X509Util (XMLTooling-J 1.4.4 API)

java.lang.Object
- org.opensaml.xml.security.x509.X509Util

```
public class X509Util
extends Object
```
Utility class for working with X509 objects.

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class X509Util.ENCODING_FORMAT
Encoding used to store a key or certificate in a file.

Nested Classes
Modifier and Type	Class and Description
`static class`	`X509Util.ENCODING_FORMAT` Encoding used to store a key or certificate in a file.

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`CN_OID` Common Name (CN) OID.
`static Integer`	`DIRECTORY_ALT_NAME` RFC 2459 Directory Name Subject Alt Name type.
`static Integer`	`DNS_ALT_NAME` RFC 2459 DNS Subject Alt Name type.
`static Integer`	`EDI_PARTY_ALT_NAME` RFC 2459 EDI Party Name Subject Alt Name type.
`static Integer`	`IP_ADDRESS_ALT_NAME` RFC 2459 IP Address Subject Alt Name type.
`static Integer`	`OTHER_ALT_NAME` RFC 2459 Other Subject Alt Name type.
`static Integer`	`REGISTERED_ID_ALT_NAME` RFC 2459 Registered ID Subject Alt Name type.
`static Integer`	`RFC822_ALT_NAME` RFC 2459 RFC 822 (email address) Subject Alt Name type.
`static String`	`SKI_OID` Subject Key Identifier (SKI) OID.
`static Integer`	`URI_ALT_NAME` RFC 2459 URI Subject Alt Name type.
`static Integer`	`X400ADDRESS_ALT_NAME` RFC 2459 X.400 Address Subject Alt Name type.

Constructor Summary

Constructors
Modifier Constructor and Description

protected X509Util()
Constructed.

Constructors
Modifier	Constructor and Description
`protected`	`X509Util()` Constructed.

Method Summary

Methods
Modifier and Type	Method and Description
`private static Object`	`convertAltNameType(Integer nameType, Object nameValue)` Convert types returned by Bouncy Castle X509ExtensionUtil.getSubjectAlternativeNames(X509Certificate) to be consistent with what is documented for: java.security.cert.X509Certificate#getSubjectAlternativeNames.
`static Collection<X509Certificate>`	`decodeCertificate(byte[] certs)` Decodes X.509 certificates in DER or PEM format.
`static Collection<X509Certificate>`	`decodeCertificate(File certs)` Decodes X.509 certificates in DER or PEM format.
`static Collection<X509CRL>`	`decodeCRLs(byte[] crls)` Decodes CRLS in DER or PKCS#7 format.
`static Collection<X509CRL>`	`decodeCRLs(File crls)` Decodes CRLS in DER or PKCS#7 format.
`static X509Certificate`	`determineEntityCertificate(Collection<X509Certificate> certs, PrivateKey privateKey)` Determines the certificate, from the collection, associated with the private key.
`static List`	`getAltNames(X509Certificate certificate, Integer[] nameTypes)` Gets the list of alternative names of a given name type.
`static List<String>`	`getCommonNames(X500Principal dn)` Gets the commons names that appear within the given distinguished name.
`static String`	`getIdentifiersToken(X509Credential credential, X500DNHandler handler)` Gets a formatted string representing identifier information from the supplied credential.
`private static Logger`	`getLogger()` Get an SLF4J Logger.
`static byte[]`	`getSubjectKeyIdentifier(X509Certificate certificate)` Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if present.
`static List`	`getSubjectNames(X509Certificate certificate, Integer[] altNameTypes)` Gets the common name components of the subject and all the subject alt names of a given type.
`static byte[]`	`getX509Digest(X509Certificate certificate, String algorithmURI)` Get the XML Signature-compliant digest of an X.509 certificate.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - CN_OID
```
public static final String CN_OID
```
    Common Name (CN) OID.
    
    See Also:
    Constant Field Values
  - SKI_OID
```
public static final String SKI_OID
```
    Subject Key Identifier (SKI) OID.
    
