eu.emi.security.authn.x509.helpers

Class CertificateHelpers

java.lang.Object

eu.emi.security.authn.x509.helpers.CertificateHelpers

public class CertificateHelpers
extends java.lang.Object

Utility methods for certificates handling and reading/writing PEM files.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CertificateHelpers.PEMContentsType

Field Summary

Fields

Modifier and Type	Field and Description
private static byte[]	TEST

Constructor Summary

Constructors

Constructor and Description
CertificateHelpers()

Method Summary

Modifier and Type	Method and Description
static void	checkKeysMatching(java.security.PrivateKey privKey, java.security.PublicKey pubKey) Throws an exception if the private key is not matching the public key.
private static boolean	checkKeysViaSignature(java.lang.String alg, java.security.PrivateKey privKey, java.security.PublicKey pubKey)
static byte[]	getExtensionBytes(java.security.cert.X509Certificate cert, java.lang.String oid) Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.
private static java.security.cert.CertificateFactory	getFactory()
static CertificateHelpers.PEMContentsType	getPEMType(java.lang.String name) Assumes that the input is the contents of the PEM identification line, after '-----BEGIN ' prefix.
static java.security.cert.Certificate	readDERCertificate(java.io.InputStream input)
static java.util.Collection<? extends java.security.cert.Certificate>	readDERCertificates(java.io.InputStream input)
static java.security.cert.X509Certificate[]	sortChain(java.util.List<java.security.cert.X509Certificate> certificates) Creates a chain of certificates, where the top-most certificate (the one without issuing certificate) is the last in the returned array.
static java.security.cert.CertPath	toCertPath(java.security.cert.X509Certificate[] in) Converts certificates array to CertPath
static org.bouncycastle.asn1.x500.X500Name	toX500Name(javax.security.auth.x500.X500Principal srcDn) Converts X500Principal to X500Name with the JavaAndBCStyle style.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TEST

private static final byte[] TEST

Constructor Detail

CertificateHelpers

public CertificateHelpers()

Method Detail

getPEMType

public static CertificateHelpers.PEMContentsType getPEMType(java.lang.String name)

Assumes that the input is the contents of the PEM identification line, after '-----BEGIN ' prefix.

Parameters:

name - PEM first line to be checked.

Returns:

the type

readDERCertificates

public static java.util.Collection<? extends java.security.cert.Certificate> readDERCertificates(java.io.InputStream input)
                                                                                          throws java.io.IOException

Throws:

java.io.IOException

readDERCertificate

public static java.security.cert.Certificate readDERCertificate(java.io.InputStream input)
                                                         throws java.io.IOException

Throws:

java.io.IOException

getFactory

private static java.security.cert.CertificateFactory getFactory()

sortChain

public static java.security.cert.X509Certificate[] sortChain(java.util.List<java.security.cert.X509Certificate> certificates)
                                                      throws java.io.IOException

Creates a chain of certificates, where the top-most certificate (the one without issuing certificate) is the last in the returned array.

Parameters:

certificates - unsorted certificates of one chain

Returns:

sorted certificate chain

Throws:

java.io.IOException - if the passed chain is inconsistent

toCertPath

public static java.security.cert.CertPath toCertPath(java.security.cert.X509Certificate[] in)
                                              throws java.security.cert.CertificateException

Converts certificates array to CertPath

Parameters:

in - array

Returns:

converted object

Throws:

java.security.cert.CertificateException - certificate exception

toX500Name

public static org.bouncycastle.asn1.x500.X500Name toX500Name(javax.security.auth.x500.X500Principal srcDn)

Converts X500Principal to X500Name with the JavaAndBCStyle style.

Parameters:

srcDn - source object

Returns:

converted object

getExtensionBytes

public static byte[] getExtensionBytes(java.security.cert.X509Certificate cert,
                                       java.lang.String oid)
                                throws java.io.IOException

Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.

Parameters:

cert - The certificate to inspect.

oid - The extension OID to fetch.

Returns:

The value bytes of the extension, returns null in case the extension was not present or was empty.

Throws:

java.io.IOException - thrown in case the certificate parsing fails.

checkKeysMatching

public static void checkKeysMatching(java.security.PrivateKey privKey,
                                     java.security.PublicKey pubKey)
                              throws java.security.InvalidKeyException

Throws an exception if the private key is not matching the public key. The check is done only for known types of keys - RSA and DSA currently.

Parameters:

privKey - first key to match

pubKey - 2nd key to match

Throws:

java.security.InvalidKeyException - invalid key exception

checkKeysViaSignature

private static boolean checkKeysViaSignature(java.lang.String alg,
                                             java.security.PrivateKey privKey,
                                             java.security.PublicKey pubKey)
                                      throws java.security.InvalidKeyException

Throws:

java.security.InvalidKeyException