| java.lang.Object
 org.ejbca.util.CertTools
All known Subclasses: org.ejbca.util.cert.SubjectDirAttrExtension, org.ejbca.util.cert.QCStatementExtension,
| CertTools | | public class CertTools (Code) | | Tools to handle common certificate operations.
version:
$Id: CertTools.java,v 1.54 2008/03/14 16:55:36 anatom Exp $ |
| Method Summary | |
| public static int | bitStringToRevokedCertInfo(DERBitString reasonFlags)
Converts DERBitString ResonFlags to a RevokedCertInfo constant
Parameters:
reasonFlags - DERBITString received from org.bouncycastle.asn1.x509.ReasonFlags. | | public static X509Certificate | genSelfCert(String dn, long validity, String policyId, PrivateKey privKey, PublicKey pubKey, String sigAlg, boolean isCA)
Generate a selfsigned certiicate. | | public static X509Certificate | genSelfCertForPurpose(String dn, long validity, String policyId, PrivateKey privKey, PublicKey pubKey, String sigAlg, boolean isCA, int keyusage)
Generate a selfsigned certiicate with possibility to specify key usage. | | public static byte[] | generateMD5Fingerprint(byte[] ba)
Generate a MD5 fingerprint from a byte array containing a X.509 certificate
Parameters:
ba - Byte array containing DER encoded X509Certificate. | | public static byte[] | generateSHA1Fingerprint(byte[] ba)
Generate a SHA1 fingerprint from a byte array containing a X.509 certificate
Parameters:
ba - Byte array containing DER encoded X509Certificate. | | public static String | getAltNameStringFromExtension(X509Extension ext)
| | public static String | getAuthorityInformationAccessOcspUrl(X509Certificate cert)
Returns OCSP URL that is inside AuthorithInformationAccess extension, or null. | | public static byte[] | getAuthorityKeyId(X509Certificate cert)
| | public static X509CRL | getCRLfromByteArray(byte[] crl)
Creates X509CRL from byte[]. | | public static ArrayList | getCertCollectionFromArray(Certificate[] certs, String provider)
Converts a regular array of certificates into an ArrayList, using the provided provided. | | public static String | getCertFingerprintAsString(byte[] ba)
Generate SHA1 fingerprint in string representation.
Parameters:
ba - Byte array containing DER encoded X509Certificate. | | public static X509Certificate | getCertfromByteArray(byte[] cert)
Creates X509Certificate from byte[]. | | public static CertificateFactory | getCertificateFactory()
| | public static String | getCertificatePolicyId(X509Certificate cert, int pos)
| | public static Collection | getCertsFromPEM(String certFile)
Reads a certificate in PEM-format from a file. | | public static Collection | getCertsFromPEM(InputStream certstream)
Reads a certificate in PEM-format from an InputStream. | | public static URL | getCrlDistributionPoint(X509Certificate certificate)
Return the CRL distribution point URL form a certificate. | | public static ArrayList | getCustomOids(String dn)
Gets a list of all custom OIDs defined in the string. | | public static String | getEMailAddress(X509Certificate certificate)
Search for e-mail address, first in SubjectAltName (as in PKIX
recomandation) then in subject DN. | | public static ArrayList | getEmailFromDN(String dn)
Convenience method for getting an email addresses from a DN. | | protected static DERObject | getExtensionValue(X509Certificate cert, String oid)
| | public static String | getFingerprintAsString(X509Certificate cert)
Generate SHA1 fingerprint of certificate in string representation.
Parameters:
cert - X509Certificate. | | public static String | getFingerprintAsString(X509CRL crl)
Generate SHA1 fingerprint of CRL in string representation.
