CertUtils (NHIN Direct Java RI - Configuration Service Data Model 1.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.nhindirect.config.model.utils
Class CertUtils

java.lang.Object
  org.nhindirect.config.model.utils.CertUtils

public class CertUtils
extends Object
extends Object

Certificate utility methods.

Since:: 1.0
Author:: Greg Meyer

Nested Class Summary
`static class`	`CertUtils.CertContainer`

Constructor Summary
`CertUtils()`

Method Summary
`X509Certificate`	`certFromFile(String certFile)` Creates an X509Certificate object from an existing file.
`static byte[]`	`changePkcs12Protection(byte[] bytes, char[] oldKeyStorePassPhrase, char[] oldPrivateKeyPassPhrase, char[] newKeystorePassPhrase, char[] newPrivateKeyPassPhrase)` Modifies the keystore and private key protection on a PKCS12 keystore.
`static String`	`getJCEProviderName()` Gets the configured JCE crypto provider string for crypto operations.
`static String`	`getOwner(X509Certificate certificate)` Gets the owner of the certificate with is the email address of domain bound to the certificate.
`static byte[]`	`pkcs12ToStrippedPkcs12(byte[] bytes, String passphrase)` Takes a PKCS12 byte stream and returns a PKCS12 byte stream with the pass phrase protection and encryption removed.
`static void`	`setJCEProviderName(String name)` Overrides the configured JCE crypto provider string.
`static CertUtils.CertContainer`	`toCertContainer(byte[] data)`
`static CertUtils.CertContainer`	`toCertContainer(byte[] data, char[] keyStorePassPhrase, char[] privateKeyPassPhrase)` Creates a certificate container that consists of the X509 certificate and its private key (if it exists).
`static X509Certificate`	`toX509Certificate(byte[] data)` Converts a byte stream to an X509Certificate.
`static X509Certificate`	`toX509Certificate(byte[] data, String passPhrase)` Converts a byte stream to an X509Certificate.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

CertUtils

public CertUtils()

Method Detail

getJCEProviderName

public static String getJCEProviderName()

Gets the configured JCE crypto provider string for crypto operations. This is configured using the -Dorg.nhindirect.config.JCEProviderName JVM parameters. If the parameter is not set or is empty, then the default string "BC" (BouncyCastle provider) is returned. By default the agent installs the BouncyCastle provider.

Returns:: The name of the JCE provider string.

setJCEProviderName

public static void setJCEProviderName(String name)

Overrides the configured JCE crypto provider string. If the name is empty or null, the default string "BC" (BouncyCastle provider) is used.

Parameters:: name - The name of the JCE provider.

getOwner

public static String getOwner(X509Certificate certificate)

Gets the owner of the certificate with is the email address of domain bound to the certificate. The subject alt name is checked first, then the legacy email field, and lastsly the common name field.

Parameters:: certificate - The certificate of the to get the owner of.
Returns:: The owner of the certificate

pkcs12ToStrippedPkcs12

public static byte[] pkcs12ToStrippedPkcs12(byte[] bytes,
                                            String passphrase)

Takes a PKCS12 byte stream and returns a PKCS12 byte stream with the pass phrase protection and encryption removed.

Parameters:: bytes - The PKCS12 byte stream that will be stripped.; passphrase - The pass phrase of the PKCS12 byte stream. This is used to decrypt the PKCS12 stream.
Returns:: A PKCS12 byte stream representation of the original PKCS12 stream with the pass phrase protection and encryption removed.

changePkcs12Protection

public static byte[] changePkcs12Protection(byte[] bytes,
                                            char[] oldKeyStorePassPhrase,
                                            char[] oldPrivateKeyPassPhrase,
                                            char[] newKeystorePassPhrase,
                                            char[] newPrivateKeyPassPhrase)

Modifies the keystore and private key protection on a PKCS12 keystore.

Parameters:: bytes - The PKCS12 encoded as byte array that will be modified.; oldKeyStorePassPhrase - The current pass phrase protecting the keystore file.; oldPrivateKeyPassPhrase - The current pass phrase protecting the private key.; newKeystorePassPhrase - The new pass phrase protecting the keystore file.; newPrivateKeyPassPhrase - The new pass phrase protecting the private key.
Returns:: The modified PKCS12 key store encoded as a byte array/

toX509Certificate

public static X509Certificate toX509Certificate(byte[] data)

Converts a byte stream to an X509Certificate. The byte stream can either be an encoded X509Certificate or a PKCS12 byte stream.

If the stream is a PKCS12 representation, then an empty ("") pass phrase is used to decrypt the stream. In addition the resulting X509Certificate implementation will contain the private key.

Parameters:: data - The byte stream representation to convert.
Returns:: An X509Certificate representation of the byte stream.

toX509Certificate

public static X509Certificate toX509Certificate(byte[] data,
                                                String passPhrase)

Converts a byte stream to an X509Certificate. The byte stream can either be an encoded X509Certificate or a PKCS12 byte stream.

If the stream is a PKCS12 representation, then the pass phrase is used to decrypt the stream. In addition the resulting X509Certificate implementation will contain the private key.

Parameters:: data - The byte stream representation to convert.; passPhrase - If the byte stream is a PKCS12 representation, then the then the pass phrase is used to decrypt the stream. Can be null if the stream is an encoded X509Certificate and not a PKCS12 byte stream.
Returns:: An X509Certificate representation of the byte stream.

certFromFile

public X509Certificate certFromFile(String certFile)

Creates an X509Certificate object from an existing file. The file should be a DER encoded representation of the certificate.

Parameters:: certFile - The file to load into a certificate object.
Returns:: An X509Certificate loaded from the file.

toCertContainer

public static CertUtils.CertContainer toCertContainer(byte[] data)
                                               throws CertificateConversionException

Throws:: CertificateConversionException

toCertContainer

public static CertUtils.CertContainer toCertContainer(byte[] data,
                                                      char[] keyStorePassPhrase,
                                                      char[] privateKeyPassPhrase)
                                               throws CertificateConversionException

Creates a certificate container that consists of the X509 certificate and its private key (if it exists).

Parameters:: data - A DER encoded representation of either an X509 certificate or an unencrypted PKCS12 container.
Returns:: A container object with the X509 certificate and private key (it it exists).
Throws:: CertificateConversionException

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.nhindirect.config.model.utils Class CertUtils

CertUtils

getJCEProviderName

setJCEProviderName

getOwner

pkcs12ToStrippedPkcs12

changePkcs12Protection

toX509Certificate

toX509Certificate

certFromFile

toCertContainer

toCertContainer

org.nhindirect.config.model.utils
Class CertUtils