org.glite.voms

Class PKIUtils


public class PKIUtils
extends java.lang.Object

Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it Copyright (c) Members of the EGEE Collaboration. 2004-2010. See http://www.eu-egee.org/partners/ for details on the copyright holders. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Parts of this code may be based upon or even include verbatim pieces, originally written by other people, in which case the original header follows.

Method Summary

static boolean
DNCompare(String dn1, String dn2)
static String
Normalize(String dn)
Compares two DNs for equality, taking into account different representations for the Email and UserID tags.
static boolean
checkIssued(X509Certificate issuer, X509Certificate issued)
Checks if a certificate issued another certificate, according to RFC 3280.
static AuthorityKeyIdentifier
getAKID(X509Certificate cert)
Gets the AuthorityKeyIdentifier extension form the passed certificate.
static String
getBaseName(File f)
Gets the basename of a file.
static BasicConstraints
getBasicConstraints(X509Certificate cert)
Gets the BasicConstraints extension form the passed certificate.
static String
getHash(X500Principal principal)
Gets the MD5 hash value of the given principal.
static String
getHash(X509CRL crl)
Gets the MD5 hash value of the issuer of the given CRL.
static String
getHash(X509Certificate x509)
Gets the MD5 hash value of the subject of the given certificate.
static String
getHash(X509Principal principal)
Gets the MD5 hash value of the given principal.
static String
getHash(byte[] name)
Gets the MD5 hash value of the given byte array.
static String
getOpenSSLFormatPrincipal(Principal principal)
static String
getOpenSSLFormatPrincipal(Principal principal, boolean reverse)
Gets an OpenSSL-style representation of a principal.
static SubjectKeyIdentifier
getSKID(X509Certificate cert)
Gets the SubjectKeyIdentifier extension form the passed certificate.
static boolean
isCA(X509Certificate cert)
Checks if the passed certificate is a CA certificate.
static boolean
isProxy(X509Certificate cert)
Checks if the passed certificate is a proxy certificate.
static X509CRL
loadCRL(File file)
Loads a CRL from a file.
static X509CRL
loadCRL(String filename)
Loads a CRL from a file.
static X509Certificate[]
loadCertificates(File file)
Loads a set of credentials from a file.
static X509Certificate[]
loadCertificates(String filename)
Loads a set of credentials from a file.
static PrivateKey
loadPrivateKey(File file, PasswordFinder finder)
static PrivateKey
loadPrivateKey(String filename, PasswordFinder finder)
static Object
readObject(File f)
Reads either a certificate or a CRL from a file.
static boolean
selfIssued(X509Certificate cert)
Checks if the give certificate is self-issued.
static int
skipToCertBeginning(BufferedInputStream stream)
Prepares a BufferedInputStream to read either a certificate or a CRL from it.

Method Details

DNCompare

public static boolean DNCompare(String dn1,
                                String dn2)

Normalize

public static String Normalize(String dn)
Compares two DNs for equality, taking into account different representations for the Email and UserID tags.
Parameters:
Returns:
true if dn1 and dn2 are equal, false otherwise.

checkIssued

public static boolean checkIssued(X509Certificate issuer,
                                  X509Certificate issued)
Checks if a certificate issued another certificate, according to RFC 3280.
Parameters:
issuer - The candidate issuer certificate.
issued - The candidate issued certificate.
Returns:
true if issuer issued issued, false othersie.

getAKID

public static AuthorityKeyIdentifier getAKID(X509Certificate cert)
Gets the AuthorityKeyIdentifier extension form the passed certificate.
Parameters:
cert - The certificate from which to get the extension.
Returns:
the extension if present, or null if not present.

getBaseName

public static String getBaseName(File f)
Gets the basename of a file.
Parameters:
f - File object representing a file.
Returns:
a string representing the file name, minus the path.

getBasicConstraints

public static BasicConstraints getBasicConstraints(X509Certificate cert)
Gets the BasicConstraints extension form the passed certificate.
Parameters:
cert - The certificate from which to get the extension.
Returns:
the extension if present, or null if not present.

