com.prosysopc.ua.stack.utils

Class CertificateUtils

java.lang.Object

com.prosysopc.ua.stack.utils.CertificateUtils

public class CertificateUtils
extends Object

A utility class for generating self-signed certificates for UA clients and servers and for using them.

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_KEY_SIZE

Constructor Summary

Constructors

Constructor and Description
CertificateUtils()

Method Summary

Modifier and Type	Method and Description
static byte[]	base64Decode(String string) Decodes a String having Base64 encoding to an array of bytes.
static String	base64Encode(byte[] bytes) Base64 encodes a byte array to string.
static KeyPair	createApplicationInstanceCertificate(String commonName, String organisation, String applicationUri, int validityTime, int keySize, String... hostNames) createApplicationInstanceCertificate.
static KeyPair	createApplicationInstanceCertificate(String commonName, String organisation, String applicationUri, int validityTime, KeyPair issuerKeys, int keySize, String... hostNames) createApplicationInstanceCertificate.
static KeyPair	createApplicationInstanceCertificate(String commonName, String organisation, String applicationUri, int validityTime, KeyPair issuerKeys, String... hostNames) Deprecated. this method depends on static state; instead call createApplicationInstanceCertificate(String, String, String, int, com.prosysopc.ua.stack.transport.security.KeyPair, int, String...).
static KeyPair	createApplicationInstanceCertificate(String commonName, String organisation, String applicationUri, int validityTime, String... hostNames) Deprecated. this method depends on static state, call createApplicationInstanceCertificate(String, String, String, int, int, String...) instead.
static KeyPair	createHttpsCertificate(String hostName, String applicationUri, int days, KeyPair issuerCert) Deprecated. this method depends on static state. Call createHttpsCertificate(String, String, int, com.prosysopc.ua.stack.transport.security.KeyPair, int) instead.
static KeyPair	createHttpsCertificate(String hostName, String applicationUri, int days, KeyPair issuerCert, int keySize) Create a new certificate that can be used with the HTTPS protocol.
static KeyPair	createIssuerCertificate(String commonName, int days, KeyPair issuerCert) Deprecated. this method depends on static state. Call createIssuerCertificate(String, int, com.prosysopc.ua.stack.transport.security.KeyPair, int) instead.
static KeyPair	createIssuerCertificate(String commonName, int days, KeyPair issuerCert, int keySize) Create a new issuer certificate that can be used to issue certificates built with createApplicationInstanceCertificate(String, String, String, int, String...) or createHttpsCertificate(String, String, int, com.prosysopc.ua.stack.transport.security.KeyPair).
static byte[]	createThumbprint(byte[] data) Create SHA-1 Thumbprint.
static RSAPrivateKey	decodePKCS8EncodedRSAPrivateKey(ByteString encoded) Decodes a PKCS8 encoded key to a RSAPrivateKey object.
static X509Certificate	decodeX509Certificate(byte[] encodedCertificate) Decodes X509 Certificate from the given encoded certificate data.
static String	getApplicationUriOfCertificate(Cert certificate) getApplicationUriOfCertificate.
static String	getApplicationUriOfCertificate(X509Certificate certificate) getApplicationUriOfCertificate.
static CertificateProvider	getCertificateProvider() Getter for the field certificateProvider.
static String	getCertificateSignatureAlgorithm() Getter for the field certificateSignatureAlgorithm.
