Package com.puppetlabs.ssl_utils

Class ExtensionsUtils

  • public class ExtensionsUtils
extends java.lang.Object
    Utilities for working with X509 extensions. Copied from https://github.com/puppetlabs/jvm-ssl-utils due to package-only visibility of useful methods. Original license is Apache License Version 2.0 Copyright (C) 2015 Puppet Labs Inc

    • Constructor Summary

      Constructors 
      Constructor Description
      ExtensionsUtils()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.util.Map<java.lang.String,​java.lang.Object> getExtension​(java.security.cert.X509Certificate cert, java.lang.String oid)
      Given a Java certificate, get a map containing the value and criticality of the extensions described by the given OID.
      static java.util.Map<java.lang.String,​java.lang.Object> getExtension​(java.security.cert.X509CRL crl, java.lang.String oid)
      Given a Java X509CRL object, get a map containing the value and criticality of the extensions described by the given OID.
      static java.util.Map<java.lang.String,​java.lang.Object> getExtension​(java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> extList, java.lang.String oid)
      Given a list of maps describing extensions, return a map containing the extensions described by the provided OID.
      static java.util.Map<java.lang.String,​java.lang.Object> getExtension​(org.bouncycastle.pkcs.PKCS10CertificationRequest csr, java.lang.String oid)
      Given a Bouncy Castle CSR, get a map describing an extension value and its criticality from its OID.
      static java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> getExtensionList​(java.security.cert.X509Certificate cert)
      Given a Java X509Certificate object, return a list of maps representing all the X509 extensions embedded in the certificate.
      static java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> getExtensionList​(java.security.cert.X509CRL crl)
      Given a Java X509CRL object, return a list of maps representing all the X509 extensions embedded in the CRL.
      static java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> getExtensionList​(org.bouncycastle.pkcs.PKCS10CertificationRequest csr)
      Given a Bouncy Castle CSR object, return a list of maps representing all the X509 extensions embedded in the CSR.
      static org.bouncycastle.asn1.x509.Extensions getExtensionsObjFromMap​(java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> extMapsList)
      Given a list of maps which represent Extensions, produce a Bouncy Castle Extensions object which contains each extension parsed into Bouncy Castle Extension objects.
      static java.lang.Object getExtensionValue​(java.security.cert.X509Certificate cert, java.lang.String oid)  
      static java.lang.Object getExtensionValue​(java.security.cert.X509CRL crl, java.lang.String oid)  
      static java.lang.Object getExtensionValue​(java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> extList, java.lang.String oid)  
      static java.lang.Object getExtensionValue​(java.util.Map<java.lang.String,​java.lang.Object> extMap)  
      static java.lang.Object getExtensionValue​(org.bouncycastle.pkcs.PKCS10CertificationRequest csr, java.lang.String oid)  
      static boolean isSubtreeOf​(java.lang.String parentOid, java.lang.String oid)
      Return true if the given OID is contained within the subtree of parent OID.
      static java.lang.String octetStringToIpString​(org.bouncycastle.asn1.ASN1OctetString ip)
      Convert the value of an IP address which is encoded in an ASN1OctetString to a string.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • CRL_NUMBER_OID

        public static final java.lang.String CRL_NUMBER_OID
        CRLNumber OID 2.5.29.20

      • AUTHORITY_KEY_IDENTIFIER_OID

        public static final java.lang.String AUTHORITY_KEY_IDENTIFIER_OID
        AuthorityKeyIdentifier OID 2.5.29.35

      • SUBJECT_ALTERNATIVE_NAME_OID

        public static final java.lang.String SUBJECT_ALTERNATIVE_NAME_OID
        SubjectAlternativeName OID 2.5.29.17

    • Constructor Detail

      • ExtensionsUtils

        public ExtensionsUtils()

    • Method Detail

      • isSubtreeOf

        public static boolean isSubtreeOf​(java.lang.String parentOid,
                                  java.lang.String oid)
        Return true if the given OID is contained within the subtree of parent OID.
        Parameters:
        parentOid - The OID of the parent tree.
        oid - The OID to compare.
        Returns:
        True if OID is a subtree

      • getExtensionList

        public static java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> getExtensionList​(java.security.cert.X509Certificate cert)
                                                                                               throws java.io.IOException,
                                                                                                      java.security.cert.CertificateEncodingException
        Given a Java X509Certificate object, return a list of maps representing all the X509 extensions embedded in the certificate. If no extensions exist on the certificate, then null is returned.
        Parameters:
        cert - The X509 certificate object.
        Returns:
        A list of maps describing each extensions in the provided certificate.
        Throws:
        java.io.IOException
        java.security.cert.CertificateEncodingException
        See Also:
        getExtensionList(Extensions)

      • getExtensionList

        public static java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> getExtensionList​(java.security.cert.X509CRL crl)
                                                                                               throws java.io.IOException,
                                                                                                      java.security.cert.CRLException
        Given a Java X509CRL object, return a list of maps representing all the X509 extensions embedded in the CRL. If no extensions exist on the CRL, then null is returned.
        Parameters:
        crl - The X509 CRL object.
        Returns:
        A list of maps describing each extensions in the provided CRL.
        Throws:
        java.io.IOException
        java.security.cert.CRLException
        See Also:
        getExtensionList(Extensions)

