Module jpms_dss_spi
Package eu.europa.esig.dss.spi

Class CertificateExtensionsUtils

java.lang.Object
eu.europa.esig.dss.spi.CertificateExtensionsUtils
public class CertificateExtensionsUtils extends Object
This class contains utility methods for extraction certificate extension (whether critical or not)

  • Method Summary

    Modifier and Type
    Method
    Description
    static eu.europa.esig.dss.model.x509.extension.AuthorityInformationAccess
    getAuthorityInformationAccess(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns the authority information access, when present
    static eu.europa.esig.dss.model.x509.extension.AuthorityKeyIdentifier
    getAuthorityKeyIdentifier(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns the subject key identifier, when present
    static eu.europa.esig.dss.model.x509.extension.BasicConstraints
    getBasicConstraints(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns a basic constraints extension, when present
    static List<String>
    getCAIssuersAccessUrls(eu.europa.esig.dss.model.x509.CertificateToken certificate)
    Returns the CA issuers URIs extracted from authorityInfoAccess.caIssuers field
    static eu.europa.esig.dss.model.x509.extension.CertificateExtensions
    getCertificateExtensions(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    This method extracts the certificate extensions from the given certificateToken
    static eu.europa.esig.dss.model.x509.extension.CertificatePolicies
    getCertificatePolicies(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns the certificate policies, when present
    static List<String>
    getCRLAccessUrls(eu.europa.esig.dss.model.x509.CertificateToken certificate)
    Returns the CRL distribution URIs extracted from cRLDistributionPoints field
    static eu.europa.esig.dss.model.x509.extension.CRLDistributionPoints
    getCRLDistributionPoints(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns the CRL distribution points, when present
    static eu.europa.esig.dss.model.x509.extension.ExtendedKeyUsages
    getExtendedKeyUsage(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns the extended key usage, when present
    static eu.europa.esig.dss.model.x509.extension.InhibitAnyPolicy
    getInhibitAnyPolicy(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns an inhibit anyPolicy extension, when present
    static eu.europa.esig.dss.model.x509.extension.KeyUsage
    getKeyUsage(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns the key usage, when present
    static eu.europa.esig.dss.model.x509.extension.NameConstraints
    getNameConstraints(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns a name constraints extension, when present
    static List<String>
    getOCSPAccessUrls(eu.europa.esig.dss.model.x509.CertificateToken certificate)
    Returns the OCSP URIs extracted from authorityInfoAccess.ocsp field
    static eu.europa.esig.dss.model.x509.extension.OCSPNoCheck
    getOcspNoCheck(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns the ocsp-nocheck extension value, when present
    static eu.europa.esig.dss.model.x509.extension.PolicyConstraints
    getPolicyConstraints(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns a policy constraints extension, when present
    static eu.europa.esig.dss.model.x509.extension.QcStatements
    getQcStatements(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns the qc-statements extension value, when present
    static eu.europa.esig.dss.model.x509.extension.SubjectAlternativeNames
    getSubjectAlternativeNames(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns a subject alternative names, when present
    static eu.europa.esig.dss.model.x509.extension.SubjectKeyIdentifier
    getSubjectKeyIdentifier(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns the subject key identifier, when present
    static eu.europa.esig.dss.model.x509.extension.ValidityAssuredShortTerm
    getValAssuredSTCerts(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns the ext-etsi-valassured-ST-certs extension value, when present
    static boolean
    hasOcspNoCheckExtension(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Checks if the certificate contains ocsp-nocheck extension indicating if the revocation data should be checked for an OCSP signing certificate.
    RFC 6960
    static boolean
    hasValAssuredShortTermCertsExtension(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Checks if the certificate contains ext-etsi-valassured-ST-certs extension indicating that the validity of the certificate is assured because the certificate is a "short-term certificate".
    static boolean
    isAuthorityInformationAccess(String oid)
    This method verifies whether oid corresponds to the authority information access extension OID
    static boolean
    isAuthorityKeyIdentifier(String oid)
    This method verifies whether oid corresponds to the authority key identifier extension OID
    static boolean
    isBasicConstraints(String oid)
    This method verifies whether oid corresponds to the basic constraints extension OID
    static boolean
    isCertificatePolicies(String oid)
    This method verifies whether oid corresponds to the certificate policies extension OID
    static boolean
    isCRLDistributionPoints(String oid)
    This method verifies whether oid corresponds to the CRL distribution points extension OID
    static boolean
    isExtendedKeyUsage(String oid)
    This method verifies whether oid corresponds to the extended key usage extension OID
    static boolean
    isInhibitAnyPolicy(String oid)
    This method verifies whether oid corresponds to the policy constraints extension OID
    static boolean
    isKeyUsage(String oid)
    This method verifies whether oid corresponds to the key usage extension OID
    static boolean
    isNameConstraints(String oid)
    This method verifies whether oid corresponds to the name constraints extension OID
    static boolean
    isOcspNoCheck(String oid)
    This method verifies whether oid corresponds to the ocsp-nocheck extension OID
    static boolean
    isPolicyConstraints(String oid)
    This method verifies whether oid corresponds to the policy constraints extension OID
    static boolean
    isQcStatements(String oid)
    This method verifies whether oid corresponds to the qc-statements extension OID
    static boolean
    isSubjectAlternativeNames(String oid)
    This method verifies whether oid corresponds to the subject alternative names extension OID
    static boolean
    isSubjectKeyIdentifier(String oid)
    This method verifies whether oid corresponds to the subject key identifier extension OID
    static boolean
    isValidityAssuredShortTerm(String oid)
    This method verifies whether oid corresponds to the ext-etsi-valassured-ST-certs extension OID