static List<String>	getDnsOfCertificate(Cert certificate) Returns the DNS names (in lower case and punycode resolved) of the certificate as defined in the SubjectAlternativeName field.
static List<String>	getDnsOfCertificate(X509Certificate certificate) Returns the DNS names (in lower case and punycode resolved) of the certificate as defined in the SubjectAlternativeName field.
static List<String>	getIpOfCertificate(Cert certificate) getIpOfCertificate.
static List<String>	getIpOfCertificate(X509Certificate certificate) getIpOfCertificate.
static int	getKeySize() Deprecated. this method depends on static state; instead call methods that take key size as parameter.
protected static Collection<List<?>>	getSubjectAlternativeNames(X509Certificate cert) Returns the raw SAN fields of the given certificate.
static RSAPrivateKey	loadFromKeyStore(URL keystoreUrl, String password) Load private key from a key store.
static KeyPair	loadKeyPairFromProtectedStore(String storeLocation, String alias, String storePW, String privatePW) Load a KeyPair from a Java Key Store.
static PrivateKey	readPrivateKey(File file, String password, String algorithm) Read a private key from a PEM encoded file with a password.
static PrivateKey	readPrivateKey(InputStream stream, String password, String algorithm) Read a private key from a PEM encoded stream with a password.
static X509Certificate	readX509Certificate(File file) Load X.509 Certificate from a file
static X509Certificate	readX509Certificate(URL url) Load X.509 Certificate from an url
static KeyPair	renewApplicationInstanceCertificate(String commonName, String organisation, String applicationUri, int validityTime, KeyPair oldKeys, KeyPair issuerKeys, String... hostNames) Renew a certificate KeyPair using the old keys.
static KeyPair	renewApplicationInstanceCertificate(String commonName, String organisation, String applicationUri, int validityTime, KeyPair oldKeys, String... hostNames) Renew a certificate KeyPair.
static boolean	saveKeyPairToProtectedStore(KeyPair keyPairToSave, String storeLocation, String alias, String storePW, String privatePW) Save the KeyPair to a Java Key Store.
static void	saveToProtectedStore(PrivateKey privateKey, Certificate certificate, File storeLocation, String alias, String privateKeyPassword, String keyStorePassword, String keyStoreType) Save the private key to a jks or pfx (PKCS12)-keystore.
static void	setCertificateProvider(CertificateProvider certificateProvider) Define the preferred CertificateProvider.
static void	setCertificateSignatureAlgorithm(String certificateSignatureAlgorithm) Define the algorithm to use for certificate signatures.
static void	setKeySize(int keySize) Deprecated. this method depends on static state; instead call methods that take key size as parameter.
static SignatureData	sign(PrivateKey signerKey, SecurityAlgorithm algorithm, byte[] dataToSign) Deprecated. Use CryptoUtil.signAsymm(PrivateKey, SecurityAlgorithm, byte[]) instead.
static KeyPair	toKeyPair(X509Certificate cert, PrivateKey privateKey) toKeyPair.
static boolean	verify(X509Certificate certificate, SecurityAlgorithm algorithm, byte[] data, byte[] signature) Deprecated. Use CryptoUtil.verifyAsymm(X509Certificate, SecurityAlgorithm, byte[], byte[]) instead.
static void	writePrivateKey(PrivateKey key, File file, String password, String algorithm) Write a private key to a stream in PEM format with a password.
static void	writePrivateKey(PrivateKey key, OutputStream stream, String password, String algorithm) Write a private key to a PEM file with a password.
static void	writeToPem(PrivateKey key, File file, String password, String algorithm) writeToPem.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_KEY_SIZE