      • getExtensionList

        public static java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> getExtensionList​(org.bouncycastle.pkcs.PKCS10CertificationRequest csr)
                                                                                               throws java.io.IOException
        Given a Bouncy Castle CSR object, return a list of maps representing all the X509 extensions embedded in the CSR. If no extensions exist on the CSR, then null is returned.
        Parameters:
        csr - The Bouncy Castle CertificationRequest object
        Returns:
        A list of maps describing each extensions in the provided certificate.
        Throws:
        java.io.IOException
        See Also:
        getExtensionList(Extensions)

      • getExtension

        public static java.util.Map<java.lang.String,​java.lang.Object> getExtension​(java.security.cert.X509Certificate cert,
                                                                                  java.lang.String oid)
                                                                           throws java.io.IOException,
                                                                                  java.security.cert.CertificateEncodingException
        Given a Java certificate, get a map containing the value and criticality of the extensions described by the given OID. If the OID is not found in the certificate then null is returned.
        Parameters:
        cert - The Java X509 certificate object.
        oid - The OID of the extension to be found.
        Returns:
        The map containing the extension value and critical flag.
        Throws:
        java.io.IOException
        java.security.cert.CertificateEncodingException

      • getExtension

        public static java.util.Map<java.lang.String,​java.lang.Object> getExtension​(java.security.cert.X509CRL crl,
                                                                                  java.lang.String oid)
                                                                           throws java.io.IOException,
                                                                                  java.security.cert.CRLException
        Given a Java X509CRL object, get a map containing the value and criticality of the extensions described by the given OID. If the OID is not found in the CRL, then null is returned. If no extensions exist on the CRL, then null is returned.
        Parameters:
        crl - The X509 CRL object.
        oid - The OID of the extension to be found.
        Returns:
        The map containing the extension value and critical flag.
        Throws:
        java.io.IOException
        java.security.cert.CRLException

      • getExtension

        public static java.util.Map<java.lang.String,​java.lang.Object> getExtension​(org.bouncycastle.pkcs.PKCS10CertificationRequest csr,
                                                                                  java.lang.String oid)
                                                                           throws java.io.IOException
        Given a Bouncy Castle CSR, get a map describing an extension value and its criticality from its OID. If the extension is not found then null is returned.
        Parameters:
        csr - The Bouncy Castle CSR to extract an extension from.
        oid - The OID of extension to find.
        Returns:
        A map describing the extension requested by its OID.
        Throws:
        java.io.IOException

      • getExtension

        public static java.util.Map<java.lang.String,​java.lang.Object> getExtension​(java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> extList,
                                                                                  java.lang.String oid)
        Given a list of maps describing extensions, return a map containing the extensions described by the provided OID. Returns null if the OID doesn't exist in the provided list.
        Parameters:
        extList - A list of extensions returned by getExtensionList().
        oid - The OID of the extension to find.
        Returns:
        The map describing the found extension, null if the oid doesn't exist.
        See Also:
        getExtensionList(Extensions), getExtensionList(X509Certificate)

      • getExtensionValue

        public static java.lang.Object getExtensionValue​(java.security.cert.X509Certificate cert,
                                                 java.lang.String oid)
                                          throws java.io.IOException,
                                                 java.security.cert.CertificateEncodingException
        Throws:
        java.io.IOException
        java.security.cert.CertificateEncodingException

      • getExtensionValue

        public static java.lang.Object getExtensionValue​(java.security.cert.X509CRL crl,
                                                 java.lang.String oid)
                                          throws java.io.IOException,
                                                 java.security.cert.CRLException
        Throws:
        java.io.IOException
        java.security.cert.CRLException

      • getExtensionValue

        public static java.lang.Object getExtensionValue​(org.bouncycastle.pkcs.PKCS10CertificationRequest csr,
                                                 java.lang.String oid)
                                          throws java.io.IOException
        Throws:
        java.io.IOException

      • getExtensionValue

        public static java.lang.Object getExtensionValue​(java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> extList,
                                                 java.lang.String oid)

      • getExtensionValue

        public static java.lang.Object getExtensionValue​(java.util.Map<java.lang.String,​java.lang.Object> extMap)

      • getExtensionsObjFromMap

        public static org.bouncycastle.asn1.x509.Extensions getExtensionsObjFromMap​(java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> extMapsList)
                                                                     throws java.io.IOException,
                                                                            java.security.GeneralSecurityException
        Given a list of maps which represent Extensions, produce a Bouncy Castle Extensions object which contains each extension parsed into Bouncy Castle Extension objects.
        Returns:
        The results Extensions container.
        Throws:
        java.security.GeneralSecurityException
        java.io.IOException
        See Also:
        parseExtensionObject(Map)

      • octetStringToIpString

        public static java.lang.String octetStringToIpString​(org.bouncycastle.asn1.ASN1OctetString ip)
                                              throws java.net.UnknownHostException
        Convert the value of an IP address which is encoded in an ASN1OctetString to a string.
        Parameters:
        ip - IP address encoded in an octet string.
        Returns:
        A string representing the given IP address.
        Throws:
        java.net.UnknownHostException