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • getCertificateExtensions

      public static eu.europa.esig.dss.model.x509.extension.CertificateExtensions getCertificateExtensions(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      This method extracts the certificate extensions from the given certificateToken
      Parameters:
      certificateToken - CertificateToken to get certificate extension from
      Returns:
      CertificateExtensions

    • isSubjectAlternativeNames

      public static boolean isSubjectAlternativeNames(String oid)
      This method verifies whether oid corresponds to the subject alternative names extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the subject alternative names extension OID, FALSE otherwise

    • isAuthorityKeyIdentifier

      public static boolean isAuthorityKeyIdentifier(String oid)
      This method verifies whether oid corresponds to the authority key identifier extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the authority key identifier extension OID, FALSE otherwise

    • isSubjectKeyIdentifier

      public static boolean isSubjectKeyIdentifier(String oid)
      This method verifies whether oid corresponds to the subject key identifier extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the subject key identifier extension OID, FALSE otherwise

    • isAuthorityInformationAccess

      public static boolean isAuthorityInformationAccess(String oid)
      This method verifies whether oid corresponds to the authority information access extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the authority information access extension OID, FALSE otherwise

    • isCRLDistributionPoints

      public static boolean isCRLDistributionPoints(String oid)
      This method verifies whether oid corresponds to the CRL distribution points extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the CRL distribution points extension OID, FALSE otherwise

    • isBasicConstraints

      public static boolean isBasicConstraints(String oid)
      This method verifies whether oid corresponds to the basic constraints extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the basic constraints extension OID, FALSE otherwise

    • isNameConstraints

      public static boolean isNameConstraints(String oid)
      This method verifies whether oid corresponds to the name constraints extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the name constraints extension OID, FALSE otherwise

    • isPolicyConstraints

      public static boolean isPolicyConstraints(String oid)
      This method verifies whether oid corresponds to the policy constraints extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the policy constraints extension OID, FALSE otherwise

    • isKeyUsage

      public static boolean isKeyUsage(String oid)
      This method verifies whether oid corresponds to the key usage extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the key usage extension OID, FALSE otherwise

    • isExtendedKeyUsage

      public static boolean isExtendedKeyUsage(String oid)
      This method verifies whether oid corresponds to the extended key usage extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the extended key usage extension OID, FALSE otherwise

    • isInhibitAnyPolicy

      public static boolean isInhibitAnyPolicy(String oid)
      This method verifies whether oid corresponds to the policy constraints extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the policy constraints extension OID, FALSE otherwise

    • isCertificatePolicies

      public static boolean isCertificatePolicies(String oid)
      This method verifies whether oid corresponds to the certificate policies extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the certificate policies extension OID, FALSE otherwise

    • isOcspNoCheck

      public static boolean isOcspNoCheck(String oid)
      This method verifies whether oid corresponds to the ocsp-nocheck extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the ocsp-nocheck extension OID, FALSE otherwise

    • isValidityAssuredShortTerm

      public static boolean isValidityAssuredShortTerm(String oid)
      This method verifies whether oid corresponds to the ext-etsi-valassured-ST-certs extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the ext-etsi-valassured-ST-certs extension OID, FALSE otherwise

    • isQcStatements

      public static boolean isQcStatements(String oid)
      This method verifies whether oid corresponds to the qc-statements extension OID
      Parameters:
      oid - String
      Returns:
      TRUE if OID corresponds to the qc-statements extension OID, FALSE otherwise

    • getSubjectAlternativeNames

      public static eu.europa.esig.dss.model.x509.extension.SubjectAlternativeNames getSubjectAlternativeNames(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns a subject alternative names, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      SubjectAlternativeNames

    • getAuthorityInformationAccess

      public static eu.europa.esig.dss.model.x509.extension.AuthorityInformationAccess getAuthorityInformationAccess(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns the authority information access, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      AuthorityInformationAccess

    • getCAIssuersAccessUrls

      public static List<String> getCAIssuersAccessUrls(eu.europa.esig.dss.model.x509.CertificateToken certificate)
      Returns the CA issuers URIs extracted from authorityInfoAccess.caIssuers field
      Parameters:
      certificate - CertificateToken
      Returns:
      a list of CA issuers URIs, or empty list if the extension is not present.

