/** * Serialize the content of a .crt file to X509 certificate chain */ public static X509Certificate[] fromFile(File certFile) { try { String content = new String(Files.readAllBytes(certFile.toPath())); return CertificateUtil.createCertificateChain(content); } catch (Exception e) { return null; } }
public static boolean isSelfSignedCertificate(String certPEM) { try { X509Certificate[] certs = CertificateUtil.createCertificateChain(certPEM); if (certs.length != 1) { return false; } return isSelfSignedCertificate(certs[0]); } catch (Exception e) { return false; } }
/** * Set a key entry in a key store */ private static void setKeyEntry(KeyStore keyStore, String alias, String clientKey, String clientCert) { X509Certificate[] clientCertificates = CertificateUtil.createCertificateChain(clientCert); PrivateKey key = CertificateUtil.createKeyPair(clientKey).getPrivate(); try { keyStore.setKeyEntry(alias, key, EMPTY, clientCertificates); } catch (KeyStoreException e) { throw new RuntimeException("Failed to set key entry", e); } }
/** * Set a certificate entry in a trust store */ public static void setCertificateEntry(KeyStore trustStore, String alias, String trustedCert) { X509Certificate[] certificates = CertificateUtil.createCertificateChain(trustedCert); for (X509Certificate certificate : certificates) { String certAlias = alias + "_" + CertificateUtil.getCommonName(certificate.getSubjectDN()); try { trustStore.setCertificateEntry(certAlias, certificate); } catch (KeyStoreException e) { throw new RuntimeException("Failed to set certificate entry", e); } } }
/** * Utility method to decode a certificate PEM encoded string value to X509Certificate type * certificate instance. * <p> * The difference between this method and {@link #createCertificateChain(String)} is that this * expects exactly one PEM encoded certificate. Use when the PEM represents a distinguished * private or public key. For general purpose, where the expectation is to have one or more PEM * encoded certificates, certificate chain, use {@link #createCertificateChain(String)}. * * @param certPEM * - a certificate PEM encoded string value. * @return - decoded X509Certificate type certificate instance. * @throws RuntimeException * if the certificate can't be decoded to X509Certificate type certificate. */ public static X509Certificate createCertificate(String certPEM) { X509Certificate[] createCertificateChain = createCertificateChain(certPEM); AssertUtil.assertTrue(createCertificateChain.length == 1, "Expected exactly one certificate in PEM: " + certPEM); return createCertificateChain[0]; }
public String getAlias() { if (this.documentSelfLink != null) { return Service.getId(this.documentSelfLink); } else { return CertificateUtil.generatePureFingerPrint( CertificateUtil.createCertificateChain(this.certificate)); } }
public static String generateSelfLink(SslTrustCertificateState body) { AssertUtil.assertNotEmpty(body.certificate, "certificate"); return CertificateUtil.generatePureFingerPrint( CertificateUtil.createCertificateChain(body.certificate)); }
public static String generateFingerprint(SslTrustCertificateState body) { AssertUtil.assertNotEmpty(body.certificate, "certificate"); return CertificateUtil .generatePureFingerPrint(CertificateUtil.createCertificateChain(body.certificate)); }
private void validateStateOnStart(SslTrustCertificateState state) throws Exception { assertNotEmpty(state.certificate, "certificate"); state.certificate = state.certificate.trim(); X509Certificate[] certificates = CertificateUtil.createCertificateChain(state.certificate); CertificateUtil.validateCertificateChain(certificates); // Populate the certificate properties based on the first (end server) certificate X509Certificate endCertificate = certificates[0]; SslTrustCertificateState.populateCertificateProperties(state, endCertificate); }
private void validateStateOnStart(SslTrustCertificateState state) throws Exception { AssertUtil.assertNotEmpty(state.certificate, "'certificate' cannot be empty"); state.certificate = state.certificate.trim(); X509Certificate[] certificates = CertificateUtil.createCertificateChain(state.certificate); CertificateUtil.validateCertificateChain(certificates); // Populate the certificate properties based on the first (end server) certificate X509Certificate endCertificate = certificates[0]; SslTrustCertificateState.populateCertificateProperties(state, endCertificate); }
private void validateCertProperties(SslTrustCertificateState state) throws Exception { assertEquals(HTTPS_HOST_COM, state.origin); X509Certificate[] certificates = CertificateUtil.createCertificateChain(state.certificate); for (X509Certificate cert : certificates) { cert.checkValidity(); assertEquals(cert.getNotAfter(), new Date(TimeUnit.MICROSECONDS .toMillis(state.documentExpirationTimeMicros))); assertEquals(CertificateUtil.getCommonName(cert.getSubjectDN()), state.commonName); assertEquals(CertificateUtil.getCommonName(cert.getIssuerDN()), state.issuerName); assertEquals(cert.getSerialNumber().toString(), state.serial); assertEquals(CertificateUtil.computeCertificateThumbprint(cert), state.fingerprint); assertEquals(cert.getNotBefore().getTime(), state.validSince); assertEquals(cert.getNotAfter().getTime(), state.validTo); } } }