Package tigase.cert
Class CertificateUtil
- java.lang.Object
-
- tigase.cert.CertificateUtil
-
public abstract class CertificateUtil extends java.lang.Object
Created: Sep 22, 2010 3:09:01 PM- Version:
- $Rev$
- Author:
- Artur Hefczyc
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interface
CertificateUtil.KeyPairSupplier
-
Field Summary
Fields Modifier and Type Field Description protected static byte[]
ID_ON_XMPPADDR
-
Constructor Summary
Constructors Constructor Description CertificateUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static java.security.KeyPair
createKeyPair(int size, java.lang.String password)
static java.security.cert.X509Certificate
createSelfSignedCertificate(java.lang.String email, java.lang.String domain, java.lang.String organizationUnit, java.lang.String organization, java.lang.String city, java.lang.String state, java.lang.String country, java.security.KeyPair keyPair)
Deprecated.static CertificateEntry
createSelfSignedCertificate(java.lang.String email, java.lang.String domain, java.lang.String organizationUnit, java.lang.String organization, java.lang.String city, java.lang.String state, java.lang.String country, CertificateUtil.KeyPairSupplier keyPairSupplier)
static java.lang.String
exportToPemFormat(CertificateEntry entry)
protected static java.lang.String
extractCN(javax.security.auth.x500.X500Principal principal)
static java.util.List<java.lang.String>
extractXmppAddrs(java.security.cert.X509Certificate x509Certificate)
static java.util.List<java.lang.String>
getCertAltCName(java.security.cert.X509Certificate cert)
static java.lang.String
getCertCName(java.security.cert.X509Certificate cert)
static java.lang.StringBuilder
getCertificateBasicInfo(java.lang.StringBuilder sb, java.security.cert.Certificate cert)
static java.lang.String
getCertificateBasicInfo(java.security.cert.Certificate cert)
static java.lang.String
getCertificateFingerprint(java.security.cert.Certificate cert)
static java.util.Optional<java.math.BigInteger>
getCertificateSerialNumber(java.security.cert.Certificate cert)
static boolean
isExpired(java.security.cert.X509Certificate cert)
static boolean
isSelfSigned(java.security.cert.X509Certificate cert)
static CertificateEntry
loadCertificate(byte[] bytes)
Deprecated.static CertificateEntry
loadCertificate(java.io.File file)
static CertificateEntry
loadCertificate(java.lang.String file)
static java.security.PrivateKey
loadPrivateKeyFromDER(java.io.File file)
static void
main(java.lang.String[] args)
static boolean
match(java.lang.String hostname, java.lang.String altName)
Checks if hostname matches name or wildcardstatic CertificateEntry
parseCertificate(java.io.Reader data)
static java.security.cert.Certificate[]
removeRootCACertificate(java.security.cert.Certificate[] certChain)
static java.security.cert.Certificate[]
sort(java.security.cert.Certificate[] chain)
static java.util.List<java.security.cert.Certificate>
sort(java.util.List<java.security.cert.Certificate> certs)
static void
storeCertificate(java.lang.String file, CertificateEntry entry)
static CertCheckResult
validateCertificate(java.security.cert.Certificate[] chain, java.security.KeyStore trustKeystore, boolean revocationEnabled)
static boolean
verifyCertificateForDomain(java.security.cert.X509Certificate cert, java.lang.String hostname)
Method used to verify if certificate if valid for particular domain (if domain matches CN or ALT of certificate)protected static boolean
verifyCertificateForHostname(java.lang.String hostname, java.security.cert.X509Certificate x509Certificate)
protected static boolean
verifyCertificateForIp(java.lang.String ipAddr, java.security.cert.X509Certificate x509Certificate)
-
-
-
Method Detail
-
createKeyPair
public static java.security.KeyPair createKeyPair(int size, java.lang.String password) throws java.security.NoSuchAlgorithmException
- Throws:
java.security.NoSuchAlgorithmException
-
createSelfSignedCertificate
@Deprecated public static java.security.cert.X509Certificate createSelfSignedCertificate(java.lang.String email, java.lang.String domain, java.lang.String organizationUnit, java.lang.String organization, java.lang.String city, java.lang.String state, java.lang.String country, java.security.KeyPair keyPair) throws java.security.cert.CertificateException, java.io.IOException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
Deprecated.- Throws:
java.security.cert.CertificateException
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.SignatureException
-
createSelfSignedCertificate
public static CertificateEntry createSelfSignedCertificate(java.lang.String email, java.lang.String domain, java.lang.String organizationUnit, java.lang.String organization, java.lang.String city, java.lang.String state, java.lang.String country, CertificateUtil.KeyPairSupplier keyPairSupplier) throws java.security.cert.CertificateException, java.io.IOException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
- Throws:
java.security.cert.CertificateException
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.SignatureException
-
exportToPemFormat
public static java.lang.String exportToPemFormat(CertificateEntry entry) throws java.security.cert.CertificateEncodingException
- Throws:
java.security.cert.CertificateEncodingException
-
extractCN
