lv.pasts.eme.cert

Class TrustStore

java.lang.Object

lv.pasts.eme.cert.TrustStore

public final class TrustStore
extends Object

TrustStore class provides access to the trusted certificates specified in truststore JKS resource.

The truststore JKS resource to be used is defined by the 'cert.truststore.jks' EDOC configuration property.

Since:

1.4.0

Method Summary

Modifier and Type	Method and Description
void	addJreCaCerts()
void	addTrustedCertificates(String... territory)
static X509Certificate	findCertCA(X509Certificate cert) Deprecated.
X509Certificate	findCertificateCA(X509Certificate cert)
X509Certificate	findCertificateRootCA(X509Certificate cert)
static X509Certificate	findCertRootCA(X509Certificate cert) Deprecated.
TrustAnchor	findTrustAnchor(List<X509Certificate> certPath)
Set<TrustAnchor>	findTrustAnchors(CertPath certPath)
static Set<TrustAnchor>	findTrustAnchors(X509Certificate cert) Finds TrustAnchors for the given certificate.
static X509Certificate	findTrustedCert(String subject, BigInteger serial) Deprecated.
static X509Certificate	findTrustedCert(String subject, String subjectKeyIdentifier) Deprecated.
X509Certificate	findTrustedCertificate(String subject, BigInteger serial)
X509Certificate	findTrustedCertificate(String subject, String subjectKeyIdentifier)
CertPath	generateCertificatePath(X509Certificate cert, boolean addTrustAnchor)
CertPath	generateCertificatePath(X509Certificate cert, boolean addTrustAnchor, boolean useCache)
static CertPath	generateCertPath(X509Certificate cert) Deprecated.
static CertPath	generateCertPath(X509Certificate cert, boolean addTrustAnchor) Deprecated.
static TrustStore	getInstance()
static TrustStore	getInstance(boolean useTrustedList)
static TrustStore	getInstance(KeyStore keyStore)
static TrustStore	getInstance(KeyStore keyStore, boolean useTrustedList)
KeyStore	getKeyStore()
TrustedCertificate	getTrustedCertificate(X509Certificate cert)
static KeyStore	getTrustStore() Deprecated.
static boolean	isAccreditedRoot(X509Certificate cert) Returns true if the given certificate is accredited ROOT certificate.
static boolean	isCertIssuedByCA(X509Certificate cert, X509Certificate ca) Returns true if the given certificate is issued by the given CA.
static boolean	isRootCert(X509Certificate cert) Returns true if the given certificate is self signed ROOT certificate.
static boolean	isTestingEnvironment(X509Certificate cert)
static boolean	isTrustedCert(X509Certificate cert) Deprecated.
boolean	isTrustedCertificate(X509Certificate cert)
static boolean	isTrustedRootCert(X509Certificate cert) Deprecated.
boolean	isTrustedRootCertificate(X509Certificate cert)
static KeyStore	loadStore(List<X509Certificate> list) Utility method to load KeyStore from the given certificate list.
static KeyStore	loadStore(String resource, String type, char[] password) Utility method to load KeyStore from the given resource.
boolean	useTrustedList()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

addJreCaCerts

public void addJreCaCerts()
                   throws KeyStoreException

Throws:

KeyStoreException

addTrustedCertificates

public void addTrustedCertificates(String... territory)

getInstance

public static TrustStore getInstance()
                              throws KeyStoreException

Throws:

KeyStoreException

getInstance

public static TrustStore getInstance(boolean useTrustedList)
                              throws KeyStoreException

Throws:

KeyStoreException

getInstance

public static TrustStore getInstance(KeyStore keyStore)
                              throws KeyStoreException

Throws:

KeyStoreException

getInstance

public static TrustStore getInstance(KeyStore keyStore,
                                     boolean useTrustedList)
                              throws KeyStoreException

Throws:

KeyStoreException

useTrustedList

public boolean useTrustedList()

getKeyStore

public KeyStore getKeyStore()
                     throws KeyStoreException

Throws:

KeyStoreException

findTrustedCert

@Deprecated
public static X509Certificate findTrustedCert(String subject,
                                                           BigInteger serial)
                                                    throws KeyStoreException

Deprecated.

