Package org.cryptacular.util
Class CertUtil
java.lang.Object
org.cryptacular.util.CertUtil
Utility class providing convenience methods for common operations on X.509 certificates.
- Author:
- Middleware Services
-
Method Summary
Modifier and TypeMethodDescriptionstatic boolean
allowsUsage
(X509Certificate cert, org.bouncycastle.asn1.x509.KeyPurposeId... purposes) Determines whether the certificate allows the given extended key usages.static boolean
allowsUsage
(X509Certificate cert, KeyUsageBits... bits) Determines whether the certificate allows the given basic key usages.static String
Gets the authority key identifier of the given certificate in delimited hexadecimal format, e.g.static X509Certificate
decodeCertificate
(byte[] encoded) Creates an X.509 certificate from its ASN.1 encoded form.static X509Certificate[]
decodeCertificateChain
(byte[] encoded) Creates an X.509 certificate chain from its ASN.1 encoded form.static X509Certificate
findEntityCertificate
(PrivateKey key, X509Certificate... candidates) Finds a certificate whose public key is paired with the given private key.static X509Certificate
findEntityCertificate
(PrivateKey key, Collection<X509Certificate> candidates) Finds a certificate whose public key is paired with the given private key.static boolean
hasPolicies
(X509Certificate cert, String... policyOidsToCheck) Determines whether the certificate defines all of the given certificate policies.static X509Certificate
readCertificate
(File file) Reads an X.509 certificate from ASN.1 encoded format from the given file.static X509Certificate
Reads an X.509 certificate from ASN.1 encoded data in the given stream.static X509Certificate
readCertificate
(String path) Reads an X.509 certificate from ASN.1 encoded format in the file at the given location.static X509Certificate[]
readCertificateChain
(File file) Reads an X.509 certificate chain from ASN.1 encoded format from the given file.static X509Certificate[]
Reads an X.509 certificate chain from ASN.1 encoded data in the given stream.static X509Certificate[]
readCertificateChain
(String path) Reads an X.509 certificate chain from ASN.1 encoded format in the file at the given location.static org.bouncycastle.asn1.x509.GeneralNames
Gets all subject alternative names defined on the given certificate.static org.bouncycastle.asn1.x509.GeneralNames
subjectAltNames
(X509Certificate cert, GeneralNameType... types) Gets all subject alternative names of the given type(s) on the given cert.static String
subjectCN
(X509Certificate cert) Gets the common name attribute (CN) of the certificate subject distinguished name.static String
subjectKeyId
(X509Certificate cert) Gets the subject key identifier of the given certificate in delimited hexadecimal format, e.g.subjectNames
(X509Certificate cert) Gets a list of all subject names defined for the given certificate.subjectNames
(X509Certificate cert, GeneralNameType... types) Gets a list of subject names defined for the given certificate.
-
Method Details
-
subjectCN
Gets the common name attribute (CN) of the certificate subject distinguished name.- Parameters:
cert
- Certificate to examine.- Returns:
- Subject CN or null if no CN attribute is defined in the subject DN.
- Throws:
EncodingException
- on cert field extraction.
-
subjectAltNames
public static org.bouncycastle.asn1.x509.GeneralNames subjectAltNames(X509Certificate cert) throws EncodingException Gets all subject alternative names defined on the given certificate.- Parameters:
cert
- X.509 certificate to examine.- Returns:
- List of subject alternative names or null if no subject alt names are defined.
- Throws:
EncodingException
- on cert field extraction.
-
subjectAltNames
public static org.bouncycastle.asn1.x509.GeneralNames subjectAltNames(X509Certificate cert, GeneralNameType... types) throws EncodingException Gets all subject alternative names of the given type(s) on the given cert.- Parameters:
cert
- X.509 certificate to examine.types
- One or more subject alternative name types to fetch.- Returns:
- List of subject alternative names of the matching type(s) or null if none found.
- Throws:
EncodingException
- on cert field extraction.
-
subjectNames
Gets a list of all subject names defined for the given certificate. The list includes the first common name (CN) specified in the subject distinguished name (if defined) and all subject alternative names.- Parameters:
cert
- X.509 certificate to examine.- Returns:
- List of subject names.
- Throws:
EncodingException
- on cert field extraction.
-
subjectNames
public static List<String> subjectNames(X509Certificate cert, GeneralNameType... types) throws EncodingException Gets a list of subject names defined for the given certificate. The list includes the first common name (CN) specified in the subject distinguished name (if defined) and all subject alternative names of the given type.- Parameters:
cert
- X.509 certificate to examine.types
- One or more subject alternative name types to fetch.- Returns:
- List of subject names.
- Throws:
EncodingException
- on cert field extraction.
-
findEntityCertificate
public static X509Certificate findEntityCertificate(PrivateKey key, X509Certificate... candidates) throws EncodingException Finds a certificate whose public key is paired with the given private key.- Parameters:
key
- Private key used to find matching public key.candidates
- Array of candidate certificates.- Returns:
- Certificate whose public key forms a keypair with the private key or null if no match is found.
- Throws:
EncodingException
- on cert field extraction.
