Package no.digipost.security.cert

Class Trust

java.lang.Object

no.digipost.security.cert.Trust

public final class Trust
extends Object

The Trust contains the root certificates and any intermediate certificates you choose to trust in your application. It can then be used to resolve the certificatation path of a certificate, and determined if it is trusted or not.

Constructor Summary

Constructors

Constructor	Description
Trust(Stream<X509Certificate> trustAnchorCertificates, Stream<X509Certificate> intermediateCertificates)
Trust(Stream<X509Certificate> trustAnchorCertificates, Stream<X509Certificate> intermediateCertificates, Clock clock)

Method Summary

Modifier and Type	Method	Description
KeyStore	asKeyStore()	Get this Trust as a KeyStore, a.k.a.
boolean	equals(Object other)
Set<X509Certificate>	getTrustAnchorCertificates()	A trust anchor is the authoritative entity for which trust is assumed and not derived, i.e.
Set<TrustAnchor>	getTrustAnchors()
KeyStore	getTrustAnchorsKeyStore()	Get only the trust anchor certificates of this Trust as a KeyStore, a.k.a.
Map<X500Principal,Set<X509Certificate>>	getTrustedIntermediateCertificates()
int	hashCode()
static Trust	in(Clock clock, X509Certificate... trustedCertificates)	Construct a Trust from the given trusted certificates.
static Trust	in(Clock clock, Stream<X509Certificate> trustedCertificates)	Construct a Trust from the given trusted certificates.
static Trust	merge(Trust t1, Trust t2)	Merge two Trusts.
ReviewedCertPath	resolveCertPath(X509Certificate certificate)	Resolve the certificate path of an X.509 certificate.
boolean	trusts(CertPath certPath)	Determine if a certificate path is trusted or not

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Trust

public Trust(Stream<X509Certificate> trustAnchorCertificates,
             Stream<X509Certificate> intermediateCertificates)

Trust

public Trust(Stream<X509Certificate> trustAnchorCertificates,
             Stream<X509Certificate> intermediateCertificates,
             Clock clock)

Method Detail

in

public static Trust in(Clock clock,
                       X509Certificate... trustedCertificates)

Construct a Trust from the given trusted certificates.

Parameters:

trustedCertificates - all the certificates, both trust anchors and any intermediate certificates issued from any of the trust anchors

clock - the clock to use for asserting certificate validity

Returns:

the Trust for the given certificates

in

public static Trust in(Clock clock,
                       Stream<X509Certificate> trustedCertificates)

Construct a Trust from the given trusted certificates.

Parameters:

trustedCertificates - all the certificates, both trust anchors and any intermediate certificates issued from any of the trust anchors

clock - the clock to use for asserting certificate validity

Returns:

the Trust for the given certificates

merge

public static Trust merge(Trust t1,
                          Trust t2)

Merge two Trusts. The resulting trust will be the union of the given trusts.

Parameters:

t1 - the first trust

t2 - the second trust

Returns:

the resulting trust from merging t1 and t2

resolveCertPath

public ReviewedCertPath resolveCertPath(X509Certificate certificate)

Resolve the certificate path of an X.509 certificate.

Parameters:

certificate - the certificate to resolve the whole path for.

Returns:

the certificate path, wrapped as a ReviewedCertPath, with methods to determine if it is trusted, and to retrieve the trusted certificate and its issuer.

trusts

public boolean trusts(CertPath certPath)

Determine if a certificate path is trusted or not

Returns:

true if the path is trusted, false otherwise.

getTrustAnchors

public Set<TrustAnchor> getTrustAnchors()

Returns:

the TrustAnchors of this Trust

See Also:

getTrustAnchorCertificates()

getTrustAnchorCertificates

public Set<X509Certificate> getTrustAnchorCertificates()

A trust anchor is the authoritative entity for which trust is assumed and not derived, i.e. the root certificates from which the whole chain of trust is derived.

Returns:

the trust anchor certificates of this Trust

getTrustAnchorsKeyStore

public KeyStore getTrustAnchorsKeyStore()

Get only the trust anchor certificates of this Trust as a KeyStore, a.k.a. a trust store. Consider using asKeyStore() unless you have a very spesific need for only the trust anchors.

Returns:

a KeyStore populated with the trust anchor certificates of this Trust

See Also:

asKeyStore()

asKeyStore

public KeyStore asKeyStore()

Get this Trust as a KeyStore, a.k.a. a trust store.

Returns:

a KeyStore populated with all the certificates (both trust anchors and intermediate certificates) of this Trust

getTrustedIntermediateCertificates

public Map<X500Principal,Set<X509Certificate>> getTrustedIntermediateCertificates()

equals

public boolean equals(Object other)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object