    • getOCSPAccessUrls

      public static List<String> getOCSPAccessUrls(eu.europa.esig.dss.model.x509.CertificateToken certificate)
      Returns the OCSP URIs extracted from authorityInfoAccess.ocsp field
      Parameters:
      certificate - CertificateToken
      Returns:
      a list of OCSP URIs, or empty list if the extension is not present.

    • getAuthorityKeyIdentifier

      public static eu.europa.esig.dss.model.x509.extension.AuthorityKeyIdentifier getAuthorityKeyIdentifier(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns the subject key identifier, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      SubjectKeyIdentifier

    • getSubjectKeyIdentifier

      public static eu.europa.esig.dss.model.x509.extension.SubjectKeyIdentifier getSubjectKeyIdentifier(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns the subject key identifier, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      SubjectKeyIdentifier

    • getCRLDistributionPoints

      public static eu.europa.esig.dss.model.x509.extension.CRLDistributionPoints getCRLDistributionPoints(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns the CRL distribution points, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      CRLDistributionPoints

    • getCRLAccessUrls

      public static List<String> getCRLAccessUrls(eu.europa.esig.dss.model.x509.CertificateToken certificate)
      Returns the CRL distribution URIs extracted from cRLDistributionPoints field
      Parameters:
      certificate - CertificateToken
      Returns:
      a list of CA issuers URIs, or empty list if the extension is not present.

    • getBasicConstraints

      public static eu.europa.esig.dss.model.x509.extension.BasicConstraints getBasicConstraints(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns a basic constraints extension, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      BasicConstraints

    • getNameConstraints

      public static eu.europa.esig.dss.model.x509.extension.NameConstraints getNameConstraints(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns a name constraints extension, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      NameConstraints

    • getPolicyConstraints

      public static eu.europa.esig.dss.model.x509.extension.PolicyConstraints getPolicyConstraints(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns a policy constraints extension, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      PolicyConstraints

    • getInhibitAnyPolicy

      public static eu.europa.esig.dss.model.x509.extension.InhibitAnyPolicy getInhibitAnyPolicy(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns an inhibit anyPolicy extension, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      PolicyConstraints

    • getKeyUsage

      public static eu.europa.esig.dss.model.x509.extension.KeyUsage getKeyUsage(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns the key usage, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      KeyUsage

    • getExtendedKeyUsage

      public static eu.europa.esig.dss.model.x509.extension.ExtendedKeyUsages getExtendedKeyUsage(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns the extended key usage, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      ExtendedKeyUsages

    • getCertificatePolicies

      public static eu.europa.esig.dss.model.x509.extension.CertificatePolicies getCertificatePolicies(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns the certificate policies, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      CertificatePolicies

    • getOcspNoCheck

      public static eu.europa.esig.dss.model.x509.extension.OCSPNoCheck getOcspNoCheck(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns the ocsp-nocheck extension value, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      OCSPNoCheck

    • hasOcspNoCheckExtension

      public static boolean hasOcspNoCheckExtension(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Checks if the certificate contains ocsp-nocheck extension indicating if the revocation data should be checked for an OCSP signing certificate.
      RFC 6960
      Parameters:
      certificateToken - the certificate to be checked
      Returns:
      true if the certificate has the id_pkix_ocsp_nocheck extension

    • getValAssuredSTCerts

      public static eu.europa.esig.dss.model.x509.extension.ValidityAssuredShortTerm getValAssuredSTCerts(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns the ext-etsi-valassured-ST-certs extension value, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      ValidityAssuredShortTerm

    • hasValAssuredShortTermCertsExtension

      public static boolean hasValAssuredShortTermCertsExtension(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Checks if the certificate contains ext-etsi-valassured-ST-certs extension indicating that the validity of the certificate is assured because the certificate is a "short-term certificate". That is, the time as indicated in the certificate attribute from notBefore through notAfter, inclusive, is shorter than the maximum time to process a revocation request as specified by the certificate practice statement or certificate policy.
      Parameters:
      certificateToken - CertificateToken
      Returns:
      TRUE if the certificate has ext-etsi-valassured-ST-certs extension, FALSE otherwise

    • getQcStatements

      public static eu.europa.esig.dss.model.x509.extension.QcStatements getQcStatements(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns the qc-statements extension value, when present
      Parameters:
      certificateToken - CertificateToken
      Returns:
      QcStatements