Parameters:
crl - X509CRL. | | public static String | getFingerprintAsString(byte[] in)
Generate SHA1 fingerprint of byte array in string representation.
byte array to fingerprint. | | public static String | getGeneralNameString(int tag, DEREncodable value)
| | public static GeneralNames | getGeneralNamesFromAltName(String altName)
| | public static String | getGuidAltName(X509Certificate cert)
Gets the Microsoft specific GUID altName, that is encoded as an octect string. | | public static String | getIssuerDN(X509Certificate cert)
Gets issuer DN in the format we are sure about (BouncyCastle),supporting UTF8. | | public static String | getIssuerDN(X509CRL crl)
Gets issuer DN for CRL in the format we are sure about (BouncyCastle),supporting UTF8. | | public static byte[] | getPEMFromCerts(Collection certs)
Returns a certificate in PEM-format. | | public static byte[] | getPEMFromCrl(byte[] crlbytes)
Returns a CRL in PEM-format. | | public static String | getPartFromDN(String dn, String dnpart)
Gets a specified part of a DN. | | public static ArrayList | getPartsFromDN(String dn, String dnpart)
Gets a specified parts of a DN. | | public static String | getSignatureAlgorithm(X509Certificate cert)
| | public static String | getSubjectAlternativeName(X509Certificate certificate)
SubjectAltName ::= GeneralNames
GeneralNames :: = SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER}
SubjectAltName is of form \"rfc822Name=,
dNSName=, uniformResourceIdentifier=,
iPAddress=, guid=, directoryName=
Supported altNames are upn, rfc822Name, uniformResourceIdentifier, dNSName, iPAddress, directoryName
author:
Marco Ferrante, (c) 2005 CSITA - University of Genoa (Italy)
author:
Tomas Gustavsson
Parameters:
certificate - containing alt names String containing altNames of form "rfc822Name=email, dNSName=hostname, uniformResourceIdentifier=uri, iPAddress=ip, upn=upn, directoryName=CN=testDirName|dir|name" or null if no altNames exist. | | public static String | getSubjectDN(X509Certificate cert)
Gets subject DN in the format we are sure about (BouncyCastle),supporting UTF8. | | public static byte[] | getSubjectKeyId(X509Certificate cert)
| | public static String | getUPNAltName(X509Certificate cert)
Gets the Microsoft specific UPN altName. | | public static Vector | getX509FieldOrder(boolean ldaporder)
Obtains a Vector with the DERObjectIdentifiers for
dNObjects names, in the specified order
Parameters:
ldaporder - if true the returned order are as defined in LDAP RFC (CN=foo,O=bar,C=SE), otherwise the order is a defined in X.500 (C=SE,O=bar,CN=foo). | | public static String | insertCNPostfix(String dn, String cnpostfix)
Method used to insert a CN postfix into DN by extracting the first found CN appending cnpostfix and then replacing the original CN
with the new one in DN. | | public static synchronized void | installBCProvider()
| | protected static boolean | isDNReversed(String dn)
Tries to determine if a DN is in reversed form. | | public static boolean | isSelfSigned(X509Certificate cert)
Checks if a certificate is self signed by verifying if subject and issuer are the same.
Parameters:
cert - the certificate that skall be checked. | | public static synchronized void | removeBCProvider()
| | public static String | reverseDN(String dn)
Takes a DN and reverses it completely so the first attribute ends up last. | | public static String | stringToBCDNString(String dn)
Every DN-string should look the same. | | public static X509Name | stringToBcX509Name(String dn)
See stringToBcX509Name(String, X509NameEntryConverter), this method uses the default BC converter (X509DefaultEntryConverter)
See Also: CertTools.stringToBcX509Name(String,X509NameEntryConverter)
Parameters:
dn - String containing DN that will be transformed into X509Name, TheDN string has the format "CN=zz,OU=yy,O=foo,C=SE". | | public static X509Name | stringToBcX509Name(String dn, X509NameEntryConverter converter, Vector dnOrder)
| | public static int | sunKeyUsageToBC(boolean[] sku)
Converts Sun Key usage bits to Bouncy castle key usage kits
Parameters:
sku - key usage bit fields according to java.security.cert.X509Certificate#getKeyUsage, must be a boolean aray of size 9. | | public static boolean | verify(X509Certificate certificate, Collection caCertPath)
Check the certificate with CA certificate. |
| EFSR_OBJECTID | | final public static String EFSR_OBJECTID(Code) | | ObjectID for Mircosoft Encrypted File System Recovery Certificates
|
| EFS_OBJECTID | | final public static String EFS_OBJECTID(Code) | | ObjectID for Mircosoft Encrypted File System Certificates
|
| GUID | | final public static String GUID(Code) | | Microsoft altName for windows domain controller guid
|
| GUID_OBJECTID | | final public static String GUID_OBJECTID(Code) | | ObjectID for upn altName for windows domain controller guid
|
| OID_MSTEMPLATE | | final public static String OID_MSTEMPLATE(Code) | | OID used for creating MS Templates certificate extension
|
| SYSTEM_SECURITY_PROVIDER | | public static String SYSTEM_SECURITY_PROVIDER(Code) | | System provider used to circumvent a bug in Glassfish. Should only be used by
X509CAInfo, OCSPCAService, XKMSCAService, CMSCAService.
