Package com.iizix.security
Class CertificateHelper
- java.lang.Object
- com.iizix.security.CertificateHelper
public class CertificateHelper extends java.lang.ObjectHelper class for certificates.- Author:
- Christopher Mindus
Field Summary
Fields Modifier and Type Field Description static java.security.cert.X509Certificate[]EMPTY_ARRAYEmpty array of certificates.
Constructor Summary
Constructors Constructor Description CertificateHelper()
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static voidassignCertificateFromEclipseBundle(IX509CertificateFromEclipseBundle eclipseCertsResolver)Assigns the certificate retrieval from an Eclipse Bundle when it cannot be retrieved normally using the JavaCodeSource.getCertificates()call.static javax.security.auth.x500.X500PrincipalcreateX500Principal(java.lang.String commonName, java.lang.String organizationUnit, java.lang.String organizationName, java.lang.String localityName, java.lang.String stateName, java.lang.String country)Creates the principal for certificate creation.static java.security.cert.CertificateFactorygetCertificateFactory()Returns a certificate factory object that implements the specified certificate type.static java.security.cert.X509Certificate[]getCodeSigningCertificates(java.lang.Class<?> cls)Gets the code signing certificates of an object.static java.security.cert.X509Certificate[]getJarCertificates(java.util.jar.JarFile jf)Verifies an open JAR file (with verify flag present) for valid certificates.static booleanisJarSigned(java.lang.String jarFileName)Checks if an iiziApp Jar file is signed.static java.security.cert.X509CertificateloadCertificate(java.io.File file)Loads a x.509 certificate from file.static java.security.cert.X509CertificateloadCertificate(java.io.InputStream inputStream)Loads a x.509 certificate from an input stream.static java.security.cert.X509CertificateloadCertificate(java.lang.String fileName)Loads an X.509 certificate from a file.static java.security.cert.X509Certificate[]loadCertificates(byte[] data)Loads an encoded X.509 certificate path from a byte array.static java.security.cert.X509Certificate[]loadCertificates(java.io.File file)Loads a collection of X.509 certificate from a file.static java.security.cert.X509Certificate[]loadCertificates(java.io.InputStream inputStream)Loads an encoded X.509 certificate path from an input stream and returns the certificates.static java.security.cert.X509Certificate[]loadCertificates(java.lang.String fileName)Loads an encoded X.509 certificate path from a file.static byte[]toBytes(java.security.cert.X509Certificate[] certs)Returns the encoded form of a certification path from the X.509 certificates.static java.lang.StringverifyManifest(java.util.jar.Manifest man)Verifies that the main manifest attributes are correct according to an iiziApp using the security model for sealed, codebase and permissions attributes.static voidwriteCertificates(java.io.File file, java.security.cert.X509Certificate[] certs)Writes the certificates in encoded form of the certificates using a certificate path.
Method Detail
getCertificateFactory
public static java.security.cert.CertificateFactory getCertificateFactory() throws java.security.cert.CertificateExceptionReturns a certificate factory object that implements the specified certificate type.This method traverses the list of registered security Providers, starting with the most preferred Provider. A new CertificateFactory object encapsulating the CertificateFactorySpi implementation from the first Provider that supports the specified type is returned. Once retrieved, it is cached.
- Returns:
- A certificate factory object for X.509 certificates.
- Throws:
java.security.cert.CertificateException- If no Provider supports a CertificateFactorySpi implementation for the specified type.
loadCertificate
public static java.security.cert.X509Certificate loadCertificate(java.lang.String fileName) throws java.security.cert.CertificateException, java.io.FileNotFoundException, java.io.IOExceptionLoads an X.509 certificate from a file.- Returns:
- The certificate, never null.
- Throws:
java.security.cert.CertificateException- For certificate errors.java.io.IOException- For I/O errors.java.io.FileNotFoundException- If file is not found.
loadCertificates
public static java.security.cert.X509Certificate[] loadCertificates(java.lang.String fileName) throws java.security.cert.CertificateException, java.io.FileNotFoundException, java.io.IOExceptionLoads an encoded X.509 certificate path from a file.- Parameters:
fileName- The file name.- Returns:
- The certificates array.
- Throws:
java.security.cert.CertificateException- For certificate errors.java.io.IOException- For I/O errors.java.io.FileNotFoundException- If file is not found.
loadCertificate
public static final java.security.cert.X509Certificate loadCertificate(java.io.File file) throws java.security.cert.CertificateException, java.io.FileNotFoundException, java.io.IOExceptionLoads a x.509 certificate from file.- Parameters:
file- The file.- Returns:
- The X.509 certificate.
- Throws:
java.io.FileNotFoundException- If file is not found.java.io.IOException- For I/O errors.java.security.cert.CertificateException- For parsing errors.
loadCertificates
public static final java.security.cert.X509Certificate[] loadCertificates(java.io.File file) throws java.security.cert.CertificateException, java.io.FileNotFoundException, java.io.IOExceptionLoads a collection of X.509 certificate from a file.- Parameters:
file- The file.- Returns:
- The certificates array.
