All Known Subinterfaces:: WebCryptoHeader, WebKey, WebKeyReference

All Known Implementing Classes:: Jose, JsonCertificateReference, JsonKeyReference, Jwk

public interface WebCertificateReference

Common super-interface for components that hold a reference to a web certificate and/or chain.

Nested Class Summary

Nested Classes

Modifier and Type

Interface

Description

static interface

WebCertificateReference.Builder<B extends WebCertificateReference.Builder<B>>

Builder interface for creating WebCertificateReference instances.
Method Summary

Modifier and Type

Method

Description

default X509Certificate[]

getCertificateChain()

Gets the certificate chain.

default byte[]

getCertificateSha256Thumbprint()

Gets the certificate SHA-256 thumbprint.

default byte[]

getCertificateThumbprint()

Gets the certificate thumbprint.

default URI

getCertificateUri()

Gets the URI where X.509 certificate associated with this key can be retrieved.

static X509Certificate[]

verify(WebCertificateReference reference)

Defines basic verification rules for objects that define a certificate reference.

Method Details
- verify
  
  static X509Certificate[] verify(WebCertificateReference reference)
  Defines basic verification rules for objects that define a certificate reference.
  
  Hard reference to cert chain is used if provided; URI is ignored
  
  URI is referenced and parsed if provided, and hard reference is not
  
  SHA-1 and SHA-256 are verified against the first cert found either by hard reference or URI
  
  Further verification, i.e., via X509TrustManager, is not handled by this library and should be handled according to the application's trust configuration.
  Parameters:
  
  reference - certificate reference
  
  Returns:
  
  resolved and verified X509Certificate chain, null if not populated
- getCertificateUri
  
  default URI getCertificateUri()
  
  Gets the URI where X.509 certificate associated with this key can be retrieved.
  The protocol used to acquire the resource MUST provide integrity protection; an HTTP GET request to retrieve the certificate MUST use TLS [RFC2818] [RFC5246]; the identity of the server MUST be validated, as per Section 6 of RFC 6125 [RFC6125].
  
  Returns:
  
  URI
- getCertificateChain
  
  default X509Certificate[] getCertificateChain()
  
  Gets the certificate chain.
  
  Returns:
  
  parsed JSON x5c attribute value
- getCertificateThumbprint
  
  default byte[] getCertificateThumbprint()
  
  Gets the certificate thumbprint.
  
  Returns:
  
  JSON x5t attribute value
- getCertificateSha256Thumbprint
  
  default byte[] getCertificateSha256Thumbprint()
  
  Gets the certificate SHA-256 thumbprint.
  
  Returns:
  
  JSON x5t#S256 attribute value

Interface WebCertificateReference

Nested Class Summary

Method Summary

Method Details

verify

getCertificateUri

getCertificateChain

getCertificateThumbprint

getCertificateSha256Thumbprint