-
findEntityCertificate
public static X509Certificate findEntityCertificate(PrivateKey key, Collection<X509Certificate> candidates) throws EncodingException Finds a certificate whose public key is paired with the given private key.- Parameters:
key
- Private key used to find matching public key.candidates
- Collection of candidate certificates.- Returns:
- Certificate whose public key forms a keypair with the private key or null if no match is found.
- Throws:
EncodingException
- on cert field extraction.
-
readCertificate
public static X509Certificate readCertificate(String path) throws EncodingException, StreamException Reads an X.509 certificate from ASN.1 encoded format in the file at the given location.- Parameters:
path
- Path to file containing an DER or PEM encoded X.509 certificate.- Returns:
- Certificate.
- Throws:
EncodingException
- on cert parsing errors.StreamException
- on IO errors.
-
readCertificate
Reads an X.509 certificate from ASN.1 encoded format from the given file.- Parameters:
file
- File containing an DER or PEM encoded X.509 certificate.- Returns:
- Certificate.
- Throws:
EncodingException
- on cert parsing errors.StreamException
- on IO errors.
-
readCertificate
public static X509Certificate readCertificate(InputStream in) throws EncodingException, StreamException Reads an X.509 certificate from ASN.1 encoded data in the given stream.- Parameters:
in
- Input stream containing PEM or DER encoded X.509 certificate.- Returns:
- Certificate.
- Throws:
EncodingException
- on cert parsing errors.StreamException
- on IO errors.
-
decodeCertificate
Creates an X.509 certificate from its ASN.1 encoded form.- Parameters:
encoded
- PEM or DER encoded ASN.1 data.- Returns:
- Certificate.
- Throws:
EncodingException
- on cert parsing errors.
-
readCertificateChain
public static X509Certificate[] readCertificateChain(String path) throws EncodingException, StreamException Reads an X.509 certificate chain from ASN.1 encoded format in the file at the given location.- Parameters:
path
- Path to file containing a sequence of PEM or DER encoded certificates or PKCS#7 certificate chain.- Returns:
- Certificate.
- Throws:
EncodingException
- on cert parsing errors.StreamException
- on IO errors.
-
readCertificateChain
public static X509Certificate[] readCertificateChain(File file) throws EncodingException, StreamException Reads an X.509 certificate chain from ASN.1 encoded format from the given file.- Parameters:
file
- File containing a sequence of PEM or DER encoded certificates or PKCS#7 certificate chain.- Returns:
- Certificate.
- Throws:
EncodingException
- on cert parsing errors.StreamException
- on IO errors.
-
readCertificateChain
public static X509Certificate[] readCertificateChain(InputStream in) throws EncodingException, StreamException Reads an X.509 certificate chain from ASN.1 encoded data in the given stream.- Parameters:
in
- Input stream containing a sequence of PEM or DER encoded certificates or PKCS#7 certificate chain.- Returns:
- Certificate.
- Throws:
EncodingException
- on cert parsing errors.StreamException
- on IO errors.
-
decodeCertificateChain
Creates an X.509 certificate chain from its ASN.1 encoded form.- Parameters:
encoded
- Sequence of PEM or DER encoded certificates or PKCS#7 certificate chain.- Returns:
- Certificate.
- Throws:
EncodingException
- on cert parsing errors.
-
allowsUsage
public static boolean allowsUsage(X509Certificate cert, KeyUsageBits... bits) throws EncodingException Determines whether the certificate allows the given basic key usages.- Parameters:
cert
- Certificate to check.bits
- One or more basic key usage types to check.- Returns:
- True if certificate allows all given usage types, false otherwise.
- Throws:
EncodingException
- on cert field extraction.
-
allowsUsage
public static boolean allowsUsage(X509Certificate cert, org.bouncycastle.asn1.x509.KeyPurposeId... purposes) throws EncodingException Determines whether the certificate allows the given extended key usages.- Parameters:
cert
- Certificate to check.purposes
- One ore more extended key usage purposes to check.- Returns:
- True if certificate allows all given purposes, false otherwise.
- Throws:
EncodingException
- on cert field extraction.
-
hasPolicies
public static boolean hasPolicies(X509Certificate cert, String... policyOidsToCheck) throws EncodingException Determines whether the certificate defines all of the given certificate policies.- Parameters:
cert
- Certificate to check.policyOidsToCheck
- One or more certificate policy OIDs to check.- Returns:
- True if certificate defines all given policy OIDs, false otherwise.
- Throws:
EncodingException
- on cert field extraction.
-
subjectKeyId
Gets the subject key identifier of the given certificate in delimited hexadecimal format, e.g.25:48:2f:28:ec:5d:19:bb:1d:25:ae:94:93:b1:7b:b5:35:96:24:66
.- Parameters:
cert
- Certificate to process.- Returns:
- Subject key identifier in colon-delimited hex format.
- Throws:
EncodingException
- on cert field extraction.
-
authorityKeyId
Gets the authority key identifier of the given certificate in delimited hexadecimal format, e.g.25:48:2f:28:ec:5d:19:bb:1d:25:ae:94:93:b1:7b:b5:35:96:24:66
.- Parameters:
cert
- Certificate to process.- Returns:
- Authority key identifier in colon-delimited hex format.
- Throws:
EncodingException
- on cert field extraction.
-