public final class CertUtil extends Object
Modifier and Type | Method and Description |
---|---|
static boolean |
allowsUsage(X509Certificate cert,
org.bouncycastle.asn1.x509.KeyPurposeId... purposes)
Determines whether the certificate allows the given extended key usages.
|
static boolean |
allowsUsage(X509Certificate cert,
KeyUsageBits... bits)
Determines whether the certificate allows the given basic key usages.
|
static String |
authorityKeyId(X509Certificate cert)
Gets the authority key identifier of the given certificate in delimited hexadecimal format, e.g.
|
static X509Certificate |
decodeCertificate(byte[] encoded)
Creates an X.509 certificate from its ASN.1 encoded form.
|
static X509Certificate[] |
decodeCertificateChain(byte[] encoded)
Creates an X.509 certificate chain from its ASN.1 encoded form.
|
static X509Certificate |
findEntityCertificate(PrivateKey key,
Collection<X509Certificate> candidates)
Finds a certificate whose public key is paired with the given private key.
|
static X509Certificate |
findEntityCertificate(PrivateKey key,
X509Certificate... candidates)
Finds a certificate whose public key is paired with the given private key.
|
static boolean |
hasPolicies(X509Certificate cert,
String... policyOidsToCheck)
Determines whether the certificate defines all of the given certificate policies.
|
static X509Certificate |
readCertificate(File file)
Reads an X.509 certificate from ASN.1 encoded format from the given file.
|
static X509Certificate |
readCertificate(InputStream in)
Reads an X.509 certificate from ASN.1 encoded data in the given stream.
|
static X509Certificate |
readCertificate(String path)
Reads an X.509 certificate from ASN.1 encoded format in the file at the given location.
|
static X509Certificate[] |
readCertificateChain(File file)
Reads an X.509 certificate chain from ASN.1 encoded format from the given file.
|
static X509Certificate[] |
readCertificateChain(InputStream in)
Reads an X.509 certificate chain from ASN.1 encoded data in the given stream.
|
static X509Certificate[] |
readCertificateChain(String path)
Reads an X.509 certificate chain from ASN.1 encoded format in the file at the given location.
|
static org.bouncycastle.asn1.x509.GeneralNames |
subjectAltNames(X509Certificate cert)
Gets all subject alternative names defined on the given certificate.
|
static org.bouncycastle.asn1.x509.GeneralNames |
subjectAltNames(X509Certificate cert,
GeneralNameType... types)
Gets all subject alternative names of the given type(s) on the given cert.
|
static String |
subjectCN(X509Certificate cert)
Gets the common name attribute (CN) of the certificate subject distinguished name.
|
static String |
subjectKeyId(X509Certificate cert)
Gets the subject key identifier of the given certificate in delimited hexadecimal format, e.g.
|
static List<String> |
subjectNames(X509Certificate cert)
Gets a list of all subject names defined for the given certificate.
|
static List<String> |
subjectNames(X509Certificate cert,
GeneralNameType... types)
Gets a list of subject names defined for the given certificate.
|
public static String subjectCN(X509Certificate cert) throws EncodingException
cert
- Certificate to examine.EncodingException
- on cert field extraction.public static org.bouncycastle.asn1.x509.GeneralNames subjectAltNames(X509Certificate cert) throws EncodingException
cert
- X.509 certificate to examine.EncodingException
- on cert field extraction.public static org.bouncycastle.asn1.x509.GeneralNames subjectAltNames(X509Certificate cert, GeneralNameType... types) throws EncodingException
cert
- X.509 certificate to examine.types
- One or more subject alternative name types to fetch.EncodingException
- on cert field extraction.public static List<String> subjectNames(X509Certificate cert) throws EncodingException
cert
- X.509 certificate to examine.EncodingException
- on cert field extraction.public static List<String> subjectNames(X509Certificate cert, GeneralNameType... types) throws EncodingException
cert
- X.509 certificate to examine.types
- One or more subject alternative name types to fetch.EncodingException
- on cert field extraction.public static X509Certificate findEntityCertificate(PrivateKey key, X509Certificate... candidates) throws EncodingException
key
- Private key used to find matching public key.candidates
- Array of candidate certificates.EncodingException
- on cert field extraction.public static X509Certificate findEntityCertificate(PrivateKey key, Collection<X509Certificate> candidates) throws EncodingException
key
- Private key used to find matching public key.candidates
- Collection of candidate certificates.EncodingException
- on cert field extraction.public static X509Certificate readCertificate(String path) throws EncodingException, StreamException
path
- Path to file containing an DER or PEM encoded X.509 certificate.EncodingException
- on cert parsing errors.StreamException
- on IO errors.public static X509Certificate readCertificate(File file) throws EncodingException, StreamException
file
- File containing an DER or PEM encoded X.509 certificate.EncodingException
- on cert parsing errors.StreamException
- on IO errors.public static X509Certificate readCertificate(InputStream in) throws EncodingException, StreamException
in
- Input stream containing PEM or DER encoded X.509 certificate.EncodingException
- on cert parsing errors.StreamException
- on IO errors.public static X509Certificate decodeCertificate(byte[] encoded) throws EncodingException
encoded
- PEM or DER encoded ASN.1 data.EncodingException
- on cert parsing errors.public static X509Certificate[] readCertificateChain(String path) throws EncodingException, StreamException
path
- Path to file containing a sequence of PEM or DER encoded certificates or PKCS#7 certificate chain.EncodingException
- on cert parsing errors.StreamException
- on IO errors.public static X509Certificate[] readCertificateChain(File file) throws EncodingException, StreamException
file
- File containing a sequence of PEM or DER encoded certificates or PKCS#7 certificate chain.EncodingException
- on cert parsing errors.StreamException
- on IO errors.public static X509Certificate[] readCertificateChain(InputStream in) throws EncodingException, StreamException
in
- Input stream containing a sequence of PEM or DER encoded certificates or PKCS#7 certificate chain.EncodingException
- on cert parsing errors.StreamException
- on IO errors.public static X509Certificate[] decodeCertificateChain(byte[] encoded) throws EncodingException
encoded
- Sequence of PEM or DER encoded certificates or PKCS#7 certificate chain.EncodingException
- on cert parsing errors.public static boolean allowsUsage(X509Certificate cert, KeyUsageBits... bits) throws EncodingException
cert
- Certificate to check.bits
- One or more basic key usage types to check.EncodingException
- on cert field extraction.public static boolean allowsUsage(X509Certificate cert, org.bouncycastle.asn1.x509.KeyPurposeId... purposes) throws EncodingException
cert
- Certificate to check.purposes
- One ore more extended key usage purposes to check.EncodingException
- on cert field extraction.public static boolean hasPolicies(X509Certificate cert, String... policyOidsToCheck) throws EncodingException
cert
- Certificate to check.policyOidsToCheck
- One or more certificate policy OIDs to check.EncodingException
- on cert field extraction.public static String subjectKeyId(X509Certificate cert) throws EncodingException
25:48:2f:28:ec:5d:19:bb:1d:25:ae:94:93:b1:7b:b5:35:96:24:66
.cert
- Certificate to process.EncodingException
- on cert field extraction.public static String authorityKeyId(X509Certificate cert) throws EncodingException
25:48:2f:28:ec:5d:19:bb:1d:25:ae:94:93:b1:7b:b5:35:96:24:66
.cert
- Certificate to process.EncodingException
- on cert field extraction.Copyright © 2003-2023 Virginia Tech. All Rights Reserved.