Class CertUtils

java.lang.Object
com.netscape.cmscore.cert.CertUtils
public class CertUtils extends Object
Utility class with assorted methods to check for smime pairs, determining the type of cert - signature or encryption ..etc.
Version:
$Revision$, $Date$
Author:
kanda

  • Field Details

  • Constructor Details

    • CertUtils

      public CertUtils()

  • Method Details

    • parseKeyGen

      public static org.mozilla.jss.netscape.security.util.DerInputStream parseKeyGen(Locale locale, String certreq) throws Exception
      Throws:
      Exception

    • unwrapPKCS10

      public static String unwrapPKCS10(String request, boolean checkHeader) throws EBaseException
      Remove the header and footer in the PKCS10 request.
      Throws:
      EBaseException

    • decodePKCS10

      public static org.mozilla.jss.netscape.security.pkcs.PKCS10 decodePKCS10(String req) throws EBaseException
      Throws:
      EBaseException

    • parsePKCS10

      public static org.mozilla.jss.netscape.security.pkcs.PKCS10 parsePKCS10(Locale locale, String certreq) throws Exception
      Throws:
      Exception

    • parseCRMF

      public static org.mozilla.jss.pkix.crmf.CertReqMsg[] parseCRMF(Locale locale, String certreq) throws Exception
      Throws:
      Exception

    • setRSAKeyToCertInfo

      public static void setRSAKeyToCertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo info, byte[] encoded) throws EBaseException
      Throws:
      EBaseException

    • sortCerts

      public static void sortCerts(org.mozilla.jss.netscape.security.x509.X509CertImpl[] arr)

    • isSigningCert

      public static boolean isSigningCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)

    • isEncryptionCert

      public static boolean isEncryptionCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)

    • haveSameValidityPeriod

      public static boolean haveSameValidityPeriod(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2)

    • isSmimePair

      public static boolean isSmimePair(org.mozilla.jss.netscape.security.x509.X509CertImpl cert1, org.mozilla.jss.netscape.security.x509.X509CertImpl cert2, boolean matchSubjectDN)

    • isNotYetValidCert

      public static boolean isNotYetValidCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)

    • isValidCert

      public static boolean isValidCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)

    • isExpiredCert

      public static boolean isExpiredCert(org.mozilla.jss.netscape.security.x509.X509CertImpl cert)

    • sameSubjectDN

      public static boolean sameSubjectDN(String dn1, String dn2)

    • getValidCertsDisplayInfo

      public static String getValidCertsDisplayInfo(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts)

    • getExpiredCertsDisplayInfo

      public static String getExpiredCertsDisplayInfo(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] expiredCerts)

    • getRenewedCertsDisplayInfo

      public static String getRenewedCertsDisplayInfo(String cn, org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts, org.mozilla.jss.netscape.security.x509.X509CertImpl[] renewedCerts)

    • getCertsDisplayInfo

      public static String getCertsDisplayInfo(org.mozilla.jss.netscape.security.x509.X509CertImpl[] validCerts)

    • getCertIndex

      public static int getCertIndex(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl givenCert)
      Returns the index of the given cert in an array of certs. Assumptions: The certs are issued by the same CA
      Parameters:
      certArray - The array of certs.
      givenCert - The certificate we are lokking for in the array.
      Returns:
      -1 if not found or the index of the given cert in the array.

    • getRecentSigningCert

      public static org.mozilla.jss.netscape.security.x509.X509CertImpl getRecentSigningCert(org.mozilla.jss.netscape.security.x509.X509CertImpl[] certArray, org.mozilla.jss.netscape.security.x509.X509CertImpl currentCert)
      Returns the most recently issued signing certificate from an an array of certs. Assumptions: The certs are issued by the same CA
      Parameters:
      certArray - The array of certs.
      currentCert - The certificate we are looking for in the array.
      Returns:
      null if there is no recent cert or the most recent cert.

    • getCertType

      public static String getCertType(org.mozilla.jss.netscape.security.x509.X509CertImpl cert) throws CertificateParsingException, IOException
      Throws:
      CertificateParsingException
      IOException

    • getNSExtensionInfo

      public static String getNSExtensionInfo(org.mozilla.jss.netscape.security.extensions.NSCertTypeExtension nsExtn)

    • readFromFile

      public static byte[] readFromFile(String fileName) throws IOException
      Throws:
      IOException

    • storeInFile

      public static void storeInFile(String fileName, byte[] ba) throws IOException
      Throws:
      IOException

    • mapCert

      public static X509Certificate mapCert(String mime64) throws IOException
      Throws:
      IOException

    • mapCertFromPKCS7

      public static X509Certificate[] mapCertFromPKCS7(String mime64) throws IOException
      Throws:
      IOException

    • mapCRL

      public static X509CRL mapCRL(String mime64) throws IOException
      Throws:
      IOException

    • mapCRL1

      public static X509CRL mapCRL1(String mime64) throws IOException
      Throws:
      IOException