- Throws:
java.io.FileNotFoundException- If file is not found.java.io.IOException- For I/O errors.java.security.cert.CertificateException- For parsing errors.
loadCertificate
public static final java.security.cert.X509Certificate loadCertificate(java.io.InputStream inputStream) throws java.security.cert.CertificateExceptionLoads a x.509 certificate from an input stream.- Parameters:
inputStream- The input stream. The caller must close the input stream!- Returns:
- The X.509 certificate.
- Throws:
java.security.cert.CertificateException- For parsing errors.
loadCertificates
public static java.security.cert.X509Certificate[] loadCertificates(byte[] data) throws java.security.cert.CertificateExceptionLoads an encoded X.509 certificate path from a byte array.- Parameters:
data- The byte array.- Returns:
- The X.509 certificates.
- Throws:
java.security.cert.CertificateException- If no Provider supports a CertificateFactorySpi implementation for the specified type when creating the Certificate Factory, or when the certificate is initialized from the data.
loadCertificates
public static final java.security.cert.X509Certificate[] loadCertificates(java.io.InputStream inputStream) throws java.security.cert.CertificateExceptionLoads an encoded X.509 certificate path from an input stream and returns the certificates.- Parameters:
inputStream- The input stream. The caller must close the input stream!- Returns:
- The certificates array.
- Throws:
java.security.cert.CertificateException- For parsing errors.
toBytes
public static byte[] toBytes(java.security.cert.X509Certificate[] certs) throws java.security.cert.CertificateExceptionReturns the encoded form of a certification path from the X.509 certificates.- Parameters:
certs- The certificates.- Returns:
- The encoded form of the certificates.
- Throws:
java.security.cert.CertificateEncodingException- If an encoding error occurs.java.security.cert.CertificateException
writeCertificates
public static void writeCertificates(java.io.File file, java.security.cert.X509Certificate[] certs) throws java.security.cert.CertificateException, java.io.FileNotFoundException, java.io.IOExceptionWrites the certificates in encoded form of the certificates using a certificate path. It is assumed that each certificate type would have only a single form of encoding; for example, X.509 certificates would be encoded as ASN.1 DER.- Parameters:
file- The file.certs- The certificates.- Throws:
java.security.cert.CertificateEncodingException- If an encoding error occurs.java.io.IOException- For I/O errors.java.io.FileNotFoundException- If the file failed creation due to e.g. missing directory.java.security.cert.CertificateException
createX500Principal
public static javax.security.auth.x500.X500Principal createX500Principal(java.lang.String commonName, java.lang.String organizationUnit, java.lang.String organizationName, java.lang.String localityName, java.lang.String stateName, java.lang.String country) throws java.lang.ExceptionCreates the principal for certificate creation.- Parameters:
commonName- The CN common name.organizationUnit- The OU organization unit.organizationName- The O organization name.localityName- The L locality or city name.stateName- The ST state or province name.country- The C country, two letter code.- Returns:
- The X500Principal.
- Throws:
java.lang.NullPointerException- If a parameter is null.java.lang.Exception- For other errors with the parameters.
assignCertificateFromEclipseBundle
public static void assignCertificateFromEclipseBundle(IX509CertificateFromEclipseBundle eclipseCertsResolver)
Assigns the certificate retrieval from an Eclipse Bundle when it cannot be retrieved normally using the JavaCodeSource.getCertificates()call.- Parameters:
eclipseCertsResolver- Interface to call to find the certificates for a class in a bundle.- Throws:
java.lang.NullPointerException- If eclipseCerts is null.java.lang.IllegalStateException- If already assigned.
getCodeSigningCertificates
public static java.security.cert.X509Certificate[] getCodeSigningCertificates(java.lang.Class<?> cls)
Gets the code signing certificates of an object. Note that only valid and trusted X.509 certificates are returned, never self-signed certificates.- Parameters:
cls- The class to retrieve the code signing certificates for.- Returns:
- The X.509 certificate chain, or null if not signed.
getJarCertificates
public static java.security.cert.X509Certificate[] getJarCertificates(java.util.jar.JarFile jf) throws java.io.IOExceptionVerifies an open JAR file (with verify flag present) for valid certificates.- Returns:
- null if not signed, otherwise the X.509 certificates. If the file has no files, return an empty list of X.509 certificates.
- Throws:
java.io.IOException- if there is a problem with the JAR file or it's signing.
verifyManifest
public static java.lang.String verifyManifest(java.util.jar.Manifest man)
Verifies that the main manifest attributes are correct according to an iiziApp using the security model for sealed, codebase and permissions attributes.If the developer ID and/or appID is present, they are returned.
- Parameters:
man- The manifest.- Returns:
- null for OK, otherwise the failed attribute description.
isJarSigned
public static boolean isJarSigned(java.lang.String jarFileName)
Checks if an iiziApp Jar file is signed.- Parameters:
jarFileName- The Jar file name.- Returns:
- true if signed, false otherwise.