Class CertUtil

java.lang.Object
net.i2p.crypto.CertUtil

public final class CertUtil extends Object
Java X.509 certificate utilities, consolidated from various places.
Since:
0.9.9
  • Constructor Details

    • CertUtil

      public CertUtil()
  • Method Details

    • saveCert

      public static boolean saveCert(Certificate cert, File file)
      Write a certificate to a file in base64 format.
      Returns:
      success
      Since:
      0.8.2, moved from SSLEepGet in 0.9.9
    • exportPrivateKey

      public static void exportPrivateKey(PrivateKey pk, Certificate[] certs, OutputStream out) throws IOException, GeneralSecurityException
      Writes the private key and all certs in base64 format. Does NOT close the stream. Throws on all errors.
      Parameters:
      pk - non-null
      certs - certificate chain, null or empty to export pk only
      Throws:
      InvalidKeyException - if the key does not support encoding
      CertificateEncodingException - if a cert does not support encoding
      IOException
      GeneralSecurityException
      Since:
      0.9.24
    • exportCert

      public static void exportCert(Certificate cert, OutputStream out) throws IOException, CertificateEncodingException
      Modified from: http://www.exampledepot.com/egs/java.security.cert/ExportCert.html Writes a certificate in base64 format. Does NOT close the stream. Throws on all errors.
      Throws:
      IOException
      CertificateEncodingException
      Since:
      0.9.24, pulled out of saveCert(), public since 0.9.25
    • getSubjectAlternativeNames

      public static Set<String> getSubjectAlternativeNames(X509Certificate cert)
      Get the set of Subject Alternative Names, including DNSNames, RFC822Names, IPv4 and v6 addresses as strings. see X509Certificate.getSubjectAlternativeNames()
      Returns:
      non-null, empty on error or none found
      Since:
      0.9.34
    • getSubjectValue

      public static String getSubjectValue(X509Certificate cert, String type)
      Get a value out of the subject distinguished name. Warning - unsupported in Android (no javax.naming), returns null.
      Parameters:
      type - e.g. "CN"
      Returns:
      value or null if not found
    • getIssuerValue

      public static String getIssuerValue(X509Certificate cert, String type)
      Get a value out of the issuer distinguished name. Warning - unsupported in Android (no javax.naming), returns null.
      Parameters:
      type - e.g. "CN"
      Returns:
      value or null if not found
      Since:
      0.9.24
    • loadKey

      public static PublicKey loadKey(File kd) throws IOException, GeneralSecurityException
      Get the Java public key from a X.509 certificate file. Throws if the certificate is invalid (e.g. expired). This DOES check for revocation.
      Returns:
      non-null, throws on all errors including certificate invalid
      Throws:
      IOException
      GeneralSecurityException
      Since:
      0.9.24 moved from SU3File private method
    • loadCert

      public static X509Certificate loadCert(File kd) throws IOException, GeneralSecurityException
      Get the certificate from a X.509 certificate file. Throws if the certificate is invalid (e.g. expired). This does NOT check for revocation. This verifies the signature, assuming it is self-signed, but will not throw an exception, will log a warning only, as of 0.9.54. We do NOT fetch additional certs or attempt to validate a cert up the chain.
      Returns:
      non-null, throws on all errors including certificate invalid
      Throws:
      IOException
      GeneralSecurityException
      Since:
      0.9.24 adapted from SU3File private method
    • loadPrivateKey

      public static PrivateKey loadPrivateKey(InputStream in) throws IOException, GeneralSecurityException
      Get a single Private Key from an input stream. Does NOT close the stream.
      Returns:
      non-null, non-empty, throws on all errors including certificate invalid
      Throws:
      IOException
      GeneralSecurityException
      Since:
      0.9.25
    • loadCerts

      public static List<X509Certificate> loadCerts(InputStream in) throws IOException, GeneralSecurityException
      Get one or more certificates from an input stream. Throws if any certificate is invalid (e.g. expired). Does NOT close the stream. This does NOT check for revocation.
      Returns:
      non-null, non-empty, throws on all errors including certificate invalid
      Throws:
      IOException
      GeneralSecurityException
      Since:
      0.9.25
    • saveCRL

      public static boolean saveCRL(X509CRL crl, File file)
      Write a CRL to a file in base64 format.
      Returns:
      success
      Since:
      0.9.25
    • exportCRL

      public static void exportCRL(X509CRL crl, OutputStream out) throws IOException, CRLException
      Writes a CRL in base64 format. Does NOT close the stream. Throws on all errors.
      Throws:
      CRLException - if the crl does not support encoding
      IOException
      Since:
      0.9.25
    • isRevoked

      public static boolean isRevoked(Certificate cert)
      Is the certificate revoked? This loads the CRLs from disk. For efficiency, call loadCRLs() and then pass to isRevoked().
      Since:
      0.9.25
    • isRevoked

      public static boolean isRevoked(I2PAppContext ctx, Certificate cert)
      Is the certificate revoked? This loads the CRLs from disk. For efficiency, call loadCRLs() and then pass to isRevoked().
      Since:
      0.9.25
    • isRevoked

      public static boolean isRevoked(CertStore store, Certificate cert)
      Is the certificate revoked?
      Since:
      0.9.25
    • loadCRLs

      public static CertStore loadCRLs()
      Load CRLs from standard locations.
      Returns:
      non-null, possibly empty
      Since:
      0.9.25
    • loadCRLs

      public static CertStore loadCRLs(I2PAppContext ctx)
      Load CRLs from standard locations.
      Returns:
      non-null, possibly empty
      Since:
      0.9.25
    • loadCRL

      public static X509CRL loadCRL(InputStream in) throws GeneralSecurityException
      Load a CRL. Does NOT Close the stream.
      Returns:
      non-null
      Throws:
      GeneralSecurityException
      Since:
      0.9.25 public since 0.9.26
    • main

      public static final void main(String[] args)