java.lang.Object
se.swedenconnect.security.credential.utils.KeyUtils

public class KeyUtils extends Object
Utility methods for handling public and private keys.
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
  • Method Details

    • isInlinedPem

      public static boolean isInlinedPem(@Nonnull String location)
      When configuring the use of credentials and when a key is configured, normally, the location of the key file is given. But we also allow to give the key "inline", i.e., to enter its PEM-encoding. This method can be used to find out whether a location string holds an inlined PEM-encoded key.
      Parameters:
      location - location configuration setting
      Returns:
      true if the given string holds a PEM-encoding and false otherwise
    • decodePublicKey

      @Nonnull public static PublicKey decodePublicKey(@Nonnull byte[] bytes) throws KeyException
      Decodes a public key in DER or PEM format.
      Parameters:
      bytes - the key bytes
      Returns:
      the decoded public key
      Throws:
      KeyException - for decoding errors
    • decodePublicKey

      @Nonnull public static PublicKey decodePublicKey(@Nonnull InputStream stream) throws KeyException
      Decodes a public key in DER or PEM format.

      The method does not close the input stream.

      Parameters:
      stream - the input stream
      Returns:
      the decoded public key
      Throws:
      KeyException - for decoding errors
    • decodePrivateKey

      @Nonnull public static PrivateKey decodePrivateKey(@Nonnull byte[] bytes) throws KeyException
      Decodes a private key in DER, PEM, and unencrypted PKCS#8 formats.
      Parameters:
      bytes - the key bytes
      Returns:
      the decoded private key
      Throws:
      KeyException - for decoding errors
    • decodePrivateKey

      @Nonnull public static PrivateKey decodePrivateKey(@Nonnull byte[] bytes, @Nullable char[] password) throws KeyException
      Decodes an encrypted private key. DER or PEM-encoded PKCS#8 and "OpenSSL" PEM formats are supported.
      Parameters:
      bytes - the key bytes
      password - the password, if null, the decodePrivateKey(byte[]) is called
      Returns:
      the decoded and decrypted private key
      Throws:
      KeyException - for decoding and decryption errors
    • decodePrivateKey

      @Nonnull public static PrivateKey decodePrivateKey(@Nonnull InputStream stream) throws KeyException
      Decodes a private key in DER, PEM, and unencrypted PKCS#8 formats.

      The method does not close the input stream.

      Parameters:
      stream - the input stream
      Returns:
      the decoded private key
      Throws:
      KeyException - for decoding errors
    • decodePrivateKey

      @Nonnull public static PrivateKey decodePrivateKey(@Nonnull InputStream stream, @Nullable char[] password) throws KeyException
      Decodes an encrypted private key. DER or PEM-encoded PKCS#8 and "OpenSSL" PEM formats are supported.

      The method does not close the input stream.

      Parameters:
      stream - the input stream
      password - the password, if null, the decodePrivateKey(InputStream) is called.
      Returns:
      the decoded and decrypted private key
      Throws:
      KeyException - for decoding and decryption errors