Finds trusted certificate with the given subject name and serial number.

The subject name must be specified using the grammar defined in RFC 1779 or RFC 2253 (either format is acceptable), e.g. "CN=VAS Latvijas Pasts SI(CA1), OU=Sertifikacijas pakalpojumi, O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790, C=LV".

Parameters:

subject - an X.500 distinguished name in RFC 1779 or RFC 2253 format.

serial - certificate serial number.

Returns:

trusted certificate with the given subject name and serial number.

Throws:

KeyStoreException - if trusted certificate cannot be found.

findTrustedCert

@Deprecated
public static X509Certificate findTrustedCert(String subject,
                                                           String subjectKeyIdentifier)
                                                    throws KeyStoreException

Deprecated.

Finds trusted certificate with the given subject name and subject key identifier.

The subject name must be specified using the grammar defined in RFC 1779 or RFC 2253 (either format is acceptable), e.g. "CN=VAS Latvijas Pasts SI(CA1), OU=Sertifikacijas pakalpojumi, O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790, C=LV".

The subject key identifier must be specified as hexadecimal string of the DER encoded value (excluding tag and length) of the subject public key field in the certificate, e.g. "2c3e036e9239e283072795b10feffe633a6a9017".

Parameters:

subject - an X.500 distinguished name in RFC 1779 or RFC 2253 format.

subjectKeyIdentifier - hexadecimal string of the subject public key field.

Returns:

trusted certificate with the given subject name and subject key identifier.

Throws:

KeyStoreException - if trusted certificate cannot be found.

findTrustedCertificate

public X509Certificate findTrustedCertificate(String subject,
                                              String subjectKeyIdentifier)
                                       throws KeyStoreException

Throws:

KeyStoreException

findCertCA

@Deprecated
public static X509Certificate findCertCA(X509Certificate cert)
                                               throws KeyStoreException

Deprecated.

Finds CA certificate for the given certificate.

Parameters:

cert - the certificate.

Returns:

CA certificate for the given certificate.

Throws:

KeyStoreException - if CA certificate cannot be found.

findCertificateCA

public X509Certificate findCertificateCA(X509Certificate cert)
                                  throws KeyStoreException

Throws:

KeyStoreException

findCertRootCA

@Deprecated
public static X509Certificate findCertRootCA(X509Certificate cert)
                                                   throws KeyStoreException

Deprecated.

Finds ROOT CA certificate for the given certificate.

Parameters:

cert - the certificate.

Returns:

ROOT CA certificate for the given certificate

Throws:

KeyStoreException - if ROOT CA certificate cannot be found.

findCertificateRootCA

public X509Certificate findCertificateRootCA(X509Certificate cert)
                                      throws KeyStoreException

Throws:

KeyStoreException

generateCertPath

@Deprecated
public static CertPath generateCertPath(X509Certificate cert)
                                              throws KeyStoreException,
                                                     CertificateException

Deprecated.

Generates certification path for the given certificate.

Parameters:

cert - the certificate.

Returns:

path for the given certificate.

Throws:

KeyStoreException - if CA certificates cannot be found.

CertificateException - if certification path cannot be generated.

generateCertPath

@Deprecated
public static CertPath generateCertPath(X509Certificate cert,
                                                     boolean addTrustAnchor)
                                              throws KeyStoreException,
                                                     CertificateException

Deprecated.

Generates certification path for the given certificate.

Parameters:

cert - the certificate.

addTrustAnchor - to also add the trust anchor certificate to chain.

Returns:

path for the given certificate.

Throws:

KeyStoreException - if CA certificates cannot be found.

