|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opensaml.xml.security.x509.X509Util
public class X509Util
Utility class for working with X509 objects.
Nested Class Summary | |
---|---|
static class |
X509Util.ENCODING_FORMAT
Encoding used to store a key or certificate in a file. |
Field Summary | |
---|---|
static java.lang.String |
CN_OID
Common Name (CN) OID. |
static java.lang.Integer |
DIRECTORY_ALT_NAME
RFC 2459 Directory Name Subject Alt Name type. |
static java.lang.Integer |
DNS_ALT_NAME
RFC 2459 DNS Subject Alt Name type. |
static java.lang.Integer |
EDI_PARTY_ALT_NAME
RFC 2459 EDI Party Name Subject Alt Name type. |
static java.lang.Integer |
IP_ADDRESS_ALT_NAME
RFC 2459 IP Address Subject Alt Name type. |
static java.lang.Integer |
OTHER_ALT_NAME
RFC 2459 Other Subject Alt Name type. |
static java.lang.Integer |
REGISTERED_ID_ALT_NAME
RFC 2459 Registered ID Subject Alt Name type. |
static java.lang.Integer |
RFC822_ALT_NAME
RFC 2459 RFC 822 (email address) Subject Alt Name type. |
static java.lang.Integer |
URI_ALT_NAME
RFC 2459 URI Subject Alt Name type. |
static java.lang.Integer |
X400ADDRESS_ALT_NAME
RFC 2459 X.400 Address Subject Alt Name type. |
Constructor Summary | |
---|---|
protected |
X509Util()
Constructed. |
Method Summary | |
---|---|
static java.util.Collection<java.security.cert.X509Certificate> |
decodeCertificate(byte[] certs)
Decodes X.509 certificates in DER or PEM format. |
static java.util.Collection<java.security.cert.X509Certificate> |
decodeCertificate(java.io.File certs)
Decodes X.509 certificates in DER or PEM format. |
static java.util.Collection<java.security.cert.X509CRL> |
decodeCRLs(byte[] crls)
Decodes CRLS in DER or PKCS#7 format. |
static java.util.Collection<java.security.cert.X509CRL> |
decodeCRLs(java.io.File crls)
Decodes CRLS in DER or PKCS#7 format. |
static java.security.cert.X509Certificate |
determineEntityCertificate(java.util.Collection<java.security.cert.X509Certificate> certs,
java.security.PrivateKey privateKey)
Determines the certificate, from the collection, associated with the private key. |
static java.util.List |
getAltNames(java.security.cert.X509Certificate certificate,
java.lang.Integer[] nameTypes)
Gets the list of alternative names of a given name type. |
static java.util.List<java.lang.String> |
getCommonNames(javax.security.auth.x500.X500Principal dn)
Gets the commons names that appear within the given distinguished name. |
static java.lang.String |
getIdentifiersToken(X509Credential credential,
X500DNHandler handler)
Gets a formatted string representing identifier information from the supplied credential. |
static byte[] |
getSubjectKeyIdentifier(java.security.cert.X509Certificate certificate)
Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if present. |
static java.util.List |
getSubjectNames(java.security.cert.X509Certificate certificate,
java.lang.Integer[] altNameTypes)
Gets the common name components of the issuer and all the subject alt names of a given type. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String CN_OID
public static final java.lang.Integer OTHER_ALT_NAME
public static final java.lang.Integer RFC822_ALT_NAME
public static final java.lang.Integer DNS_ALT_NAME
public static final java.lang.Integer X400ADDRESS_ALT_NAME
public static final java.lang.Integer DIRECTORY_ALT_NAME
public static final java.lang.Integer EDI_PARTY_ALT_NAME
public static final java.lang.Integer URI_ALT_NAME
public static final java.lang.Integer IP_ADDRESS_ALT_NAME
public static final java.lang.Integer REGISTERED_ID_ALT_NAME
Constructor Detail |
---|
protected X509Util()
Method Detail |
---|
public static java.security.cert.X509Certificate determineEntityCertificate(java.util.Collection<java.security.cert.X509Certificate> certs, java.security.PrivateKey privateKey) throws SecurityException
certs
- certificates to checkprivateKey
- entity's private key
SecurityException
- thrown if the public or private keys checked are of an unsupported typepublic static java.util.List<java.lang.String> getCommonNames(javax.security.auth.x500.X500Principal dn)
dn
- the DN to extract the common names from
public static java.util.List getAltNames(java.security.cert.X509Certificate certificate, java.lang.Integer[] nameTypes)
certificate
- the certificate to extract the alternative names fromnameTypes
- the name types
public static java.util.List getSubjectNames(java.security.cert.X509Certificate certificate, java.lang.Integer[] altNameTypes)
certificate
- certificate to extract names fromaltNameTypes
- type of alt names to extract
public static byte[] getSubjectKeyIdentifier(java.security.cert.X509Certificate certificate)
certificate
- an X.509 certificate possibly containing a subject key identifier
java.io.IOException
public static java.util.Collection<java.security.cert.X509Certificate> decodeCertificate(java.io.File certs) throws java.security.cert.CertificateException
certs
- encoded certs
java.security.cert.CertificateException
- thrown if the certificates can not be decodedpublic static java.util.Collection<java.security.cert.X509Certificate> decodeCertificate(byte[] certs) throws java.security.cert.CertificateException
certs
- encoded certs
java.security.cert.CertificateException
- thrown if the certificates can not be decodedpublic static java.util.Collection<java.security.cert.X509CRL> decodeCRLs(java.io.File crls) throws java.security.cert.CRLException
crls
- encoded CRLs
java.security.cert.CRLException
- thrown if the CRLs can not be decodedpublic static java.util.Collection<java.security.cert.X509CRL> decodeCRLs(byte[] crls) throws java.security.cert.CRLException
crls
- encoded CRLs
java.security.cert.CRLException
- thrown if the CRLs can not be decodedpublic static java.lang.String getIdentifiersToken(X509Credential credential, X500DNHandler handler)
This could for example be used in logging messages.
Often it will be the case that a given credential that is being evaluated will NOT have a value for the entity ID property. So extract the certificate subject DN, and if present, the credential's entity ID.
credential
- the credential for which to produce a token.handler
- the X.500 DN handler to use. If null, a new instance of InternalX500DNHandler
will be
used.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |