Class CertUtils

java.lang.Object
com.netscape.cmscore.cert.CertUtils

public class CertUtils extends Object
Utility class with assorted methods to check for smime pairs, determining the type of cert - signature or encryption ..etc.
Version:
$Revision$, $Date$
Author:
kanda
  • Field Details

    • logger

      public static org.slf4j.Logger logger
    • CT_POISON_OID

      public static final String CT_POISON_OID
      See Also:
    • CT_POISON_CRITICAL

      public static final boolean CT_POISON_CRITICAL
      See Also:
    • CT_POISON_DATA

      public static final byte[] CT_POISON_DATA
  • Constructor Details

    • CertUtils

      public CertUtils()
  • Method Details

    • parseKeyGen

      public static org.mozilla.jss.netscape.security.util.DerInputStream parseKeyGen(String certreq) throws Exception
      Throws:
      Exception
    • setRSAKeyToCertInfo

      public static void setRSAKeyToCertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo info, byte[] encoded) throws EBaseException
      Throws:
      EBaseException
    • sortCerts

      public static void sortCerts(org.mozilla.jss.netscape.security.x509.X509CertImpl[] arr)
    • isSigningCert

      public static boolean isSigningCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)
    • isEncryptionCert

      public static boolean isEncryptionCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)
    • haveSameValidityPeriod

      public static boolean haveSameValidityPeriod(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2)
    • isSmimePair

      public static boolean isSmimePair(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2, boolean matchSubjectDN)
    • isNotYetValidCert

      public static boolean isNotYetValidCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)
    • isValidCert

      public static boolean isValidCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)
    • isExpiredCert

      public static boolean isExpiredCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)
    • sameSubjectDN

      public static boolean sameSubjectDN(String dn1, String dn2)
    • getValidCertsDisplayInfo

      public static String getValidCertsDisplayInfo(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts)
    • getExpiredCertsDisplayInfo

      public static String getExpiredCertsDisplayInfo(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] expiredCerts)
    • getRenewedCertsDisplayInfo

      public static String getRenewedCertsDisplayInfo(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts, org.mozilla.jss.netscape.security.x509.X509CertImpl[] renewedCerts)
    • getCertsDisplayInfo

      public static String getCertsDisplayInfo(org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts)
    • getCertIndex

      public static int getCertIndex(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl givenCert)
      Returns the index of the given cert in an array of certs. Assumptions: The certs are issued by the same CA
      Parameters:
      certArray - The array of certs.
      givenCert - The certificate we are lokking for in the array.
      Returns:
      -1 if not found or the index of the given cert in the array.
    • getRecentSigningCert

      public static org.mozilla.jss.netscape.security.x509.X509CertImpl getRecentSigningCert(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl currentCert)
      Returns the most recently issued signing certificate from an an array of certs. Assumptions: The certs are issued by the same CA
      Parameters:
      certArray - The array of certs.
      currentCert - The certificate we are looking for in the array.
      Returns:
      null if there is no recent cert or the most recent cert.
    • getCertType

      public static String getCertType(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) throws CertificateParsingException, IOException
      Throws:
      CertificateParsingException
      IOException
    • addExtension

      public static void addExtension(String name, org.mozilla.jss.netscape.security.x509.Extension ext, org.mozilla.jss.netscape.security.x509.X509CertInfo info) throws EBaseException
      Throws:
      EBaseException
    • deleteExtension

      public static void deleteExtension(String extID, org.mozilla.jss.netscape.security.x509.X509CertInfo info) throws Exception
      Throws:
      Exception
    • replaceExtension

      public static void replaceExtension(String name, org.mozilla.jss.netscape.security.x509.Extension ext, org.mozilla.jss.netscape.security.x509.X509CertInfo info) throws EBaseException
      Throws:
      EBaseException
    • getExtension

      public static org.mozilla.jss.netscape.security.x509.Extension getExtension(String name, org.mozilla.jss.netscape.security.x509.X509CertInfo info)
    • getExtension

