org.glite.voms

Class PKIUtils

java.lang.Object

org.glite.voms.PKIUtils

public class PKIUtils
extends java.lang.Object

Constructor Summary

Constructors

Constructor and Description
PKIUtils()

Method Summary

Methods

Modifier and Type	Method and Description
static boolean	checkIssued(java.security.cert.X509Certificate issuer, java.security.cert.X509Certificate issued) Checks if a certificate issued another certificate, according to RFC 3280.
static boolean	DNCompare(java.lang.String dn1, java.lang.String dn2)
static org.bouncycastle.asn1.x509.AuthorityKeyIdentifier	getAKID(java.security.cert.X509Certificate cert) Gets the AuthorityKeyIdentifier extension form the passed certificate.
static java.lang.String	getBaseName(java.io.File f) Gets the basename of a file.
static org.bouncycastle.asn1.x509.BasicConstraints	getBasicConstraints(java.security.cert.X509Certificate cert) Gets the BasicConstraints extension form the passed certificate.
static java.lang.String	getHash(byte[] name) Gets the MD5 hash value of the given byte array.
static java.lang.String	getHash(javax.security.auth.x500.X500Principal principal) Gets the MD5 hash value of the given principal.
static java.lang.String	getHash(java.security.cert.X509Certificate x509) Gets the MD5 hash value of the subject of the given certificate.
static java.lang.String	getHash(java.security.cert.X509CRL crl) Gets the MD5 hash value of the issuer of the given CRL.
static java.lang.String	getHash(org.bouncycastle.jce.X509Principal principal) Gets the MD5 hash value of the given principal.
static java.lang.String	getOpenSSLFormatPrincipal(java.security.Principal principal)
static java.lang.String	getOpenSSLFormatPrincipal(java.security.Principal principal, boolean reverse) Gets an OpenSSL-style representation of a principal.
static org.bouncycastle.asn1.x509.SubjectKeyIdentifier	getSKID(java.security.cert.X509Certificate cert) Gets the SubjectKeyIdentifier extension form the passed certificate.
static boolean	isCA(java.security.cert.X509Certificate cert) Checks if the passed certificate is a CA certificate.
static boolean	isProxy(java.security.cert.X509Certificate cert) Checks if the passed certificate is a proxy certificate.
static java.security.cert.X509Certificate[]	loadCertificates(java.io.File file) Loads a set of credentials from a file.
static java.security.cert.X509Certificate[]	loadCertificates(java.lang.String filename) Loads a set of credentials from a file.
static java.security.cert.X509CRL	loadCRL(java.io.File file) Loads a CRL from a file.
static java.security.cert.X509CRL	loadCRL(java.lang.String filename) Loads a CRL from a file.
static java.security.PrivateKey	loadPrivateKey(java.io.File file, org.bouncycastle.openssl.PasswordFinder finder)
static java.security.PrivateKey	loadPrivateKey(java.lang.String filename, org.bouncycastle.openssl.PasswordFinder finder)
static java.lang.String	Normalize(java.lang.String dn) Compares two DNs for equality, taking into account different representations for the Email and UserID tags.
static java.lang.Object	readObject(java.io.File f) Reads either a certificate or a CRL from a file.
static boolean	selfIssued(java.security.cert.X509Certificate cert) Checks if the give certificate is self-issued.
static int	skipToCertBeginning(java.io.BufferedInputStream stream) Prepares a BufferedInputStream to read either a certificate or a CRL from it.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PKIUtils

public PKIUtils()

Method Detail

getHash

public static java.lang.String getHash(java.security.cert.X509Certificate x509)

Gets the MD5 hash value of the subject of the given certificate.

Parameters:

x509 - The certificate from which to get the subject.

Returns:

the hash value.

Throws:

java.lang.IllegalArgumentException - if x509 is null.

InvalidStateException - if the MD5 algorithm is not supported.

getHash

public static java.lang.String getHash(java.security.cert.X509CRL crl)

Gets the MD5 hash value of the issuer of the given CRL.

Parameters:

crl - The CRL from which to get the issuer.

Returns:

the hash value.

Throws:

java.lang.IllegalArgumentException - if crl is null.

InvalidStateException - if the MD5 algorithm is not supported.

getHash

public static java.lang.String getHash(org.bouncycastle.jce.X509Principal principal)

Gets the MD5 hash value of the given principal.

Parameters:

principal - the principal.

Returns:

the hash value.

Throws:

java.lang.IllegalArgumentException - if crl is null.

InvalidStateException - if the MD5 algorithm is not supported.

getHash

public static java.lang.String getHash(javax.security.auth.x500.X500Principal principal)

Gets the MD5 hash value of the given principal.

Parameters:

principal - the principal.

Returns:

the hash value.

Throws:

java.lang.IllegalArgumentException - if crl is null.

InvalidStateException - if the MD5 algorithm is not supported.

getHash

public static java.lang.String getHash(byte[] name)

Gets the MD5 hash value of the given byte array.

Parameters:

name - the data from which to compute the hash.

Returns:

the hash value.

Throws:

java.lang.IllegalArgumentException - if crl is null.

InvalidStateException - if the MD5 algorithm is not supported.

getOpenSSLFormatPrincipal

public static java.lang.String getOpenSSLFormatPrincipal(java.security.Principal principal)

getOpenSSLFormatPrincipal

public static java.lang.String getOpenSSLFormatPrincipal(java.security.Principal principal,
                                         boolean reverse)

Gets an OpenSSL-style representation of a principal.

Parameters:

principal - the principal

Returns:

a String representing the principal.

