/** * Decodes X.509 certificates in DER or PEM format. * * @param certs encoded certs * * @return decoded certs * * @throws CertificateException thrown if the certificates can not be decoded * * @since 1.2 */ public static Collection<X509Certificate> decodeCertificate(File certs) throws CertificateException{ if(!certs.exists()){ throw new CertificateException("Certificate file " + certs.getAbsolutePath() + " does not exist"); } if(!certs.canRead()){ throw new CertificateException("Certificate file " + certs.getAbsolutePath() + " is not readable"); } try{ return decodeCertificate(DatatypeHelper.fileToByteArray(certs)); }catch(IOException e){ throw new CertificateException("Error reading certificate file " + certs.getAbsolutePath(), e); } }
/** * Decodes X.509 certificates in DER or PEM format. * * @param certs encoded certs * * @return decoded certs * * @throws CertificateException thrown if the certificates can not be decoded * * @since 1.2 */ public static Collection<X509Certificate> decodeCertificate(File certs) throws CertificateException{ if(!certs.exists()){ throw new CertificateException("Certificate file " + certs.getAbsolutePath() + " does not exist"); } if(!certs.canRead()){ throw new CertificateException("Certificate file " + certs.getAbsolutePath() + " is not readable"); } try{ return decodeCertificate(DatatypeHelper.fileToByteArray(certs)); }catch(IOException e){ throw new CertificateException("Error reading certificate file " + certs.getAbsolutePath(), e); } }
/** * Parses the certificates from the validation info configuration. * * @param configChildren children of the validation set element * @param builder validation set build */ protected void parseCertificates(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) { List<Element> certElems = configChildren.get(new QName(SecurityNamespaceHandler.NAMESPACE, "Certificate")); if (certElems == null || certElems.isEmpty()) { return; } log.debug("Parsing PKIX validation info certificates"); ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>(); byte[] encodedCert; Collection<X509Certificate> decodedCerts; for (Element certElem : certElems) { encodedCert = getEncodedCertificate(DatatypeHelper.safeTrimOrNullString(certElem.getTextContent())); if (encodedCert == null) { continue; } try { decodedCerts = X509Util.decodeCertificate(encodedCert); certs.addAll(decodedCerts); } catch (CertificateException e) { throw new FatalBeanException("Unable to create PKIX validation info, unable to parse certificates", e); } } builder.addPropertyValue("certificates", certs); }
/** * Convert an {@link org.opensaml.xml.signature.X509Certificate} into a native Java representation. * * @param xmlCert an {@link org.opensaml.xml.signature.X509Certificate} * * @return a {@link java.security.cert.X509Certificate} * * @throws CertificateException thrown if there is a problem converting the * X509 data into {@link java.security.cert.X509Certificate}s. */ public static X509Certificate getCertificate(org.opensaml.xml.signature.X509Certificate xmlCert) throws CertificateException { if (xmlCert == null || xmlCert.getValue() == null) { return null; } Collection<X509Certificate> certs = X509Util.decodeCertificate(Base64.decode(xmlCert.getValue())); if (certs != null && certs.iterator().hasNext()) { return certs.iterator().next(); } else { return null; } }
/** * Convert an {@link org.opensaml.xml.signature.X509Certificate} into a native Java representation. * * @param xmlCert an {@link org.opensaml.xml.signature.X509Certificate} * * @return a {@link java.security.cert.X509Certificate} * * @throws CertificateException thrown if there is a problem converting the * X509 data into {@link java.security.cert.X509Certificate}s. */ public static X509Certificate getCertificate(org.opensaml.xml.signature.X509Certificate xmlCert) throws CertificateException { if (xmlCert == null || xmlCert.getValue() == null) { return null; } Collection<X509Certificate> certs = X509Util.decodeCertificate(Base64.decode(xmlCert.getValue())); if (certs != null && certs.iterator().hasNext()) { return certs.iterator().next(); } else { return null; } }
decodedCerts = X509Util.decodeCertificate(encodedCert); certs.addAll(decodedCerts); if (isEntityCert) {