public class X509Util extends Object
Modifier and Type | Class and Description |
---|---|
static class |
X509Util.ENCODING_FORMAT
Encoding used to store a key or certificate in a file.
|
Modifier and Type | Field and Description |
---|---|
static String |
CN_OID
Common Name (CN) OID.
|
static Integer |
DIRECTORY_ALT_NAME
RFC 2459 Directory Name Subject Alt Name type.
|
static Integer |
DNS_ALT_NAME
RFC 2459 DNS Subject Alt Name type.
|
static Integer |
EDI_PARTY_ALT_NAME
RFC 2459 EDI Party Name Subject Alt Name type.
|
static Integer |
IP_ADDRESS_ALT_NAME
RFC 2459 IP Address Subject Alt Name type.
|
static Integer |
OTHER_ALT_NAME
RFC 2459 Other Subject Alt Name type.
|
static Integer |
REGISTERED_ID_ALT_NAME
RFC 2459 Registered ID Subject Alt Name type.
|
static Integer |
RFC822_ALT_NAME
RFC 2459 RFC 822 (email address) Subject Alt Name type.
|
static String |
SKI_OID
Subject Key Identifier (SKI) OID.
|
static Integer |
URI_ALT_NAME
RFC 2459 URI Subject Alt Name type.
|
static Integer |
X400ADDRESS_ALT_NAME
RFC 2459 X.400 Address Subject Alt Name type.
|
Modifier | Constructor and Description |
---|---|
protected |
X509Util()
Constructed.
|
Modifier and Type | Method and Description |
---|---|
private static Object |
convertAltNameType(Integer nameType,
Object nameValue)
Convert types returned by Bouncy Castle X509ExtensionUtil.getSubjectAlternativeNames(X509Certificate) to be
consistent with what is documented for: java.security.cert.X509Certificate#getSubjectAlternativeNames.
|
static Collection<X509Certificate> |
decodeCertificate(byte[] certs)
Decodes X.509 certificates in DER or PEM format.
|
static Collection<X509Certificate> |
decodeCertificate(File certs)
Decodes X.509 certificates in DER or PEM format.
|
static Collection<X509CRL> |
decodeCRLs(byte[] crls)
Decodes CRLS in DER or PKCS#7 format.
|
static Collection<X509CRL> |
decodeCRLs(File crls)
Decodes CRLS in DER or PKCS#7 format.
|
static X509Certificate |
determineEntityCertificate(Collection<X509Certificate> certs,
PrivateKey privateKey)
Determines the certificate, from the collection, associated with the private key.
|
static List |
getAltNames(X509Certificate certificate,
Integer[] nameTypes)
Gets the list of alternative names of a given name type.
|
static List<String> |
getCommonNames(X500Principal dn)
Gets the commons names that appear within the given distinguished name.
|
static String |
getIdentifiersToken(X509Credential credential,
X500DNHandler handler)
Gets a formatted string representing identifier information from the supplied credential.
|
private static Logger |
getLogger()
Get an SLF4J Logger.
|
static byte[] |
getSubjectKeyIdentifier(X509Certificate certificate)
Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if
present.
|
static List |
getSubjectNames(X509Certificate certificate,
Integer[] altNameTypes)
Gets the common name components of the subject and all the subject alt names of a given type.
|
static byte[] |
getX509Digest(X509Certificate certificate,
String algorithmURI)
Get the XML Signature-compliant digest of an X.509 certificate.
|
public static final String CN_OID
public static final String SKI_OID
public static final Integer OTHER_ALT_NAME
public static final Integer RFC822_ALT_NAME
public static final Integer DNS_ALT_NAME
public static final Integer X400ADDRESS_ALT_NAME
public static final Integer DIRECTORY_ALT_NAME
public static final Integer EDI_PARTY_ALT_NAME
public static final Integer URI_ALT_NAME
public static final Integer IP_ADDRESS_ALT_NAME
public static final Integer REGISTERED_ID_ALT_NAME
public static X509Certificate determineEntityCertificate(Collection<X509Certificate> certs, PrivateKey privateKey) throws SecurityException
certs
- certificates to checkprivateKey
- entity's private keySecurityException
- thrown if the public or private keys checked are of an unsupported typepublic static List<String> getCommonNames(X500Principal dn)
The returned list provides the names in the order they appeared in the DN, according to RFC 1779/2253 encoding. In this encoding the "most specific" name would typically appear in the left-most position, and would appear first in the returned list.
dn
- the DN to extract the common names frompublic static List getAltNames(X509Certificate certificate, Integer[] nameTypes)
certificate
- the certificate to extract the alternative names fromnameTypes
- the name typespublic static List getSubjectNames(X509Certificate certificate, Integer[] altNameTypes)
certificate
- certificate to extract names fromaltNameTypes
- type of alt names to extractpublic static byte[] getSubjectKeyIdentifier(X509Certificate certificate)
certificate
- an X.509 certificate possibly containing a subject key identifierIOException
public static byte[] getX509Digest(X509Certificate certificate, String algorithmURI) throws SecurityException
certificate
- an X.509 certificatealgorithmURI
- URI of digest algorithm to applySecurityException
- is algorithm is unsupported or encoding is not possiblepublic static Collection<X509Certificate> decodeCertificate(File certs) throws CertificateException
certs
- encoded certsCertificateException
- thrown if the certificates can not be decodedpublic static Collection<X509Certificate> decodeCertificate(byte[] certs) throws CertificateException
certs
- encoded certsCertificateException
- thrown if the certificates can not be decodedpublic static Collection<X509CRL> decodeCRLs(File crls) throws CRLException
crls
- encoded CRLsCRLException
- thrown if the CRLs can not be decodedpublic static Collection<X509CRL> decodeCRLs(byte[] crls) throws CRLException
crls
- encoded CRLsCRLException
- thrown if the CRLs can not be decodedpublic static String getIdentifiersToken(X509Credential credential, X500DNHandler handler)
This could for example be used in logging messages.
Often it will be the case that a given credential that is being evaluated will NOT have a value for the entity ID property. So extract the certificate subject DN, and if present, the credential's entity ID.
credential
- the credential for which to produce a token.handler
- the X.500 DN handler to use. If null, a new instance of InternalX500DNHandler
will be
used.private static Object convertAltNameType(Integer nameType, Object nameValue)
nameType
- the alt name typenameValue
- the alt name valueprivate static Logger getLogger()
Copyright © 1999-2014. All Rights Reserved.