Normalize

public static java.lang.String Normalize(java.lang.String dn)

Compares two DNs for equality, taking into account different representations for the Email and UserID tags.

Parameters:

dn1 - the first dn to compare.

dn2 - the second dn to compare

Returns:

true if dn1 and dn2 are equal, false otherwise.

DNCompare

public static boolean DNCompare(java.lang.String dn1,
                java.lang.String dn2)

getBaseName

public static java.lang.String getBaseName(java.io.File f)

Gets the basename of a file.

Parameters:

f - File object representing a file.

Returns:

a string representing the file name, minus the path.

selfIssued

public static boolean selfIssued(java.security.cert.X509Certificate cert)

Checks if the give certificate is self-issued.

Parameters:

cert - The certificate to check.

Returns:

true if the certificate is self-issued, false otherwise.

checkIssued

public static boolean checkIssued(java.security.cert.X509Certificate issuer,
                  java.security.cert.X509Certificate issued)

Checks if a certificate issued another certificate, according to RFC 3280.

Parameters:

issuer - The candidate issuer certificate.

issued - The candidate issued certificate.

Returns:

true if issuer issued issued, false othersie.

isCA

public static boolean isCA(java.security.cert.X509Certificate cert)

Checks if the passed certificate is a CA certificate.

Parameters:

cert - the candidate CA certificate.

Returns:

true if cert is a CA certificate.

isProxy

public static boolean isProxy(java.security.cert.X509Certificate cert)

Checks if the passed certificate is a proxy certificate. Recognizes GT2, GT3 and GT4 proxies.

Parameters:

cert - the candidate proxy certificate.

Returns:

true if cert is a proxy certificate.

getAKID

public static org.bouncycastle.asn1.x509.AuthorityKeyIdentifier getAKID(java.security.cert.X509Certificate cert)

Gets the AuthorityKeyIdentifier extension form the passed certificate.

Parameters:

cert - The certificate from which to get the extension.

Returns:

the extension if present, or null if not present.

getSKID

public static org.bouncycastle.asn1.x509.SubjectKeyIdentifier getSKID(java.security.cert.X509Certificate cert)

Gets the SubjectKeyIdentifier extension form the passed certificate.

Parameters:

cert - The certificate from which to get the extension.

Returns:

the extension if present, or null if not present.

getBasicConstraints

public static org.bouncycastle.asn1.x509.BasicConstraints getBasicConstraints(java.security.cert.X509Certificate cert)

Gets the BasicConstraints extension form the passed certificate.

Parameters:

cert - The certificate from which to get the extension.

Returns:

the extension if present, or null if not present.

loadPrivateKey

public static java.security.PrivateKey loadPrivateKey(java.lang.String filename,
                                      org.bouncycastle.openssl.PasswordFinder finder)

loadPrivateKey

public static java.security.PrivateKey loadPrivateKey(java.io.File file,
                                      org.bouncycastle.openssl.PasswordFinder finder)

loadCertificates

public static java.security.cert.X509Certificate[] loadCertificates(java.lang.String filename)
                                                             throws java.security.cert.CertificateException

Loads a set of credentials from a file.

Parameters:

filename - the name of the file from which to load the certificates.

Returns:

an array containing the certificates that were present in the file.

Throws:

java.security.cert.CertificateException - if there were problems parsing the certificates.

java.lang.IllegalArgumentException - if the file cannot be found.

loadCertificates

public static java.security.cert.X509Certificate[] loadCertificates(java.io.File file)
                                                             throws java.security.cert.CertificateException

Loads a set of credentials from a file.

Parameters:

file - the File object from which to load the certificates.

Returns:

an array containing the certificates that were present in the file.

Throws:

java.security.cert.CertificateException - if there were problems parsing the certificates.

java.lang.IllegalArgumentException - if the file cannot be found.

See Also:

File

loadCRL

public static java.security.cert.X509CRL loadCRL(java.lang.String filename)
                                          throws java.security.cert.CRLException

Loads a CRL from a file.

Parameters:

filename - the name of the file from which to load the CRL.

Returns:

an array containing the certificates that were present in the file.

Throws:

java.security.cert.CRLException - if there were problems parsing the CRL.

java.lang.IllegalArgumentException - if the file cannot be found.

loadCRL

public static java.security.cert.X509CRL loadCRL(java.io.File file)
                                          throws java.security.cert.CRLException

Loads a CRL from a file.

Parameters:

file - the File object from which to load the CRL.

Returns:

an array containing the certificates that were present in the file.

Throws:

java.security.cert.CRLException - if there were problems parsing the CRL.

java.lang.IllegalArgumentException - if the file cannot be found.

readObject

public static java.lang.Object readObject(java.io.File f)
                                   throws java.io.IOException,
                                          java.security.cert.CertificateException,
                                          java.security.cert.CRLException

Reads either a certificate or a CRL from a file.

Parameters:

f - the file from which to read;

Returns:

the Object loaded.

Throws:

java.io.IOException - if there have been problems reading the file.

java.security.cert.CertificateException - if there have been problems parsing the certificate.

java.security.cert.CRLException - if there have been problems parsing the CRL.

skipToCertBeginning

public static int skipToCertBeginning(java.io.BufferedInputStream stream)
                               throws java.io.IOException

Prepares a BufferedInputStream to read either a certificate or a CRL from it. Skips everything in front of "-----BEGIN" in the stream.

Parameters:

stream - The stream to read and skip.

Returns:

CERT if a certificate is the next object to be read from the stream, CRL if the next object is a CRL, -1 if the next object is of type unknown.

Throws:

java.io.IOException - Thrown if there is a problem skipping. Note: this a modified version of code originally written by Joni Hakhala