Class CertificateHelpers


  • public class CertificateHelpers
    extends Object
    Utility methods for certificates handling and reading/writing PEM files.
    Author:
    K. Benedyczak
    • Constructor Detail

      • CertificateHelpers

        public CertificateHelpers()
    • Method Detail

      • getPEMType

        public static CertificateHelpers.PEMContentsType getPEMType​(String name)
        Assumes that the input is the contents of the PEM identification line, after '-----BEGIN ' prefix.
        Parameters:
        name - PEM first line to be checked.
        Returns:
        the type
      • sortChain

        public static X509Certificate[] sortChain​(List<X509Certificate> certificates)
                                           throws IOException
        Creates a chain of certificates, where the top-most certificate (the one without issuing certificate) is the last in the returned array.
        Parameters:
        certificates - unsorted certificates of one chain
        Returns:
        sorted certificate chain
        Throws:
        IOException - if the passed chain is inconsistent
      • toX500Name

        public static org.bouncycastle.asn1.x500.X500Name toX500Name​(X500Principal srcDn)
        Converts X500Principal to X500Name with the JavaAndBCStyle style.
        Parameters:
        srcDn - source object
        Returns:
        converted object
      • getExtensionBytes

        public static byte[] getExtensionBytes​(X509Certificate cert,
                                               String oid)
                                        throws IOException
        Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.
        Parameters:
        cert - The certificate to inspect.
        oid - The extension OID to fetch.
        Returns:
        The value bytes of the extension, returns null in case the extension was not present or was empty.
        Throws:
        IOException - thrown in case the certificate parsing fails.
      • checkKeysMatching

        public static void checkKeysMatching​(PrivateKey privKey,
                                             PublicKey pubKey)
                                      throws InvalidKeyException
        Throws an exception if the private key is not matching the public key. The check is done only for known types of keys - RSA and DSA currently.
        Parameters:
        privKey - first key to match
        pubKey - 2nd key to match
        Throws:
        InvalidKeyException - invalid key exception