protected static java.lang.String extractCN(javax.security.auth.x500.X500Principal principal)
-
extractXmppAddrs
public static java.util.List<java.lang.String> extractXmppAddrs(java.security.cert.X509Certificate x509Certificate)
-
getCertAltCName
public static java.util.List<java.lang.String> getCertAltCName(java.security.cert.X509Certificate cert)
-
getCertCName
public static java.lang.String getCertCName(java.security.cert.X509Certificate cert)
-
getCertificateBasicInfo
public static java.lang.String getCertificateBasicInfo(java.security.cert.Certificate cert)
-
getCertificateBasicInfo
public static java.lang.StringBuilder getCertificateBasicInfo(java.lang.StringBuilder sb, java.security.cert.Certificate cert)
-
getCertificateFingerprint
public static java.lang.String getCertificateFingerprint(java.security.cert.Certificate cert) throws java.security.cert.CertificateEncodingException, java.security.NoSuchAlgorithmException
- Throws:
java.security.cert.CertificateEncodingException
java.security.NoSuchAlgorithmException
-
getCertificateSerialNumber
public static java.util.Optional<java.math.BigInteger> getCertificateSerialNumber(java.security.cert.Certificate cert)
-
isExpired
public static boolean isExpired(java.security.cert.X509Certificate cert)
-
isSelfSigned
public static boolean isSelfSigned(java.security.cert.X509Certificate cert)
-
loadCertificate
public static CertificateEntry loadCertificate(java.io.File file) throws java.io.FileNotFoundException, java.io.IOException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException
- Throws:
java.io.FileNotFoundException
java.io.IOException
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.spec.InvalidKeySpecException
-
loadCertificate
@Deprecated public static CertificateEntry loadCertificate(byte[] bytes) throws java.security.cert.CertificateException, java.security.NoSuchProviderException
Deprecated.Loads a certificate from a DER byte buffer.- Throws:
java.security.cert.CertificateException
java.security.NoSuchProviderException
-
loadCertificate
public static CertificateEntry loadCertificate(java.lang.String file) throws java.io.FileNotFoundException, java.io.IOException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException
- Throws:
java.io.FileNotFoundException
java.io.IOException
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.spec.InvalidKeySpecException
-
loadPrivateKeyFromDER
public static java.security.PrivateKey loadPrivateKeyFromDER(java.io.File file) throws java.io.FileNotFoundException, java.io.IOException, java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException
- Throws:
java.io.FileNotFoundException
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.spec.InvalidKeySpecException
-
main
public static void main(java.lang.String[] args) throws java.lang.Exception
- Throws:
java.lang.Exception
-
match
public static boolean match(java.lang.String hostname, java.lang.String altName)
Checks if hostname matches name or wildcard- Returns:
- true if there is a match
-
parseCertificate
public static CertificateEntry parseCertificate(java.io.Reader data) throws java.io.IOException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException
- Throws:
java.io.IOException
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.spec.InvalidKeySpecException
-
removeRootCACertificate
public static java.security.cert.Certificate[] removeRootCACertificate(java.security.cert.Certificate[] certChain)
-
sort
public static java.security.cert.Certificate[] sort(java.security.cert.Certificate[] chain)
-
sort
public static java.util.List<java.security.cert.Certificate> sort(java.util.List<java.security.cert.Certificate> certs)
-
storeCertificate
public static void storeCertificate(java.lang.String file, CertificateEntry entry) throws java.security.cert.CertificateEncodingException, java.io.IOException
- Throws:
java.security.cert.CertificateEncodingException
java.io.IOException
-
validateCertificate
public static CertCheckResult validateCertificate(java.security.cert.Certificate[] chain, java.security.KeyStore trustKeystore, boolean revocationEnabled) throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException, java.security.InvalidAlgorithmParameterException, java.security.cert.CertificateException
- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.InvalidAlgorithmParameterException
java.security.cert.CertificateException
-
verifyCertificateForDomain
public static boolean verifyCertificateForDomain(java.security.cert.X509Certificate cert, java.lang.String hostname) throws java.security.cert.CertificateParsingException
Method used to verify if certificate if valid for particular domain (if domain matches CN or ALT of certificate)- Returns:
- true if certificate is valid
- Throws:
java.security.cert.CertificateParsingException
-
verifyCertificateForHostname
protected static boolean verifyCertificateForHostname(java.lang.String hostname, java.security.cert.X509Certificate x509Certificate) throws java.security.cert.CertificateParsingException
- Throws:
java.security.cert.CertificateParsingException
-
verifyCertificateForIp
protected static boolean verifyCertificateForIp(java.lang.String ipAddr, java.security.cert.X509Certificate x509Certificate) throws java.security.cert.CertificateParsingException
- Throws:
java.security.cert.CertificateParsingException
-
-