/** * Creates an X.509 certificate from its ASN.1 encoded form. * * @param encoded PEM or DER encoded ASN.1 data. * * @return Certificate. * * @throws EncodingException on cert parsing errors. */ public static X509Certificate decodeCertificate(final byte[] encoded) throws EncodingException { return readCertificate(new ByteArrayInputStream(encoded)); }
/** * Creates an X.509 certificate chain from its ASN.1 encoded form. * * @param encoded Sequence of PEM or DER encoded certificates or PKCS#7 certificate chain. * * @return Certificate. * * @throws EncodingException on cert parsing errors. */ public static X509Certificate[] decodeCertificateChain(final byte[] encoded) throws EncodingException { return readCertificateChain(new ByteArrayInputStream(encoded)); }
/** * Finds a certificate whose public key is paired with the given private key. * * @param key Private key used to find matching public key. * @param candidates Array of candidate certificates. * * @return Certificate whose public key forms a keypair with the private key or null if no match is found. * * @throws EncodingException on cert field extraction. */ public static X509Certificate findEntityCertificate(final PrivateKey key, final X509Certificate... candidates) throws EncodingException { return findEntityCertificate(key, Arrays.asList(candidates)); }
/** * Gets a list of subject names defined for the given certificate. The list includes the first common name (CN) * specified in the subject distinguished name (if defined) and all subject alternative names of the given type. * * @param cert X.509 certificate to examine. * @param types One or more subject alternative name types to fetch. * * @return List of subject names. * * @throws EncodingException on cert field extraction. */ public static List<String> subjectNames(final X509Certificate cert, final GeneralNameType... types) throws EncodingException { final List<String> names = new ArrayList<>(); final String cn = subjectCN(cert); if (cn != null) { names.add(cn); } final GeneralNames altNames = subjectAltNames(cert, types); if (altNames == null) { return names; } for (GeneralName name : altNames.getNames()) { names.add(name.getName().toString()); } return names; }
private void checkTrusted(X509Certificate[] x509Certificates) throws CertificateException{ final X509Certificate certificate = x509Certificates[0]; final String thumbPrint = CertificateUtil.create().thumbPrint(certificate); final String address = CertUtil.subjectCN(certificate); if (!certificateValidForKnownHost(address, thumbPrint)) { throw new CertificateException("Connections not allowed"); } }
/** * Gets all subject alternative names of the given type(s) on the given cert. * * @param cert X.509 certificate to examine. * @param types One or more subject alternative name types to fetch. * * @return List of subject alternative names of the matching type(s) or null if none found. * * @throws EncodingException on cert field extraction. */ public static GeneralNames subjectAltNames(final X509Certificate cert, final GeneralNameType... types) throws EncodingException { final GeneralNamesBuilder builder = new GeneralNamesBuilder(); final GeneralNames altNames = subjectAltNames(cert); if (altNames != null) { for (GeneralName name : altNames.getNames()) { for (GeneralNameType type : types) { if (type.ordinal() == name.getTagNo()) { builder.addName(name); } } } } final GeneralNames names = builder.build(); if (names.getNames().length == 0) { return null; } return names; }
/** * Gets a list of all subject names defined for the given certificate. The list includes the first common name (CN) * specified in the subject distinguished name (if defined) and all subject alternative names. * * @param cert X.509 certificate to examine. * * @return List of subject names. * * @throws EncodingException on cert field extraction. */ public static List<String> subjectNames(final X509Certificate cert) throws EncodingException { final List<String> names = new ArrayList<>(); final String cn = subjectCN(cert); if (cn != null) { names.add(cn); } final GeneralNames altNames = subjectAltNames(cert); if (altNames == null) { return names; } for (GeneralName name : altNames.getNames()) { names.add(name.getName().toString()); } return names; }
private void checkTrusted(X509Certificate[] x509Certificates) throws CertificateException{ final X509Certificate certificate = x509Certificates[0]; final String thumbPrint = CertificateUtil.create().thumbPrint(certificate); final String address = CertUtil.subjectCN(certificate); if (!certificateValidForKnownHost(address, thumbPrint)) { throw new CertificateException("Connections not allowed"); } }
