Package com.netscape.cmscore.cert
Class CertUtils
java.lang.Object
com.netscape.cmscore.cert.CertUtils
Utility class with assorted methods to check for
smime pairs, determining the type of cert - signature
or encryption ..etc.
- Version:
- $Revision$, $Date$
- Author:
- kanda
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic void
addCTv1PoisonExt
(org.mozilla.jss.netscape.security.x509.X509CertInfo certinfo) protected void
static String
bytesToHex
(byte[] bytes) static boolean
certInCertChain
(X509Certificate[] certChain, X509Certificate cert) static org.mozilla.jss.netscape.security.util.ObjectIdentifier
Check if a object identifier in string form is valid, that is a string in the form n.n.n.n and der encode and decode-able.static org.mozilla.jss.netscape.security.pkcs.PKCS10
decodePKCS10
(String req) static org.mozilla.jss.CertificateUsage
getCertificateUsage
(String certusage) static int
getCertIndex
(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl givenCert) Returns the index of the given cert in an array of certs.static String
getCertsDisplayInfo
(org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts) static String
getCertType
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static String
getExpiredCertsDisplayInfo
(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] expiredCerts) static String
getFingerPrint
(Certificate cert) Returns a string that represents a cert's fingerprint.static String
getFingerPrints
(byte[] certDer) Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes.static String
getFingerPrints
(Certificate cert) Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes.static String
getNSExtensionInfo
(org.mozilla.jss.netscape.security.extensions.NSCertTypeExtension nsExtn) static org.mozilla.jss.netscape.security.x509.X509CertImpl
getRecentSigningCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl currentCert) Returns the most recently issued signing certificate from an an array of certs.static String
getRenewedCertsDisplayInfo
(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts, org.mozilla.jss.netscape.security.x509.X509CertImpl[] renewedCerts) static String
getValidCertsDisplayInfo
(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts) static boolean
haveSameValidityPeriod
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2) static byte[]
intToFixedWidthBytes
(int n, int width) Write the int as a big-endian byte[] of fixed width (in bytes).static boolean
isEncryptionCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static boolean
isExpiredCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static boolean
isNotYetValidCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static boolean
isSigningCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static boolean
isSmimePair
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2, boolean matchSubjectDN) static boolean
isValidCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static X509Certificate
static X509Certificate[]
mapCertFromPKCS7
(String mime64) static X509CRL
static X509CRL
static String
static org.mozilla.jss.pkix.crmf.CertReqMsg[]
static org.mozilla.jss.netscape.security.util.DerInputStream
parseKeyGen
(String certreq) static org.mozilla.jss.netscape.security.pkcs.PKCS10
parsePKCS10
(Locale locale, String certreq) static void
printExtensions
(org.mozilla.jss.netscape.security.x509.CertificateExtensions exts) static void
printRequestContent
(Request request) static byte[]
readFromFile
(String fileName) static boolean
sameSubjectDN
(String dn1, String dn2) static void
setRSAKeyToCertInfo
(org.mozilla.jss.netscape.security.x509.X509CertInfo info, byte[] encoded) static void
sortCerts
(org.mozilla.jss.netscape.security.x509.X509CertImpl[] arr) static void
storeInFile
(String fileName, byte[] ba) static String
strips out the begin and end certificate bracketsstatic String
static String
static String
static String
unwrapPKCS10
(String request, boolean checkHeader) Remove the header and footer in the PKCS10 request.static void
verifySystemCertByNickname
(String nickname, String certusage) static void
static void
verifySystemCertByTag
(String tag, boolean checkValidityOnly) static void
verifySystemCerts
(boolean checkValidityOnly) static void
verifySystemCertValidityByNickname
(String nickname)
-
Field Details
-
logger
public static org.slf4j.Logger logger -
CERT_NEW_REQUEST_HEADER
- See Also:
-
CERT_NEW_REQUEST_TRAILER
- See Also:
-
CERT_RENEWAL_HEADER
- See Also:
-
CERT_RENEWAL_TRAILER
- See Also:
-
BEGIN_CRL_HEADER
- See Also:
-
END_CRL_HEADER
- See Also:
-
CT_POISON_OID
- See Also:
-
CT_POISON_CRITICAL
public static final boolean CT_POISON_CRITICAL- See Also:
-
CT_POISON_DATA
public static final byte[] CT_POISON_DATA
-
-
Constructor Details
-
CertUtils
public CertUtils()
-
-
Method Details
-
parseKeyGen
public static org.mozilla.jss.netscape.security.util.DerInputStream parseKeyGen(String certreq) throws Exception - Throws:
Exception
-
unwrapPKCS10
Remove the header and footer in the PKCS10 request.- Throws:
EBaseException
-
decodePKCS10
public static org.mozilla.jss.netscape.security.pkcs.PKCS10 decodePKCS10(String req) throws EBaseException - Throws:
EBaseException
-
parsePKCS10
public static org.mozilla.jss.netscape.security.pkcs.PKCS10 parsePKCS10(Locale locale, String certreq) throws Exception - Throws:
Exception
-
parseCRMF
public static org.mozilla.jss.pkix.crmf.CertReqMsg[] parseCRMF(Locale locale, String certreq) throws Exception - Throws:
Exception
-
setRSAKeyToCertInfo
public static void setRSAKeyToCertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo info, byte[] encoded) throws EBaseException - Throws:
EBaseException
-
sortCerts
public static void sortCerts(org.mozilla.jss.netscape.security.x509.X509CertImpl[] arr) -
isSigningCert
public static boolean isSigningCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) -
isEncryptionCert
public static boolean isEncryptionCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) -
haveSameValidityPeriod
public static boolean haveSameValidityPeriod(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2) -
isSmimePair
public static boolean isSmimePair(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2, boolean matchSubjectDN) -
isNotYetValidCert
public static boolean isNotYetValidCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) -
isValidCert
public static boolean isValidCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) -
isExpiredCert
public static boolean isExpiredCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) -
sameSubjectDN
-
getValidCertsDisplayInfo
-
getExpiredCertsDisplayInfo
-
getRenewedCertsDisplayInfo
-
getCertsDisplayInfo
public static String getCertsDisplayInfo(org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts) -
getCertIndex
public static int getCertIndex(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl givenCert) Returns the index of the given cert in an array of certs. Assumptions: The certs are issued by the same CA- Parameters:
certArray
- The array of certs.givenCert
- The certificate we are lokking for in the array.- Returns:
- -1 if not found or the index of the given cert in the array.