CertificateException - if certification path cannot be generated.

generateCertificatePath

public CertPath generateCertificatePath(X509Certificate cert,
                                        boolean addTrustAnchor)
                                 throws KeyStoreException,
                                        CertificateException

Throws:

KeyStoreException

CertificateException

generateCertificatePath

public CertPath generateCertificatePath(X509Certificate cert,
                                        boolean addTrustAnchor,
                                        boolean useCache)
                                 throws KeyStoreException,
                                        CertificateException

Throws:

KeyStoreException

CertificateException

findTrustAnchors

public static Set<TrustAnchor> findTrustAnchors(X509Certificate cert)
                                         throws KeyStoreException

Finds TrustAnchors for the given certificate.

Parameters:

cert - the certificate.

Returns:

TrustAnchors for the given certificate.

Throws:

KeyStoreException - if TrustAnchors cannot be found.

findTrustAnchors

public Set<TrustAnchor> findTrustAnchors(CertPath certPath)
                                  throws KeyStoreException

Throws:

KeyStoreException

findTrustAnchor

public TrustAnchor findTrustAnchor(List<X509Certificate> certPath)
                            throws KeyStoreException

Throws:

KeyStoreException

isCertIssuedByCA

public static boolean isCertIssuedByCA(X509Certificate cert,
                                       X509Certificate ca)

Returns true if the given certificate is issued by the given CA.

Parameters:

cert - the certificate.

ca - the CA certificate.

Returns:

true if the given certificate is issued by the given CA.

isRootCert

public static boolean isRootCert(X509Certificate cert)

Returns true if the given certificate is self signed ROOT certificate.

Parameters:

cert - the certificate.

Returns:

true if the given certificate is self signed ROOT certificate.

isTrustedCert

@Deprecated
public static boolean isTrustedCert(X509Certificate cert)
                                          throws KeyStoreException

Deprecated.

Returns true if the given certificate is trusted.

Parameters:

cert - the certificate.

Returns:

true if the given certificate is trusted.

Throws:

KeyStoreException - if truststore cannot be loaded.

isTrustedCertificate

public boolean isTrustedCertificate(X509Certificate cert)
                             throws KeyStoreException

Throws:

KeyStoreException

getTrustedCertificate

public TrustedCertificate getTrustedCertificate(X509Certificate cert)

isTrustedRootCert

@Deprecated
public static boolean isTrustedRootCert(X509Certificate cert)
                                              throws KeyStoreException

Deprecated.

Returns true if the given certificate is trusted self signed ROOT certificate.

Parameters:

cert - the certificate.

Returns:

true if the given certificate is trusted self signed ROOT certificate.

Throws:

KeyStoreException - if truststore cannot be loaded.

isTrustedRootCertificate

public boolean isTrustedRootCertificate(X509Certificate cert)
                                 throws KeyStoreException

Throws:

KeyStoreException

isAccreditedRoot

public static boolean isAccreditedRoot(X509Certificate cert)
                                throws KeyStoreException

Returns true if the given certificate is accredited ROOT certificate.

Parameters:

cert - the certificate.

Returns:

true if the given certificate is accredited ROOT certificate.

Throws:

KeyStoreException - if truststore cannot be loaded.

findTrustedCertificate

public X509Certificate findTrustedCertificate(String subject,
                                              BigInteger serial)
                                       throws KeyStoreException

Throws:

KeyStoreException

getTrustStore

@Deprecated
public static KeyStore getTrustStore()
                                           throws KeyStoreException

Deprecated.

Returns the truststore JKS resource.

Returns:

the truststore JKS resource.

Throws:

KeyStoreException - if truststore cannot be loaded.

loadStore

public static KeyStore loadStore(String resource,
                                 String type,
                                 char[] password)
                          throws Exception

Utility method to load KeyStore from the given resource.

Throws:

Exception

isTestingEnvironment

public static boolean isTestingEnvironment(X509Certificate cert)

loadStore

public static KeyStore loadStore(List<X509Certificate> list)
                          throws KeyStoreException

Utility method to load KeyStore from the given certificate list.

Throws:

KeyStoreException