X509Support (Red Hat JBoss Enterprise Application Platform 7.0.0.GA public API)

java.lang.Object
- org.opensaml.security.x509.X509Support

```
public class X509Support
extends Object
```
Utility class for working with X509 objects.

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`CN_OID` Common Name (CN) OID.
`static Integer`	`DIRECTORY_ALT_NAME` RFC 2459 Directory Name Subject Alt Name type.
`static Integer`	`DNS_ALT_NAME` RFC 2459 DNS Subject Alt Name type.
`static Integer`	`EDI_PARTY_ALT_NAME` RFC 2459 EDI Party Name Subject Alt Name type.
`static Integer`	`IP_ADDRESS_ALT_NAME` RFC 2459 IP Address Subject Alt Name type.
`static Integer`	`OTHER_ALT_NAME` RFC 2459 Other Subject Alt Name type.
`static Integer`	`REGISTERED_ID_ALT_NAME` RFC 2459 Registered ID Subject Alt Name type.
`static Integer`	`RFC822_ALT_NAME` RFC 2459 RFC 822 (email address) Subject Alt Name type.
`static String`	`SKI_OID` Subject Key Identifier (SKI) OID.
`static Integer`	`URI_ALT_NAME` RFC 2459 URI Subject Alt Name type.
`static Integer`	`X400ADDRESS_ALT_NAME` RFC 2459 X.400 Address Subject Alt Name type.

Constructor Summary

Constructors
Modifier Constructor and Description

protected X509Support()
Constructed.

Constructors
Modifier	Constructor and Description
`protected`	`X509Support()` Constructed.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static X509Certificate`	`decodeCertificate(byte[] cert)` Decodes a single X.509 certificate in DER or PEM format.
`static X509Certificate`	`decodeCertificate(File cert)` Decodes a single X.509 certificate in DER or PEM format.
`static X509Certificate`	`decodeCertificate(String base64Cert)` Decode a single Java certificate from base64 encoded form without PEM headers and footers.
`static Collection<X509Certificate>`	`decodeCertificates(byte[] certs)` Decodes X.509 certificates in DER or PEM format.
`static Collection<X509Certificate>`	`decodeCertificates(File certs)` Decodes X.509 certificates in DER or PEM format.
`static X509CRL`	`decodeCRL(String base64CRL)` Decode CRL in base64 encoded form without PEM headers and footers.
`static Collection<X509CRL>`	`decodeCRLs(byte[] crls)` Decodes CRLs in DER or PKCS#7 format.
`static Collection<X509CRL>`	`decodeCRLs(File crls)` Decodes CRLs in DER or PKCS#7 format.
`static X509Certificate`	`determineEntityCertificate(Collection<X509Certificate> certs, PrivateKey privateKey)` Determines the certificate, from the collection, associated with the private key.
`static List`	`getAltNames(X509Certificate certificate, Integer[] nameTypes)` Gets the list of alternative names of a given name type.
`static List<String>`	`getCommonNames(X500Principal dn)` Gets the commons names that appear within the given distinguished name.
`static String`	`getIdentifiersToken(X509Credential credential, X500DNHandler handler)` Gets a formatted string representing identifier information from the supplied credential.
`static byte[]`	`getSubjectKeyIdentifier(X509Certificate certificate)` Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if present.
`static List`	`getSubjectNames(X509Certificate certificate, Integer[] altNameTypes)` Gets the common name components of the issuer and all the subject alt names of a given type.
`static byte[]`	`getX509Digest(X509Certificate certificate, String jcaAlgorithm)` Get the XML Signature-compliant digest of an X.509 certificate.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- CN_OID
```
public static final String CN_OID
```
  Common Name (CN) OID.
  
  See Also:
  
  Constant Field Values
- SKI_OID
```
public static final String SKI_OID
```
  Subject Key Identifier (SKI) OID.
  
