org.glite.security.util
Class CertUtil

java.lang.Object
  extended by org.glite.security.util.CertUtil

public class CertUtil
extends java.lang.Object

Certificate utilities.


Constructor Summary
CertUtil()
           
 
Method Summary
static int findClientCert(java.security.cert.X509Certificate[] chain)
          Finds out the index of the client cert in a certificate chain.
static byte[] getExtensionBytes(java.security.cert.X509Certificate cert, java.lang.String oid)
          Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.
static java.lang.String getPEM(java.security.cert.X509Certificate cert)
          Outputs the certificate in PEM encoded form.
static java.lang.String getPEM(java.security.cert.X509Certificate[] certs)
          Outputs the certificates in PEM encoded form.
static java.lang.String getPEM(java.security.cert.X509Certificate[] certs, int from, int to)
          Outputs the certificates in PEM encoded form.
static boolean keysMatch(java.security.PrivateKey key, java.security.PublicKey pubKey)
          Compares whether the given private key and the public key belong together.
static boolean keysMatch(java.security.PrivateKey key, java.security.cert.X509Certificate certificate)
          Compares whether the given private key and the public key in the certificate belong together.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CertUtil

public CertUtil()
Method Detail

getPEM

public static java.lang.String getPEM(java.security.cert.X509Certificate cert)
                               throws java.io.IOException
Outputs the certificate in PEM encoded form.

Parameters:
cert - the Certificate to encode.
Returns:
the PEM encoded certificate string.
Throws:
java.io.IOException - in case the certificate is invalid.

getPEM

public static java.lang.String getPEM(java.security.cert.X509Certificate[] certs,
                                      int from,
                                      int to)
                               throws java.io.IOException
Outputs the certificates in PEM encoded form. Invalid to and from values result in ArrayIndexOutOfBoundsException anyway.

Parameters:
certs - the Certificate to encode.
from - the index of the first cert to encode (0 means first, max certs.length - 1).
to - the index of the last cert to encode (0 means first, max certs.length - 1).
Returns:
the PEM encoded certificate string.
Throws:
java.io.IOException - in case the certificate is invalid.

getPEM

public static java.lang.String getPEM(java.security.cert.X509Certificate[] certs)
                               throws java.io.IOException
Outputs the certificates in PEM encoded form.

Parameters:
certs - the Certificate to encode.
Returns:
the PEM encoded certificate string.
Throws:
java.io.IOException - in case the certificate is invalid.

findClientCert

public static int findClientCert(java.security.cert.X509Certificate[] chain)
Finds out the index of the client cert in a certificate chain.

Parameters:
chain - the cert chain
Returns:
the index of the client cert of -1 if no client cert was found

keysMatch

public static boolean keysMatch(java.security.PrivateKey key,
                                java.security.cert.X509Certificate certificate)
Compares whether the given private key and the public key in the certificate belong together. Meaning private key can decrypt what public key encrypts. Only RSA keys are supported at the moment.

Parameters:
key - The private key.
certificate - The certificate holding the public key.
Returns:
True if the keys match. False if not. Throws IllegalArgumentException in case the keys are not RSA keys.

keysMatch

public static boolean keysMatch(java.security.PrivateKey key,
                                java.security.PublicKey pubKey)
Compares whether the given private key and the public key belong together. Meaning private key can decrypt what public key encrypts. Only RSA keys are supported at the moment.

Parameters:
key - The private key.
pubKey - The public key.
Returns:
True if the keys match. False if not. Throws IllegalArgumentException in case the keys are not RSA keys.

getExtensionBytes

public static byte[] getExtensionBytes(java.security.cert.X509Certificate cert,
                                       java.lang.String oid)
                                throws java.io.IOException
Gets the certificate extension identified by the oid and returns the value bytes unwrapped by the ASN1OctetString.

Parameters:
cert - The certificate to inspect.
oid - The extension OID to fetch.
Returns:
The value bytes of the extension, returns null in case the extension was not present or was empty.
Throws:
java.io.IOException - thrown in case the certificate parsing fails.