-
getRecentSigningCert
public static org.mozilla.jss.netscape.security.x509.X509CertImpl getRecentSigningCert(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl currentCert) Returns the most recently issued signing certificate from an an array of certs. Assumptions: The certs are issued by the same CA- Parameters:
certArray
- The array of certs.currentCert
- The certificate we are looking for in the array.- Returns:
- null if there is no recent cert or the most recent cert.
-
getCertType
public static String getCertType(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) throws CertificateParsingException, IOException -
getNSExtensionInfo
public static String getNSExtensionInfo(org.mozilla.jss.netscape.security.extensions.NSCertTypeExtension nsExtn) -
readFromFile
- Throws:
IOException
-
storeInFile
- Throws:
IOException
-
mapCert
- Throws:
IOException
-
mapCertFromPKCS7
- Throws:
IOException
-
mapCRL
- Throws:
IOException
-
mapCRL1
- Throws:
IOException
-
normalizeCertStr
-
stripCRLBrackets
-
stripCertBrackets
strips out the begin and end certificate brackets- Parameters:
s
- the string potentially bracketed with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"- Returns:
- string without the brackets
-
getFingerPrint
public static String getFingerPrint(Certificate cert) throws CertificateEncodingException, NoSuchAlgorithmException Returns a string that represents a cert's fingerprint. The fingerprint is a MD5 digest of the DER encoded certificate.- Parameters:
cert
- Certificate to get the fingerprint of.- Returns:
- a String that represents the cert's fingerprint.
- Throws:
CertificateEncodingException
NoSuchAlgorithmException
-
getFingerPrints
public static String getFingerPrints(Certificate cert) throws NoSuchAlgorithmException, CertificateEncodingException Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER encoded certificate.- Parameters:
cert
- Certificate to get the fingerprints of.- Returns:
- a String with fingerprints using the MD5, MD2 and SHA1 hashes.
For example,
MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71 MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75 SHA1: DC:D9:F7:AF:E2:83:10:B2:F7:0A:77:E8:50:E2:F7:D1:15:9A:9D:00
- Throws:
NoSuchAlgorithmException
CertificateEncodingException
-
getFingerPrints
Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER encoded certificate.- Parameters:
certDer
- Certificate to get the fingerprints of.- Returns:
- a String with fingerprints using the MD5, MD2 and SHA1 hashes.
For example,
MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71 MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75 SHA1: DC:D9:F7:AF:E2:83:10:B2:F7:0A:77:E8:50:E2:F7:D1:15:9A:9D:00
- Throws:
NoSuchAlgorithmException
-
checkOID
public static org.mozilla.jss.netscape.security.util.ObjectIdentifier checkOID(String attrName, String value) throws EBaseException Check if a object identifier in string form is valid, that is a string in the form n.n.n.n and der encode and decode-able.- Parameters:
attrName
- attribute name (from the configuration file)value
- object identifier string.- Throws:
EBaseException
-
trimB64E
-
verifySystemCertValidityByNickname
- Throws:
Exception
-
verifySystemCertByNickname
- Throws:
Exception
-
verifySystemCertByTag
- Throws:
Exception
-
verifySystemCertByTag
- Throws:
Exception
-
getCertificateUsage
-
verifySystemCerts
- Throws:
Exception
-
toLowerCaseSubsystemType
-
printRequestContent
-
addCTv1PoisonExt
public static void addCTv1PoisonExt(org.mozilla.jss.netscape.security.x509.X509CertInfo certinfo) throws CertificateException, IOException, EBaseException -
printExtensions
public static void printExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions exts) -
intToFixedWidthBytes
public static byte[] intToFixedWidthBytes(int n, int width) Write the int as a big-endian byte[] of fixed width (in bytes). -
bytesToHex
-
audit
-
certInCertChain
-