Package eu.emi.security.authn.x509.helpers

Class CertificateHelpers

  • public class CertificateHelpers
extends java.lang.Object
    Utility methods for certificates handling and reading/writing PEM files.
    Author:
    K. Benedyczak

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static void checkKeysMatching​(java.security.PrivateKey privKey, java.security.PublicKey pubKey)
      Throws an exception if the private key is not matching the public key.
      static byte[] getExtensionBytes​(java.security.cert.X509Certificate cert, java.lang.String oid)
      Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.
      static CertificateHelpers.PEMContentsType getPEMType​(java.lang.String name)
      Assumes that the input is the contents of the PEM identification line, after '-----BEGIN ' prefix.
      static java.security.cert.Certificate readDERCertificate​(java.io.InputStream input)  
      static java.util.Collection<? extends java.security.cert.Certificate> readDERCertificates​(java.io.InputStream input)  
      static java.security.cert.X509Certificate[] sortChain​(java.util.List<java.security.cert.X509Certificate> certificates)
      Creates a chain of certificates, where the top-most certificate (the one without issuing certificate) is the last in the returned array.
      static java.security.cert.CertPath toCertPath​(java.security.cert.X509Certificate[] in)
      Converts certificates array to CertPath
      static org.bouncycastle.asn1.x500.X500Name toX500Name​(javax.security.auth.x500.X500Principal srcDn)
      Converts X500Principal to X500Name with the JavaAndBCStyle style.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • CertificateHelpers

        public CertificateHelpers()

    • Method Detail

      • getPEMType

        public static CertificateHelpers.PEMContentsType getPEMType​(java.lang.String name)
        Assumes that the input is the contents of the PEM identification line, after '-----BEGIN ' prefix.
        Parameters:
        name - PEM first line to be checked.
        Returns:
        the type

      • readDERCertificates

        public static java.util.Collection<? extends java.security.cert.Certificate> readDERCertificates​(java.io.InputStream input)
                                                                                          throws java.io.IOException
        Throws:
        java.io.IOException

      • readDERCertificate

        public static java.security.cert.Certificate readDERCertificate​(java.io.InputStream input)
                                                         throws java.io.IOException
        Throws:
        java.io.IOException

      • sortChain

        public static java.security.cert.X509Certificate[] sortChain​(java.util.List<java.security.cert.X509Certificate> certificates)
                                                      throws java.io.IOException
        Creates a chain of certificates, where the top-most certificate (the one without issuing certificate) is the last in the returned array.
        Parameters:
        certificates - unsorted certificates of one chain
        Returns:
        sorted certificate chain
        Throws:
        java.io.IOException - if the passed chain is inconsistent

      • toCertPath

        public static java.security.cert.CertPath toCertPath​(java.security.cert.X509Certificate[] in)
                                              throws java.security.cert.CertificateException
        Converts certificates array to CertPath
        Parameters:
        in - array
        Returns:
        converted object
        Throws:
        java.security.cert.CertificateException - certificate exception

      • toX500Name

        public static org.bouncycastle.asn1.x500.X500Name toX500Name​(javax.security.auth.x500.X500Principal srcDn)
        Converts X500Principal to X500Name with the JavaAndBCStyle style.
        Parameters:
        srcDn - source object
        Returns:
        converted object

      • getExtensionBytes

        public static byte[] getExtensionBytes​(java.security.cert.X509Certificate cert,
                                       java.lang.String oid)
                                throws java.io.IOException
        Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.
        Parameters:
        cert - The certificate to inspect.
        oid - The extension OID to fetch.
        Returns:
        The value bytes of the extension, returns null in case the extension was not present or was empty.
        Throws:
        java.io.IOException - thrown in case the certificate parsing fails.

      • checkKeysMatching

        public static void checkKeysMatching​(java.security.PrivateKey privKey,
                                     java.security.PublicKey pubKey)
                              throws java.security.InvalidKeyException
        Throws an exception if the private key is not matching the public key. The check is done only for known types of keys - RSA and DSA currently.
        Parameters:
        privKey - first key to match
        pubKey - 2nd key to match
        Throws:
        java.security.InvalidKeyException - invalid key exception