Defaults to SUN but can be changed to IBM by the installBCProvider method.
|
| UPN | | final public static String UPN(Code) | | Microsoft altName for windows smart card logon
|
| UPN_OBJECTID | | final public static String UPN_OBJECTID(Code) | | ObjectID for upn altName for windows smart card logon
|
| id_kp_ipsecIKE | | final public static String id_kp_ipsecIKE(Code) | | New OID for ipsec (rfc4945), replaces old deprecated id_kp_ipsecEndSystem, id_kp_ipsecTunnel and id_kp_ipsecUser
|
| id_kp_scvpClient | | final public static String id_kp_scvpClient(Code) | | |
| id_kp_scvpServer | | final public static String id_kp_scvpServer(Code) | | OIDs for SCVP (rfc5055)
|
| id_pda | | final public static String id_pda(Code) | | Object id id-pda
|
| id_pda_countryOfCitizenship | | final public static String id_pda_countryOfCitizenship(Code) | | Object id id-pda-countryOfCitizenship
CountryOfCitizenship ::= PrintableString (SIZE (2))
-- ISO 3166 Country Code
|
| id_pda_countryOfResidence | | final public static String id_pda_countryOfResidence(Code) | | Object id id-pda-countryOfResidence
CountryOfResidence ::= PrintableString (SIZE (2))
-- ISO 3166 Country Code
|
| id_pda_dateOfBirth | | final public static String id_pda_dateOfBirth(Code) | | Object id id-pda-dateOfBirth
DateOfBirth ::= GeneralizedTime
|
| id_pda_gender | | final public static String id_pda_gender(Code) | | Object id id-pda-gender
Gender ::= PrintableString (SIZE(1))
-- "M", "F", "m" or "f"
|
| id_pda_placeOfBirth | | final public static String id_pda_placeOfBirth(Code) | | Object id id-pda-placeOfBirth
PlaceOfBirth ::= DirectoryString
|
| id_pkix | | final public static String id_pkix(Code) | | Object id id-pkix
|
| CertTools | | protected CertTools()(Code) | | inhibits creation of new CertTools
|
| bitStringToRevokedCertInfo | | public static int bitStringToRevokedCertInfo(DERBitString reasonFlags)(Code) | | Converts DERBitString ResonFlags to a RevokedCertInfo constant
Parameters:
reasonFlags - DERBITString received from org.bouncycastle.asn1.x509.ReasonFlags. int according to org.ejbca.core.model.ca.crl.RevokedCertInfo |
| genSelfCert | | public static X509Certificate genSelfCert(String dn, long validity, String policyId, PrivateKey privKey, PublicKey pubKey, String sigAlg, boolean isCA) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CertificateEncodingException, IllegalStateException(Code) | | Generate a selfsigned certiicate.