  See Also:
  
  Constant Field Values
- OTHER_ALT_NAME
```
public static final Integer OTHER_ALT_NAME
```
  RFC 2459 Other Subject Alt Name type.
- RFC822_ALT_NAME
```
public static final Integer RFC822_ALT_NAME
```
  RFC 2459 RFC 822 (email address) Subject Alt Name type.
- DNS_ALT_NAME
```
public static final Integer DNS_ALT_NAME
```
  RFC 2459 DNS Subject Alt Name type.
- X400ADDRESS_ALT_NAME
```
public static final Integer X400ADDRESS_ALT_NAME
```
  RFC 2459 X.400 Address Subject Alt Name type.
- DIRECTORY_ALT_NAME
```
public static final Integer DIRECTORY_ALT_NAME
```
  RFC 2459 Directory Name Subject Alt Name type.
- EDI_PARTY_ALT_NAME
```
public static final Integer EDI_PARTY_ALT_NAME
```
  RFC 2459 EDI Party Name Subject Alt Name type.
- URI_ALT_NAME
```
public static final Integer URI_ALT_NAME
```
  RFC 2459 URI Subject Alt Name type.
- IP_ADDRESS_ALT_NAME
```
public static final Integer IP_ADDRESS_ALT_NAME
```
  RFC 2459 IP Address Subject Alt Name type.
- REGISTERED_ID_ALT_NAME
```
public static final Integer REGISTERED_ID_ALT_NAME
```
  RFC 2459 Registered ID Subject Alt Name type.

Constructor Detail
- X509Support
```
protected X509Support()
```
  Constructed.

Method Detail

determineEntityCertificate

@Nullable
public static X509Certificate determineEntityCertificate(@Nullable
                                                                   Collection<X509Certificate> certs,
                                                                   @Nullable
                                                                   PrivateKey privateKey)
                                                            throws SecurityException

Determines the certificate, from the collection, associated with the private key.

Parameters:: certs - certificates to check; privateKey - entity's private key
Returns:: the certificate associated with entity's private key or null if no certificate in the collection is associated with the given private key
Throws:: SecurityException - thrown if the public or private keys checked are of an unsupported type
Since:: 1.2

getCommonNames
```
@Nullable
public static List<String> getCommonNames(@Nullable
                                                    X500Principal dn)
```
Gets the commons names that appear within the given distinguished name.
The returned list provides the names in the order they appeared in the DN, according to RFC 1779/2253 encoding. In this encoding the "most specific" name would typically appear in the left-most position, and would appear first in the returned list.

Parameters:

dn - the DN to extract the common names from

Returns:

the common names that appear in the DN in the order they appear, or null if the given DN is null

getAltNames

@Nullable
public static List getAltNames(@Nullable
                                         X509Certificate certificate,
                                         @Nullable
                                         Integer[] nameTypes)

Gets the list of alternative names of a given name type.

Parameters:: certificate - the certificate to extract the alternative names from; nameTypes - the name types
Returns:: the alt names, of the given type, within the cert

getSubjectNames

@Nullable
public static List getSubjectNames(@Nullable
                                             X509Certificate certificate,
                                             @Nullable
                                             Integer[] altNameTypes)

Gets the common name components of the issuer and all the subject alt names of a given type.

Parameters:: certificate - certificate to extract names from; altNameTypes - type of alt names to extract
Returns:: list of subject names in the certificate

getSubjectKeyIdentifier
```
@Nullable
public static byte[] getSubjectKeyIdentifier(@Nonnull
                                                       X509Certificate certificate)
```
Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if present.

Parameters:

certificate - an X.509 certificate possibly containing a subject key identifier

Returns:

the plain (non-DER encoded) value of the Subject Key Identifier extension, or null if the certificate does not contain the extension

getX509Digest

@Nonnull
public static byte[] getX509Digest(@Nonnull
                                            X509Certificate certificate,
                                            @Nonnull
                                            String jcaAlgorithm)
                                     throws SecurityException

Get the XML Signature-compliant digest of an X.509 certificate.

Parameters:: certificate - an X.509 certificate; jcaAlgorithm - JCA algorithm identifier
Returns:: the raw digest of the certificate
Throws:: SecurityException - is algorithm is unsupported or encoding is not possible

decodeCertificates

@Nullable
public static Collection<X509Certificate> decodeCertificates(@Nonnull
                                                                       File certs)
                                                                throws CertificateException

Decodes X.509 certificates in DER or PEM format.