public static final int DEFAULT_KEY_SIZE

See Also:

Constant Field Values

Constructor Detail

CertificateUtils

public CertificateUtils()

Method Detail

base64Decode

public static byte[] base64Decode(String string)

Decodes a String having Base64 encoding to an array of bytes.

base64Encode

public static String base64Encode(byte[] bytes)

Base64 encodes a byte array to string.

createApplicationInstanceCertificate

public static KeyPair createApplicationInstanceCertificate(String commonName,
                                                           String organisation,
                                                           String applicationUri,
                                                           int validityTime,
                                                           KeyPair issuerKeys,
                                                           int keySize,
                                                           String... hostNames)
                                                    throws IOException,
                                                           GeneralSecurityException

createApplicationInstanceCertificate.

Parameters:

commonName - - Common Name (CN) for the generated certificate

organisation - - Organisation (O) for the generated certificate

applicationUri - - Alternative name (one of x509 extensiontype) for generated certificate. Must not be null

validityTime - - the time that the certificate is valid (in days)

issuerKeys - the optional issuer certificate and private key to use for signing the certificate. If null a self-signed certificate is generated

keySize - - the key size

hostNames - - alternate host names or IP addresses to add to SubjectAlternativeNames

Returns:

a KeyPair object.

Throws:

IOException - if any.

GeneralSecurityException - if any.

createApplicationInstanceCertificate

@Deprecated
public static KeyPair createApplicationInstanceCertificate(String commonName,
                                                                        String organisation,
                                                                        String applicationUri,
                                                                        int validityTime,
                                                                        KeyPair issuerKeys,
                                                                        String... hostNames)
                                                                 throws IOException,
                                                                        GeneralSecurityException

Deprecated. this method depends on static state; instead call createApplicationInstanceCertificate(String, String, String, int, com.prosysopc.ua.stack.transport.security.KeyPair, int, String...).

createApplicationInstanceCertificate.

Parameters:

commonName - - Common Name (CN) for the generated certificate

organisation - - Organisation (O) for the generated certificate

applicationUri - - Alternative name (one of x509 extensiontype) for generated certificate. Must not be null

validityTime - - the time that the certificate is valid (in days)

issuerKeys - the optional issuer certificate and private key to use for signing the certificate. If null a self-signed certificate is generated

hostNames - - alternate host names or IP addresses to add to SubjectAlternativeNames

Returns:

a KeyPair object.

Throws:

IOException - if any.

GeneralSecurityException - if any.

createApplicationInstanceCertificate

public static KeyPair createApplicationInstanceCertificate(String commonName,
                                                           String organisation,
                                                           String applicationUri,
                                                           int validityTime,
                                                           int keySize,
                                                           String... hostNames)
                                                    throws IOException,
                                                           GeneralSecurityException

createApplicationInstanceCertificate.

Parameters:

commonName - - Common Name (CN) for generated certificate

organisation - - Organisation (O) for generated certificate

applicationUri - - Alternative name (one of x509 extensiontype) for generated certificate. Must not be null

validityTime - - the time that the certificate is valid (in days)

keySize - - the key size

hostNames - - alternate host names or IP addresses to add to SubjectAlternativeNames

Returns:

a KeyPair object.

Throws:

IOException - if any.

GeneralSecurityException - if any.

createApplicationInstanceCertificate

@Deprecated
public static KeyPair createApplicationInstanceCertificate(String commonName,
                                                                        String organisation,
                                                                        String applicationUri,
                                                                        int validityTime,
                                                                        String... hostNames)
                                                                 throws IOException,
                                                                        GeneralSecurityException

Deprecated. this method depends on static state, call createApplicationInstanceCertificate(String, String, String, int, int, String...) instead.

createApplicationInstanceCertificate.

Parameters:

commonName - - Common Name (CN) for generated certificate

organisation - - Organisation (O) for generated certificate

applicationUri - - Alternative name (one of x509 extensiontype) for generated certificate. Must not be null

validityTime - - the time that the certificate is valid (in days)

hostNames - - alternate host names or IP addresses to add to SubjectAlternativeNames

Returns:

a KeyPair object.

Throws:

IOException - if any.

GeneralSecurityException - if any.

createHttpsCertificate

@Deprecated
public static KeyPair createHttpsCertificate(String hostName,
                                                          String applicationUri,
                                                          int days,
                                                          KeyPair issuerCert)
                                                   throws IOException,
                                                          GeneralSecurityException

Deprecated. this method depends on static state. Call createHttpsCertificate(String, String, int, com.prosysopc.ua.stack.transport.security.KeyPair, int) instead.

Create a new certificate that can be used with the HTTPS protocol. The certificate should be issued with a CA certificate, especially for the server applications, to ensure interoperability with other client applications.

Parameters:

hostName - - HostName of the computer in which the application is running: used to initialize the Subject field of the certificate. The client applications may validate this field of the server certificate, so it should match the hostName used in the ApplicationUri of the application.

applicationUri - - The ApplicationUri corresponding to the respective field of the ApplicationDescription of the application for which the certificate is created

days - - the time that the certificate is valid (in days)

issuerCert - - The certificate of the issuer that should sign the certificate. If null, a self-signed certificate is created

Returns:

the new certificate and private key

Throws:

IOException - if any.