Parameters:
dn - subject and issuer DN
Parameters:
validity - in days
Parameters:
policyId - policy string ('2.5.29.32.0') or null
Parameters:
privKey - private key
Parameters:
pubKey - public key
Parameters:
sigAlg - signature algorithm, you can use one of the contants CATokenInfo.SIGALG_XXX
Parameters:
isCA - boolean true or false X509Certificate, self signed
throws:
NoSuchAlgorithmException - DOCUMENT ME!
throws:
SignatureException - DOCUMENT ME!
throws:
InvalidKeyException - DOCUMENT ME!
throws:
IllegalStateException -
throws:
CertificateEncodingException - |
| genSelfCertForPurpose | | public static X509Certificate genSelfCertForPurpose(String dn, long validity, String policyId, PrivateKey privKey, PublicKey pubKey, String sigAlg, boolean isCA, int keyusage) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CertificateEncodingException, IllegalStateException(Code) | | Generate a selfsigned certiicate with possibility to specify key usage.
Parameters:
dn - subject and issuer DN
Parameters:
validity - in days
Parameters:
policyId - policy string ('2.5.29.32.0') or null
Parameters:
privKey - private key
Parameters:
pubKey - public key
Parameters:
sigAlg - signature algorithm, you can use one of the contants CATokenInfo.SIGALG_XXX
Parameters:
isCA - boolean true or false
Parameters:
keyusage - as defined by constants in X509KeyUsage X509Certificate, self signed
throws:
NoSuchAlgorithmException - DOCUMENT ME!
throws:
SignatureException - DOCUMENT ME!
throws:
InvalidKeyException - DOCUMENT ME!
throws:
IllegalStateException -
throws:
CertificateEncodingException - |
| generateMD5Fingerprint | | public static byte[] generateMD5Fingerprint(byte[] ba)(Code) | | Generate a MD5 fingerprint from a byte array containing a X.509 certificate
Parameters:
ba - Byte array containing DER encoded X509Certificate. Byte array containing MD5 hash of DER encoded certificate. |
| generateSHA1Fingerprint | | public static byte[] generateSHA1Fingerprint(byte[] ba)(Code) | | Generate a SHA1 fingerprint from a byte array containing a X.509 certificate
Parameters:
ba - Byte array containing DER encoded X509Certificate. Byte array containing SHA1 hash of DER encoded certificate. |
| getAltNameStringFromExtension | | public static String getAltNameStringFromExtension(X509Extension ext)(Code) | | Gets an altName string from an X509Extension
Parameters:
ext - X509Extension with AlternativeNames String as defined in method getSubjectAlternativeName |
| getAuthorityKeyId | | public static byte[] getAuthorityKeyId(X509Certificate cert) throws IOException(Code) | | Get the authority key identifier from a certificate extensions
Parameters:
cert - certificate containing the extension byte[] containing the authority key identifier, or null if it does not exist
throws:
IOException - if extension can not be parsed |
| getCRLfromByteArray | | public static X509CRL getCRLfromByteArray(byte[] crl) throws IOException, CRLException(Code) | | Creates X509CRL from byte[].
Parameters:
crl - byte array containing CRL in DER-format X509CRL
throws:
IOException - if the byte array can not be read.
throws:
CertificateException - if the byte arrayen does not contani a correct CRL.
throws:
CRLException - if the byte arrayen does not contani a correct CRL. |
| getCertFingerprintAsString | | public static String getCertFingerprintAsString(byte[] ba)(Code) | | Generate SHA1 fingerprint in string representation.
Parameters:
ba - Byte array containing DER encoded X509Certificate. String containing hex format of SHA1 fingerprint. |
| getCertfromByteArray | | public static X509Certificate getCertfromByteArray(byte[] cert) throws CertificateException(Code) | | Creates X509Certificate from byte[].
Parameters:
cert - byte array containing certificate in DER-format X509Certificate
throws:
CertificateException - if the byte array does not contain a proper certificate.
throws:
IOException - if the byte array cannot be read. |
| getCertificatePolicyId | | public static String getCertificatePolicyId(X509Certificate cert, int pos) throws IOException(Code) | | Get a certificate policy ID from a certificate policies extension
Parameters:
cert - certificate containing the extension
Parameters:
pos - position of the policy id, if several exist, the first is as pos 0 String with the certificate policy OID
throws:
IOException - if extension can not be parsed |
| getCertsFromPEM | | public static Collection getCertsFromPEM(String certFile) throws IOException, CertificateException(Code) | | Reads a certificate in PEM-format from a file. The file may contain other things,
the first certificate in the file is read.