Parameters:: certs - encoded certs
Returns:: decoded certs
Throws:: CertificateException - thrown if the certificates cannot be decoded
Since:: 1.2

decodeCertificates

@Nullable
public static Collection<X509Certificate> decodeCertificates(@Nonnull
                                                                       byte[] certs)
                                                                throws CertificateException

Decodes X.509 certificates in DER or PEM format.

Parameters:: certs - encoded certs
Returns:: decoded certs
Throws:: CertificateException - thrown if the certificates cannot be decoded

decodeCertificate

@Nullable
public static X509Certificate decodeCertificate(@Nonnull
                                                          File cert)
                                                   throws CertificateException

Decodes a single X.509 certificate in DER or PEM format.

Parameters:: cert - encoded cert
Returns:: decoded cert
Throws:: CertificateException - thrown if the certificate can not be decoded
Since:: 1.2

decodeCertificate

@Nullable
public static X509Certificate decodeCertificate(@Nonnull
                                                          byte[] cert)
                                                   throws CertificateException

Decodes a single X.509 certificate in DER or PEM format.

Parameters:: cert - encoded cert
Returns:: decoded cert
Throws:: CertificateException - thrown if the certificate cannot be decoded

decodeCertificate

@Nullable
public static X509Certificate decodeCertificate(@Nonnull
                                                          String base64Cert)
                                                   throws CertificateException

Decode a single Java certificate from base64 encoded form without PEM headers and footers.

Parameters:: base64Cert - base64-encoded certificate
Returns:: a native Java X509 certificate
Throws:: CertificateException - thrown if there is an error constructing certificate

decodeCRLs

@Nullable
public static Collection<X509CRL> decodeCRLs(@Nonnull
                                                       File crls)
                                                throws CRLException

Decodes CRLs in DER or PKCS#7 format. If in PKCS#7 format only the CRLs are decoded; the rest of the content is ignored.

Parameters:: crls - encoded CRLs
Returns:: decoded CRLs
Throws:: CRLException - thrown if the CRLs can not be decoded
Since:: 1.2

decodeCRLs

@Nullable
public static Collection<X509CRL> decodeCRLs(@Nonnull
                                                       byte[] crls)
                                                throws CRLException

Decodes CRLs in DER or PKCS#7 format. If in PKCS#7 format only the CRLs are decoded; the rest of the content is ignored.

Parameters:: crls - encoded CRLs
Returns:: decoded CRLs
Throws:: CRLException - thrown if the CRLs can not be decoded

decodeCRL

@Nullable
public static X509CRL decodeCRL(@Nonnull
                                          String base64CRL)
                                   throws CertificateException,
                                          CRLException

Decode CRL in base64 encoded form without PEM headers and footers.

Parameters:: base64CRL - base64-encoded CRL
Returns:: a native Java X509 CRL
Throws:: CertificateException - thrown if there is an error constructing certificate; CRLException - thrown if there is an error constructing CRL

getIdentifiersToken
```
@Nonnull
public static String getIdentifiersToken(@Nonnull
                                                  X509Credential credential,
                                                  @Nullable
                                                  X500DNHandler handler)
```
Gets a formatted string representing identifier information from the supplied credential.
This could for example be used in logging messages.

Often it will be the case that a given credential that is being evaluated will NOT have a value for the entity ID property. So extract the certificate subject DN, and if present, the credential's entity ID.

Parameters:

credential - the credential for which to produce a token.

handler - the X.500 DN handler to use. If null, a new instance of InternalX500DNHandler will be used.

Returns:

a formatted string containing identifier information present in the credential

Class X509Support

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

CN_OID

SKI_OID

OTHER_ALT_NAME

RFC822_ALT_NAME

DNS_ALT_NAME

X400ADDRESS_ALT_NAME

DIRECTORY_ALT_NAME

EDI_PARTY_ALT_NAME

URI_ALT_NAME

IP_ADDRESS_ALT_NAME

REGISTERED_ID_ALT_NAME

Constructor Detail

X509Support

Method Detail

determineEntityCertificate

getCommonNames

getAltNames

getSubjectNames

getSubjectKeyIdentifier

getX509Digest

decodeCertificates

decodeCertificates

decodeCertificate

decodeCertificate

decodeCertificate

decodeCRLs

decodeCRLs

decodeCRL

getIdentifiersToken