getHash

public static String getHash(X500Principal principal)
Gets the MD5 hash value of the given principal.
Parameters:
principal - the principal.
Returns:
the hash value.

getHash

public static String getHash(X509CRL crl)
Gets the MD5 hash value of the issuer of the given CRL.
Parameters:
crl - The CRL from which to get the issuer.
Returns:
the hash value.

getHash

public static String getHash(X509Certificate x509)
Gets the MD5 hash value of the subject of the given certificate.
Parameters:
x509 - The certificate from which to get the subject.
Returns:
the hash value.

getHash

public static String getHash(X509Principal principal)
Gets the MD5 hash value of the given principal.
Parameters:
principal - the principal.
Returns:
the hash value.

getHash

public static String getHash(byte[] name)
Gets the MD5 hash value of the given byte array.
Parameters:
name - the data from which to compute the hash.
Returns:
the hash value.

getOpenSSLFormatPrincipal

public static String getOpenSSLFormatPrincipal(Principal principal)

getOpenSSLFormatPrincipal

public static String getOpenSSLFormatPrincipal(Principal principal,
                                               boolean reverse)
Gets an OpenSSL-style representation of a principal.
Parameters:
principal - the principal
Returns:
a String representing the principal.

getSKID

public static SubjectKeyIdentifier getSKID(X509Certificate cert)
Gets the SubjectKeyIdentifier extension form the passed certificate.
Parameters:
cert - The certificate from which to get the extension.
Returns:
the extension if present, or null if not present.

isCA

public static boolean isCA(X509Certificate cert)
Checks if the passed certificate is a CA certificate.
Parameters:
cert - the candidate CA certificate.
Returns:
true if cert is a CA certificate.

isProxy

public static boolean isProxy(X509Certificate cert)
Checks if the passed certificate is a proxy certificate. Recognizes GT2, GT3 and GT4 proxies.
Parameters:
cert - the candidate proxy certificate.
Returns:
true if cert is a proxy certificate.

loadCRL

public static X509CRL loadCRL(File file)
            throws CRLException
Loads a CRL from a file.
Parameters:
file - the File object from which to load the CRL.
Returns:
an array containing the certificates that were present in the file.

loadCRL

public static X509CRL loadCRL(String filename)
            throws CRLException
Loads a CRL from a file.
Parameters:
filename - the name of the file from which to load the CRL.
Returns:
an array containing the certificates that were present in the file.

loadCertificates

public static X509Certificate[] loadCertificates(File file)
            throws CertificateException
Loads a set of credentials from a file.
Parameters:
file - the File object from which to load the certificates.
Returns:
an array containing the certificates that were present in the file.
See Also:
java.io.File

loadCertificates

public static X509Certificate[] loadCertificates(String filename)
            throws CertificateException
Loads a set of credentials from a file.
Parameters:
filename - the name of the file from which to load the certificates.
Returns:
an array containing the certificates that were present in the file.

loadPrivateKey

public static PrivateKey loadPrivateKey(File file,
                                        PasswordFinder finder)

loadPrivateKey

public static PrivateKey loadPrivateKey(String filename,
                                        PasswordFinder finder)

readObject

public static Object readObject(File f)
            throws IOException,
                   CertificateException,
                   CRLException
Reads either a certificate or a CRL from a file.
Parameters:
f - the file from which to read;
Returns:
the Object loaded.

selfIssued

public static boolean selfIssued(X509Certificate cert)
Checks if the give certificate is self-issued.
Parameters:
cert - The certificate to check.
Returns:
true if the certificate is self-issued, false otherwise.

skipToCertBeginning

public static int skipToCertBeginning(BufferedInputStream stream)
            throws IOException
Prepares a BufferedInputStream to read either a certificate or a CRL from it. Skips everything in front of "-----BEGIN" in the stream.
Parameters:
stream - The stream to read and skip.
Returns:
CERT if a certificate is the next object to be read from the stream, CRL if the next object is a CRL, -1 if the next object is of type unknown.