    • normalizeCertStr

      public static String normalizeCertStr(String s)

    • stripCRLBrackets

      public static String stripCRLBrackets(String s)

    • stripCertBrackets

      public static String stripCertBrackets(String s)
      strips out the begin and end certificate brackets
      Parameters:
      s - the string potentially bracketed with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
      Returns:
      string without the brackets

    • getFingerPrint

      public static String getFingerPrint(Certificate cert) throws CertificateEncodingException, NoSuchAlgorithmException
      Returns a string that represents a cert's fingerprint. The fingerprint is a MD5 digest of the DER encoded certificate.
      Parameters:
      cert - Certificate to get the fingerprint of.
      Returns:
      a String that represents the cert's fingerprint.
      Throws:
      CertificateEncodingException
      NoSuchAlgorithmException

    • getFingerPrints

      public static String getFingerPrints(Certificate cert) throws NoSuchAlgorithmException, CertificateEncodingException
      Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER encoded certificate.
      Parameters:
      cert - Certificate to get the fingerprints of.
      Returns:
      a String with fingerprints using the MD5, MD2 and SHA1 hashes. For example, 
       MD2:   78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71

 MD5:   0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75

 SHA1:  DC:D9:F7:AF:E2:83:10:B2:F7:0A:77:E8:50:E2:F7:D1:15:9A:9D:00
      Throws:
      NoSuchAlgorithmException
      CertificateEncodingException

    • getFingerPrints

      public static String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException
      Returns a string that has the certificate's fingerprint using MD5, MD2 and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER encoded certificate.
      Parameters:
      certDer - Certificate to get the fingerprints of.
      Returns:
      a String with fingerprints using the MD5, MD2 and SHA1 hashes. For example, 
       MD2:   78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71

 MD5:   0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75

 SHA1:  DC:D9:F7:AF:E2:83:10:B2:F7:0A:77:E8:50:E2:F7:D1:15:9A:9D:00
      Throws:
      NoSuchAlgorithmException

    • checkOID

      public static org.mozilla.jss.netscape.security.util.ObjectIdentifier checkOID(String attrName, String value) throws EBaseException
      Check if a object identifier in string form is valid, that is a string in the form n.n.n.n and der encode and decode-able.
      Parameters:
      attrName - attribute name (from the configuration file)
      value - object identifier string.
      Throws:
      EBaseException

    • trimB64E

      public static String trimB64E(String b64e)

    • isAlgorithmValid

      public static boolean isAlgorithmValid(String signingKeyType, String algorithm)

    • getAdminProfileAlgorithm

      public static String getAdminProfileAlgorithm(String caSigningKeyType, String profileFilename, String defaultSigningAlgsAllowed) throws Exception
      reads from the admin cert profile caAdminCert.profile and determines the algorithm as follows: 1. First gets list of allowed algorithms from profile (constraint.params.signingAlgsAllowed) If entry does not exist, uses entry "ca.profiles.defaultSigningAlgsAllowed" from CS.cfg If that entry does not exist, uses basic default 2. Gets default.params.signingAlg from profile. If entry does not exist or equals "-", selects first algorithm in allowed algorithm list that matches CA signing key type Otherwise returns entry if it matches signing CA key type.
      Throws:
      EBaseException
      IOException
      FileNotFoundException
      Exception

    • verifySystemCertValidityByNickname

      public static void verifySystemCertValidityByNickname(String nickname) throws Exception
      Throws:
      Exception

    • verifySystemCertByNickname

      public static void verifySystemCertByNickname(String nickname, String certusage) throws Exception
      Throws:
      Exception

    • verifySystemCertByTag

      public static void verifySystemCertByTag(String tag) throws Exception
      Throws:
      Exception

    • verifySystemCertByTag

      public static void verifySystemCertByTag(String tag, boolean checkValidityOnly) throws Exception
      Throws:
      Exception

    • getCertificateUsage

      public static org.mozilla.jss.CertificateUsage getCertificateUsage(String certusage)

    • verifySystemCerts

      public static void verifySystemCerts(boolean checkValidityOnly) throws Exception
      Throws:
      Exception

    • toLowerCaseSubsystemType

      public static String toLowerCaseSubsystemType(String s)

    • printRequestContent

      public static void printRequestContent(IRequest request)

    • addCTv1PoisonExt

      public static void addCTv1PoisonExt(org.mozilla.jss.netscape.security.x509.X509CertInfo certinfo) throws CertificateException, IOException, EBaseException
      Throws:
      CertificateException
      IOException
      EBaseException

    • printExtensions

      public static void printExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions exts)

    • intToFixedWidthBytes

      public static byte[] intToFixedWidthBytes(int n, int width)
      Write the int as a big-endian byte[] of fixed width (in bytes).

    • bytesToHex

      public static String bytesToHex(byte[] bytes)

    • audit

      protected void audit(LogEvent event)

    • certInCertChain

      public static boolean certInCertChain(X509Certificate[] certChain, X509Certificate cert)