Package de.trustable.ca3s.core.service.util

Class CertificateUtil

java.lang.Object

de.trustable.ca3s.core.service.util.CertificateUtil

@Service
public class CertificateUtil
extends Object

Constructor Summary

Constructors

Constructor	Description
CertificateUtil()

Method Summary

Modifier and Type	Method	Description
X509Certificate	convertPemToCertificate(String pem)
org.bouncycastle.cert.X509CertificateHolder	convertPemToCertificateHolder(String pem)
PrivateKey	convertPemToPrivateKey(String pem)
Certificate	createCertificate(byte[] encodedCert, CSR csr, String executionId, boolean reimport)
Certificate	createCertificate(byte[] encodedCert, CSR csr, String executionId, boolean reimport, String importUrl)
Certificate	createCertificate(String pemCert, CSR csr, String executionId)
Certificate	createCertificate(String pemCert, CSR csr, String executionId, boolean reimport)
Certificate	createCertificate(String pemCert, CSR csr, String executionId, boolean reimport, String importUrl)
static String	deriveCurveName(PrivateKey privateKey)
static String	deriveCurveName(PublicKey publicKey)
static String	deriveCurveName(org.bouncycastle.jce.spec.ECParameterSpec ecParameterSpec)	derive the curve name
Certificate	findIssuingCertificate(Certificate cert)
Certificate	findIssuingCertificate(org.bouncycastle.cert.X509CertificateHolder x509CertHolder)
List<Certificate>	findReplaceCandidates(String[] sanArr)
List<Certificate>	findReplaceCandidates(List<String> sans)
static byte[]	generateSHA1Fingerprint(byte[] ba)	Generate a SHA1 fingerprint from a byte array containing a X.509 certificate
static int	getAlignedKeyLength(PublicKey pk)
String	getCertAttribute(Certificate certDao, String name)
Certificate	getCertificateByBase64(String b64Cert)
Certificate	getCertificateByPEM(String pemCert)
Certificate	getCertificateByX509(X509Certificate x509Cert)
List<Certificate>	getCertificateChain(Certificate startCertDao)
List<String>	getCertificatePolicies(X509Certificate x509Cert)
List<String>	getCrlDistributionPoints(X509Certificate cert)	Extracts all CRL distribution point URLs from the "CRL Distribution Point" extension in a X.509 certificate.
static String	getDownloadFilename(Certificate cert)
static int	getKeyLength(PublicKey pk)	Gets the key length of supported keys
static String	getPaddedSerial(String serial)	bloat the string-typed serial to a defined length to ensure ordering works out fine.
static String	getPaddedTimestamp(String timestamp)	bloat the string-typed timestamp to a defined length to ensure ordering works out fine
PrivateKey	getPrivateKey(Certificate cert)
PrivateKey	getPrivateKey(CSR csr)
PrivateKey	getPrivateKey(ProtectedContentType type, ContentRelationType relationType, Long id)
Set<org.bouncycastle.asn1.x509.GeneralName>	getSANList(de.trustable.util.Pkcs10RequestHolder p10ReqHolder)
Set<org.bouncycastle.asn1.x509.GeneralName>	getSANList(org.bouncycastle.cert.X509CertificateHolder x509CertHolder)
static String	getTypedSAN(int altNameType, String sanValue)
X509Certificate[]	getX509CertificateChain(Certificate startCert)
List<X509Certificate>	getX509CertificateChainAsList(Certificate startCert)
void	insertNameAttributes(Certificate cert, String attributeName, org.bouncycastle.asn1.x500.X500Name x500NameSubject)
void	setCertAttribute(Certificate certDao, String name, long value)
void	setCertAttribute(Certificate cert, String name, String value)
void	setCertAttribute(Certificate cert, String name, String value, boolean multiValue)
void	setCertMultiValueAttribute(Certificate cert, String name, String value)
void	setRevocationStatus(Certificate cert, String revocationReason, Instant revocationDate)
void	setRevocationStatus(Certificate cert, String revocationReason, Date revocationDate)
void	storePrivateKey(Certificate cert, KeyPair keyPair)
void	storePrivateKey(CSR csr, KeyPair keyPair)
void	usageAsCertAttributes(boolean[] usage, Certificate cert)	convert the usage-bits to a readable string
static String	usageAsString(boolean[] usage)	convert the usage-bits to a readable string

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertificateUtil

public CertificateUtil()

Method Detail

createCertificate

public Certificate createCertificate(byte[] encodedCert,
                                     CSR csr,
                                     String executionId,
                                     boolean reimport)
                              throws GeneralSecurityException,
                                     IOException

Throws:

GeneralSecurityException

IOException

createCertificate

public Certificate createCertificate(byte[] encodedCert,
                                     CSR csr,
                                     String executionId,
                                     boolean reimport,
                                     String importUrl)
                              throws GeneralSecurityException,
                                     IOException

