Package tigase.cert

Class CertificateUtil


  • public abstract class CertificateUtil
    extends java.lang.Object
    Created: Sep 22, 2010 3:09:01 PM
    Version:
    $Rev$
    Author:
    Artur Hefczyc
    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected static byte[] ID_ON_XMPPADDR  
    • Constructor Summary

      Constructors 
      Constructor Description
      CertificateUtil()  
    • Method Summary

      All Methods Static Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      static java.security.KeyPair createKeyPair​(int size, java.lang.String password)  
      static java.security.cert.X509Certificate createSelfSignedCertificate​(java.lang.String email, java.lang.String domain, java.lang.String organizationUnit, java.lang.String organization, java.lang.String city, java.lang.String state, java.lang.String country, java.security.KeyPair keyPair)
      Deprecated.
      static CertificateEntry createSelfSignedCertificate​(java.lang.String email, java.lang.String domain, java.lang.String organizationUnit, java.lang.String organization, java.lang.String city, java.lang.String state, java.lang.String country, CertificateUtil.KeyPairSupplier keyPairSupplier)  
      static java.lang.String exportToPemFormat​(CertificateEntry entry)  
      protected static java.lang.String extractCN​(javax.security.auth.x500.X500Principal principal)  
      static java.util.List<java.lang.String> extractXmppAddrs​(java.security.cert.X509Certificate x509Certificate)  
      static java.util.List<java.lang.String> getCertAltCName​(java.security.cert.X509Certificate cert)  
      static java.lang.String getCertCName​(java.security.cert.X509Certificate cert)  
      static java.lang.StringBuilder getCertificateBasicInfo​(java.lang.StringBuilder sb, java.security.cert.Certificate cert)  
      static java.lang.String getCertificateBasicInfo​(java.security.cert.Certificate cert)  
      static boolean isExpired​(java.security.cert.X509Certificate cert)  
      static boolean isSelfSigned​(java.security.cert.X509Certificate cert)  
      static CertificateEntry loadCertificate​(byte[] bytes)
      Loads a certificate from a DER byte buffer.
      static CertificateEntry loadCertificate​(java.io.File file)  
      static CertificateEntry loadCertificate​(java.lang.String file)  
      static java.security.PrivateKey loadPrivateKeyFromDER​(java.io.File file)  
      static void main​(java.lang.String[] args)  
      static boolean match​(java.lang.String hostname, java.lang.String altName)
      Checks if hostname matches name or wildcard
      static CertificateEntry parseCertificate​(java.io.Reader data)  
      static java.security.cert.Certificate[] removeRootCACertificate​(java.security.cert.Certificate[] certChain)  
      static java.security.cert.Certificate[] sort​(java.security.cert.Certificate[] chain)  
      static java.util.List<java.security.cert.Certificate> sort​(java.util.List<java.security.cert.Certificate> certs)  
      static void storeCertificate​(java.lang.String file, CertificateEntry entry)  
      static CertCheckResult validateCertificate​(java.security.cert.Certificate[] chain, java.security.KeyStore trustKeystore, boolean revocationEnabled)  
      static boolean verifyCertificateForDomain​(java.security.cert.X509Certificate cert, java.lang.String hostname)
      Method used to verify if certificate if valid for particular domain (if domain matches CN or ALT of certificate)
      protected static boolean verifyCertificateForHostname​(java.lang.String hostname, java.security.cert.X509Certificate x509Certificate)  
      protected static boolean verifyCertificateForIp​(java.lang.String ipAddr, java.security.cert.X509Certificate x509Certificate)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • ID_ON_XMPPADDR

        protected static final byte[] ID_ON_XMPPADDR
    • Constructor Detail

      • CertificateUtil

        public CertificateUtil()
    • Method Detail

      • createKeyPair

        public static java.security.KeyPair createKeyPair​(int size,
                                                          java.lang.String password)
                                                   throws java.security.NoSuchAlgorithmException
        Throws:
        java.security.NoSuchAlgorithmException
      • createSelfSignedCertificate

