Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.objectweb.proactive.ext.security
Class CertTools

java.lang.Object
  extended by org.objectweb.proactive.ext.security.CertTools

public class CertTools
extends java.lang.Object

Tools to handle common certificate operations.

Field Summary
static java.lang.String DNS
           
static java.lang.String EMAIL
           
static java.lang.String EMAIL1
           
static java.lang.String EMAIL2
           
static java.lang.String EMAIL3
           
static java.lang.String UPN
          Microsoft altName for windows smart card logon
static java.lang.String UPN_OBJECTID
          ObjectID for upn altName for windows smart card logon
static java.lang.String URI
           
static java.lang.String URI1
           
 
Method Summary
static java.security.cert.X509Certificate genCert(java.lang.String dn, long validity, java.lang.String policyId, java.security.PrivateKey privKey, java.security.PublicKey pubKey, boolean isCA, java.lang.String caDn, java.security.PrivateKey caPrivateKey, java.security.PublicKey acPubKey)
           
static byte[] generateMD5Fingerprint(byte[] ba)
          Generate a MD5 fingerprint from a byte array containing a X.509 certificate
static byte[] generateSHA1Fingerprint(byte[] ba)
          Generate a SHA1 fingerprint from a byte array containing a X.509 certificate
static java.security.cert.X509Certificate genSelfCert(java.lang.String dn, long validity, java.lang.String policyId, java.security.PrivateKey privKey, java.security.PublicKey pubKey, boolean isCA)
          DOCUMENT ME!
static byte[] getAuthorityKeyId(java.security.cert.X509Certificate cert)
          Get the authority key identifier from a certificate extensions
static java.lang.String getCertFingerprintAsString(byte[] ba)
          Generate SHA1 fingerprint in string representation.
static java.security.cert.X509Certificate getCertfromByteArray(byte[] cert)
          Creates X509Certificate from byte[].
static java.security.cert.CertificateFactory getCertificateFactory()
           
static java.lang.String getCertificatePolicyId(java.security.cert.X509Certificate cert, int pos)
          Get a certificate policy ID from a certificate policies extension
static java.util.Collection getCertsFromPEM(java.io.InputStream certstream)
          Reads a certificate in PEM-format from an InputStream.
static java.util.Collection getCertsFromPEM(java.lang.String certFile)
          Reads a certificate in PEM-format from a file.
static java.net.URL getCrlDistributionPoint(java.security.cert.X509Certificate certificate)
          Return the CRL distribution point URL form a certificate.
static java.security.cert.X509CRL getCRLfromByteArray(byte[] crl)
          Creates X509CRL from byte[].
static java.lang.String getEmailFromDN(java.lang.String dn)
          Convenience method for getting an email address from a DN.
static java.lang.String getFingerprintAsString(java.security.cert.X509Certificate cert)
          Generate SHA1 fingerprint of certificate in string representation.
static java.lang.String getFingerprintAsString(java.security.cert.X509CRL crl)
          Generate SHA1 fingerprint of CRL in string representation.
static java.lang.String getIssuerDN(java.security.cert.X509Certificate cert)
          Gets issuer DN in the format we are sure about (BouncyCastle),supporting UTF8.
static java.lang.String getIssuerDN(java.security.cert.X509CRL crl)
          Gets issuer DN for CRL in the format we are sure about (BouncyCastle),supporting UTF8.
static java.lang.String getPartFromDN(java.lang.String dn, java.lang.String dnpart)
          Gets a specified part of a DN.
static byte[] getPEMFromCerts(java.util.Collection certs)
          Returns a certificate in PEM-format.
static java.lang.String getSubjectDN(java.security.cert.X509Certificate cert)
          Gets subject DN in the format we are sure about (BouncyCastle),supporting UTF8.
static byte[] getSubjectKeyId(java.security.cert.X509Certificate cert)
          Get the subject key identifier from a certificate extensions
static java.lang.String getUPNAltName(java.security.cert.X509Certificate cert)
          Gets the Microsoft specific UPN altName.
static void installBCProvider()
           
