Package com.helger.security.certificate

Class CertificateHelper

  • @Immutable
public final class CertificateHelper
extends Object
    Some utility methods handling X.509 certificates.
    Author:
    Philip Helger

    • Method Detail

      • getWithoutPEMHeader

        @Nullable
public static String getWithoutPEMHeader​(@Nullable
                                         String sCertificate)
        Remove any eventually preceding "-----BEGIN CERTIFICATE-----" and succeeding "-----END CERTIFICATE-----" values from the passed certificate string. Additionally all whitespaces of the string are removed.
        Parameters:
        sCertificate - The source certificate string. May be null.
        Returns:
        null if the input string is null or empty, the stripped down string otherwise.

      • getRFC1421CompliantString

        @Nullable
public static String getRFC1421CompliantString​(@Nullable
                                               String sCertificate,
                                               boolean bIncludePEMHeader)
        The certificate string needs to be emitted in portions of 64 characters. If characters are left, than <CR><LF> ("\r\n") must be added to the string so that the next characters start on a new line. After the last part, no <CR><LF> is needed. Respective RFC parts are 1421 4.3.2.2 and 4.3.2.4
        Parameters:
        sCertificate - Original certificate string as stored in the DB
        bIncludePEMHeader - true to include BEGIN_CERTIFICATE header and END_CERTIFICATE footer.
        Returns:
        The RFC 1421 compliant string. May be null if the original string is null or empty.

      • getRFC1421CompliantString

        @Nullable
public static String getRFC1421CompliantString​(@Nullable
                                               String sCertificate,
                                               boolean bIncludePEMHeader,
                                               @Nonnull
                                               String sLineSeparator)
        The certificate string needs to be emitted in portions of 64 characters. If characters are left, than a line separator (e.g. <CR><LF> - "\r\n") must be added to the string so that the next characters start on a new line. After the last part, no line separator is needed. Respective RFC parts are 1421 4.3.2.2 and 4.3.2.4
        Parameters:
        sCertificate - Original certificate string as stored in the DB
        bIncludePEMHeader - true to include BEGIN_CERTIFICATE header and END_CERTIFICATE footer.
        sLineSeparator - The line separator to be used. May not be null. Usually this is "\r\n" but may also be just "\n".
        Returns:
        The RFC 1421 compliant string. May be null if the original string is null or empty.
        Since:
        8.5.5

      • convertByteArrayToCertficate

        @Nullable
public static X509Certificate convertByteArrayToCertficate​(@Nullable
                                                           byte[] aCertBytes)
                                                    throws CertificateException
        Convert the passed byte array to an X.509 certificate object.
        Parameters:
        aCertBytes - The original certificate bytes. May be null or empty.
        Returns:
        null if the passed byte array is null or empty
        Throws:
        CertificateException - In case the passed string cannot be converted to an X.509 certificate.

      • convertByteArrayToCertficateOrNull

        @Nullable
public static X509Certificate convertByteArrayToCertficateOrNull​(@Nullable
                                                                 byte[] aCertBytes)
        Convert the passed byte array to an X.509 certificate object.
        Parameters:
        aCertBytes - The original certificate bytes. May be null or empty.
        Returns:
        null if the passed byte array is null, empty or not a valid certificate.
        Since:
        9.4.0

      • convertByteArrayToCertficateDirect

        @Nullable
public static X509Certificate convertByteArrayToCertficateDirect​(@Nullable
                                                                 byte[] aCertBytes)
                                                          throws CertificateException
        Convert the passed String to an X.509 certificate without converting it to a String first.
        Parameters:
        aCertBytes - The certificate bytes. May be null.
        Returns:
        null if the passed array is null or empty
        Throws:
        CertificateException - In case the passed bytes[] cannot be converted to an X.509 certificate.
        Since:
        9.3.4

      • convertStringToCertficate

        @Nullable
public static X509Certificate convertStringToCertficate​(@Nullable
                                                        String sCertString)
                                                 throws CertificateException
        Convert the passed String to an X.509 certificate.
        Parameters:
        sCertString - The original text string. May be null or empty. The String must be ISO-8859-1 encoded for the binary certificate to be read!
        Returns:
        null if the passed string is null or empty
        Throws:
        CertificateException - In case the passed string cannot be converted to an X.509 certificate.
        IllegalArgumentException - If the input string is e.g. invalid Base64 encoded.

      • convertStringToCertficateOrNull

        @Nullable
public static X509Certificate convertStringToCertficateOrNull​(@Nullable
                                                              String sCertString)
        Convert the passed String to an X.509 certificate, swallowing all errors.
        Parameters:
        sCertString - The certificate string to be parsed.
        Returns:
        null in case the certificate cannot be converted.
        Since:
        9.3.4
        See Also:
        convertStringToCertficate(String)

      • convertCertificateStringToByteArray

        @Nullable
public static byte[] convertCertificateStringToByteArray​(@Nullable
                                                         String sCertificate)
        Convert the passed X.509 certificate string to a byte array.
        Parameters:
        sCertificate - The original certificate string. May be null or empty.
        Returns:
        null if the passed string is null or empty or an invalid Base64 string

      • isCertificateValidPerNow

        public static boolean isCertificateValidPerNow​(@Nonnull
                                               X509Certificate aCert)
        Check if the "not valid before"/"not valid after" of the provided X509 certificate is valid per "now".
        Parameters:
        aCert - The certificate to check. May not be null.
        Returns:
        true if it is valid, false if not.
        Since:
        9.3.8