      public static org.mozilla.jss.netscape.security.x509.Extension getExtension(String name, org.mozilla.jss.netscape.security.x509.CertificateExtensions exts)
    • getNSExtensionInfo

      public static String getNSExtensionInfo(org.mozilla.jss.netscape.security.extensions.NSCertTypeExtension nsExtn)
    • readFromFile

      public static byte[] readFromFile(String fileName) throws IOException
      Throws:
      IOException
    • storeInFile

      public static void storeInFile(String fileName, byte[] ba) throws IOException
      Throws:
      IOException
    • mapCert

      public static X509Certificate mapCert(String mime64) throws IOException
      Throws:
      IOException
    • mapCertFromPKCS7

      public static X509Certificate[] mapCertFromPKCS7(String mime64) throws IOException
      Throws:
      IOException
    • mapCRL

      public static X509CRL mapCRL(String mime64) throws IOException
      Throws:
      IOException
    • mapCRL1

      public static X509CRL mapCRL1(String mime64) throws IOException
      Throws:
      IOException
    • normalizeCertStr

      public static String normalizeCertStr(String s)
    • stripCRLBrackets

      public static String stripCRLBrackets(String s)
    • stripCertBrackets

      public static String stripCertBrackets(String s)
      strips out the begin and end certificate brackets
      Parameters:
      s - the string potentially bracketed with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
      Returns:
      string without the brackets
    • getFingerPrint

      public static String getFingerPrint(Certificate cert) throws CertificateEncodingException, NoSuchAlgorithmException
      Returns a string that represents a cert's fingerprint. The fingerprint is a MD5 digest of the DER encoded certificate.
      Parameters:
      cert - Certificate to get the fingerprint of.
      Returns:
      a String that represents the cert's fingerprint.
      Throws:
      CertificateEncodingException
      NoSuchAlgorithmException
    • getFingerPrints

      public static String getFingerPrints(Certificate cert) throws NoSuchAlgorithmException, CertificateEncodingException
      Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER encoded certificate.
      Parameters:
      cert - Certificate to get the fingerprints of.
      Returns:
      a String with fingerprints using the MD5, MD2 and SHA1 hashes. For example,
       MD2:   78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71
      
       MD5:   0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75
      
       SHA1:  DC:D9:F7:AF:E2:83:10:B2:F7:0A:77:E8:50:E2:F7:D1:15:9A:9D:00
       
      Throws:
      NoSuchAlgorithmException
      CertificateEncodingException
    • getFingerPrints

      public static String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException
      Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER encoded certificate.
      Parameters:
      certDer - Certificate to get the fingerprints of.
      Returns:
      a String with fingerprints using the MD5, MD2 and SHA1 hashes. For example,
       MD2:   78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71
      
       MD5:   0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75
      
       SHA1:  DC:D9:F7:AF:E2:83:10:B2:F7:0A:77:E8:50:E2:F7:D1:15:9A:9D:00
       
      Throws:
      NoSuchAlgorithmException
    • checkOID

      public static org.mozilla.jss.netscape.security.util.ObjectIdentifier checkOID(String attrName, String value) throws EBaseException
      Check if a object identifier in string form is valid, that is a string in the form n.n.n.n and der encode and decode-able.
      Parameters:
      attrName - attribute name (from the configuration file)
      value - object identifier string.
      Throws:
      EBaseException
    • trimB64E

      public static String trimB64E(String b64e)
    • addCTv1PoisonExt

      public static void addCTv1PoisonExt(org.mozilla.jss.netscape.security.x509.X509CertInfo certinfo) throws CertificateException, IOException, EBaseException
      Throws:
      CertificateException
      IOException
      EBaseException
    • isCACert

      public static boolean isCACert(X509Certificate cert)
    • printExtensions

      public static void printExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions exts)
    • intToFixedWidthBytes

      public static byte[] intToFixedWidthBytes(int n, int width)
      Write the int as a big-endian byte[] of fixed width (in bytes).
    • bytesToHex

      public static String bytesToHex(byte[] bytes)
    • certInCertChain

      public static boolean certInCertChain(X509Certificate[] certChain, X509Certificate cert)