static boolean isSelfSigned(java.security.cert.X509Certificate cert)
          Checks if a certificate is self signed by verifying if subject and issuer are the same.
static java.security.KeyPair keyPair(int size)
           
static java.lang.String stringToBCDNString(java.lang.String dn)
          Every DN-string should look the same.
static org.bouncycastle.asn1.x509.X509Name stringToBcX509Name(java.lang.String dn)
          Creates a (Bouncycastle) X509Name object from a string with a DN.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

EMAIL

public static final java.lang.String EMAIL
See Also:
Constant Field Values

EMAIL1

public static final java.lang.String EMAIL1
See Also:
Constant Field Values

EMAIL2

public static final java.lang.String EMAIL2
See Also:
Constant Field Values

EMAIL3

public static final java.lang.String EMAIL3
See Also:
Constant Field Values

DNS

public static final java.lang.String DNS
See Also:
Constant Field Values

URI

public static final java.lang.String URI
See Also:
Constant Field Values

URI1

public static final java.lang.String URI1
See Also:
Constant Field Values

UPN

public static final java.lang.String UPN
Microsoft altName for windows smart card logon

See Also:
Constant Field Values

UPN_OBJECTID

public static final java.lang.String UPN_OBJECTID
ObjectID for upn altName for windows smart card logon

See Also:
Constant Field Values
Method Detail

stringToBcX509Name

public static org.bouncycastle.asn1.x509.X509Name stringToBcX509Name(java.lang.String dn)
Creates a (Bouncycastle) X509Name object from a string with a DN. Known OID (with order) are: EmailAddress, UID, CN, SN (SerialNumber), GivenName, Initials, SurName, T, OU, O, L, ST, DC, C To change order edit 'dnObjects' in this source file.

Parameters:
dn - String containing DN that will be transformed into X509Name, The DN string has the format "CN=zz,OU=yy,O=foo,C=SE". Unknown OIDs in the string will be silently dropped.
Returns:
X509Name

stringToBCDNString

public static java.lang.String stringToBCDNString(java.lang.String dn)
Every DN-string should look the same. Creates a name string ordered and looking like we want it...

Parameters:
dn - String containing DN
Returns:
String containing DN

getEmailFromDN

public static java.lang.String getEmailFromDN(java.lang.String dn)
Convenience method for getting an email address from a DN.

Parameters:
dn - the DN
Returns:
the found email address, or null if none is found

getPartFromDN

public static java.lang.String getPartFromDN(java.lang.String dn,
                                             java.lang.String dnpart)
Gets a specified part of a DN. Specifically the first occurrence it the DN contains several instances of a part (i.e. cn=x, cn=y returns x).

Parameters:
dn - String containing DN, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz".
dnpart - String specifying which part of the DN to get, should be "CN" or "OU" etc.
Returns:
String containing dnpart or null if dnpart is not present

getSubjectDN

public static java.lang.String getSubjectDN(java.security.cert.X509Certificate cert)
Gets subject DN in the format we are sure about (BouncyCastle),supporting UTF8.

Parameters:
cert - X509Certificate
Returns:
String containing the subjects DN.

getIssuerDN

public static java.lang.String getIssuerDN(java.security.cert.X509Certificate cert)
Gets issuer DN in the format we are sure about (BouncyCastle),supporting UTF8.

Parameters:
cert - X509Certificate
Returns:
String containing the issuers DN.

getIssuerDN

public static java.lang.String getIssuerDN(java.security.cert.X509CRL crl)
Gets issuer DN for CRL in the format we are sure about (BouncyCastle),supporting UTF8.

