SSLUtils (POPJava 1.5 API)

java.lang.Object
- ch.icosys.popjava.core.util.ssl.SSLUtils

public class SSLUtils
extends java.lang.Object

Utilities for using SSL and certificates

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static void`	`addCertToTempStore(byte[] certificate)` Add a new certificate to the temporary storage
`static void`	`addCertToTempStore(byte[] certificate, boolean reload)` Add a new certificate to the temporary store
`static void`	`addConfidenceLink(POPNode node, java.security.cert.Certificate certificate, java.lang.String networkUUID)` Add a new certificate to the keystore, this will be written anew on disk.
`static void`	`addKeyEntryToKeyStore(KeyStoreDetails ksOptions, KeyPairDetails keyOptions, java.security.KeyStore.PrivateKeyEntry privateKeyEntry)` Given the keystore information, the key pair details and a real Priva Key / Certificate pair, add it to the keystore.
`static byte[]`	`certificateBytes(java.security.cert.Certificate cert)` Get the bytes of a certificate
`static java.lang.String`	`certificateFingerprint(byte[] certificate)` Get the SHA-1 fingerprint of a certificate from its byte array representation
`static java.lang.String`	`certificateFingerprint(java.security.cert.Certificate cert)` Get the SHA-1 fingerprint of a certificate See https://stackoverflow.com/questions/1270703/how-to-retrieve-compute-an-x509-certificates-thumbprint-in-java
`static java.security.cert.Certificate`	`certificateFromBytes(byte[] certificate)` Transform a certificate byte array to a real certificate.
`static java.security.KeyStore.PrivateKeyEntry`	`ensureKeyPairGeneration(KeyPairDetails options)` Call `generateKeyPair(ch.icosys.popjava.core.util.ssl.KeyPairDetails)` until the operation does not fail.
`static java.security.KeyStore.PrivateKeyEntry`	`generateKeyPair(KeyPairDetails options)` Generate a Private Key and a corresponding public certificate.
`static boolean`	`generateKeyStore(KeyStoreDetails ksOptions, KeyPairDetails keyOptions)` Create a new KeyStore with a new Private Key and Certificate
`static java.security.cert.Certificate`	`getCertificate(java.lang.String fingerprint)` Given a fingerprint (SHA1) it will return the Public Key associated with it.
`static java.security.cert.Certificate`	`getCertificateFromAlias(java.lang.String uuid)` Given a UUID it will return the matching local public certificate for this network.
`static java.lang.String`	`getNetworkFromFingerprint(java.lang.String fingerprint)` Try to extract the network certificate from the fingerprint, and the alias inside the KeyStore.
`static javax.net.ssl.SSLContext`	`getSSLContext()` Get a correctly initialized SSLContext
`static void`	`invalidateSSLSessions()` Invalidate all open SSL Sessions because there was a change in certificate somewhere.
`static boolean`	`isCertificateKnown(java.security.cert.Certificate certificate)` Check if the given certificate is inside the Trust Manager.
`static boolean`	`isConfidenceLink(java.lang.String fingerprint)` Return if a given fingerprint certificate is part of the Confidence Link group.
`static void`	`reloadPOPManagers()` Forcefully reload the Trust and Key Managers if they exists.
`static void`	`removeAlias(java.lang.String alias)` Remove form the KeyStore the specified alias.
`static void`	`removeConfidenceLink(POPNode node, java.lang.String networkUUID)` Remove an entry from the keystore, this will be written anew on disk.
`static void`	`replaceConfidenceLink(POPNode node, java.security.cert.Certificate certificate, java.lang.String networkUUID)` Add a new certificate to the keystore, this will be written anew on disk.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - getSSLContext
```
public static javax.net.ssl.SSLContext getSSLContext()
                                              throws java.security.KeyStoreException,
                                                     java.io.IOException,
                                                     java.security.NoSuchAlgorithmException,
                                                     java.security.cert.CertificateException,
                                                     java.security.UnrecoverableKeyException,
                                                     java.security.KeyManagementException
```
    Get a correctly initialized SSLContext
    
    Returns:
    
    the context ssl to create socket with
    
    Throws:
    
    java.security.KeyStoreException - if we fail to open the keystore
    
    java.io.IOException - if any I/O problem occurs
    
    java.security.NoSuchAlgorithmException - if we can't find the algorithm to check for the key store integrity
    
    java.security.cert.CertificateException - if we can't load some of the certificates
    
    java.security.UnrecoverableKeyException - if we can't load some of the private keys in the key store
    
    java.security.KeyManagementException - if we can't instantiate the ssl context correctly
  - invalidateSSLSessions
```
public static void invalidateSSLSessions()
```
    Invalidate all open SSL Sessions because there was a change in certificate somewhere.
  - reloadPOPManagers
```
public static void reloadPOPManagers()
```
    Forcefully reload the Trust and Key Managers if they exists.
  - addConfidenceLink
```
public static void addConfidenceLink(POPNode node,
                                     java.security.cert.Certificate certificate,
                                     java.lang.String networkUUID)
                              throws java.io.IOException
```
    Add a new certificate to the keystore, this will be written anew on disk. We use the node's hash as alias to identify the match.
    
