Package dev.sigstore.encryption.certificates

Class Certificates

  • public class Certificates
extends java.lang.Object

    • Constructor Summary

      Constructors 
      Constructor Description
      Certificates()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.security.cert.CertPath append​(java.security.cert.CertPath parent, java.security.cert.CertPath child)
      Appends an CertPath to another CertPath as children.
      static boolean containsParent​(java.security.cert.CertPath certPath, java.security.cert.CertPath parentPath)
      Check if a parent certpath is the suffix of a certpath
      static java.security.cert.Certificate fromDer​(byte[] cert)
      Convert a single der encoded cert to Certificate.
      static java.security.cert.CertPath fromDer​(java.util.List<byte[]> certChain)
      Convert a lit of der encoded certs to CertPath.
      static java.security.cert.Certificate fromPem​(byte[] cert)  
      static java.security.cert.Certificate fromPem​(java.lang.String cert)  
      static java.security.cert.CertPath fromPemChain​(byte[] certs)
      Convert a PEM encoded certificate chain to a CertPath.
      static java.security.cert.CertPath fromPemChain​(java.lang.String certs)
      Convert a PEM encoded certificate chain to a CertPath.
      static java.util.Optional<byte[]> getEmbeddedSCTs​(java.security.cert.Certificate certificate)
      Find and return any SCTs embedded in a certificate.
      static java.security.cert.X509Certificate getLeaf​(java.security.cert.CertPath certPath)  
      static boolean isSelfSigned​(java.security.cert.Certificate certificate)
      Check if a certificate is self-signed.
      static boolean isSelfSigned​(java.security.cert.CertPath certPath)
      Check if the root of a CertPath is self-signed
      static java.security.cert.CertPath toCertPath​(java.security.cert.Certificate certificate)
      Converts a single X509Certificate to a CertPath.
      static byte[] toPemBytes​(java.security.cert.Certificate cert)
      Convert a certificate to a PEM encoded certificate.
      static byte[] toPemBytes​(java.security.cert.CertPath certs)
      Convert a CertPath to a PEM encoded certificate chain.
      static java.lang.String toPemString​(java.security.cert.Certificate cert)
      Convert a certificate to a PEM encoded certificate.
      static java.lang.String toPemString​(java.security.cert.CertPath certs)
      Convert a CertPath to a PEM encoded certificate chain.
      static java.security.cert.CertPath trimParent​(java.security.cert.CertPath certPath, java.security.cert.CertPath parentPath)
      Trims a parent CertPath from a provided CertPath.
      static long validity​(java.security.cert.X509Certificate certificate, java.time.temporal.ChronoUnit unit)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • Certificates

        public Certificates()

    • Method Detail

      • toPemString

        public static java.lang.String toPemString​(java.security.cert.Certificate cert)
                                    throws java.io.IOException
        Convert a certificate to a PEM encoded certificate.
        Throws:
        java.io.IOException

      • toPemBytes

        public static byte[] toPemBytes​(java.security.cert.Certificate cert)
                         throws java.io.IOException
        Convert a certificate to a PEM encoded certificate.
        Throws:
        java.io.IOException

      • fromPem

        public static java.security.cert.Certificate fromPem​(java.lang.String cert)
                                              throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException

      • fromPem

        public static java.security.cert.Certificate fromPem​(byte[] cert)
                                              throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException

      • fromDer

        public static java.security.cert.Certificate fromDer​(byte[] cert)
                                              throws java.security.cert.CertificateException
        Convert a single der encoded cert to Certificate.
        Throws:
        java.security.cert.CertificateException

      • fromDer

        public static java.security.cert.CertPath fromDer​(java.util.List<byte[]> certChain)
                                           throws java.security.cert.CertificateException
        Convert a lit of der encoded certs to CertPath.
        Throws:
        java.security.cert.CertificateException

      • toPemString

        public static java.lang.String toPemString​(java.security.cert.CertPath certs)
                                    throws java.io.IOException
        Convert a CertPath to a PEM encoded certificate chain.
        Throws:
        java.io.IOException

      • toPemBytes

        public static byte[] toPemBytes​(java.security.cert.CertPath certs)
                         throws java.io.IOException
        Convert a CertPath to a PEM encoded certificate chain.
        Throws:
        java.io.IOException

      • fromPemChain

        public static java.security.cert.CertPath fromPemChain​(java.lang.String certs)
                                                throws java.security.cert.CertificateException
        Convert a PEM encoded certificate chain to a CertPath.
        Throws:
        java.security.cert.CertificateException

      • fromPemChain

        public static java.security.cert.CertPath fromPemChain​(byte[] certs)
                                                throws java.security.cert.CertificateException
        Convert a PEM encoded certificate chain to a CertPath.
        Throws:
        java.security.cert.CertificateException

      • toCertPath

        public static java.security.cert.CertPath toCertPath​(java.security.cert.Certificate certificate)
                                              throws java.security.cert.CertificateException
        Converts a single X509Certificate to a CertPath.
        Throws:
        java.security.cert.CertificateException

      • append

        public static java.security.cert.CertPath append​(java.security.cert.CertPath parent,
                                                 java.security.cert.CertPath child)
                                          throws java.security.cert.CertificateException
        Appends an CertPath to another CertPath as children.
        Throws:
        java.security.cert.CertificateException

      • trimParent

        public static java.security.cert.CertPath trimParent​(java.security.cert.CertPath certPath,
                                                     java.security.cert.CertPath parentPath)
                                              throws java.security.cert.CertificateException
        Trims a parent CertPath from a provided CertPath. This is intended to be used to trim trusted root and intermediates from a full CertPath to reveal just the untrusted parts which can be distributed as part of a signature tuple or bundle.
        Parameters:
        certPath - a certificate path to trim from
        parentPath - the parent certPath to trim off the full certPath
        Returns:
        a trimmed path
        Throws:
        java.lang.IllegalArgumentException - if the trimPath is not a parent of the certPath or if they are the same length
        java.security.cert.CertificateException - if an error occurs during CertPath construction

      • containsParent

        public static boolean containsParent​(java.security.cert.CertPath certPath,
                                     java.security.cert.CertPath parentPath)
        Check if a parent certpath is the suffix of a certpath

      • getEmbeddedSCTs

        public static java.util.Optional<byte[]> getEmbeddedSCTs​(java.security.cert.Certificate certificate)
        Find and return any SCTs embedded in a certificate.
        Parameters:
        certificate - the certificate with embedded scts
        Returns:
        a byte array containing any number of embedded scts

      • isSelfSigned

        public static boolean isSelfSigned​(java.security.cert.Certificate certificate)
        Check if a certificate is self-signed.

      • isSelfSigned

        public static boolean isSelfSigned​(java.security.cert.CertPath certPath)
        Check if the root of a CertPath is self-signed

      • getLeaf

        public static java.security.cert.X509Certificate getLeaf​(java.security.cert.CertPath certPath)

      • validity

        public static long validity​(java.security.cert.X509Certificate certificate,
                            java.time.temporal.ChronoUnit unit)