Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.opensaml.xml.security.x509
Class X509Util

java.lang.Object
  extended by org.opensaml.xml.security.x509.X509Util

public class X509Util
extends Object

Utility class for working with X509 objects.

Nested Class Summary
static class X509Util.ENCODING_FORMAT
          Encoding used to store a key or certificate in a file.
 
Field Summary
static String CN_OID
          Common Name (CN) OID.
static Integer DIRECTORY_ALT_NAME
          RFC 2459 Directory Name Subject Alt Name type.
static Integer DNS_ALT_NAME
          RFC 2459 DNS Subject Alt Name type.
static Integer EDI_PARTY_ALT_NAME
          RFC 2459 EDI Party Name Subject Alt Name type.
static Integer IP_ADDRESS_ALT_NAME
          RFC 2459 IP Address Subject Alt Name type.
static Integer OTHER_ALT_NAME
          RFC 2459 Other Subject Alt Name type.
static Integer REGISTERED_ID_ALT_NAME
          RFC 2459 Registered ID Subject Alt Name type.
static Integer RFC822_ALT_NAME
          RFC 2459 RFC 822 (email address) Subject Alt Name type.
static Integer URI_ALT_NAME
          RFC 2459 URI Subject Alt Name type.
static Integer X400ADDRESS_ALT_NAME
          RFC 2459 X.400 Address Subject Alt Name type.
 
Constructor Summary
protected X509Util()
          Constructed.
 
Method Summary
static Collection<X509Certificate> decodeCertificate(byte[] certs)
          Decodes X.509 certificates in DER or PEM format.
static Collection<X509Certificate> decodeCertificate(File certs)
          Decodes X.509 certificates in DER or PEM format.
static Collection<X509CRL> decodeCRLs(byte[] crls)
          Decodes CRLS in DER or PKCS#7 format.
static Collection<X509CRL> decodeCRLs(File crls)
          Decodes CRLS in DER or PKCS#7 format.
static X509Certificate determineEntityCertificate(Collection<X509Certificate> certs, PrivateKey privateKey)
          Determines the certificate, from the collection, associated with the private key.
static List getAltNames(X509Certificate certificate, Integer[] nameTypes)
          Gets the list of alternative names of a given name type.
static List<String> getCommonNames(X500Principal dn)
          Gets the commons names that appear within the given distinguished name.
static String getIdentifiersToken(X509Credential credential, X500DNHandler handler)
          Gets a formatted string representing identifier information from the supplied credential.
static byte[] getSubjectKeyIdentifier(X509Certificate certificate)
          Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if present.
static List getSubjectNames(X509Certificate certificate, Integer[] altNameTypes)
          Gets the common name components of the issuer and all the subject alt names of a given type.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CN_OID

public static final String CN_OID
Common Name (CN) OID.

See Also:
Constant Field Values

OTHER_ALT_NAME

public static final Integer OTHER_ALT_NAME
RFC 2459 Other Subject Alt Name type.

RFC822_ALT_NAME

public static final Integer RFC822_ALT_NAME
RFC 2459 RFC 822 (email address) Subject Alt Name type.

DNS_ALT_NAME

public static final Integer DNS_ALT_NAME
RFC 2459 DNS Subject Alt Name type.

X400ADDRESS_ALT_NAME

public static final Integer X400ADDRESS_ALT_NAME
RFC 2459 X.400 Address Subject Alt Name type.

DIRECTORY_ALT_NAME

public static final Integer DIRECTORY_ALT_NAME
RFC 2459 Directory Name Subject Alt Name type.

EDI_PARTY_ALT_NAME

public static final Integer EDI_PARTY_ALT_NAME
RFC 2459 EDI Party Name Subject Alt Name type.

URI_ALT_NAME

public static final Integer URI_ALT_NAME
RFC 2459 URI Subject Alt Name type.

IP_ADDRESS_ALT_NAME

public static final Integer IP_ADDRESS_ALT_NAME
RFC 2459 IP Address Subject Alt Name type.