    Parameters:
    
    node - A node created somehow, directly or with the factory
    
    certificate - The certificate we want to add as a confidence link
    
    networkUUID - The network associated to this certificate
    
    Throws:
    
    java.io.IOException - If we were not able to write to file
  - replaceConfidenceLink
```
public static void replaceConfidenceLink(POPNode node,
                                         java.security.cert.Certificate certificate,
                                         java.lang.String networkUUID)
                                  throws java.io.IOException
```
    Add a new certificate to the keystore, this will be written anew on disk. We use the node's hash as alias to identify the match.
    
    Parameters:
    
    node - A node created somehow, directly or with the factory
    
    certificate - The certificate we want to add as a confidence link
    
    networkUUID - The network associated to this certificate
    
    Throws:
    
    java.io.IOException - If we were not able to write to file
  - removeConfidenceLink
```
public static void removeConfidenceLink(POPNode node,
                                        java.lang.String networkUUID)
                                 throws java.io.IOException
```
    Remove an entry from the keystore, this will be written anew on disk. We use the node's hash as alias to identify the match.
    
    Parameters:
    
    node - A node created somehow, directly or with the factory
    
    networkUUID - The ID of the network
    
    Throws:
    
    java.io.IOException - Many
  - removeAlias
```
public static void removeAlias(java.lang.String alias)
                        throws java.io.IOException
```
    Remove form the KeyStore the specified alias.
    
    Parameters:
    
    alias - the alias to remove from the keystore
    
    Throws:
    
    java.io.IOException - if we fail to save the changed keystore
  - certificateFingerprint
```
public static java.lang.String certificateFingerprint(byte[] certificate)
```
    Get the SHA-1 fingerprint of a certificate from its byte array representation
    
    Parameters:
    
    certificate - the certificate we want the fingerprint of
    
    Returns:
    
    the fingerprint if it's a valid certificate, null otherwise
  - certificateFingerprint
```
public static java.lang.String certificateFingerprint(java.security.cert.Certificate cert)
```
    Get the SHA-1 fingerprint of a certificate See https://stackoverflow.com/questions/1270703/how-to-retrieve-compute-an-x509-certificates-thumbprint-in-java
    
    Parameters:
    
    cert - the certificate we want to know the fingerprint
    
    Returns:
    
    the hex representation of the fingerprint
  - certificateBytes
```
public static byte[] certificateBytes(java.security.cert.Certificate cert)
```
    Get the bytes of a certificate
    
    Parameters:
    
    cert - the certificate we want in bytes
    
    Returns:
    
    the byte representation of the certificate
  - certificateFromBytes
```
public static java.security.cert.Certificate certificateFromBytes(byte[] certificate)
                                                           throws java.security.cert.CertificateException
```
    Transform a certificate byte array to a real certificate.
    
    Parameters:
    
    certificate - A byte array in PEM format
    
    Returns:
    
    The certificate or null
    
    Throws:
    
    java.security.cert.CertificateException - if the given bytes can't be converted to a certificate
  - isCertificateKnown
```
public static boolean isCertificateKnown(java.security.cert.Certificate certificate)
```
    Check if the given certificate is inside the Trust Manager.
    
    Parameters:
    
    certificate - the certificate to check
    
    Returns:
    
    true if the certificate is known by the trust manager, false otherwise
  - getNetworkFromFingerprint
```
public static java.lang.String getNetworkFromFingerprint(java.lang.String fingerprint)
```
    Try to extract the network certificate from the fingerprint, and the alias inside the KeyStore.
    
    Parameters:
    
    fingerprint - the fingerprint we want to know the network of
    
    Returns:
    
    the network or null if unknown
  - getCertificate
```
public static java.security.cert.Certificate getCertificate(java.lang.String fingerprint)
```
    Given a fingerprint (SHA1) it will return the Public Key associated with it.
    
    Parameters:
    
    fingerprint - the fingerprint of the certificate we want
    
    Returns:
    
    the certificate or null if we don't know it
  - getCertificateFromAlias
```
public static java.security.cert.Certificate getCertificateFromAlias(java.lang.String uuid)
```
    Given a UUID it will return the matching local public certificate for this network.
    