GeneralSecurityException - if any.

createHttpsCertificate

public static KeyPair createHttpsCertificate(String hostName,
                                             String applicationUri,
                                             int days,
                                             KeyPair issuerCert,
                                             int keySize)
                                      throws IOException,
                                             GeneralSecurityException

Create a new certificate that can be used with the HTTPS protocol. The certificate should be issued with a CA certificate, especially for the server applications, to ensure interoperability with other client applications.

Parameters:

hostName - - HostName of the computer in which the application is running: used to initialize the Subject field of the certificate. The client applications may validate this field of the server certificate, so it should match the hostName used in the ApplicationUri of the application.

applicationUri - - The ApplicationUri corresponding to the respective field of the ApplicationDescription of the application for which the certificate is created

days - - the time that the certificate is valid (in days)

issuerCert - - The certificate of the issuer that should sign the certificate. If null, a self-signed certificate is created

keySize - - The key size

Returns:

the new certificate and private key

Throws:

IOException - if any.

GeneralSecurityException - if any.

createIssuerCertificate

@Deprecated
public static KeyPair createIssuerCertificate(String commonName,
                                                           int days,
                                                           KeyPair issuerCert)
                                                    throws GeneralSecurityException,
                                                           IOException

Deprecated. this method depends on static state. Call createIssuerCertificate(String, int, com.prosysopc.ua.stack.transport.security.KeyPair, int) instead.

Create a new issuer certificate that can be used to issue certificates built with createApplicationInstanceCertificate(String, String, String, int, String...) or createHttpsCertificate(String, String, int, com.prosysopc.ua.stack.transport.security.KeyPair).

Parameters:

commonName - The common name to use for the Subject of the certificate (the name will be prepended with "CN=" if it does not start with it already)

days - - the time that the certificate is valid (in days)

issuerCert - - The certificate of the issuer that should sign the certificate. If null, a self-signed certificate is created

Returns:

the new certificate and private key

Throws:

GeneralSecurityException - if any.

IOException - if any.

createIssuerCertificate

public static KeyPair createIssuerCertificate(String commonName,
                                              int days,
                                              KeyPair issuerCert,
                                              int keySize)
                                       throws GeneralSecurityException,
                                              IOException

Create a new issuer certificate that can be used to issue certificates built with createApplicationInstanceCertificate(String, String, String, int, String...) or createHttpsCertificate(String, String, int, com.prosysopc.ua.stack.transport.security.KeyPair).

Parameters:

commonName - The common name to use for the Subject of the certificate (the name will be prepended with "CN=" if it does not start with it already)

days - - the time that the certificate is valid (in days)

issuerCert - - The certificate of the issuer that should sign the certificate. If null, a self-signed certificate is created

keySize - - the key size

Returns:

the new certificate and private key

Throws:

GeneralSecurityException - if any.

IOException - if any.

createThumbprint

public static byte[] createThumbprint(byte[] data)

Create SHA-1 Thumbprint.

Parameters:

data - an array of byte.

Returns:

thumbprint

decodePKCS8EncodedRSAPrivateKey

public static RSAPrivateKey decodePKCS8EncodedRSAPrivateKey(ByteString encoded)
                                                     throws Exception

Decodes a PKCS8 encoded key to a RSAPrivateKey object.

Throws:

Exception - on failure.

decodeX509Certificate

public static X509Certificate decodeX509Certificate(byte[] encodedCertificate)
                                             throws CertificateException

Decodes X509 Certificate from the given encoded certificate data. Throws CertificateException on error or if the given data doesn't represent a x509 certificate (null/empty data is also treated like this).

Throws:

CertificateException

getApplicationUriOfCertificate

public static String getApplicationUriOfCertificate(Cert certificate)
                                             throws CertificateParsingException

getApplicationUriOfCertificate.