        @Deprecated
        public static java.security.cert.X509Certificate createSelfSignedCertificate​(java.lang.String email,
                                                                                     java.lang.String domain,
                                                                                     java.lang.String organizationUnit,
                                                                                     java.lang.String organization,
                                                                                     java.lang.String city,
                                                                                     java.lang.String state,
                                                                                     java.lang.String country,
                                                                                     java.security.KeyPair keyPair)
                                                                              throws java.security.cert.CertificateException,
                                                                                     java.io.IOException,
                                                                                     java.security.NoSuchAlgorithmException,
                                                                                     java.security.InvalidKeyException,
                                                                                     java.security.NoSuchProviderException,
                                                                                     java.security.SignatureException
        Deprecated.
        Throws:
        java.security.cert.CertificateException
        java.io.IOException
        java.security.NoSuchAlgorithmException
        java.security.InvalidKeyException
        java.security.NoSuchProviderException
        java.security.SignatureException
      • createSelfSignedCertificate

        public static CertificateEntry createSelfSignedCertificate​(java.lang.String email,
                                                                   java.lang.String domain,
                                                                   java.lang.String organizationUnit,
                                                                   java.lang.String organization,
                                                                   java.lang.String city,
                                                                   java.lang.String state,
                                                                   java.lang.String country,
                                                                   CertificateUtil.KeyPairSupplier keyPairSupplier)
                                                            throws java.security.cert.CertificateException,
                                                                   java.io.IOException,
                                                                   java.security.NoSuchAlgorithmException,
                                                                   java.security.InvalidKeyException,
                                                                   java.security.NoSuchProviderException,
                                                                   java.security.SignatureException
        Throws:
        java.security.cert.CertificateException
        java.io.IOException
        java.security.NoSuchAlgorithmException
        java.security.InvalidKeyException
        java.security.NoSuchProviderException
        java.security.SignatureException
      • exportToPemFormat

        public static java.lang.String exportToPemFormat​(CertificateEntry entry)
                                                  throws java.security.cert.CertificateEncodingException
        Throws:
        java.security.cert.CertificateEncodingException
      • extractCN

        protected static java.lang.String extractCN​(javax.security.auth.x500.X500Principal principal)
      • extractXmppAddrs

        public static java.util.List<java.lang.String> extractXmppAddrs​(java.security.cert.X509Certificate x509Certificate)
      • getCertAltCName

        public static java.util.List<java.lang.String> getCertAltCName​(java.security.cert.X509Certificate cert)
      • getCertCName

        public static java.lang.String getCertCName​(java.security.cert.X509Certificate cert)
      • getCertificateBasicInfo

        public static java.lang.String getCertificateBasicInfo​(java.security.cert.Certificate cert)
      • getCertificateBasicInfo

        public static java.lang.StringBuilder getCertificateBasicInfo​(java.lang.StringBuilder sb,
                                                                      java.security.cert.Certificate cert)
      • isExpired

        public static boolean isExpired​(java.security.cert.X509Certificate cert)
      • isSelfSigned

        public static boolean isSelfSigned​(java.security.cert.X509Certificate cert)
      • loadCertificate

        public static CertificateEntry loadCertificate​(java.io.File file)
                                                throws java.io.FileNotFoundException,
                                                       java.io.IOException,
                                                       java.security.cert.CertificateException,
                                                       java.security.NoSuchAlgorithmException,
                                                       java.security.spec.InvalidKeySpecException
        Throws:
        java.io.FileNotFoundException
        java.io.IOException
        java.security.cert.CertificateException
        java.security.NoSuchAlgorithmException
        java.security.spec.InvalidKeySpecException
      • loadCertificate

        public static CertificateEntry loadCertificate​(byte[] bytes)
                                                throws java.security.cert.CertificateException,
                                                       java.security.NoSuchProviderException
        Loads a certificate from a DER byte buffer.
        Throws:
        java.security.cert.CertificateException
        java.security.NoSuchProviderException
      • loadCertificate

