Class CertificateHelper

java.lang.Object
com.iizix.security.CertificateHelper

public class CertificateHelper extends Object
Helper class for certificates.
Author:
Christopher Mindus
  • Field Details

    • EMPTY_ARRAY

      public static final X509Certificate[] EMPTY_ARRAY
      Empty array of certificates.
  • Constructor Details

    • CertificateHelper

      public CertificateHelper()
  • Method Details

    • getCertificateFactory

      public static CertificateFactory getCertificateFactory() throws CertificateException
      Returns a certificate factory object that implements the specified certificate type.

      This method traverses the list of registered security Providers, starting with the most preferred Provider. A new CertificateFactory object encapsulating the CertificateFactorySpi implementation from the first Provider that supports the specified type is returned. Once retrieved, it is cached.

      Returns:
      A certificate factory object for X.509 certificates.
      Throws:
      CertificateException - If no Provider supports a CertificateFactorySpi implementation for the specified type.
    • loadCertificate

      public static X509Certificate loadCertificate(String fileName) throws CertificateException, FileNotFoundException, IOException
      Loads an X.509 certificate from a file.
      Returns:
      The certificate, never null.
      Throws:
      CertificateException - For certificate errors.
      IOException - For I/O errors.
      FileNotFoundException - If file is not found.
    • loadCertificates

      public static X509Certificate[] loadCertificates(String fileName) throws CertificateException, FileNotFoundException, IOException
      Loads an encoded X.509 certificate path from a file.
      Parameters:
      fileName - The file name.
      Returns:
      The certificates array.
      Throws:
      CertificateException - For certificate errors.
      IOException - For I/O errors.
      FileNotFoundException - If file is not found.
    • loadCertificate

      public static final X509Certificate loadCertificate(File file) throws CertificateException, FileNotFoundException, IOException
      Loads a x.509 certificate from file.
      Parameters:
      file - The file.
      Returns:
      The X.509 certificate.
      Throws:
      FileNotFoundException - If file is not found.
      IOException - For I/O errors.
      CertificateException - For parsing errors.
    • loadCertificates

      public static final X509Certificate[] loadCertificates(File file) throws CertificateException, FileNotFoundException, IOException
      Loads a collection of X.509 certificate from a file.
      Parameters:
      file - The file.
      Returns:
      The certificates array.
      Throws:
      FileNotFoundException - If file is not found.
      IOException - For I/O errors.
      CertificateException - For parsing errors.
    • loadCertificate

      public static final X509Certificate loadCertificate(InputStream inputStream) throws CertificateException
      Loads a x.509 certificate from an input stream.
      Parameters:
      inputStream - The input stream. The caller must close the input stream!
      Returns:
      The X.509 certificate.
      Throws:
      CertificateException - For parsing errors.
    • loadCertificates

      public static X509Certificate[] loadCertificates(byte[] data) throws CertificateException
      Loads an encoded X.509 certificate path from a byte array.
      Parameters:
      data - The byte array.
      Returns:
      The X.509 certificates.
      Throws:
      CertificateException - If no Provider supports a CertificateFactorySpi implementation for the specified type when creating the Certificate Factory, or when the certificate is initialized from the data.
    • loadCertificates

      public static final X509Certificate[] loadCertificates(InputStream inputStream) throws CertificateException
      Loads an encoded X.509 certificate path from an input stream and returns the certificates.
      Parameters:
      inputStream - The input stream. The caller must close the input stream!
      Returns:
      The certificates array.
      Throws:
      CertificateException - For parsing errors.
    • toBytes

      public static byte[] toBytes(X509Certificate[] certs) throws CertificateException
      Returns the encoded form of a certification path from the X.509 certificates.
      Parameters:
      certs - The certificates.
      Returns:
      The encoded form of the certificates.
      Throws:
      CertificateEncodingException - If an encoding error occurs.
      CertificateException
    • writeCertificates

      public static void writeCertificates(File file, X509Certificate[] certs) throws CertificateException, FileNotFoundException, IOException
      Writes the certificates in encoded form of the certificates using a certificate path. It is assumed that each certificate type would have only a single form of encoding; for example, X.509 certificates would be encoded as ASN.1 DER.
      Parameters:
      file - The file.
      certs - The certificates.
      Throws:
      CertificateEncodingException - If an encoding error occurs.
      IOException - For I/O errors.
      FileNotFoundException - If the file failed creation due to e.g. missing directory.
      CertificateException
    • createX500Principal

      public static X500Principal createX500Principal(String commonName, String organizationUnit, String organizationName, String localityName, String stateName, String country) throws Exception
      Creates the principal for certificate creation.
      Parameters:
      commonName - The CN common name.
      organizationUnit - The OU organization unit.
      organizationName - The O organization name.
      localityName - The L locality or city name.
      stateName - The ST state or province name.
      country - The C country, two letter code.
      Returns:
      The X500Principal.
      Throws:
      NullPointerException - If a parameter is null.
      Exception - For other errors with the parameters.
    • assignCertificateFromEclipseBundle

      public static void assignCertificateFromEclipseBundle(IX509CertificateFromEclipseBundle eclipseCertsResolver)
      Assigns the certificate retrieval from an Eclipse Bundle when it cannot be retrieved normally using the Java CodeSource.getCertificates() call.
      Parameters:
      eclipseCertsResolver - Interface to call to find the certificates for a class in a bundle.
      Throws:
      NullPointerException - If eclipseCerts is null.
      IllegalStateException - If already assigned.
    • getCodeSigningCertificates

      public static X509Certificate[] getCodeSigningCertificates(Class<?> cls)
      Gets the code signing certificates of an object. Note that only valid and trusted X.509 certificates are returned, never self-signed certificates.
      Parameters:
      cls - The class to retrieve the code signing certificates for.
      Returns:
      The X.509 certificate chain, or null if not signed.
    • getJarCertificates

      public static X509Certificate[] getJarCertificates(JarFile jf) throws IOException
      Verifies an open JAR file (with verify flag present) for valid certificates.
      Returns:
      null if not signed, otherwise the X.509 certificates. If the file has no files, return an empty list of X.509 certificates.
      Throws:
      IOException - if there is a problem with the JAR file or it's signing.
    • verifyManifest

      public static String verifyManifest(Manifest man)
      Verifies that the main manifest attributes are correct according to an iiziApp using the security model for sealed, codebase and permissions attributes.

      If the developer ID and/or appID is present, they are returned.

      Parameters:
      man - The manifest.
      Returns:
      null for OK, otherwise the failed attribute description.
    • isJarSigned

      public static boolean isJarSigned(String jarFileName)
      Checks if an iiziApp Jar file is signed.
      Parameters:
      jarFileName - The Jar file name.
      Returns:
      true if signed, false otherwise.