Class TrustedIdentity

  • Direct Known Subclasses:
    SystemIdentity

    public class TrustedIdentity
    extends java.lang.Object
    Represents a trusted identity, where trust was established by being able to present a valid x.509 certificate chain containing at least one trusted issuer.

    Note that this class, in and of itself, does not guarantee that the certificate chain it holds is known to be correct and trustworthy. That fact is assumed to be established prior to this class being handed any certificates.

    See Also:
    RFC 5280
    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected java.security.cert.X509Certificate[] chain  
      protected int chainOffset  
    • Constructor Summary

      Constructors 
      Modifier Constructor Description
        TrustedIdentity​(java.security.cert.Certificate[] chain)
      Creates new trusted identity from given chain of x.509 certificates.
        TrustedIdentity​(java.security.cert.X509Certificate[] chain)
      Creates new trusted identity from given chain of x.509 certificates.
      protected TrustedIdentity​(java.security.cert.X509Certificate[] chain, int chainOffset)  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.security.cert.X509Certificate certificate()  
      java.security.cert.X509Certificate[] chain()  
      java.lang.String commonName()
      Gets subject common name from the x.509 certificate of the trusted identity.
      boolean equals​(java.lang.Object other)  
      int hashCode()  
      java.util.Optional<TrustedIdentity> issuer()  
      protected int minimumChainLength()  
      java.security.PublicKey publicKey()  
      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • chain

        protected final java.security.cert.X509Certificate[] chain
      • chainOffset

        protected final int chainOffset
    • Constructor Detail

      • TrustedIdentity

        public TrustedIdentity​(java.security.cert.Certificate[] chain)
        Creates new trusted identity from given chain of x.509 certificates.

        The certificate at index 0 must represent the identity in question while all subsequent certificates constitute its chain of issuers. The certificates must be in order in the sense that the certificate at index n must be issued by the certificate at index n + 1.

        The smallest valid chain of certificates contains only a single self-signed certificate. No certificate validation is performed by this constructor, other than ensuring that only x.509 certificates are present, but the provided chain should be complete in the sense that it contains all issuers up to a self-signed certificate.

        Parameters:
        chain - x.509 certificate chain.
        Throws:
        java.lang.NullPointerException - If chain is null.
        java.lang.IllegalArgumentException - If chain.length == 0 or if chain contains any other type of certificate than X509Certificate.
        See Also:
        RFC 5280
      • TrustedIdentity

        public TrustedIdentity​(java.security.cert.X509Certificate[] chain)
        Creates new trusted identity from given chain of x.509 certificates.

        The certificate at index 0 must represent the identity in question while all subsequent certificates constitute its chain of issuers. The certificates must be in order in the sense that the certificate at index n must be issued by the certificate at index n + 1.

        The smallest valid chain of certificates contains only a single self-signed certificate. No certificate validation is performed by this constructor, but the provided chain should be complete in the sense that it contains all issuers up to a self-signed certificate.

        Parameters:
        chain - x.509 certificate chain.
        Throws:
        java.lang.NullPointerException - If chain is null.
        java.lang.IllegalArgumentException - If chain.length == 0.
        See Also:
        RFC 5280
      • TrustedIdentity

        protected TrustedIdentity​(java.security.cert.X509Certificate[] chain,
                                  int chainOffset)
    • Method Detail

      • minimumChainLength

        protected int minimumChainLength()
      • chain

        public java.security.cert.X509Certificate[] chain()
        Returns:
        Clone of x.509 certificate chain associated with this identity.
        See Also:
        RFC 5280
      • issuer

        public java.util.Optional<TrustedIdentity> issuer()
        Returns:
        Representation of certificate issuer, if any such is available.
        See Also:
        RFC 5280
      • certificate

        public java.security.cert.X509Certificate certificate()
        Returns:
        x.509 certificate of this identity.
        See Also:
        RFC 5280
      • commonName

        public java.lang.String commonName()
        Gets subject common name from the x.509 certificate of the trusted identity.

        Scans the distinguished name of the certificate subject and returns the leftmost such found. It can in most cases be expected to be very rare for a certificate to contain any other number than exactly one such name.

        Returns:
        Subject common name.
        Throws:
        java.lang.IllegalStateException - If no common name is specified in the certificate.
        See Also:
        RFC 5280
      • publicKey

        public java.security.PublicKey publicKey()
        Returns:
        Public key of trusted identity.
        See Also:
        RFC 5280
      • equals

        public boolean equals​(java.lang.Object other)
        Overrides:
        equals in class java.lang.Object
      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class java.lang.Object