Parameters:
crl - X509RL
Returns:
String containing the DN.

getCertificateFactory

public static java.security.cert.CertificateFactory getCertificateFactory()

installBCProvider

public static void installBCProvider()

getCertsFromPEM

public static java.util.Collection getCertsFromPEM(java.lang.String certFile)
                                            throws java.io.IOException,
                                                   java.security.cert.CertificateException
Reads a certificate in PEM-format from a file. The file may contain other things, the first certificate in the file is read.

Parameters:
certFile - the file containing the certificate in PEM-format
Returns:
Ordered Collection of X509Certificate, first certificate first, or empty Collection
Throws:
java.io.IOException - if the filen cannot be read.
java.security.cert.CertificateException - if the filen does not contain a correct certificate.

getCertsFromPEM

public static java.util.Collection getCertsFromPEM(java.io.InputStream certstream)
                                            throws java.io.IOException,
                                                   java.security.cert.CertificateException
Reads a certificate in PEM-format from an InputStream. The stream may contain other things, the first certificate in the stream is read.

Parameters:
certstream - the input stream containing the certificate in PEM-format
Returns:
Ordered Collection of X509Certificate, first certificate first, or empty Collection
Throws:
java.io.IOException - if the stream cannot be read.
java.security.cert.CertificateException - if the stream does not contain a correct certificate.

getPEMFromCerts

public static byte[] getPEMFromCerts(java.util.Collection certs)
                              throws java.security.cert.CertificateException
Returns a certificate in PEM-format.

Parameters:
certs - the certificate to convert to PEM
Returns:
byte array containing PEM certificate
Throws:
java.io.IOException - if the stream cannot be read.
java.security.cert.CertificateException - if the stream does not contain a correct certificate.

getCertfromByteArray

public static java.security.cert.X509Certificate getCertfromByteArray(byte[] cert)
                                                               throws java.io.IOException,
                                                                      java.security.cert.CertificateException
Creates X509Certificate from byte[].

Parameters:
cert - byte array containing certificate in DER-format
Returns:
X509Certificate
Throws:
java.security.cert.CertificateException - if the byte array does not contain a proper certificate.
java.io.IOException - if the byte array cannot be read.

getCRLfromByteArray

public static java.security.cert.X509CRL getCRLfromByteArray(byte[] crl)
                                                      throws java.io.IOException,
                                                             java.security.cert.CertificateException,
                                                             java.security.cert.CRLException
Creates X509CRL from byte[].

Parameters:
crl - byte array containing CRL in DER-format
Returns:
X509CRL
Throws:
java.io.IOException - if the byte array can not be read.
java.security.cert.CertificateException - if the byte arrayen does not contani a correct CRL.
java.security.cert.CRLException - if the byte arrayen does not contani a correct CRL.

isSelfSigned

public static boolean isSelfSigned(java.security.cert.X509Certificate cert)
Checks if a certificate is self signed by verifying if subject and issuer are the same.

Parameters:
cert - the certificate that skall be checked.
Returns:
boolean true if the certificate has the same issuer and subject, false otherwise.

genSelfCert

public static java.security.cert.X509Certificate genSelfCert(java.lang.String dn,
                                                             long validity,
                                                             java.lang.String policyId,
                                                             java.security.PrivateKey privKey,
                                                             java.security.PublicKey pubKey,
                                                             boolean isCA)
                                                      throws java.security.NoSuchAlgorithmException,
                                                             java.security.SignatureException,
                                                             java.security.InvalidKeyException
DOCUMENT ME!