Parameters:
certFile - the file containing the certificate in PEM-format Ordered Collection of X509Certificate, first certificate first, or empty Collection
exception:
IOException - if the filen cannot be read.
exception:
CertificateException - if the filen does not contain a correct certificate. |
| getCertsFromPEM | | public static Collection getCertsFromPEM(InputStream certstream) throws IOException, CertificateException(Code) | | Reads a certificate in PEM-format from an InputStream. The stream may contain other things,
the first certificate in the stream is read.
Parameters:
certFile - the input stream containing the certificate in PEM-format Ordered Collection of X509Certificate, first certificate first, or empty Collection
exception:
IOException - if the stream cannot be read.
exception:
CertificateException - if the stream does not contain a correct certificate. |
| getCustomOids | | public static ArrayList getCustomOids(String dn)(Code) | | Gets a list of all custom OIDs defined in the string. A custom OID is defined as an OID, simply as that. Otherwise, if it is not a custom oid, the DNpart is defined by a name such as CN och rfc822Name.
Parameters:
dn - String containing DN, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz", or "rfc822Name=foo@bar.com", etc.
Parameters:
dnpart - String specifying which part of the DN to get, should be "CN" or "OU" etc. ArrayList containing oids or empty list if no custom OIDs are present |
| getEMailAddress | | public static String getEMailAddress(X509Certificate certificate)(Code) | | Search for e-mail address, first in SubjectAltName (as in PKIX
recomandation) then in subject DN.
Original author: Marco Ferrante, (c) 2005 CSITA - University of Genoa (Italy)
Parameters:
certificate - subject email or null if not present in certificate |
| getEmailFromDN | | public static ArrayList getEmailFromDN(String dn)(Code) | | Convenience method for getting an email addresses from a DN. Uses
* getPartsFromDN(String,String) internally, and searches for
EMAIL ,
EMAIL1 ,
EMAIL2 ,
EMAIL3 and returns the first one found.
Parameters:
dn - the DN ArrayList containing email or empty list if email is not present the found email address, or null if none is found |
| getFingerprintAsString | | public static String getFingerprintAsString(X509Certificate cert)(Code) | | Generate SHA1 fingerprint of certificate in string representation.
Parameters:
cert - X509Certificate. String containing hex format of SHA1 fingerprint, or null if input is null. |
| getFingerprintAsString | | public static String getFingerprintAsString(X509CRL crl)(Code) | | Generate SHA1 fingerprint of CRL in string representation.
Parameters:
crl - X509CRL. String containing hex format of SHA1 fingerprint. |
| getFingerprintAsString | | public static String getFingerprintAsString(byte[] in)(Code) | | Generate SHA1 fingerprint of byte array in string representation.
byte array to fingerprint. String containing hex format of SHA1 fingerprint. |
| getGeneralNameString | | public static String getGeneralNameString(int tag, DEREncodable value) throws IOException(Code) | | GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER}
Parameters:
tag - the no tag 0-8
Parameters:
value - the DEREncodable value as returned by GeneralName.getName() String in form rfc822Name= or uri= etc
throws:
IOException -
See Also: CertTools.getSubjectAlternativeName |
| getGeneralNamesFromAltName | | public static GeneralNames getGeneralNamesFromAltName(String altName)(Code) | | From an altName string as defined in getSubjectAlternativeName
Parameters:
altName - ASN.1 GeneralNames
See Also: CertTools.getSubjectAlternativeName |
| getGuidAltName | | public static String getGuidAltName(X509Certificate cert) throws IOException, CertificateParsingException(Code) | | Gets the Microsoft specific GUID altName, that is encoded as an octect string.
Parameters:
cert - certificate containing the extension String with the hex-encoded GUID byte array or null if the altName does not exist |
| getIssuerDN | | public static String getIssuerDN(X509Certificate cert)(Code) | | Gets issuer DN in the format we are sure about (BouncyCastle),supporting UTF8.
