Package tigase.cert
Class CertificateUtil
- java.lang.Object
-
- tigase.cert.CertificateUtil
-
public abstract class CertificateUtil extends java.lang.ObjectCreated: Sep 22, 2010 3:09:01 PM- Version:
- $Rev$
- Author:
- Artur Hefczyc
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interfaceCertificateUtil.KeyPairSupplier
-
Field Summary
Fields Modifier and Type Field Description protected static byte[]ID_ON_XMPPADDR
-
Constructor Summary
Constructors Constructor Description CertificateUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static java.security.KeyPaircreateKeyPair(int size, java.lang.String password)static java.security.cert.X509CertificatecreateSelfSignedCertificate(java.lang.String email, java.lang.String domain, java.lang.String organizationUnit, java.lang.String organization, java.lang.String city, java.lang.String state, java.lang.String country, java.security.KeyPair keyPair)Deprecated.static CertificateEntrycreateSelfSignedCertificate(java.lang.String email, java.lang.String domain, java.lang.String organizationUnit, java.lang.String organization, java.lang.String city, java.lang.String state, java.lang.String country, CertificateUtil.KeyPairSupplier keyPairSupplier)static java.lang.StringexportToPemFormat(CertificateEntry entry)protected static java.lang.StringextractCN(javax.security.auth.x500.X500Principal principal)static java.util.List<java.lang.String>extractXmppAddrs(java.security.cert.X509Certificate x509Certificate)static java.util.List<java.lang.String>getCertAltCName(java.security.cert.X509Certificate cert)static java.lang.StringgetCertCName(java.security.cert.X509Certificate cert)static java.lang.StringBuildergetCertificateBasicInfo(java.lang.StringBuilder sb, java.security.cert.Certificate cert)static java.lang.StringgetCertificateBasicInfo(java.security.cert.Certificate cert)static java.lang.StringgetCertificateFingerprint(java.security.cert.Certificate cert)static java.util.Optional<java.math.BigInteger>getCertificateSerialNumber(java.security.cert.Certificate cert)static booleanisExpired(java.security.cert.X509Certificate cert)static booleanisSelfSigned(java.security.cert.X509Certificate cert)static CertificateEntryloadCertificate(byte[] bytes)Deprecated.static CertificateEntryloadCertificate(java.io.File file)static CertificateEntryloadCertificate(java.lang.String file)static java.security.PrivateKeyloadPrivateKeyFromDER(java.io.File file)static voidmain(java.lang.String[] args)static booleanmatch(java.lang.String hostname, java.lang.String altName)Checks if hostname matches name or wildcardstatic CertificateEntryparseCertificate(java.io.Reader data)static java.security.cert.Certificate[]removeRootCACertificate(java.security.cert.Certificate[] certChain)static java.security.cert.Certificate[]sort(java.security.cert.Certificate[] chain)static java.util.List<java.security.cert.Certificate>sort(java.util.List<java.security.cert.Certificate> certs)static voidstoreCertificate(java.lang.String file, CertificateEntry entry)static CertCheckResultvalidateCertificate(java.security.cert.Certificate[] chain, java.security.KeyStore trustKeystore, boolean revocationEnabled)static booleanverifyCertificateForDomain(java.security.cert.X509Certificate cert, java.lang.String hostname)Method used to verify if certificate if valid for particular domain (if domain matches CN or ALT of certificate)protected static booleanverifyCertificateForHostname(java.lang.String hostname, java.security.cert.X509Certificate x509Certificate)protected static booleanverifyCertificateForIp(java.lang.String ipAddr, java.security.cert.X509Certificate x509Certificate)
-
-
-
Method Detail
-
createKeyPair
public static java.security.KeyPair createKeyPair(int size, java.lang.String password) throws java.security.NoSuchAlgorithmException- Throws:
java.security.NoSuchAlgorithmException
-
createSelfSignedCertificate
@Deprecated public static java.security.cert.X509Certificate createSelfSignedCertificate(java.lang.String email, java.lang.String domain, java.lang.String organizationUnit, java.lang.String organization, java.lang.String city, java.lang.String state, java.lang.String country, java.security.KeyPair keyPair) throws java.security.cert.CertificateException, java.io.IOException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureExceptionDeprecated.- Throws:
java.security.cert.CertificateExceptionjava.io.IOExceptionjava.security.NoSuchAlgorithmExceptionjava.security.InvalidKeyExceptionjava.security.NoSuchProviderExceptionjava.security.SignatureException
-
createSelfSignedCertificate
public static CertificateEntry createSelfSignedCertificate(java.lang.String email, java.lang.String domain, java.lang.String organizationUnit, java.lang.String organization, java.lang.String city, java.lang.String state, java.lang.String country, CertificateUtil.KeyPairSupplier keyPairSupplier) throws java.security.cert.CertificateException, java.io.IOException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
- Throws:
java.security.cert.CertificateExceptionjava.io.IOExceptionjava.security.NoSuchAlgorithmExceptionjava.security.InvalidKeyExceptionjava.security.NoSuchProviderExceptionjava.security.SignatureException
-
exportToPemFormat
public static java.lang.String exportToPemFormat(CertificateEntry entry) throws java.security.cert.CertificateEncodingException
- Throws:
java.security.cert.CertificateEncodingException
-
extractCN
