Package com.netscape.cmscore.cert
Class CertUtils
java.lang.Object
com.netscape.cmscore.cert.CertUtils
Utility class with assorted methods to check for
smime pairs, determining the type of cert - signature
or encryption ..etc.
- Version:
- $Revision$, $Date$
- Author:
- kanda
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final boolean
static final byte[]
static final String
static org.slf4j.Logger
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic void
addCTv1PoisonExt
(org.mozilla.jss.netscape.security.x509.X509CertInfo certinfo) static void
addExtension
(String name, org.mozilla.jss.netscape.security.x509.Extension ext, org.mozilla.jss.netscape.security.x509.X509CertInfo info) static String
bytesToHex
(byte[] bytes) static boolean
certInCertChain
(X509Certificate[] certChain, X509Certificate cert) static org.mozilla.jss.netscape.security.util.ObjectIdentifier
Check if a object identifier in string form is valid, that is a string in the form n.n.n.n and der encode and decode-able.static void
deleteExtension
(String extID, org.mozilla.jss.netscape.security.x509.X509CertInfo info) static int
getCertIndex
(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl givenCert) Returns the index of the given cert in an array of certs.static String
getCertsDisplayInfo
(org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts) static String
getCertType
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static String
getExpiredCertsDisplayInfo
(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] expiredCerts) static org.mozilla.jss.netscape.security.x509.Extension
getExtension
(String name, org.mozilla.jss.netscape.security.x509.CertificateExtensions exts) static org.mozilla.jss.netscape.security.x509.Extension
getExtension
(String name, org.mozilla.jss.netscape.security.x509.X509CertInfo info) static String
getFingerPrint
(Certificate cert) Returns a string that represents a cert's fingerprint.static String
getFingerPrints
(byte[] certDer) Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes.static String
getFingerPrints
(Certificate cert) Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes.static String
getNSExtensionInfo
(org.mozilla.jss.netscape.security.extensions.NSCertTypeExtension nsExtn) static org.mozilla.jss.netscape.security.x509.X509CertImpl
getRecentSigningCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl currentCert) Returns the most recently issued signing certificate from an an array of certs.static String
getRenewedCertsDisplayInfo
(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts, org.mozilla.jss.netscape.security.x509.X509CertImpl[] renewedCerts) static String
getValidCertsDisplayInfo
(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts) static boolean
haveSameValidityPeriod
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2) static byte[]
intToFixedWidthBytes
(int n, int width) Write the int as a big-endian byte[] of fixed width (in bytes).static boolean
isCACert
(X509Certificate cert) static boolean
isEncryptionCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static boolean
isExpiredCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static boolean
isNotYetValidCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static boolean
isSigningCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static boolean
isSmimePair
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2, boolean matchSubjectDN) static boolean
isValidCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static X509Certificate
static X509Certificate[]
mapCertFromPKCS7
(String mime64) static X509CRL
static X509CRL
static String
static org.mozilla.jss.netscape.security.util.DerInputStream
parseKeyGen
(String certreq) static void
printExtensions
(org.mozilla.jss.netscape.security.x509.CertificateExtensions exts) static byte[]
readFromFile
(String fileName) static void
replaceExtension
(String name, org.mozilla.jss.netscape.security.x509.Extension ext, org.mozilla.jss.netscape.security.x509.X509CertInfo info) static boolean
sameSubjectDN
(String dn1, String dn2) static void
setRSAKeyToCertInfo
(org.mozilla.jss.netscape.security.x509.X509CertInfo info, byte[] encoded) static void
sortCerts
(org.mozilla.jss.netscape.security.x509.X509CertImpl[] arr) static void
storeInFile
(String fileName, byte[] ba) static String
strips out the begin and end certificate bracketsstatic String
static String
-
Field Details
-
logger
public static org.slf4j.Logger logger -
CT_POISON_OID
- See Also:
-
CT_POISON_CRITICAL
public static final boolean CT_POISON_CRITICAL- See Also:
-
CT_POISON_DATA
public static final byte[] CT_POISON_DATA
-
-
Constructor Details
-
CertUtils
public CertUtils()
-
-
Method Details
-
parseKeyGen
public static org.mozilla.jss.netscape.security.util.DerInputStream parseKeyGen(String certreq) throws Exception - Throws:
Exception
-
setRSAKeyToCertInfo
public static void setRSAKeyToCertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo info, byte[] encoded) throws EBaseException - Throws:
EBaseException
-
sortCerts
public static void sortCerts(org.mozilla.jss.netscape.security.x509.X509CertImpl[] arr) -
isSigningCert
public static boolean isSigningCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) -
isEncryptionCert
public static boolean isEncryptionCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) -
haveSameValidityPeriod
public static boolean haveSameValidityPeriod(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2) -
isSmimePair
public static boolean isSmimePair(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2, boolean matchSubjectDN) -
isNotYetValidCert
public static boolean isNotYetValidCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) -
isValidCert
public static boolean isValidCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) -
isExpiredCert
public static boolean isExpiredCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) -
sameSubjectDN
-
getValidCertsDisplayInfo
-
getExpiredCertsDisplayInfo
-
getRenewedCertsDisplayInfo
-
getCertsDisplayInfo
public static String getCertsDisplayInfo(org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts) -
getCertIndex
public static int getCertIndex(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl givenCert) Returns the index of the given cert in an array of certs. Assumptions: The certs are issued by the same CA- Parameters:
certArray
- The array of certs.givenCert
- The certificate we are lokking for in the array.- Returns:
- -1 if not found or the index of the given cert in the array.