/** {@inheritDoc} */ @Override public X509Certificate getObject() throws Exception { if (certificate == null) { if (resource == null) { throw new BeanCreationException("Certificate resource must be provided in order to use this factory."); } try (InputStream is = resource.getInputStream()) { certificate = CertUtil.readCertificate(is); } } return certificate; }
private void checkTrusted(X509Certificate[] x509Certificates) throws CertificateException { final X509Certificate certificate = x509Certificates[0]; final String thumbPrint = CertificateUtil.create().thumbPrint(certificate); final String address = CertUtil.subjectCN(certificate); if (!certificateExistsInKnownHosts(address)) { try { addServerToKnownHostsList(address, thumbPrint); } catch (IOException ex) { throw new CertificateException("Failed to save address and certificate fingerprint to whitelist. Cause by ", ex); } } else { if (!certificateValidForKnownHost(address, thumbPrint)) { throw new CertificateException("This address has been associated with a different certificate"); } } } }
/** {@inheritDoc} */ @Override public X509Certificate[] getObject() throws Exception { if (certificates == null) { if (resource == null) { throw new BeanCreationException( "Certificate chain resource must be provided in order to use this factory."); } try (InputStream is = resource.getInputStream()) { certificates = CertUtil.readCertificateChain(is); } } return certificates; }
/** * Read certificate. * * @param resource the resource to read the cert from * @return the x 509 certificate */ public static X509Certificate readCertificate(final Resource resource) { try (InputStream in = resource.getInputStream()) { return CertUtil.readCertificate(in); } catch (final Exception e) { throw new RuntimeException("Error reading certificate " + resource, e); } }
private void checkTrusted(X509Certificate[] x509Certificates) throws CertificateException { final X509Certificate certificate = x509Certificates[0]; final String thumbPrint = CertificateUtil.create().thumbPrint(certificate); final String address = CertUtil.subjectCN(certificate); if (!certificateExistsInKnownHosts(address)) { try { addServerToKnownHostsList(address, thumbPrint); } catch (IOException ex) { throw new CertificateException("Failed to save address and certificate fingerprint to whitelist. Cause by ", ex); } } else { if (!certificateValidForKnownHost(address, thumbPrint)) { throw new CertificateException("This address has been associated with a different certificate"); } } } }
/** * Reads an X.509 certificate chain from ASN.1 encoded format in the file at the given location. * * @param path Path to file containing a sequence of PEM or DER encoded certificates or PKCS#7 certificate chain. * * @return Certificate. * * @throws EncodingException on cert parsing errors. * @throws StreamException on IO errors. */ public static X509Certificate[] readCertificateChain(final String path) throws EncodingException, StreamException { return readCertificateChain(StreamUtil.makeStream(new File(path))); }
/** * Read certificate. * * @param resource the resource to read the cert from * @return the x 509 certificate */ public static X509Certificate readCertificate(final InputStreamSource resource) { try (val in = resource.getInputStream()) { return CertUtil.readCertificate(in); } catch (final IOException e) { throw new IllegalArgumentException("Error reading certificate " + resource, e); } }
/** * Reads an X.509 certificate chain from ASN.1 encoded format from the given file. * * @param file File containing a sequence of PEM or DER encoded certificates or PKCS#7 certificate chain. * * @return Certificate. * * @throws EncodingException on cert parsing errors. * @throws StreamException on IO errors. */ public static X509Certificate[] readCertificateChain(final File file) throws EncodingException, StreamException { return readCertificateChain(StreamUtil.makeStream(file)); }
/** * Reads an X.509 certificate from ASN.1 encoded format from the given file. * * @param file File containing an DER or PEM encoded X.509 certificate. * * @return Certificate. * * @throws EncodingException on cert parsing errors. * @throws StreamException on IO errors. */ public static X509Certificate readCertificate(final File file) throws EncodingException, StreamException { return readCertificate(StreamUtil.makeStream(file)); }
/** * Reads an X.509 certificate from ASN.1 encoded format in the file at the given location. * * @param path Path to file containing an DER or PEM encoded X.509 certificate. * * @return Certificate. * * @throws EncodingException on cert parsing errors. * @throws StreamException on IO errors. */ public static X509Certificate readCertificate(final String path) throws EncodingException, StreamException { return readCertificate(StreamUtil.makeStream(new File(path))); }