Parameters:

certificate - a Cert object.

Returns:

a String object.

Throws:

CertificateParsingException - if any.

getApplicationUriOfCertificate

public static String getApplicationUriOfCertificate(X509Certificate certificate)
                                             throws CertificateParsingException

getApplicationUriOfCertificate.

Parameters:

certificate - a X509Certificate object.

Returns:

a String object.

Throws:

CertificateParsingException - if any.

getCertificateProvider

public static CertificateProvider getCertificateProvider()

Getter for the field certificateProvider.

Returns:

a CertificateProvider object.

getCertificateSignatureAlgorithm

public static String getCertificateSignatureAlgorithm()

Getter for the field certificateSignatureAlgorithm.

Returns:

a String object.

getDnsOfCertificate

public static List<String> getDnsOfCertificate(Cert certificate)
                                        throws CertificateParsingException

Returns the DNS names (in lower case and punycode resolved) of the certificate as defined in the SubjectAlternativeName field. Throws CertificateParsingException if the given certificate cannot be parsed.

Throws:

CertificateParsingException

getDnsOfCertificate

public static List<String> getDnsOfCertificate(X509Certificate certificate)
                                        throws CertificateParsingException

Returns the DNS names (in lower case and punycode resolved) of the certificate as defined in the SubjectAlternativeName field. Throws CertificateParsingException if the given certificate cannot be parsed.

Throws:

CertificateParsingException

getIpOfCertificate

public static List<String> getIpOfCertificate(Cert certificate)
                                       throws CertificateParsingException

getIpOfCertificate.

Parameters:

certificate - a Cert object.

Returns:

a List object.

Throws:

CertificateParsingException - if any.

getIpOfCertificate

public static List<String> getIpOfCertificate(X509Certificate certificate)
                                       throws CertificateParsingException

getIpOfCertificate.

Parameters:

certificate - a X509Certificate object.

Returns:

a List object.

Throws:

CertificateParsingException - if any.

getKeySize

@Deprecated
public static int getKeySize()

Deprecated. this method depends on static state; instead call methods that take key size as parameter.

Getter for the field keySize.

Returns:

the key size for new certificates

loadFromKeyStore

public static RSAPrivateKey loadFromKeyStore(URL keystoreUrl,
                                             String password)
                                      throws IOException,
                                             NoSuchAlgorithmException,
                                             CertificateException,
                                             KeyStoreException,
                                             UnrecoverableKeyException

Load private key from a key store.

Parameters:

keystoreUrl - url to key store

password - password to key store

Returns:

private key

Throws:

IOException - if any.

CertificateException - if any.

NoSuchAlgorithmException - if any.

KeyStoreException - if any.

UnrecoverableKeyException - if any.

loadKeyPairFromProtectedStore

public static KeyPair loadKeyPairFromProtectedStore(String storeLocation,
                                                    String alias,
                                                    String storePW,
                                                    String privatePW)
                                             throws KeyStoreException,
                                                    IOException,
                                                    NoSuchAlgorithmException,
                                                    CertificateException,
                                                    UnrecoverableKeyException

Load a KeyPair from a Java Key Store.

Parameters:

storeLocation - a String object.

alias - a String object.

storePW - a String object.

privatePW - a String object.

Returns:

a KeyPair object.

Throws:

KeyStoreException - if any.

IOException - if any.

NoSuchAlgorithmException - if any.

CertificateException - if any.

UnrecoverableKeyException - if any.

readPrivateKey

public static PrivateKey readPrivateKey(File file,
                                        String password,
                                        String algorithm)
                                 throws IOException

Read a private key from a PEM encoded file with a password.

Throws:

IOException - if any.

readPrivateKey

public static PrivateKey readPrivateKey(InputStream stream,
                                        String password,
                                        String algorithm)
                                 throws IOException

Read a private key from a PEM encoded stream with a password.

