eu.emi.security.authn.x509.helpers
Class CertificateHelpers

java.lang.Object
  extended by eu.emi.security.authn.x509.helpers.CertificateHelpers

public class CertificateHelpers
extends Object

Utility methods for certificates handling and reading/writing PEM files.

Author:
K. Benedyczak

Nested Class Summary
static class CertificateHelpers.PEMContentsType
           
 
Constructor Summary
CertificateHelpers()
           
 
Method Summary
static void checkKeysMatching(PrivateKey privKey, PublicKey pubKey)
          Throws an exception if the private key is not matching the public key.
static byte[] getExtensionBytes(X509Certificate cert, String oid)
          Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.
static CertificateHelpers.PEMContentsType getPEMType(String name)
          Assumes that the input is the contents of the PEM identification line, after '-----BEGIN ' prefix.
static Certificate readDERCertificate(InputStream input)
           
static Collection<? extends Certificate> readDERCertificates(InputStream input)
           
static X509Certificate[] sortChain(List<X509Certificate> certificates)
          Creates a chain of certificates, where the top-most certificate (the one without issuing certificate) is the last in the returned array.
static CertPath toCertPath(X509Certificate[] in)
          Converts certificates array to CertPath
static X500Name toX500Name(X500Principal srcDn)
          Converts X500Principal to X500Name with the JavaAndBCStyle style.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CertificateHelpers

public CertificateHelpers()
Method Detail

getPEMType

public static CertificateHelpers.PEMContentsType getPEMType(String name)
Assumes that the input is the contents of the PEM identification line, after '-----BEGIN ' prefix.

Parameters:
name - PEM first line to be checked.
Returns:
the type

readDERCertificates

public static Collection<? extends Certificate> readDERCertificates(InputStream input)
                                                             throws IOException
Throws:
IOException

readDERCertificate

public static Certificate readDERCertificate(InputStream input)
                                      throws IOException
Throws:
IOException

sortChain

public static X509Certificate[] sortChain(List<X509Certificate> certificates)
                                   throws IOException
Creates a chain of certificates, where the top-most certificate (the one without issuing certificate) is the last in the returned array.

Parameters:
certificates - unsorted certificates of one chain
Returns:
sorted certificate chain
Throws:
IOException - if the passed chain is inconsistent

toCertPath

public static CertPath toCertPath(X509Certificate[] in)
                           throws CertificateException
Converts certificates array to CertPath

Parameters:
in - array
Returns:
converted object
Throws:
CertificateException

toX500Name

public static X500Name toX500Name(X500Principal srcDn)
Converts X500Principal to X500Name with the JavaAndBCStyle style.

Parameters:
srcDn - source object
Returns:
converted object

getExtensionBytes

public static byte[] getExtensionBytes(X509Certificate cert,
                                       String oid)
                                throws IOException
Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.

Parameters:
cert - The certificate to inspect.
oid - The extension OID to fetch.
Returns:
The value bytes of the extension, returns null in case the extension was not present or was empty.
Throws:
IOException - thrown in case the certificate parsing fails.

checkKeysMatching

public static void checkKeysMatching(PrivateKey privKey,
                                     PublicKey pubKey)
                              throws InvalidKeyException
Throws an exception if the private key is not matching the public key. The check is done only for known types of keys - RSA and DSA currently.

Parameters:
privKey - first key to match
pubKey - 2nd key to match
Throws:
InvalidKeyException


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.