        public static CertificateEntry loadCertificate​(java.lang.String file)
                                                throws java.io.FileNotFoundException,
                                                       java.io.IOException,
                                                       java.security.cert.CertificateException,
                                                       java.security.NoSuchAlgorithmException,
                                                       java.security.spec.InvalidKeySpecException
        Throws:
        java.io.FileNotFoundException
        java.io.IOException
        java.security.cert.CertificateException
        java.security.NoSuchAlgorithmException
        java.security.spec.InvalidKeySpecException
      • loadPrivateKeyFromDER

        public static java.security.PrivateKey loadPrivateKeyFromDER​(java.io.File file)
                                                              throws java.io.FileNotFoundException,
                                                                     java.io.IOException,
                                                                     java.security.NoSuchAlgorithmException,
                                                                     java.security.spec.InvalidKeySpecException
        Throws:
        java.io.FileNotFoundException
        java.io.IOException
        java.security.NoSuchAlgorithmException
        java.security.spec.InvalidKeySpecException
      • main

        public static void main​(java.lang.String[] args)
                         throws java.lang.Exception
        Throws:
        java.lang.Exception
      • match

        public static boolean match​(java.lang.String hostname,
                                    java.lang.String altName)
        Checks if hostname matches name or wildcard
        Returns:
        true if there is a match
      • parseCertificate

        public static CertificateEntry parseCertificate​(java.io.Reader data)
                                                 throws java.io.IOException,
                                                        java.security.cert.CertificateException,
                                                        java.security.NoSuchAlgorithmException,
                                                        java.security.spec.InvalidKeySpecException
        Throws:
        java.io.IOException
        java.security.cert.CertificateException
        java.security.NoSuchAlgorithmException
        java.security.spec.InvalidKeySpecException
      • removeRootCACertificate

        public static java.security.cert.Certificate[] removeRootCACertificate​(java.security.cert.Certificate[] certChain)
      • sort

        public static java.security.cert.Certificate[] sort​(java.security.cert.Certificate[] chain)
      • sort

        public static java.util.List<java.security.cert.Certificate> sort​(java.util.List<java.security.cert.Certificate> certs)
      • storeCertificate

        public static void storeCertificate​(java.lang.String file,
                                            CertificateEntry entry)
                                     throws java.security.cert.CertificateEncodingException,
                                            java.io.IOException
        Throws:
        java.security.cert.CertificateEncodingException
        java.io.IOException
      • validateCertificate

        public static CertCheckResult validateCertificate​(java.security.cert.Certificate[] chain,
                                                          java.security.KeyStore trustKeystore,
                                                          boolean revocationEnabled)
                                                   throws java.security.NoSuchAlgorithmException,
                                                          java.security.KeyStoreException,
                                                          java.security.InvalidAlgorithmParameterException,
                                                          java.security.cert.CertificateException
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyStoreException
        java.security.InvalidAlgorithmParameterException
        java.security.cert.CertificateException
      • verifyCertificateForDomain

        public static boolean verifyCertificateForDomain​(java.security.cert.X509Certificate cert,
                                                         java.lang.String hostname)
                                                  throws java.security.cert.CertificateParsingException
        Method used to verify if certificate if valid for particular domain (if domain matches CN or ALT of certificate)
        Returns:
        true if certificate is valid
        Throws:
        java.security.cert.CertificateParsingException
      • verifyCertificateForHostname

        protected static boolean verifyCertificateForHostname​(java.lang.String hostname,
                                                              java.security.cert.X509Certificate x509Certificate)
                                                       throws java.security.cert.CertificateParsingException
        Throws:
        java.security.cert.CertificateParsingException
      • verifyCertificateForIp

        protected static boolean verifyCertificateForIp​(java.lang.String ipAddr,
                                                        java.security.cert.X509Certificate x509Certificate)
                                                 throws java.security.cert.CertificateParsingException
        Throws:
        java.security.cert.CertificateParsingException