Throws:

IOException - if any.

readX509Certificate

public static X509Certificate readX509Certificate(File file)
                                           throws IOException,
                                                  CertificateException

Load X.509 Certificate from a file

Parameters:

file - a File object.

Returns:

Certificate

Throws:

IOException - if any.

CertificateException - In case the certificate is not valid

readX509Certificate

public static X509Certificate readX509Certificate(URL url)
                                           throws IOException,
                                                  CertificateException

Load X.509 Certificate from an url

Parameters:

url - a URL object.

Returns:

Certificate

Throws:

IOException - if any.

CertificateException - In case the certificate is not valid

renewApplicationInstanceCertificate

public static KeyPair renewApplicationInstanceCertificate(String commonName,
                                                          String organisation,
                                                          String applicationUri,
                                                          int validityTime,
                                                          KeyPair oldKeys,
                                                          KeyPair issuerKeys,
                                                          String... hostNames)
                                                   throws IOException,
                                                          IllegalStateException,
                                                          GeneralSecurityException

Renew a certificate KeyPair using the old keys.

Parameters:

commonName - - Common Name (CN) for generated certificate

organisation - - Organisation (O) for generated certificate

applicationUri - - Alternative name (one of x509 extensiontype) for generated certificate. Must not be null

validityTime - - the time that the certificate is valid (in days)

oldKeys - the old keys to renew

issuerKeys - the optional issuer certificate and private key to use for signing the certificate

hostNames - a String object.

Returns:

a KeyPair object.

Throws:

IOException - if any.

IllegalStateException - if any.

GeneralSecurityException - if any.

renewApplicationInstanceCertificate

public static KeyPair renewApplicationInstanceCertificate(String commonName,
                                                          String organisation,
                                                          String applicationUri,
                                                          int validityTime,
                                                          KeyPair oldKeys,
                                                          String... hostNames)
                                                   throws IOException,
                                                          IllegalStateException,
                                                          GeneralSecurityException

Renew a certificate KeyPair. Sign with the own key.

Parameters:

commonName - - Common Name (CN) for generated certificate

organisation - - Organisation (O) for generated certificate

applicationUri - - Alternative name (one of x509 extensiontype) for generated certificate. Must not be null

validityTime - - the time that the certificate is valid (in days)

oldKeys - the old keys to renew

hostNames - a String object.

Returns:

a KeyPair object.

Throws:

IOException - if any.

IllegalStateException - if any.

GeneralSecurityException - if any.

saveKeyPairToProtectedStore

public static boolean saveKeyPairToProtectedStore(KeyPair keyPairToSave,
                                                  String storeLocation,
                                                  String alias,
                                                  String storePW,
                                                  String privatePW)
                                           throws KeyStoreException,
                                                  IOException,
                                                  NoSuchAlgorithmException,
                                                  CertificateException

Save the KeyPair to a Java Key Store.

Parameters:

keyPairToSave - a KeyPair object.

storeLocation - a String object.

alias - a String object.

storePW - a String object.

privatePW - a String object.

Returns:

a boolean.

Throws:

KeyStoreException - if any.

IOException - if any.

NoSuchAlgorithmException - if any.

CertificateException - if any.

saveToProtectedStore

public static void saveToProtectedStore(PrivateKey privateKey,
                                        Certificate certificate,
                                        File storeLocation,
                                        String alias,
                                        String privateKeyPassword,
                                        String keyStorePassword,
                                        String keyStoreType)
                                 throws IOException,
                                        KeyStoreException,
                                        NoSuchProviderException,
                                        NoSuchAlgorithmException,
                                        CertificateException

Save the private key to a jks or pfx (PKCS12)-keystore.

Throws:

IOException - if storeLocation is not available

NoSuchProviderException - The required security Provider not found

KeyStoreException - keystore failed

CertificateException - certificate problem

NoSuchAlgorithmException - cryptographic algorithm not found

setCertificateProvider

public static void setCertificateProvider(CertificateProvider certificateProvider)

Define the preferred CertificateProvider. Usually this is determined automatically, but you may define the provider that you wish to use yourself.