    See Also:
    Constant Field Values
  - OTHER_ALT_NAME
```
public static final Integer OTHER_ALT_NAME
```
    RFC 2459 Other Subject Alt Name type.
  - RFC822_ALT_NAME
```
public static final Integer RFC822_ALT_NAME
```
    RFC 2459 RFC 822 (email address) Subject Alt Name type.
  - DNS_ALT_NAME
```
public static final Integer DNS_ALT_NAME
```
    RFC 2459 DNS Subject Alt Name type.
  - X400ADDRESS_ALT_NAME
```
public static final Integer X400ADDRESS_ALT_NAME
```
    RFC 2459 X.400 Address Subject Alt Name type.
  - DIRECTORY_ALT_NAME
```
public static final Integer DIRECTORY_ALT_NAME
```
    RFC 2459 Directory Name Subject Alt Name type.
  - EDI_PARTY_ALT_NAME
```
public static final Integer EDI_PARTY_ALT_NAME
```
    RFC 2459 EDI Party Name Subject Alt Name type.
  - URI_ALT_NAME
```
public static final Integer URI_ALT_NAME
```
    RFC 2459 URI Subject Alt Name type.
  - IP_ADDRESS_ALT_NAME
```
public static final Integer IP_ADDRESS_ALT_NAME
```
    RFC 2459 IP Address Subject Alt Name type.
  - REGISTERED_ID_ALT_NAME
```
public static final Integer REGISTERED_ID_ALT_NAME
```
    RFC 2459 Registered ID Subject Alt Name type.
- Constructor Detail
  - X509Util
```
protected X509Util()
```
    Constructed.
- Method Detail
  - determineEntityCertificate
```
public static X509Certificate determineEntityCertificate(Collection<X509Certificate> certs,
                                         PrivateKey privateKey)
                                                  throws SecurityException
```
    Determines the certificate, from the collection, associated with the private key.
    
    Parameters:
    certs - certificates to check
    privateKey - entity's private key
    
    Returns:
    the certificate associated with entity's private key or null if not certificate in the collection is associated with the given private key
    
    Throws:
    
    SecurityException - thrown if the public or private keys checked are of an unsupported type
    Since:
    
    1.2
  - getCommonNames
```
public static List<String> getCommonNames(X500Principal dn)
```
    Gets the commons names that appear within the given distinguished name.
    The returned list provides the names in the order they appeared in the DN, according to RFC 1779/2253 encoding. In this encoding the "most specific" name would typically appear in the left-most position, and would appear first in the returned list.
    
    Parameters:
    dn - the DN to extract the common names from
    
    Returns:
    the common names that appear in the DN in the order they appear, or null if the given DN is null
  - getAltNames
```
public static List getAltNames(X509Certificate certificate,
               Integer[] nameTypes)
```
    Gets the list of alternative names of a given name type.
    
    Parameters:
    certificate - the certificate to extract the alternative names from
    nameTypes - the name types
    
    Returns:
    the alt names, of the given type, within the cert
  - getSubjectNames
```
public static List getSubjectNames(X509Certificate certificate,
                   Integer[] altNameTypes)
```
    Gets the common name components of the subject and all the subject alt names of a given type.
    
    Parameters:
    certificate - certificate to extract names from
    altNameTypes - type of alt names to extract
    
    Returns:
    list of subject names in the certificate
  - getSubjectKeyIdentifier
```
public static byte[] getSubjectKeyIdentifier(X509Certificate certificate)
```
    Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if present.
    
    Parameters:
    certificate - an X.509 certificate possibly containing a subject key identifier
    
    Returns:
    the plain (non-DER encoded) value of the Subject Key Identifier extension, or null if the certificate does not contain the extension
    
    Throws:
    
    IOException
  - getX509Digest
```
public static byte[] getX509Digest(X509Certificate certificate,
                   String algorithmURI)
                            throws SecurityException
```
    Get the XML Signature-compliant digest of an X.509 certificate.
    
