Package net.i2p.crypto
Class CertUtil
java.lang.Object
net.i2p.crypto.CertUtil
Java X.509 certificate utilities, consolidated from various places.
- Since:
- 0.9.9
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic void
exportCert
(Certificate cert, OutputStream out) Modified from: http://www.exampledepot.com/egs/java.security.cert/ExportCert.html Writes a certificate in base64 format.static void
exportCRL
(X509CRL crl, OutputStream out) Writes a CRL in base64 format.static void
exportPrivateKey
(PrivateKey pk, Certificate[] certs, OutputStream out) Writes the private key and all certs in base64 format.static String
getIssuerValue
(X509Certificate cert, String type) Get a value out of the issuer distinguished name.Get the set of Subject Alternative Names, including DNSNames, RFC822Names, IPv4 and v6 addresses as strings.static String
getSubjectValue
(X509Certificate cert, String type) Get a value out of the subject distinguished name.static boolean
isRevoked
(Certificate cert) Is the certificate revoked? This loads the CRLs from disk.static boolean
isRevoked
(CertStore store, Certificate cert) Is the certificate revoked?static boolean
isRevoked
(I2PAppContext ctx, Certificate cert) Is the certificate revoked? This loads the CRLs from disk.static X509Certificate
Get the certificate from a X.509 certificate file.static List<X509Certificate>
loadCerts
(InputStream in) Get one or more certificates from an input stream.static X509CRL
loadCRL
(InputStream in) Load a CRL.static CertStore
loadCRLs()
Load CRLs from standard locations.static CertStore
loadCRLs
(I2PAppContext ctx) Load CRLs from standard locations.static PublicKey
Get the Java public key from a X.509 certificate file.static PrivateKey
Get a single Private Key from an input stream.static final void
static boolean
saveCert
(Certificate cert, File file) Write a certificate to a file in base64 format.static boolean
Write a CRL to a file in base64 format.
-
Constructor Details
-
CertUtil
public CertUtil()
-
-
Method Details
-
saveCert
Write a certificate to a file in base64 format.- Returns:
- success
- Since:
- 0.8.2, moved from SSLEepGet in 0.9.9
-
exportPrivateKey
public static void exportPrivateKey(PrivateKey pk, Certificate[] certs, OutputStream out) throws IOException, GeneralSecurityException Writes the private key and all certs in base64 format. Does NOT close the stream. Throws on all errors.- Parameters:
pk
- non-nullcerts
- certificate chain, null or empty to export pk only- Throws:
InvalidKeyException
- if the key does not support encodingCertificateEncodingException
- if a cert does not support encodingIOException
GeneralSecurityException
- Since:
- 0.9.24
-
exportCert
public static void exportCert(Certificate cert, OutputStream out) throws IOException, CertificateEncodingException Modified from: http://www.exampledepot.com/egs/java.security.cert/ExportCert.html Writes a certificate in base64 format. Does NOT close the stream. Throws on all errors.- Throws:
IOException
CertificateEncodingException
- Since:
- 0.9.24, pulled out of saveCert(), public since 0.9.25
-
getSubjectAlternativeNames
Get the set of Subject Alternative Names, including DNSNames, RFC822Names, IPv4 and v6 addresses as strings. see X509Certificate.getSubjectAlternativeNames()- Returns:
- non-null, empty on error or none found
- Since:
- 0.9.34
-
getSubjectValue
Get a value out of the subject distinguished name. Warning - unsupported in Android (no javax.naming), returns null.- Parameters:
type
- e.g. "CN"- Returns:
- value or null if not found
-
getIssuerValue
Get a value out of the issuer distinguished name. Warning - unsupported in Android (no javax.naming), returns null.- Parameters:
type
- e.g. "CN"- Returns:
- value or null if not found
- Since:
- 0.9.24
-
loadKey
Get the Java public key from a X.509 certificate file. Throws if the certificate is invalid (e.g. expired). This DOES check for revocation.- Returns:
- non-null, throws on all errors including certificate invalid
- Throws:
IOException
GeneralSecurityException
- Since:
- 0.9.24 moved from SU3File private method
-
loadCert
Get the certificate from a X.509 certificate file. Throws if the certificate is invalid (e.g. expired). This does NOT check for revocation. This verifies the signature, assuming it is self-signed, but will not throw an exception, will log a warning only, as of 0.9.54. We do NOT fetch additional certs or attempt to validate a cert up the chain.- Returns:
- non-null, throws on all errors including certificate invalid
- Throws:
IOException
GeneralSecurityException
- Since:
- 0.9.24 adapted from SU3File private method
-
loadPrivateKey
public static PrivateKey loadPrivateKey(InputStream in) throws IOException, GeneralSecurityException Get a single Private Key from an input stream. Does NOT close the stream.- Returns:
- non-null, non-empty, throws on all errors including certificate invalid
- Throws:
IOException
GeneralSecurityException
- Since:
- 0.9.25
-
loadCerts
public static List<X509Certificate> loadCerts(InputStream in) throws IOException, GeneralSecurityException Get one or more certificates from an input stream. Throws if any certificate is invalid (e.g. expired). Does NOT close the stream. This does NOT check for revocation.- Returns:
- non-null, non-empty, throws on all errors including certificate invalid
- Throws:
IOException
GeneralSecurityException
- Since:
- 0.9.25
-
saveCRL
Write a CRL to a file in base64 format.- Returns:
- success
- Since:
- 0.9.25
-
exportCRL
Writes a CRL in base64 format. Does NOT close the stream. Throws on all errors.- Throws:
CRLException
- if the crl does not support encodingIOException
- Since:
- 0.9.25
-
isRevoked
Is the certificate revoked? This loads the CRLs from disk. For efficiency, call loadCRLs() and then pass to isRevoked().- Since:
- 0.9.25
-
isRevoked
Is the certificate revoked? This loads the CRLs from disk. For efficiency, call loadCRLs() and then pass to isRevoked().- Since:
- 0.9.25
-
isRevoked
Is the certificate revoked?- Since:
- 0.9.25
-
loadCRLs
Load CRLs from standard locations.- Returns:
- non-null, possibly empty
- Since:
- 0.9.25
-
loadCRLs
Load CRLs from standard locations.- Returns:
- non-null, possibly empty
- Since:
- 0.9.25
-
loadCRL
Load a CRL. Does NOT Close the stream.- Returns:
- non-null
- Throws:
GeneralSecurityException
- Since:
- 0.9.25 public since 0.9.26
-
main
-