protected static java.lang.String extractCN(javax.security.auth.x500.X500Principal principal)
-
extractXmppAddrs
public static java.util.List<java.lang.String> extractXmppAddrs(java.security.cert.X509Certificate x509Certificate)
-
getCertAltCName
public static java.util.List<java.lang.String> getCertAltCName(java.security.cert.X509Certificate cert)
-
getCertCName
public static java.lang.String getCertCName(java.security.cert.X509Certificate cert)
-
getCertificateBasicInfo
public static java.lang.String getCertificateBasicInfo(java.security.cert.Certificate cert)
-
getCertificateBasicInfo
public static java.lang.StringBuilder getCertificateBasicInfo(java.lang.StringBuilder sb, java.security.cert.Certificate cert)
-
getCertificateFingerprint
public static java.lang.String getCertificateFingerprint(java.security.cert.Certificate cert) throws java.security.cert.CertificateEncodingException, java.security.NoSuchAlgorithmException- Throws:
java.security.cert.CertificateEncodingExceptionjava.security.NoSuchAlgorithmException
-
getCertificateSerialNumber
public static java.util.Optional<java.math.BigInteger> getCertificateSerialNumber(java.security.cert.Certificate cert)
-
isExpired
public static boolean isExpired(java.security.cert.X509Certificate cert)
-
isSelfSigned
public static boolean isSelfSigned(java.security.cert.X509Certificate cert)
-
loadCertificate
public static CertificateEntry loadCertificate(java.io.File file) throws java.io.FileNotFoundException, java.io.IOException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException
- Throws:
java.io.FileNotFoundExceptionjava.io.IOExceptionjava.security.cert.CertificateExceptionjava.security.NoSuchAlgorithmExceptionjava.security.spec.InvalidKeySpecException
-
loadCertificate
@Deprecated public static CertificateEntry loadCertificate(byte[] bytes) throws java.security.cert.CertificateException, java.security.NoSuchProviderException
Deprecated.Loads a certificate from a DER byte buffer.- Throws:
java.security.cert.CertificateExceptionjava.security.NoSuchProviderException
-
loadCertificate
public static CertificateEntry loadCertificate(java.lang.String file) throws java.io.FileNotFoundException, java.io.IOException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException
- Throws:
java.io.FileNotFoundExceptionjava.io.IOExceptionjava.security.cert.CertificateExceptionjava.security.NoSuchAlgorithmExceptionjava.security.spec.InvalidKeySpecException
-
loadPrivateKeyFromDER
public static java.security.PrivateKey loadPrivateKeyFromDER(java.io.File file) throws java.io.FileNotFoundException, java.io.IOException, java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException- Throws:
java.io.FileNotFoundExceptionjava.io.IOExceptionjava.security.NoSuchAlgorithmExceptionjava.security.spec.InvalidKeySpecException
-
main
public static void main(java.lang.String[] args) throws java.lang.Exception- Throws:
java.lang.Exception
-
match
public static boolean match(java.lang.String hostname, java.lang.String altName)Checks if hostname matches name or wildcard- Returns:
- true if there is a match
-
parseCertificate
public static CertificateEntry parseCertificate(java.io.Reader data) throws java.io.IOException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException
- Throws:
java.io.IOExceptionjava.security.cert.CertificateExceptionjava.security.NoSuchAlgorithmExceptionjava.security.spec.InvalidKeySpecException
-
removeRootCACertificate
public static java.security.cert.Certificate[] removeRootCACertificate(java.security.cert.Certificate[] certChain)
-
sort
public static java.security.cert.Certificate[] sort(java.security.cert.Certificate[] chain)
-
sort
public static java.util.List<java.security.cert.Certificate> sort(java.util.List<java.security.cert.Certificate> certs)
-
storeCertificate
public static void storeCertificate(java.lang.String file, CertificateEntry entry) throws java.security.cert.CertificateEncodingException, java.io.IOException- Throws:
java.security.cert.CertificateEncodingExceptionjava.io.IOException
-
validateCertificate
public static CertCheckResult validateCertificate(java.security.cert.Certificate[] chain, java.security.KeyStore trustKeystore, boolean revocationEnabled) throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException, java.security.InvalidAlgorithmParameterException, java.security.cert.CertificateException
- Throws:
java.security.NoSuchAlgorithmExceptionjava.security.KeyStoreExceptionjava.security.InvalidAlgorithmParameterExceptionjava.security.cert.CertificateException
-
verifyCertificateForDomain
public static boolean verifyCertificateForDomain(java.security.cert.X509Certificate cert, java.lang.String hostname) throws java.security.cert.CertificateParsingExceptionMethod used to verify if certificate if valid for particular domain (if domain matches CN or ALT of certificate)- Returns:
- true if certificate is valid
- Throws:
java.security.cert.CertificateParsingException
-
verifyCertificateForHostname
protected static boolean verifyCertificateForHostname(java.lang.String hostname, java.security.cert.X509Certificate x509Certificate) throws java.security.cert.CertificateParsingException- Throws:
java.security.cert.CertificateParsingException
-
verifyCertificateForIp
protected static boolean verifyCertificateForIp(java.lang.String ipAddr, java.security.cert.X509Certificate x509Certificate) throws java.security.cert.CertificateParsingException- Throws:
java.security.cert.CertificateParsingException
-
-