Parameters:
cert - X509Certificate String containing the issuers DN. |
| getIssuerDN | | public static String getIssuerDN(X509CRL crl)(Code) | | Gets issuer DN for CRL in the format we are sure about (BouncyCastle),supporting UTF8.
Parameters:
crl - X509RL String containing the DN. |
| getPEMFromCerts | | public static byte[] getPEMFromCerts(Collection certs) throws CertificateException(Code) | | Returns a certificate in PEM-format.
Parameters:
certs - Collection of X509Certificate to convert to PEM byte array containing PEM certificate
exception:
CertificateException - if the stream does not contain a correct certificate. |
| getPEMFromCrl | | public static byte[] getPEMFromCrl(byte[] crlbytes)(Code) | | Returns a CRL in PEM-format.
Parameters:
crlbytes - the der encoded crl bytes to convert to PEM byte array containing PEM CRL
exception:
IOException - if the stream cannot be read. |
| getPartFromDN | | public static String getPartFromDN(String dn, String dnpart)(Code) | | Gets a specified part of a DN. Specifically the first occurrence it the DN contains several
instances of a part (i.e. cn=x, cn=y returns x).
Parameters:
dn - String containing DN, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz".
Parameters:
dnpart - String specifying which part of the DN to get, should be "CN" or "OU" etc. String containing dnpart or null if dnpart is not present |
| getPartsFromDN | | public static ArrayList getPartsFromDN(String dn, String dnpart)(Code) | | Gets a specified parts of a DN. Returns all occurences as an ArrayList, also works if DN contains several
instances of a part (i.e. cn=x, cn=y returns {x, y, null}).
Parameters:
dn - String containing DN, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz".
Parameters:
dnpart - String specifying which part of the DN to get, should be "CN" or "OU" etc. ArrayList containing dnparts or empty list if dnpart is not present |
| getSignatureAlgorithm | | public static String getSignatureAlgorithm(X509Certificate cert)(Code) | | Simple method that looks at the certificate and determines, from EJBCA's standpoint, which signature algorithm it is
Parameters:
cert - the cert to examine Signature algorithm from CATokenInfo.SIGALG_SHA1_WITH_RSA etc. |
| getSubjectAlternativeName | | public static String getSubjectAlternativeName(X509Certificate certificate) throws CertificateParsingException, IOException(Code) | | SubjectAltName ::= GeneralNames
GeneralNames :: = SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER}
SubjectAltName is of form \"rfc822Name=,
dNSName=, uniformResourceIdentifier=,
iPAddress=, guid=, directoryName=
Supported altNames are upn, rfc822Name, uniformResourceIdentifier, dNSName, iPAddress, directoryName
author:
Marco Ferrante, (c) 2005 CSITA - University of Genoa (Italy)
author:
Tomas Gustavsson
Parameters:
certificate - containing alt names String containing altNames of form "rfc822Name=email, dNSName=hostname, uniformResourceIdentifier=uri, iPAddress=ip, upn=upn, directoryName=CN=testDirName|dir|name" or null if no altNames exist. Values in returned String is from CertTools constants. AltNames not supported are simply not shown in the resulting string.
throws:
java.lang.Exception - |
| getSubjectDN | | public static String getSubjectDN(X509Certificate cert)(Code) | | Gets subject DN in the format we are sure about (BouncyCastle),supporting UTF8.
Parameters:
cert - X509Certificate String containing the subjects DN. |
| getSubjectKeyId | | public static byte[] getSubjectKeyId(X509Certificate cert) throws IOException(Code) | | Get the subject key identifier from a certificate extensions
Parameters:
cert - certificate containing the extension byte[] containing the subject key identifier, or null if it does not exist
throws:
IOException - if extension can not be parsed |
| getX509FieldOrder | | public static Vector getX509FieldOrder(boolean ldaporder)(Code) | | Obtains a Vector with the DERObjectIdentifiers for
dNObjects names, in the specified order
Parameters:
ldaporder - if true the returned order are as defined in LDAP RFC (CN=foo,O=bar,C=SE), otherwise the order is a defined in X.500 (C=SE,O=bar,CN=foo). Vector with DERObjectIdentifiers defining the known order we require |
| insertCNPostfix | | public static String insertCNPostfix(String dn, String cnpostfix)(Code) | | Method used to insert a CN postfix into DN by extracting the first found CN appending cnpostfix and then replacing the original CN
with the new one in DN.
