Package net.i2p.crypto
Class CertUtil
- java.lang.Object
-
- net.i2p.crypto.CertUtil
-
public final class CertUtil extends Object
Java X.509 certificate utilities, consolidated from various places.- Since:
- 0.9.9
-
-
Constructor Summary
Constructors Constructor Description CertUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static voidexportCert(Certificate cert, OutputStream out)Modified from: http://www.exampledepot.com/egs/java.security.cert/ExportCert.html Writes a certificate in base64 format.static voidexportCRL(X509CRL crl, OutputStream out)Writes a CRL in base64 format.static voidexportPrivateKey(PrivateKey pk, Certificate[] certs, OutputStream out)Writes the private key and all certs in base64 format.static StringgetIssuerValue(X509Certificate cert, String type)Get a value out of the issuer distinguished name.static Set<String>getSubjectAlternativeNames(X509Certificate cert)Get the set of Subject Alternative Names, including DNSNames, RFC822Names, IPv4 and v6 addresses as strings.static StringgetSubjectValue(X509Certificate cert, String type)Get a value out of the subject distinguished name.static booleanisRevoked(Certificate cert)Is the certificate revoked? This loads the CRLs from disk.static booleanisRevoked(CertStore store, Certificate cert)Is the certificate revoked?static booleanisRevoked(I2PAppContext ctx, Certificate cert)Is the certificate revoked? This loads the CRLs from disk.static X509CertificateloadCert(File kd)Get the certificate from a X.509 certificate file.static List<X509Certificate>loadCerts(InputStream in)Get one or more certificates from an input stream.static X509CRLloadCRL(InputStream in)Load a CRL.static CertStoreloadCRLs()Load CRLs from standard locations.static CertStoreloadCRLs(I2PAppContext ctx)Load CRLs from standard locations.static PublicKeyloadKey(File kd)Get the Java public key from a X.509 certificate file.static PrivateKeyloadPrivateKey(InputStream in)Get a single Private Key from an input stream.static voidmain(String[] args)static booleansaveCert(Certificate cert, File file)Write a certificate to a file in base64 format.static booleansaveCRL(X509CRL crl, File file)Write a CRL to a file in base64 format.
-
-
-
Method Detail
-
saveCert
public static boolean saveCert(Certificate cert, File file)
Write a certificate to a file in base64 format.- Returns:
- success
- Since:
- 0.8.2, moved from SSLEepGet in 0.9.9
-
exportPrivateKey
public static void exportPrivateKey(PrivateKey pk, Certificate[] certs, OutputStream out) throws IOException, GeneralSecurityException
Writes the private key and all certs in base64 format. Does NOT close the stream. Throws on all errors.- Parameters:
pk- non-nullcerts- certificate chain, null or empty to export pk only- Throws:
InvalidKeyException- if the key does not support encodingCertificateEncodingException- if a cert does not support encodingIOExceptionGeneralSecurityException- Since:
- 0.9.24
-
exportCert
public static void exportCert(Certificate cert, OutputStream out) throws IOException, CertificateEncodingException
Modified from: http://www.exampledepot.com/egs/java.security.cert/ExportCert.html Writes a certificate in base64 format. Does NOT close the stream. Throws on all errors.- Throws:
IOExceptionCertificateEncodingException- Since:
- 0.9.24, pulled out of saveCert(), public since 0.9.25
-
getSubjectAlternativeNames
public static Set<String> getSubjectAlternativeNames(X509Certificate cert)
Get the set of Subject Alternative Names, including DNSNames, RFC822Names, IPv4 and v6 addresses as strings. see X509Certificate.getSubjectAlternativeNames()- Returns:
- non-null, empty on error or none found
- Since:
- 0.9.34
-
getSubjectValue
public static String getSubjectValue(X509Certificate cert, String type)
Get a value out of the subject distinguished name. Warning - unsupported in Android (no javax.naming), returns null.- Parameters:
type- e.g. "CN"- Returns:
- value or null if not found
-
getIssuerValue
public static String getIssuerValue(X509Certificate cert, String type)
Get a value out of the issuer distinguished name. Warning - unsupported in Android (no javax.naming), returns null.- Parameters:
type- e.g. "CN"- Returns:
- value or null if not found
- Since:
- 0.9.24
-
loadKey
public static PublicKey loadKey(File kd) throws IOException, GeneralSecurityException
Get the Java public key from a X.509 certificate file. Throws if the certificate is invalid (e.g. expired). This DOES check for revocation.- Returns:
- non-null, throws on all errors including certificate invalid
- Throws:
IOExceptionGeneralSecurityException- Since:
- 0.9.24 moved from SU3File private method
-
loadCert
public static X509Certificate loadCert(File kd) throws IOException, GeneralSecurityException
Get the certificate from a X.509 certificate file. Throws if the certificate is invalid (e.g. expired). This does NOT check for revocation.- Returns:
- non-null, throws on all errors including certificate invalid
- Throws:
IOExceptionGeneralSecurityException- Since:
- 0.9.24 adapted from SU3File private method
-
loadPrivateKey
public static PrivateKey loadPrivateKey(InputStream in) throws IOException, GeneralSecurityException
Get a single Private Key from an input stream. Does NOT close the stream.- Returns:
- non-null, non-empty, throws on all errors including certificate invalid
- Throws:
IOExceptionGeneralSecurityException- Since:
- 0.9.25
-
loadCerts
public static List<X509Certificate> loadCerts(InputStream in) throws IOException, GeneralSecurityException
Get one or more certificates from an input stream. Throws if any certificate is invalid (e.g. expired). Does NOT close the stream. This does NOT check for revocation.- Returns:
- non-null, non-empty, throws on all errors including certificate invalid
- Throws:
IOExceptionGeneralSecurityException- Since:
- 0.9.25
-
saveCRL
public static boolean saveCRL(X509CRL crl, File file)
Write a CRL to a file in base64 format.- Returns:
- success
- Since:
- 0.9.25
-
exportCRL
public static void exportCRL(X509CRL crl, OutputStream out) throws IOException, CRLException
Writes a CRL in base64 format. Does NOT close the stream. Throws on all errors.- Throws:
CRLException- if the crl does not support encodingIOException- Since:
- 0.9.25
-
isRevoked
public static boolean isRevoked(Certificate cert)
Is the certificate revoked? This loads the CRLs from disk. For efficiency, call loadCRLs() and then pass to isRevoked().- Since:
- 0.9.25
-
isRevoked
public static boolean isRevoked(I2PAppContext ctx, Certificate cert)
Is the certificate revoked? This loads the CRLs from disk. For efficiency, call loadCRLs() and then pass to isRevoked().- Since:
- 0.9.25
-
isRevoked
public static boolean isRevoked(CertStore store, Certificate cert)
Is the certificate revoked?- Since:
- 0.9.25
-
loadCRLs
public static CertStore loadCRLs()
Load CRLs from standard locations.- Returns:
- non-null, possibly empty
- Since:
- 0.9.25
-
loadCRLs
public static CertStore loadCRLs(I2PAppContext ctx)
Load CRLs from standard locations.- Returns:
- non-null, possibly empty
- Since:
- 0.9.25
-
loadCRL
public static X509CRL loadCRL(InputStream in) throws GeneralSecurityException
Load a CRL. Does NOT Close the stream.- Returns:
- non-null
- Throws:
GeneralSecurityException- Since:
- 0.9.25 public since 0.9.26
-
main
public static final void main(String[] args)
-
-