Throws:

GeneralSecurityException

IOException

createCertificate

public Certificate createCertificate(String pemCert,
                                     CSR csr,
                                     String executionId)
                              throws GeneralSecurityException,
                                     IOException

Parameters:

pemCert -

csr -

executionId -

Returns:

certificate

Throws:

GeneralSecurityException

IOException

createCertificate

public Certificate createCertificate(String pemCert,
                                     CSR csr,
                                     String executionId,
                                     boolean reimport)
                              throws GeneralSecurityException,
                                     IOException

Parameters:

pemCert -

csr -

executionId -

reimport -

Returns:

Throws:

GeneralSecurityException

IOException

getCertificateByBase64

public Certificate getCertificateByBase64(String b64Cert)
                                   throws GeneralSecurityException,
                                          IOException

Parameters:

b64Cert -

Returns:

Throws:

GeneralSecurityException

IOException

getCertificateByPEM

public Certificate getCertificateByPEM(String pemCert)
                                throws GeneralSecurityException,
                                       IOException

Parameters:

pemCert -

Returns:

Throws:

GeneralSecurityException

IOException

getCertificateByX509

public Certificate getCertificateByX509(X509Certificate x509Cert)
                                 throws GeneralSecurityException,
                                        IOException

Parameters:

x509Cert -

Returns:

Throws:

GeneralSecurityException

IOException

createCertificate

public Certificate createCertificate(String pemCert,
                                     CSR csr,
                                     String executionId,
                                     boolean reimport,
                                     String importUrl)
                              throws GeneralSecurityException,
                                     IOException

Parameters:

pemCert -

csr -

executionId -

reimport -

Returns:

certificate

Throws:

GeneralSecurityException

IOException

getCertificatePolicies

public List<String> getCertificatePolicies(X509Certificate x509Cert)

getTypedSAN

public static String getTypedSAN(int altNameType,
                                 String sanValue)

getAlignedKeyLength

public static int getAlignedKeyLength(PublicKey pk)

Parameters:

pk -

Returns:

getKeyLength

public static int getKeyLength(PublicKey pk)

Gets the key length of supported keys

Parameters:

pk - PublicKey used to derive the keysize

Returns:

-1 if key is unsupported, otherwise a number >= 0. 0 usually means the length can not be calculated, for example if the key is an EC key and the "implicitlyCA" encoding is used.

deriveCurveName

public static final String deriveCurveName(org.bouncycastle.jce.spec.ECParameterSpec ecParameterSpec)
                                    throws GeneralSecurityException

derive the curve name

Parameters:

ecParameterSpec -

Returns:

Throws:

GeneralSecurityException

deriveCurveName

public static final String deriveCurveName(PublicKey publicKey)
                                    throws GeneralSecurityException

Throws:

GeneralSecurityException

deriveCurveName

public static final String deriveCurveName(PrivateKey privateKey)
                                    throws GeneralSecurityException

Throws:

GeneralSecurityException

insertNameAttributes

public void insertNameAttributes(Certificate cert,
                                 String attributeName,
                                 org.bouncycastle.asn1.x500.X500Name x500NameSubject)

Parameters:

cert -

attributeName -

x500NameSubject -

getCertAttribute

public String getCertAttribute(Certificate certDao,
                               String name)

setCertAttribute

public void setCertAttribute(Certificate certDao,
                             String name,
                             long value)

Parameters:

certDao -

name -

value -

setCertMultiValueAttribute

public void setCertMultiValueAttribute(Certificate cert,
                                       String name,
                                       String value)

Parameters:

cert -

name -

value -

setCertAttribute

public void setCertAttribute(Certificate cert,
                             String name,
                             String value)

Parameters:

cert -

name -

value -

setCertAttribute

public void setCertAttribute(Certificate cert,
                             String name,
                             String value,
                             boolean multiValue)

Parameters:

cert -

name -

value -

multiValue -

getCertificateChain

public List<Certificate> getCertificateChain(Certificate startCertDao)
                                      throws GeneralSecurityException

Parameters:

startCertDao -

Returns:

Throws:

GeneralSecurityException

getX509CertificateChain

public X509Certificate[] getX509CertificateChain(Certificate startCert)
                                          throws GeneralSecurityException

Parameters:

startCert - end entity certificate for chain search

Returns:

X509Certificate Array

Throws:

GeneralSecurityException

getX509CertificateChainAsList

public List<X509Certificate> getX509CertificateChainAsList(Certificate startCert)
                                                    throws GeneralSecurityException

Parameters:

startCert - end entity certificate for chain search

Returns:

X509Certificate List

Throws:

GeneralSecurityException

getPaddedSerial

public static String getPaddedSerial(String serial)

bloat the string-typed serial to a defined length to ensure ordering works out fine. The length of serials has a wide range (1 .. 50 cahrs)

Parameters:

serial - a serial (e.g.'1' or '2586886443079766545651298663063516315029340169') encoded as a string.