If no CN could be found in DN then should the given DN be returned untouched
Parameters:
dn - the DN to manipulate, cannot be null
Parameters:
cnpostfix - the postfix to insert, cannot be null the new DN |
| installBCProvider | | public static synchronized void installBCProvider()(Code) | | |
| isDNReversed | | protected static boolean isDNReversed(String dn)(Code) | | Tries to determine if a DN is in reversed form. It does this by taking the last attribute
and the first attribute. If the last attribute comes before the first in the dNObjects array
the DN is assumed to be in reversed order.
The check if a DN is revered is relative to the default ordering, so if the default ordering is:
"C=SE, O=PrimeKey, CN=Tomas" (dNObjectsReverse ordering in EJBCA) a dn or form "CN=Tomas, O=PrimeKey, C=SE" is reversed.
if the default ordering is:
"CN=Tomas, O=PrimeKey, C=SE" (dNObjectsForward ordering in EJBCA) a dn or form "C=SE, O=PrimeKey, CN=Tomas" is reversed.
Parameters:
dn - String containing DN to be checked, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz". true if the DN is believed to be in reversed order, false otherwise |
| isSelfSigned | | public static boolean isSelfSigned(X509Certificate cert)(Code) | | Checks if a certificate is self signed by verifying if subject and issuer are the same.
Parameters:
cert - the certificate that skall be checked. boolean true if the certificate has the same issuer and subject, false otherwise. |
| removeBCProvider | | public static synchronized void removeBCProvider()(Code) | | |
| reverseDN | | public static String reverseDN(String dn)(Code) | | Takes a DN and reverses it completely so the first attribute ends up last.
C=SE,O=Foo,CN=Bar becomes CN=Bar,O=Foo,C=SE.
Parameters:
dn - String containing DN to be reversed, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz". String containing reversed DN |
| stringToBCDNString | | public static String stringToBCDNString(String dn)(Code) | | Every DN-string should look the same. Creates a name string ordered and looking like we want
it...
Parameters:
dn - String containing DN String containing DN, or null if input is null |
| stringToBcX509Name | | public static X509Name stringToBcX509Name(String dn)(Code) | | See stringToBcX509Name(String, X509NameEntryConverter), this method uses the default BC converter (X509DefaultEntryConverter)
See Also: CertTools.stringToBcX509Name(String,X509NameEntryConverter)
Parameters:
dn - String containing DN that will be transformed into X509Name, TheDN string has the format "CN=zz,OU=yy,O=foo,C=SE". Unknown OIDs inthe string will be added to the end positions of OID array. X509Name or null if input is null |
| stringToBcX509Name | | public static X509Name stringToBcX509Name(String dn, X509NameEntryConverter converter, Vector dnOrder)(Code) | | |
| sunKeyUsageToBC | | public static int sunKeyUsageToBC(boolean[] sku)(Code) | | Converts Sun Key usage bits to Bouncy castle key usage kits
Parameters:
sku - key usage bit fields according to java.security.cert.X509Certificate#getKeyUsage, must be a boolean aray of size 9. key usage int according to org.bouncycastle.jce.X509KeyUsage#X509KeyUsage, or -1 if input is null.
See Also: java.security.cert.X509Certificate.getKeyUsage
See Also: org.bouncycastle.jce.X509KeyUsage.X509KeyUsage |
| verify | | public static boolean verify(X509Certificate certificate, Collection caCertPath) throws Exception(Code) | | Check the certificate with CA certificate.
Parameters:
certificate - cert to verify
Parameters:
caCertPath - collection of X509Certificate true if verified OK, false if not |
|
|