REGISTERED_ID_ALT_NAME

public static final Integer REGISTERED_ID_ALT_NAME
RFC 2459 Registered ID Subject Alt Name type.

Constructor Detail

X509Util

protected X509Util()
Constructed.

Method Detail

determineEntityCertificate

public static X509Certificate determineEntityCertificate(Collection<X509Certificate> certs,
                                                         PrivateKey privateKey)
                                                  throws SecurityException
Determines the certificate, from the collection, associated with the private key.

Parameters:
certs - certificates to check
privateKey - entity's private key
Returns:
the certificate associated with entity's private key or null if not certificate in the collection is associated with the given private key
Throws:
SecurityException - thrown if the public or private keys checked are of an unsupported type
Since:
1.2

getCommonNames

public static List<String> getCommonNames(X500Principal dn)
Gets the commons names that appear within the given distinguished name. The returned list provides the names in the order they appeared in the DN.

Parameters:
dn - the DN to extract the common names from
Returns:
the common names that appear in the DN in the order they appear or null if the given DN is null

getAltNames

public static List getAltNames(X509Certificate certificate,
                               Integer[] nameTypes)
Gets the list of alternative names of a given name type.

Parameters:
certificate - the certificate to extract the alternative names from
nameTypes - the name types
Returns:
the alt names, of the given type, within the cert

getSubjectNames

public static List getSubjectNames(X509Certificate certificate,
                                   Integer[] altNameTypes)
Gets the common name components of the issuer and all the subject alt names of a given type.

Parameters:
certificate - certificate to extract names from
altNameTypes - type of alt names to extract
Returns:
list of subject names in the certificate

getSubjectKeyIdentifier

public static byte[] getSubjectKeyIdentifier(X509Certificate certificate)
Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if present.

Parameters:
certificate - an X.509 certificate possibly containing a subject key identifier
Returns:
the plain (non-DER encoded) value of the Subject Key Identifier extension, or null if the certificate does not contain the extension
Throws:
IOException

decodeCertificate

public static Collection<X509Certificate> decodeCertificate(File certs)
                                                     throws CertificateException
Decodes X.509 certificates in DER or PEM format.

Parameters:
certs - encoded certs
Returns:
decoded certs
Throws:
CertificateException - thrown if the certificates can not be decoded
Since:
1.2

decodeCertificate

public static Collection<X509Certificate> decodeCertificate(byte[] certs)
                                                     throws CertificateException
Decodes X.509 certificates in DER or PEM format.

Parameters:
certs - encoded certs
Returns:
decoded certs
Throws:
CertificateException - thrown if the certificates can not be decoded

decodeCRLs

public static Collection<X509CRL> decodeCRLs(File crls)
                                      throws CRLException
Decodes CRLS in DER or PKCS#7 format. If in PKCS#7 format only the CRLs are decode, the rest of the content is ignored.

Parameters:
crls - encoded CRLs
Returns:
decoded CRLs
Throws:
CRLException - thrown if the CRLs can not be decoded
Since:
1.2

decodeCRLs

public static Collection<X509CRL> decodeCRLs(byte[] crls)
                                      throws CRLException
Decodes CRLS in DER or PKCS#7 format. If in PKCS#7 format only the CRLs are decode, the rest of the content is ignored.

Parameters:
crls - encoded CRLs
Returns:
decoded CRLs
Throws:
CRLException - thrown if the CRLs can not be decoded

getIdentifiersToken

public static String getIdentifiersToken(X509Credential credential,
                                         X500DNHandler handler)
Gets a formatted string representing identifier information from the supplied credential.

This could for example be used in logging messages.

Often it will be the case that a given credential that is being evaluated will NOT have a value for the entity ID property. So extract the certificate subject DN, and if present, the credential's entity ID.

Parameters:
credential - the credential for which to produce a token.
handler - the X.500 DN handler to use. If null, a new instance of InternalX500DNHandler will be used.
Returns:
a formatted string containing identifier information present in the credential
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2006-2011 Internet2. All Rights Reserved.