-
getRecentSigningCert
public static org.mozilla.jss.netscape.security.x509.X509CertImpl getRecentSigningCert(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl currentCert) Returns the most recently issued signing certificate from an an array of certs. Assumptions: The certs are issued by the same CA- Parameters:
certArray
- The array of certs.currentCert
- The certificate we are looking for in the array.- Returns:
- null if there is no recent cert or the most recent cert.
-
getCertType
public static String getCertType(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) throws CertificateParsingException, IOException -
addExtension
public static void addExtension(String name, org.mozilla.jss.netscape.security.x509.Extension ext, org.mozilla.jss.netscape.security.x509.X509CertInfo info) throws EBaseException - Throws:
EBaseException
-
deleteExtension
public static void deleteExtension(String extID, org.mozilla.jss.netscape.security.x509.X509CertInfo info) throws Exception - Throws:
Exception
-
replaceExtension
public static void replaceExtension(String name, org.mozilla.jss.netscape.security.x509.Extension ext, org.mozilla.jss.netscape.security.x509.X509CertInfo info) throws EBaseException - Throws:
EBaseException
-
getExtension
public static org.mozilla.jss.netscape.security.x509.Extension getExtension(String name, org.mozilla.jss.netscape.security.x509.X509CertInfo info) -
getExtension
public static org.mozilla.jss.netscape.security.x509.Extension getExtension(String name, org.mozilla.jss.netscape.security.x509.CertificateExtensions exts) -
getNSExtensionInfo
public static String getNSExtensionInfo(org.mozilla.jss.netscape.security.extensions.NSCertTypeExtension nsExtn) -
readFromFile
- Throws:
IOException
-
storeInFile
- Throws:
IOException
-
mapCert
- Throws:
IOException
-
mapCertFromPKCS7
- Throws:
IOException
-
mapCRL
- Throws:
IOException
-
mapCRL1
- Throws:
IOException
-
normalizeCertStr
-
stripCRLBrackets
-
stripCertBrackets
strips out the begin and end certificate brackets- Parameters:
s
- the string potentially bracketed with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"- Returns:
- string without the brackets
-
getFingerPrint
public static String getFingerPrint(Certificate cert) throws CertificateEncodingException, NoSuchAlgorithmException Returns a string that represents a cert's fingerprint. The fingerprint is a MD5 digest of the DER encoded certificate.- Parameters:
cert
- Certificate to get the fingerprint of.- Returns:
- a String that represents the cert's fingerprint.
- Throws:
CertificateEncodingException
NoSuchAlgorithmException
-
getFingerPrints
public static String getFingerPrints(Certificate cert) throws NoSuchAlgorithmException, CertificateEncodingException Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER encoded certificate.- Parameters:
cert
- Certificate to get the fingerprints of.- Returns:
- a String with fingerprints using the MD5, MD2 and SHA1 hashes.
For example,
MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71 MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75 SHA1: DC:D9:F7:AF:E2:83:10:B2:F7:0A:77:E8:50:E2:F7:D1:15:9A:9D:00
- Throws:
NoSuchAlgorithmException
CertificateEncodingException
-
getFingerPrints
Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER encoded certificate.- Parameters:
certDer
- Certificate to get the fingerprints of.- Returns:
- a String with fingerprints using the MD5, MD2 and SHA1 hashes.
For example,
MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71 MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75 SHA1: DC:D9:F7:AF:E2:83:10:B2:F7:0A:77:E8:50:E2:F7:D1:15:9A:9D:00
- Throws:
NoSuchAlgorithmException
-
checkOID
public static org.mozilla.jss.netscape.security.util.ObjectIdentifier checkOID(String attrName, String value) throws EBaseException Check if a object identifier in string form is valid, that is a string in the form n.n.n.n and der encode and decode-able.- Parameters:
attrName
- attribute name (from the configuration file)value
- object identifier string.- Throws:
EBaseException
-
trimB64E
-
addCTv1PoisonExt
public static void addCTv1PoisonExt(org.mozilla.jss.netscape.security.x509.X509CertInfo certinfo) throws CertificateException, IOException, EBaseException -
isCACert
-
printExtensions
public static void printExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions exts) -
intToFixedWidthBytes
public static byte[] intToFixedWidthBytes(int n, int width) Write the int as a big-endian byte[] of fixed width (in bytes). -
bytesToHex
-
certInCertChain
-