Parameters:

certificateProvider - the certificateProvider to set

setCertificateSignatureAlgorithm

public static void setCertificateSignatureAlgorithm(String certificateSignatureAlgorithm)

Define the algorithm to use for certificate signatures.

The OPC UA specification defines that the algorithm should be (at least) "SHA1WithRSA" for application instance certificates used for security policies Basic128Rsa15 and Basic256. For Basic256Sha256 it should be "SHA256WithRSA".

Default: "SHA256WithRSA"

Parameters:

certificateSignatureAlgorithm - the certificateSignatureAlgorithm to set

setKeySize

@Deprecated
public static void setKeySize(int keySize)

Deprecated. this method depends on static state; instead call methods that take key size as parameter.

Define the key size for the certificates.

Default: 2048

Parameters:

keySize - size of the certificates. Good values are multiples of 1024,2048(,3072) and 4096

Throws:

IllegalArgumentException - if the value is not accepted

sign

@Deprecated
public static SignatureData sign(PrivateKey signerKey,
                                              SecurityAlgorithm algorithm,
                                              byte[] dataToSign)
                                       throws NoSuchAlgorithmException,
                                              SignatureException,
                                              InvalidKeyException

Deprecated. Use CryptoUtil.signAsymm(PrivateKey, SecurityAlgorithm, byte[]) instead.

Sign data.

Parameters:

signerKey - a PrivateKey object.

algorithm - asymmetric signer algorithm, See SecurityAlgorithm

dataToSign - an array of byte.

Returns:

signature data

Throws:

NoSuchAlgorithmException - if any.

SignatureException - if any.

InvalidKeyException - if any.

toKeyPair

public static KeyPair toKeyPair(X509Certificate cert,
                                PrivateKey privateKey)
                         throws CertificateEncodingException

toKeyPair.

Parameters:

cert - a X509Certificate object.

privateKey - a PrivateKey object.

Returns:

a KeyPair object.

Throws:

CertificateEncodingException - if any.

verify

@Deprecated
public static boolean verify(X509Certificate certificate,
                                          SecurityAlgorithm algorithm,
                                          byte[] data,
                                          byte[] signature)
                                   throws SignatureException,
                                          InvalidKeyException,
                                          NoSuchAlgorithmException

Deprecated. Use CryptoUtil.verifyAsymm(X509Certificate, SecurityAlgorithm, byte[], byte[]) instead.

Verify a signature.

Parameters:

certificate - a X509Certificate object.

algorithm - asymmetric signer algorithm, See SecurityAlgorithm

data - an array of byte.

signature - an array of byte.

Returns:

true if verified

Throws:

SignatureException - if any.

InvalidKeyException - if any.

NoSuchAlgorithmException - if any.

writePrivateKey

public static void writePrivateKey(PrivateKey key,
                                   File file,
                                   String password,
                                   String algorithm)
                            throws IOException

Write a private key to a stream in PEM format with a password.

Parameters:

key - the private key to save

file - the file to save to

password - the password o use for protecting the key

algorithm - encryption algorithm to use. For example "AES-128-CBC"

Throws:

IOException - if any.

writePrivateKey

public static void writePrivateKey(PrivateKey key,
                                   OutputStream stream,
                                   String password,
                                   String algorithm)
                            throws IOException

Write a private key to a PEM file with a password.

Parameters:

key - the private key to save

stream - the stream (for example FileOutputStream) to save to

password - the password o use for protecting the key

algorithm - encryption algorithm to use. For example "AES-128-CBC"

Throws:

IOException - if any.

writeToPem

public static void writeToPem(PrivateKey key,
                              File file,
                              String password,
                              String algorithm)
                       throws IOException

writeToPem.

Parameters:

key - a X509Certificate object.

file - a File object.

Throws:

IOException - if any.

getSubjectAlternativeNames

protected static Collection<List<?>> getSubjectAlternativeNames(X509Certificate cert)
                                                         throws CertificateParsingException

Returns the raw SAN fields of the given certificate.

Throws:

CertificateParsingException