Returns:

the padded serial string. If serial is null, return max number of zeroes

getPaddedTimestamp

public static String getPaddedTimestamp(String timestamp)

bloat the string-typed timestamp to a defined length to ensure ordering works out fine

Parameters:

timestamp - a timestamp (e.g.'1593080183000') encoded as a string

Returns:

the padded timestamp string. If timestamp is null, return max number of zeroes

generateSHA1Fingerprint

public static byte[] generateSHA1Fingerprint(byte[] ba)

Generate a SHA1 fingerprint from a byte array containing a X.509 certificate

Parameters:

ba - Byte array containing DER encoded X509Certificate.

Returns:

Byte array containing SHA1 hash of DER encoded certificate.

usageAsString

public static String usageAsString(boolean[] usage)

convert the usage-bits to a readable string

Parameters:

usage -

Returns:

descriptive text representing the key usage

usageAsCertAttributes

public void usageAsCertAttributes(boolean[] usage,
                                  Certificate cert)

convert the usage-bits to a readable string

Parameters:

usage - boolean array of usage

cert - certificate to set attributes

findIssuingCertificate

public Certificate findIssuingCertificate(Certificate cert)
                                   throws GeneralSecurityException

Throws:

GeneralSecurityException

convertPemToCertificateHolder

public org.bouncycastle.cert.X509CertificateHolder convertPemToCertificateHolder(String pem)
                                                                          throws GeneralSecurityException

Parameters:

pem - string that will be converted to X509Certificate

Returns:

X509CertificateHolder converted from PEM String

Throws:

GeneralSecurityException

convertPemToCertificate

public X509Certificate convertPemToCertificate(String pem)
                                        throws GeneralSecurityException

Parameters:

pem - string that will be converted to X509Certificate

Returns:

X509Certificate converted from PEM String

Throws:

GeneralSecurityException

convertPemToPrivateKey

public PrivateKey convertPemToPrivateKey(String pem)
                                  throws GeneralSecurityException

Parameters:

pem - string that will be converted to PrivateKey

Returns:

PrivateKey converted from PEM String

Throws:

GeneralSecurityException

findIssuingCertificate

public Certificate findIssuingCertificate(org.bouncycastle.cert.X509CertificateHolder x509CertHolder)
                                   throws GeneralSecurityException

Parameters:

x509CertHolder - certificate to search issuning certificate

Returns:

issuing certificate from input certificate

Throws:

GeneralSecurityException

getSANList

public Set<org.bouncycastle.asn1.x509.GeneralName> getSANList(org.bouncycastle.cert.X509CertificateHolder x509CertHolder)

getSANList

public Set<org.bouncycastle.asn1.x509.GeneralName> getSANList(de.trustable.util.Pkcs10RequestHolder p10ReqHolder)

storePrivateKey

public void storePrivateKey(CSR csr,
                            KeyPair keyPair)
                     throws IOException

Throws:

IOException

storePrivateKey

public void storePrivateKey(Certificate cert,
                            KeyPair keyPair)
                     throws IOException

Parameters:

cert - certificate that needs to be stored in PEM format

keyPair - keypair that needs to be stored in PEM format

Throws:

IOException

getPrivateKey

public PrivateKey getPrivateKey(CSR csr)

Parameters:

csr -

Returns:

getPrivateKey

public PrivateKey getPrivateKey(Certificate cert)

Parameters:

cert -

Returns:

getPrivateKey

public PrivateKey getPrivateKey(ProtectedContentType type,
                                ContentRelationType relationType,
                                Long id)

Parameters:

type -

relationType -

id -

Returns:

getCrlDistributionPoints

public List<String> getCrlDistributionPoints(X509Certificate cert)
                                      throws CertificateParsingException,
                                             IOException

Extracts all CRL distribution point URLs from the "CRL Distribution Point" extension in a X.509 certificate. If CRL distribution point extension is unavailable, returns an empty list.

Throws:

CertificateParsingException

IOException

setRevocationStatus

public void setRevocationStatus(Certificate cert,
                                String revocationReason,
                                Date revocationDate)

setRevocationStatus

public void setRevocationStatus(Certificate cert,
                                String revocationReason,
                                Instant revocationDate)

findReplaceCandidates

public List<Certificate> findReplaceCandidates(String[] sanArr)

Parameters:

sanArr - SAN array

Returns:

list of certificates

findReplaceCandidates

public List<Certificate> findReplaceCandidates(List<String> sans)

Parameters:

sans - SANs as List

Returns:

list of certificates

getDownloadFilename

public static String getDownloadFilename(Certificate cert)