Package eu.emi.security.authn.x509.helpers

Class CertificateHelpers

java.lang.Object
eu.emi.security.authn.x509.helpers.CertificateHelpers
public class CertificateHelpers extends Object
Utility methods for certificates handling and reading/writing PEM files.
Author:
K. Benedyczak

  • Constructor Details

    • CertificateHelpers

      public CertificateHelpers()

  • Method Details

    • getPEMType

      public static CertificateHelpers.PEMContentsType getPEMType(String name)
      Assumes that the input is the contents of the PEM identification line, after '-----BEGIN ' prefix.
      Parameters:
      name - PEM first line to be checked.
      Returns:
      the type

    • readDERCertificates

      public static Collection<? extends Certificate> readDERCertificates(InputStream input) throws IOException
      Throws:
      IOException

    • readDERCertificate

      public static Certificate readDERCertificate(InputStream input) throws IOException
      Throws:
      IOException

    • sortChain

      public static X509Certificate[] sortChain(List<X509Certificate> certificates) throws IOException
      Creates a chain of certificates, where the top-most certificate (the one without issuing certificate) is the last in the returned array.
      Parameters:
      certificates - unsorted certificates of one chain
      Returns:
      sorted certificate chain
      Throws:
      IOException - if the passed chain is inconsistent

    • toCertPath

      public static CertPath toCertPath(X509Certificate[] in) throws CertificateException
      Converts certificates array to CertPath
      Parameters:
      in - array
      Returns:
      converted object
      Throws:
      CertificateException - certificate exception

    • toX500Name

      public static org.bouncycastle.asn1.x500.X500Name toX500Name(X500Principal srcDn)
      Converts X500Principal to X500Name with the JavaAndBCStyle style.
      Parameters:
      srcDn - source object
      Returns:
      converted object

    • getExtensionBytes

      public static byte[] getExtensionBytes(X509Certificate cert, String oid) throws IOException
      Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.
      Parameters:
      cert - The certificate to inspect.
      oid - The extension OID to fetch.
      Returns:
      The value bytes of the extension, returns null in case the extension was not present or was empty.
      Throws:
      IOException - thrown in case the certificate parsing fails.

    • checkKeysMatching

      public static void checkKeysMatching(PrivateKey privKey, PublicKey pubKey) throws InvalidKeyException
      Throws an exception if the private key is not matching the public key. The check is done only for known types of keys - RSA and DSA currently.
      Parameters:
      privKey - first key to match
      pubKey - 2nd key to match
      Throws:
      InvalidKeyException - invalid key exception