    Parameters:
    
    uuid - the alias in the keystore, usually the network UUID
    
    Returns:
    
    the certificate or null if we don't know it
  - isConfidenceLink
```
public static boolean isConfidenceLink(java.lang.String fingerprint)
```
    Return if a given fingerprint certificate is part of the Confidence Link group.
    
    Parameters:
    
    fingerprint - the fingerprint of the certificate
    
    Returns:
    
    true if it's a confidence link, false otherwise
  - addCertToTempStore
```
public static void addCertToTempStore(byte[] certificate)
```
    Add a new certificate to the temporary storage
    
    Parameters:
    
    certificate - the certificate to add to the temporary store
    
    See Also:
    
    addCertToTempStore(byte[], boolean)
  - addCertToTempStore
```
public static void addCertToTempStore(byte[] certificate,
                                      boolean reload)
```
    Add a new certificate to the temporary store
    
    Parameters:
    
    certificate - the bytes of the certificate to add
    
    reload - if we have to reload the keystore now or let the parallel event do it
  - generateKeyStore
```
public static boolean generateKeyStore(KeyStoreDetails ksOptions,
                                       KeyPairDetails keyOptions)
```
    Create a new KeyStore with a new Private Key and Certificate
    
    Parameters:
    
    ksOptions - details on the key store
    
    keyOptions - details on the key we want to generate
    
    Returns:
    
    true if we were able to create the keystore
  - addKeyEntryToKeyStore
```
public static void addKeyEntryToKeyStore(KeyStoreDetails ksOptions,
                                         KeyPairDetails keyOptions,
                                         java.security.KeyStore.PrivateKeyEntry privateKeyEntry)
                                  throws java.io.IOException,
                                         java.security.KeyStoreException,
                                         java.security.NoSuchAlgorithmException,
                                         java.security.cert.CertificateException,
                                         java.security.UnrecoverableKeyException
```
    Given the keystore information, the key pair details and a real Priva Key / Certificate pair, add it to the keystore.
    
    Parameters:
    
    ksOptions - the key store information
    
    keyOptions - the private key information
    
    privateKeyEntry - the private key itself
    
    Throws:
    
    java.io.IOException - if we fail any operation on disk
    
    java.security.KeyStoreException - if we fail any operation on the keystore
    
    java.security.NoSuchAlgorithmException - if we fail to validate the keystore
    
    java.security.cert.CertificateException - if we fail to parse any certificate
    
    java.security.UnrecoverableKeyException - if we fail to create the key manager (for the private keys)
  - ensureKeyPairGeneration
```
public static java.security.KeyStore.PrivateKeyEntry ensureKeyPairGeneration(KeyPairDetails options)
```
    Call generateKeyPair(ch.icosys.popjava.core.util.ssl.KeyPairDetails) until the operation does not fail.
    
    Parameters:
    
    options - the information regarding the private key
    
    Returns:
    
    the generated private key, checked by BouncyCastle for security
  - generateKeyPair
```
public static java.security.KeyStore.PrivateKeyEntry generateKeyPair(KeyPairDetails options)
                                                              throws java.security.NoSuchAlgorithmException,
                                                                     java.io.IOException,
                                                                     org.bouncycastle.operator.OperatorCreationException,
                                                                     java.security.cert.CertificateException,
                                                                     java.lang.IllegalArgumentException
```
    Generate a Private Key and a corresponding public certificate. This process may fail if bouncycastle consider the generate key not to be secure.
    
    Parameters:
    
    options - the information regarding the private key
    
    Returns:
    
    the generated private key, or BouncyCastle will throw a security exception
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if there is a missing algorithm to generate certificate
    
    java.io.IOException - if any I/O problem occurs
    
    org.bouncycastle.operator.OperatorCreationException - if we can't sign the certificate
    
    java.security.cert.CertificateException - if we can't create the certificate
    
    java.lang.IllegalArgumentException

Class SSLUtils

Method Summary

Methods inherited from class java.lang.Object

Method Detail

getSSLContext

invalidateSSLSessions

reloadPOPManagers

addConfidenceLink

replaceConfidenceLink

removeConfidenceLink

removeAlias

certificateFingerprint

certificateFingerprint

certificateBytes

certificateFromBytes

isCertificateKnown

getNetworkFromFingerprint

getCertificate

getCertificateFromAlias

isConfidenceLink

addCertToTempStore

addCertToTempStore

generateKeyStore

addKeyEntryToKeyStore

ensureKeyPairGeneration

generateKeyPair