eu.emi.security.authn.x509.helpers

Class CertificateHelpers

java.lang.Object

eu.emi.security.authn.x509.helpers.CertificateHelpers

public class CertificateHelpers
extends Object

Utility methods for certificates handling and reading/writing PEM files.

Author:

K. Benedyczak

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CertificateHelpers.PEMContentsType

Constructor Summary

Constructors

Constructor and Description
CertificateHelpers()

Method Summary

Modifier and Type	Method and Description
static void	checkKeysMatching(PrivateKey privKey, PublicKey pubKey) Throws an exception if the private key is not matching the public key.
static byte[]	getExtensionBytes(X509Certificate cert, String oid) Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.
static CertificateHelpers.PEMContentsType	getPEMType(String name) Assumes that the input is the contents of the PEM identification line, after '-----BEGIN ' prefix.
static Certificate	readDERCertificate(InputStream input)
static Collection<? extends Certificate>	readDERCertificates(InputStream input)
static X509Certificate[]	sortChain(List<X509Certificate> certificates) Creates a chain of certificates, where the top-most certificate (the one without issuing certificate) is the last in the returned array.
static CertPath	toCertPath(X509Certificate[] in) Converts certificates array to CertPath
static X500Name	toX500Name(X500Principal srcDn) Converts X500Principal to X500Name with the JavaAndBCStyle style.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertificateHelpers

public CertificateHelpers()

Method Detail

getPEMType

public static CertificateHelpers.PEMContentsType getPEMType(String name)

Assumes that the input is the contents of the PEM identification line, after '-----BEGIN ' prefix.

Parameters:

name - PEM first line to be checked.

Returns:

the type

readDERCertificates

public static Collection<? extends Certificate> readDERCertificates(InputStream input)
                                                             throws IOException

Throws:

IOException

readDERCertificate

public static Certificate readDERCertificate(InputStream input)
                                      throws IOException

Throws:

IOException

sortChain

public static X509Certificate[] sortChain(List<X509Certificate> certificates)
                                   throws IOException

Creates a chain of certificates, where the top-most certificate (the one without issuing certificate) is the last in the returned array.

Parameters:

certificates - unsorted certificates of one chain

Returns:

sorted certificate chain

Throws:

IOException - if the passed chain is inconsistent

toCertPath

public static CertPath toCertPath(X509Certificate[] in)
                           throws CertificateException

Converts certificates array to CertPath

Parameters:

in - array

Returns:

converted object

Throws:

CertificateException - certificate exception

toX500Name

public static X500Name toX500Name(X500Principal srcDn)

Converts X500Principal to X500Name with the JavaAndBCStyle style.

Parameters:

srcDn - source object

Returns:

converted object

getExtensionBytes

public static byte[] getExtensionBytes(X509Certificate cert,
                                       String oid)
                                throws IOException

Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.

Parameters:

cert - The certificate to inspect.

oid - The extension OID to fetch.

Returns:

The value bytes of the extension, returns null in case the extension was not present or was empty.

Throws:

IOException - thrown in case the certificate parsing fails.

checkKeysMatching

public static void checkKeysMatching(PrivateKey privKey,
                                     PublicKey pubKey)
                              throws InvalidKeyException

Throws an exception if the private key is not matching the public key. The check is done only for known types of keys - RSA and DSA currently.

Parameters:

privKey - first key to match

pubKey - 2nd key to match

Throws:

InvalidKeyException - invalid key exception