returns:
      a list of TrustServiceWrappers

    • getCertificateDN

      public String getCertificateDN()
      Returns the certificate's Distinguished Name (by RFC 2253)
      Returns:
      String

    • getCertificateIssuerDN

      public String getCertificateIssuerDN()
      Returns the certificate issuer's Distinguished Name (by RFC 2253)
      Returns:
      String

    • getCRLDistributionPoints

      public List<String> getCRLDistributionPoints()
      Returns the CRL Distribution Points URLs
      Returns:
      a list of Strings

    • getFreshestCRLUrls

      public List<String> getFreshestCRLUrls()
      Returns the Freshest CRL URLs
      Returns:
      a list of Strings

    • getCAIssuersAccessUrls

      public List<String> getCAIssuersAccessUrls()
      Returns the Authority Information Access URLs
      Returns:
      a list of Strings

    • getOCSPAccessUrls

      public List<String> getOCSPAccessUrls()
      Returns the OCSP Access URLs
      Returns:
      a list of Strings

    • getSubjectKeyIdentifier

      public byte[] getSubjectKeyIdentifier()
      Returns the Subject Key Identifier certificate extension's value, when present
      Returns:
      byte array representing the Subject Key Identifier

    • getCpsUrls

      public List<String> getCpsUrls()
      Returns the certificate policies URLs
      Returns:
      a list of Strings

    • getPolicyIds

      public List<String> getPolicyIds()
      Returns the certificate policies Ids
      Returns:
      a list of Strings

    • getCertificatePolicies

      public List<XmlCertificatePolicy> getCertificatePolicies()
      Returns the certificate policies Ids
      Returns:
      a list of Strings

    • getCertificatePoliciesOids

      public List<String> getCertificatePoliciesOids()
      Returns the certificate policies OIDs
      Returns:
      a list of String OIDs

    • isQcCompliance

      public boolean isQcCompliance()
      Returns if the certificate is QC compliant (has id-etsi-qcs-QcCompliance extension)
      Returns:
      TRUE if the certificate is QC compliant, FALSE otherwise

    • isSupportedByQSCD

      public boolean isSupportedByQSCD()
      Returns if the certificate is supported by QSCD (has id-etsi-qcs-QcSSCD extension)
      Returns:
      TRUE if the certificate is supported by QSCD, FALSE otherwise

    • getQcTypes

      public List<QCType> getQcTypes()
      Returns a list of QCTypes (present inside id-etsi-qcs-QcType extension)
      Returns:
      a list of QCTypes

    • getQcLegislationCountryCodes

      public List<String> getQcLegislationCountryCodes()
      Returns a list of QCLegislation Country Codes (present inside id-etsi-qcs-QcCClegislation extension)
      Returns:
      a list of Strings

    • getPSD2Info

      public PSD2InfoWrapper getPSD2Info()
      Returns the PSD2 QCStatement (id-etsi-psd2-qcStatement extension, ETSI TS 119 495)
      Returns:
      PSD2InfoWrapper

    • getQCLimitValue

      public QCLimitValueWrapper getQCLimitValue()
      Returns the QCEuLimitValue
      Returns:
      QCLimitValueWrapper

    • getQCEuRetentionPeriod

      public Integer getQCEuRetentionPeriod()
      Returns QcEuRetentionPeriod
      Returns:
      Integer retention period

    • getQCPDSLocations

      public List<XmlLangAndValue> getQCPDSLocations()
      Returns QcEuPDS Locations
      Returns:
      a list of XmlLangAndValues

    • getSemanticsIdentifier

      public SemanticsIdentifier getSemanticsIdentifier()
      Returns the semantics identifier
      Returns:
      SemanticsIdentifier

    • getOtherQcStatements

      public List<String> getOtherQcStatements()
      Returns a list of QcStatements OIDs not supported by the implementation
      Returns:
      a list of Strings

    • isEnactedMRA

      public boolean isEnactedMRA()
      Returns if the MRA has been enacted
      Returns:
      TRUE if the MRA has been enacted, FALSE otherwise

    • getMRAEnactedTrustServiceLegalIdentifier

      public String getMRAEnactedTrustServiceLegalIdentifier()
      This method returns a name of a Trusted Service used to apply translation for the certificate QcStatements based on the defined Mutual Recognition Agreement scheme
      Returns:
      String

    • getMRACertificateContentEquivalenceList

      public List<XmlCertificateContentEquivalence> getMRACertificateContentEquivalenceList()
      Returns a XmlCertificateContentEquivalence list corresponding to the matching MRA information
      Returns:
      a list of XmlCertificateContentEquivalences

    • isOriginalThirdCountryQcCompliance

      public boolean isOriginalThirdCountryQcCompliance()
      Returns if the certificate has been defined as QC compliant in a third-country Trusted List before MRA mapping
      Returns:
      TRUE if the certificate is QC compliant, FALSE otherwise

    • isOriginalThirdCountrySupportedByQSCD

      public boolean isOriginalThirdCountrySupportedByQSCD()
      Returns if the certificate has been defined as supported by QSCD in a third-country Trusted List before MRA mapping
      Returns:
      TRUE if the certificate is supported by QSCD, FALSE otherwise

    • getOriginalThirdCountryQCTypes

      public List<QCType> getOriginalThirdCountryQCTypes()
      Returns a list of QCTypes defined in a third-country Trusted List before MRA mapping
      Returns:
      a list of QCTypes

    • getOriginalThirdCountryQcLegislationCountryCodes

      public List<String> getOriginalThirdCountryQcLegislationCountryCodes()
      Returns a list of QCLegislation Country Codes defined in a third-country Trusted List before MRA mapping
      Returns:
      a list of Strings

    • getOriginalThirdCountryOtherQcStatements

      public List<String> getOriginalThirdCountryOtherQcStatements()
      Returns a list of QcStatements OIDs not supported by the implementation defined in a third-country Trusted List before MRA mapping
      Returns:
      a list of Strings

    • getBinaries

      public byte[] getBinaries()
      Description copied from class: AbstractTokenProxy
      Returns binaries of the token, when present
      Specified by:
      getBinaries in class AbstractTokenProxy
      Returns:
      a byte array

    • getReadableCertificateName

      public String getReadableCertificateName()
      Returns human-readable certificate name
      Returns:
      String

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class AbstractTokenProxy

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class AbstractTokenProxy