Parameters:
dn - DOCUMENT ME!
validity - DOCUMENT ME!
policyId - DOCUMENT ME!
privKey - DOCUMENT ME!
pubKey - DOCUMENT ME!
isCA - DOCUMENT ME!
Returns:
DOCUMENT ME!
Throws:
java.security.NoSuchAlgorithmException - DOCUMENT ME!
java.security.SignatureException - DOCUMENT ME!
java.security.InvalidKeyException - DOCUMENT ME!

genCert

public static java.security.cert.X509Certificate genCert(java.lang.String dn,
                                                         long validity,
                                                         java.lang.String policyId,
                                                         java.security.PrivateKey privKey,
                                                         java.security.PublicKey pubKey,
                                                         boolean isCA,
                                                         java.lang.String caDn,
                                                         java.security.PrivateKey caPrivateKey,
                                                         java.security.PublicKey acPubKey)
                                                  throws java.security.NoSuchAlgorithmException,
                                                         java.security.SignatureException,
                                                         java.security.InvalidKeyException
Throws:
java.security.NoSuchAlgorithmException
java.security.SignatureException
java.security.InvalidKeyException

getAuthorityKeyId

public static byte[] getAuthorityKeyId(java.security.cert.X509Certificate cert)
                                throws java.io.IOException
Get the authority key identifier from a certificate extensions

Parameters:
cert - certificate containing the extension
Returns:
byte[] containing the authority key identifier
Throws:
java.io.IOException - if extension can not be parsed

getSubjectKeyId

public static byte[] getSubjectKeyId(java.security.cert.X509Certificate cert)
                              throws java.io.IOException
Get the subject key identifier from a certificate extensions

Parameters:
cert - certificate containing the extension
Returns:
byte[] containing the subject key identifier
Throws:
java.io.IOException - if extension can not be parsed

getCertificatePolicyId

public static java.lang.String getCertificatePolicyId(java.security.cert.X509Certificate cert,
                                                      int pos)
                                               throws java.io.IOException
Get a certificate policy ID from a certificate policies extension

Parameters:
cert - certificate containing the extension
pos - position of the policy id, if several exist, the first is as pos 0
Returns:
String with the certificate policy OID
Throws:
java.io.IOException - if extension can not be parsed

getUPNAltName

public static java.lang.String getUPNAltName(java.security.cert.X509Certificate cert)
                                      throws java.io.IOException,
                                             java.security.cert.CertificateParsingException
Gets the Microsoft specific UPN altName.

Parameters:
cert - certificate containing the extension
Returns:
String with the UPN name
Throws:
java.io.IOException
java.security.cert.CertificateParsingException

getCrlDistributionPoint

public static java.net.URL getCrlDistributionPoint(java.security.cert.X509Certificate certificate)
                                            throws java.security.cert.CertificateParsingException
Return the CRL distribution point URL form a certificate.

Throws:
java.security.cert.CertificateParsingException

getCertFingerprintAsString

public static java.lang.String getCertFingerprintAsString(byte[] ba)
Generate SHA1 fingerprint in string representation.

Parameters:
ba - Byte array containing DER encoded X509Certificate.
Returns:
String containing hex format of SHA1 fingerprint.

getFingerprintAsString

public static java.lang.String getFingerprintAsString(java.security.cert.X509Certificate cert)
Generate SHA1 fingerprint of certificate in string representation.

Parameters:
cert - X509Certificate.
Returns:
String containing hex format of SHA1 fingerprint.

getFingerprintAsString

public static java.lang.String getFingerprintAsString(java.security.cert.X509CRL crl)
Generate SHA1 fingerprint of CRL in string representation.

Parameters:
crl - X509CRL.
Returns:
String containing hex format of SHA1 fingerprint.

generateSHA1Fingerprint

public static byte[] generateSHA1Fingerprint(byte[] ba)
Generate a SHA1 fingerprint from a byte array containing a X.509 certificate

Parameters:
ba - Byte array containing DER encoded X509Certificate.
Returns:
Byte array containing SHA1 hash of DER encoded certificate.

generateMD5Fingerprint

public static byte[] generateMD5Fingerprint(byte[] ba)
Generate a MD5 fingerprint from a byte array containing a X.509 certificate

Parameters:
ba - Byte array containing DER encoded X509Certificate.
Returns:
Byte array containing MD5 hash of DER encoded certificate.

keyPair

public static java.security.KeyPair keyPair(int size)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright 2001-2007 INRIA All Rights Reserved.