Package net.solarnetwork.central.security

Class CertificateUtils

java.lang.Object
net.solarnetwork.central.security.CertificateUtils
public final class CertificateUtils extends Object
Certificate utilities.

  • Field Details

    • RFC_822_SAN_ID

      public static final Integer RFC_822_SAN_ID
      The RFC 822 Subject Alternative Name ID.

    • EMAIL_ADDRESS_OID

      public static final String EMAIL_ADDRESS_OID
      The emailAddress OID.
      See Also:

    • X509_CERTIFICATE_TYPE

      public static final String X509_CERTIFICATE_TYPE
      The X.509 certificate type.
      See Also:

  • Constructor Details

    • CertificateUtils

      public CertificateUtils()

  • Method Details

    • x509CertificateFactory

      public static CertificateFactory x509CertificateFactory()
      Get a certificate factory for X.509 certificates.
      Returns:
      the factory
      Throws:
      net.solarnetwork.service.CertificateException - if unable to instantiate the factory

    • emailSubjectAlternativeName

      public static String emailSubjectAlternativeName(X509Certificate cert) throws CertificateParsingException
      Extract the first available RFC 822 (email) value from the Subject Alternative Name e
      Parameters:
      cert - the certificate to extract the email from
      Returns:
      the extracted email, or null if none available
      Throws:
      IllegalArgumentException - if any argument is null
      CertificateParsingException - if an error parsing the subject alternative names occurs

    • canonicalSubjectDn

      public static String canonicalSubjectDn(X509Certificate cert)
      Get the canonical subject DN value of a certificate.
      Parameters:
      cert - the certificate to extract the canonical subject DN value from
      Returns:
      the canonical subject DN
      Throws:
      IllegalArgumentException - if any argument is null

    • parsePemCertificates

      public static X509Certificate[] parsePemCertificates(Reader pemData) throws net.solarnetwork.service.CertificateException
      Parse PEM certificate data.
      Parameters:
      pemData - the PEM data to parse
      Returns:
      the parsed certificates
      Throws:
      net.solarnetwork.service.CertificateException - if any error occurs

    • serverKeyStore

      public static KeyStore serverKeyStore(Path certificatePath, Path certificateKey, String alias) throws net.solarnetwork.service.CertificateException
      Create a new key store from TLS server settings.
      Parameters:
      certificatePath - the path to the PEM encoded certificate file
      certificateKey - the path to the PEM encoded, unencrypted private key
      alias - the key store alias to use for the certificate
      Returns:
      the key store, or null if no settings are available
      Throws:
      net.solarnetwork.service.CertificateException - if an error occurs initializing the key store

    • validateCertificateChain

      public static PKIXCertPathValidatorResult validateCertificateChain(KeyStore trustStore, X509Certificate[] chain) throws net.solarnetwork.service.CertificateException
      Validate a certificate chain.
      Parameters:
      trustStore - the trust store containing all available trusted CA certificates
      chain - the certificate chain to validate
      Returns:
      the validation result, if successful
      Throws:
      net.solarnetwork.service.CertificateException - if validation fails for any reason