|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.opensaml.xml.security.x509.X509Util
public class X509Util
Utility class for working with X509 objects.
Nested Class Summary | |
---|---|
static class |
X509Util.ENCODING_FORMAT
Encoding used to store a key or certificate in a file. |
Field Summary | |
---|---|
static String |
CN_OID
Common Name (CN) OID. |
static Integer |
DIRECTORY_ALT_NAME
RFC 2459 Directory Name Subject Alt Name type. |
static Integer |
DNS_ALT_NAME
RFC 2459 DNS Subject Alt Name type. |
static Integer |
EDI_PARTY_ALT_NAME
RFC 2459 EDI Party Name Subject Alt Name type. |
static Integer |
IP_ADDRESS_ALT_NAME
RFC 2459 IP Address Subject Alt Name type. |
static Integer |
OTHER_ALT_NAME
RFC 2459 Other Subject Alt Name type. |
static Integer |
REGISTERED_ID_ALT_NAME
RFC 2459 Registered ID Subject Alt Name type. |
static Integer |
RFC822_ALT_NAME
RFC 2459 RFC 822 (email address) Subject Alt Name type. |
static Integer |
URI_ALT_NAME
RFC 2459 URI Subject Alt Name type. |
static Integer |
X400ADDRESS_ALT_NAME
RFC 2459 X.400 Address Subject Alt Name type. |
Constructor Summary | |
---|---|
protected |
X509Util()
Constructed. |
Method Summary | |
---|---|
static Collection<X509Certificate> |
decodeCertificate(byte[] certs)
Decodes X.509 certificates in DER or PEM format. |
static Collection<X509Certificate> |
decodeCertificate(File certs)
Decodes X.509 certificates in DER or PEM format. |
static Collection<X509CRL> |
decodeCRLs(byte[] crls)
Decodes CRLS in DER or PKCS#7 format. |
static Collection<X509CRL> |
decodeCRLs(File crls)
Decodes CRLS in DER or PKCS#7 format. |
static X509Certificate |
determineEntityCertificate(Collection<X509Certificate> certs,
PrivateKey privateKey)
Determines the certificate, from the collection, associated with the private key. |
static List |
getAltNames(X509Certificate certificate,
Integer[] nameTypes)
Gets the list of alternative names of a given name type. |
static List<String> |
getCommonNames(X500Principal dn)
Gets the commons names that appear within the given distinguished name. |
static String |
getIdentifiersToken(X509Credential credential,
X500DNHandler handler)
Gets a formatted string representing identifier information from the supplied credential. |
static byte[] |
getSubjectKeyIdentifier(X509Certificate certificate)
Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if present. |
static List |
getSubjectNames(X509Certificate certificate,
Integer[] altNameTypes)
Gets the common name components of the issuer and all the subject alt names of a given type. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String CN_OID
public static final Integer OTHER_ALT_NAME
public static final Integer RFC822_ALT_NAME
public static final Integer DNS_ALT_NAME
public static final Integer X400ADDRESS_ALT_NAME
public static final Integer DIRECTORY_ALT_NAME
public static final Integer EDI_PARTY_ALT_NAME
public static final Integer URI_ALT_NAME
public static final Integer IP_ADDRESS_ALT_NAME
public static final Integer REGISTERED_ID_ALT_NAME
Constructor Detail |
---|
protected X509Util()
Method Detail |
---|
public static X509Certificate determineEntityCertificate(Collection<X509Certificate> certs, PrivateKey privateKey) throws SecurityException
certs
- certificates to checkprivateKey
- entity's private key
SecurityException
- thrown if the public or private keys checked are of an unsupported typepublic static List<String> getCommonNames(X500Principal dn)
dn
- the DN to extract the common names from
public static List getAltNames(X509Certificate certificate, Integer[] nameTypes)
certificate
- the certificate to extract the alternative names fromnameTypes
- the name types
public static List getSubjectNames(X509Certificate certificate, Integer[] altNameTypes)
certificate
- certificate to extract names fromaltNameTypes
- type of alt names to extract
public static byte[] getSubjectKeyIdentifier(X509Certificate certificate)
certificate
- an X.509 certificate possibly containing a subject key identifier
IOException
public static Collection<X509Certificate> decodeCertificate(File certs) throws CertificateException
certs
- encoded certs
CertificateException
- thrown if the certificates can not be decodedpublic static Collection<X509Certificate> decodeCertificate(byte[] certs) throws CertificateException
certs
- encoded certs
CertificateException
- thrown if the certificates can not be decodedpublic static Collection<X509CRL> decodeCRLs(File crls) throws CRLException
crls
- encoded CRLs
CRLException
- thrown if the CRLs can not be decodedpublic static Collection<X509CRL> decodeCRLs(byte[] crls) throws CRLException
crls
- encoded CRLs
CRLException
- thrown if the CRLs can not be decodedpublic static String getIdentifiersToken(X509Credential credential, X500DNHandler handler)
This could for example be used in logging messages.
Often it will be the case that a given credential that is being evaluated will NOT have a value for the entity ID property. So extract the certificate subject DN, and if present, the credential's entity ID.
credential
- the credential for which to produce a token.handler
- the X.500 DN handler to use. If null, a new instance of InternalX500DNHandler
will be
used.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |