com.helger.security.certificate

Class CertificateHelper

java.lang.Object

com.helger.security.certificate.CertificateHelper

@Immutable
public final class CertificateHelper
extends Object

Some utility methods handling X.509 certificates.

Author:

Philip Helger

Field Summary

Fields

Modifier and Type	Field and Description
static String	BEGIN_CERTIFICATE
static String	BEGIN_CERTIFICATE_INVALID
static String	BEGIN_PRIVATE_KEY
static Charset	CERT_CHARSET Character set used for String-Certificate conversion
static String	CRLF
static String	END_CERTIFICATE
static String	END_CERTIFICATE_INVALID
static String	END_PRIVATE_KEY

Method Summary

Modifier and Type	Method and Description
static X509Certificate	convertByteArrayToCertficate(byte[] aCertBytes) Convert the passed byte array to an X.509 certificate object.
static X509Certificate	convertByteArrayToCertficateDirect(byte[] aCertBytes) Convert the passed String to an X.509 certificate without converting it to a String first.
static X509Certificate	convertByteArrayToCertficateOrNull(byte[] aCertBytes) Convert the passed byte array to an X.509 certificate object.
static byte[]	convertCertificateStringToByteArray(String sCertificate) Convert the passed X.509 certificate string to a byte array.
static X509Certificate	convertStringToCertficate(String sCertString) Convert the passed String to an X.509 certificate.
static X509Certificate	convertStringToCertficateOrNull(String sCertString) Convert the passed String to an X.509 certificate, swallowing all errors.
static PrivateKey	convertStringToPrivateKey(String sPrivateKey)
static byte[]	getEncodedCertificate(Certificate aCert) Get the provided certificate as a byte array.
static String	getPEMEncodedCertificate(Certificate aCert) Get the provided certificate as PEM (Base64) encoded String.
static String	getRFC1421CompliantString(String sCertificate, boolean bIncludePEMHeader) The certificate string needs to be emitted in portions of 64 characters.
static String	getRFC1421CompliantString(String sCertificate, boolean bIncludePEMHeader, String sLineSeparator) The certificate string needs to be emitted in portions of 64 characters.
static String	getWithoutPEMHeader(String sCertificate) Remove any eventually preceding "-----BEGIN CERTIFICATE-----" and succeeding "-----END CERTIFICATE-----" values from the passed certificate string.
static String	getWithPEMHeader(String sCertString)
static CertificateFactory	getX509CertificateFactory()
static boolean	isCertificateValidPerNow(X509Certificate aCert) Check if the "not valid before"/"not valid after" of the provided X509 certificate is valid per "now".

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

BEGIN_CERTIFICATE

public static final String BEGIN_CERTIFICATE

See Also:

Constant Field Values

END_CERTIFICATE

public static final String END_CERTIFICATE

See Also:

Constant Field Values

BEGIN_CERTIFICATE_INVALID

public static final String BEGIN_CERTIFICATE_INVALID

See Also:

Constant Field Values

END_CERTIFICATE_INVALID

public static final String END_CERTIFICATE_INVALID

See Also:

Constant Field Values

BEGIN_PRIVATE_KEY

public static final String BEGIN_PRIVATE_KEY

See Also:

Constant Field Values

END_PRIVATE_KEY

public static final String END_PRIVATE_KEY

See Also:

Constant Field Values

CRLF

public static final String CRLF

See Also:

Constant Field Values

CERT_CHARSET

public static final Charset CERT_CHARSET

Character set used for String-Certificate conversion

Method Detail

getX509CertificateFactory

@Nonnull
public static CertificateFactory getX509CertificateFactory()
                                                              throws CertificateException

Throws:

CertificateException

getWithPEMHeader

@Nonnull
public static String getWithPEMHeader(@Nonnull
                                                String sCertString)

getWithoutPEMHeader

@Nullable
public static String getWithoutPEMHeader(@Nullable
                                                    String sCertificate)

Remove any eventually preceding "-----BEGIN CERTIFICATE-----" and succeeding "-----END CERTIFICATE-----" values from the passed certificate string. Additionally all whitespaces of the string are removed.

Parameters:

sCertificate - The source certificate string. May be null.

Returns:

null if the input string is null or empty, the stripped down string otherwise.

getRFC1421CompliantString

@Nullable
public static String getRFC1421CompliantString(@Nullable
                                                          String sCertificate,
                                                          boolean bIncludePEMHeader)

The certificate string needs to be emitted in portions of 64 characters. If characters are left, than <CR><LF> ("\r\n") must be added to the string so that the next characters start on a new line. After the last part, no <CR><LF> is needed. Respective RFC parts are 1421 4.3.2.2 and 4.3.2.4

Parameters:

sCertificate - Original certificate string as stored in the DB

bIncludePEMHeader - true to include BEGIN_CERTIFICATE header and END_CERTIFICATE footer.

Returns:

The RFC 1421 compliant string. May be null if the original string is null or empty.

getRFC1421CompliantString

@Nullable
public static String getRFC1421CompliantString(@Nullable
                                                          String sCertificate,
                                                          boolean bIncludePEMHeader,
                                                          @Nonnull
                                                          String sLineSeparator)

The certificate string needs to be emitted in portions of 64 characters. If characters are left, than a line separator (e.g. <CR><LF> - "\r\n") must be added to the string so that the next characters start on a new line. After the last part, no line separator is needed. Respective RFC parts are 1421 4.3.2.2 and 4.3.2.4

Parameters:

sCertificate - Original certificate string as stored in the DB

bIncludePEMHeader - true to include BEGIN_CERTIFICATE header and END_CERTIFICATE footer.

sLineSeparator - The line separator to be used. May not be null. Usually this is "\r\n" but may also be just "\n".

Returns:

The RFC 1421 compliant string. May be null if the original string is null or empty.

Since:

8.5.5

convertByteArrayToCertficate

@Nullable
public static X509Certificate convertByteArrayToCertficate(@Nullable
                                                                      byte[] aCertBytes)
                                                               throws CertificateException

Convert the passed byte array to an X.509 certificate object.

Parameters:

aCertBytes - The original certificate bytes. May be null or empty.

Returns:

null if the passed byte array is null or empty

Throws:

CertificateException - In case the passed string cannot be converted to an X.509 certificate.

convertByteArrayToCertficateOrNull

@Nullable
public static X509Certificate convertByteArrayToCertficateOrNull(@Nullable
                                                                            byte[] aCertBytes)

Convert the passed byte array to an X.509 certificate object.

Parameters:

aCertBytes - The original certificate bytes. May be null or empty.

Returns:

null if the passed byte array is null, empty or not a valid certificate.

Since:

9.4.0

convertByteArrayToCertficateDirect

@Nullable
public static X509Certificate convertByteArrayToCertficateDirect(@Nullable
                                                                            byte[] aCertBytes)
                                                                     throws CertificateException

Convert the passed String to an X.509 certificate without converting it to a String first.

Parameters:

aCertBytes - The certificate bytes. May be null.

Returns:

null if the passed array is null or empty

Throws:

CertificateException - In case the passed bytes[] cannot be converted to an X.509 certificate.

Since:

9.3.4

convertStringToCertficate

@Nullable
public static X509Certificate convertStringToCertficate(@Nullable
                                                                   String sCertString)
                                                            throws CertificateException

Convert the passed String to an X.509 certificate.

Parameters:

sCertString - The original text string. May be null or empty. The String must be ISO-8859-1 encoded for the binary certificate to be read!

Returns:

null if the passed string is null or empty

Throws:

CertificateException - In case the passed string cannot be converted to an X.509 certificate.

IllegalArgumentException - If the input string is e.g. invalid Base64 encoded.

convertStringToCertficateOrNull

@Nullable
public static X509Certificate convertStringToCertficateOrNull(@Nullable
                                                                         String sCertString)

Convert the passed String to an X.509 certificate, swallowing all errors.

Parameters:

sCertString - The certificate string to be parsed.

Returns:

null in case the certificate cannot be converted.

Since:

9.3.4

See Also:

convertStringToCertficate(String)

convertCertificateStringToByteArray

@Nullable
public static byte[] convertCertificateStringToByteArray(@Nullable
                                                                    String sCertificate)

Convert the passed X.509 certificate string to a byte array.

Parameters:

sCertificate - The original certificate string. May be null or empty.

Returns:

null if the passed string is null or empty or an invalid Base64 string

getEncodedCertificate

@Nonnull
 @Nonempty
public static byte[] getEncodedCertificate(@Nonnull
                                                                 Certificate aCert)

Get the provided certificate as a byte array.

Parameters:

aCert - The certificate to encode. May not be null.

Returns:

The byte array

Throws:

IllegalArgumentException - If the certificate could not be encoded. Cause is a CertificateEncodingException.

Since:

10.0.0

getPEMEncodedCertificate

@Nonnull
 @Nonempty
public static String getPEMEncodedCertificate(@Nonnull
                                                                    Certificate aCert)

Get the provided certificate as PEM (Base64) encoded String.

Parameters:

aCert - The certificate to encode. May not be null.

Returns:

The PEM string with BEGIN_CERTIFICATE and END_CERTIFICATE.

Throws:

IllegalArgumentException - If the certificate could not be encoded. Cause is a CertificateEncodingException.

Since:

8.5.5

isCertificateValidPerNow

public static boolean isCertificateValidPerNow(@Nonnull
                                               X509Certificate aCert)

Check if the "not valid before"/"not valid after" of the provided X509 certificate is valid per "now".

Parameters:

aCert - The certificate to check. May not be null.

Returns:

true if it is valid, false if not.

Since:

9.3.8

convertStringToPrivateKey

@Nullable
public static PrivateKey convertStringToPrivateKey(@Nullable
                                                              String sPrivateKey)
                                                       throws GeneralSecurityException

Throws:

GeneralSecurityException