    Parameters:
    certificate - an X.509 certificate
    algorithmURI - URI of digest algorithm to apply
    
    Returns:
    the raw digest of the certificate
    
    Throws:
    
    SecurityException - is algorithm is unsupported or encoding is not possible
  - decodeCertificate
```
public static Collection<X509Certificate> decodeCertificate(File certs)
                                                     throws CertificateException
```
    Decodes X.509 certificates in DER or PEM format.
    
    Parameters:
    certs - encoded certs
    
    Returns:
    decoded certs
    
    Throws:
    
    CertificateException - thrown if the certificates can not be decoded
    Since:
    
    1.2
  - decodeCertificate
```
public static Collection<X509Certificate> decodeCertificate(byte[] certs)
                                                     throws CertificateException
```
    Decodes X.509 certificates in DER or PEM format.
    
    Parameters:
    certs - encoded certs
    
    Returns:
    decoded certs
    
    Throws:
    
    CertificateException - thrown if the certificates can not be decoded
  - decodeCRLs
```
public static Collection<X509CRL> decodeCRLs(File crls)
                                      throws CRLException
```
    Decodes CRLS in DER or PKCS#7 format. If in PKCS#7 format only the CRLs are decode, the rest of the content is ignored.
    
    Parameters:
    crls - encoded CRLs
    
    Returns:
    decoded CRLs
    
    Throws:
    
    CRLException - thrown if the CRLs can not be decoded
    Since:
    
    1.2
  - decodeCRLs
```
public static Collection<X509CRL> decodeCRLs(byte[] crls)
                                      throws CRLException
```
    Decodes CRLS in DER or PKCS#7 format. If in PKCS#7 format only the CRLs are decode, the rest of the content is ignored.
    
    Parameters:
    crls - encoded CRLs
    
    Returns:
    decoded CRLs
    
    Throws:
    
    CRLException - thrown if the CRLs can not be decoded
  - getIdentifiersToken
```
public static String getIdentifiersToken(X509Credential credential,
                         X500DNHandler handler)
```
    Gets a formatted string representing identifier information from the supplied credential.
    This could for example be used in logging messages.
    
    Often it will be the case that a given credential that is being evaluated will NOT have a value for the entity ID property. So extract the certificate subject DN, and if present, the credential's entity ID.
    
    Parameters:
    credential - the credential for which to produce a token.
    handler - the X.500 DN handler to use. If null, a new instance of InternalX500DNHandler will be used.
    
    Returns:
    a formatted string containing identifier information present in the credential
  - convertAltNameType
```
private static Object convertAltNameType(Integer nameType,
                        Object nameValue)
```
    Convert types returned by Bouncy Castle X509ExtensionUtil.getSubjectAlternativeNames(X509Certificate) to be consistent with what is documented for: java.security.cert.X509Certificate#getSubjectAlternativeNames.
    
    Parameters:
    nameType - the alt name type
    nameValue - the alt name value
    
    Returns:
    converted representation of name value, based on type
  - getLogger
```
private static Logger getLogger()
```
    Get an SLF4J Logger.
    
    Returns:
    a Logger instance

Class X509Util

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

CN_OID

SKI_OID

OTHER_ALT_NAME

RFC822_ALT_NAME

DNS_ALT_NAME

X400ADDRESS_ALT_NAME

DIRECTORY_ALT_NAME

EDI_PARTY_ALT_NAME

URI_ALT_NAME

IP_ADDRESS_ALT_NAME

REGISTERED_ID_ALT_NAME

Constructor Detail

X509Util

Method Detail

determineEntityCertificate

getCommonNames

getAltNames

getSubjectNames

getSubjectKeyIdentifier

getX509Digest

decodeCertificate

decodeCertificate

decodeCRLs

decodeCRLs

getIdentifiersToken

convertAltNameType

getLogger