java.lang.Object
se.swedenconnect.security.credential.utils.X509Utils

public class X509Utils extends Object
Utility methods for working with X.509 certificates.
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
  • Method Details

    • isInlinedPem

      public static boolean isInlinedPem(@Nonnull String location)
      When configuring the use of credentials and when a certificate is configured, normally, the location of the certificate is given. But we also allow to give the certificate "inline", i.e., to enter its PEM-encoding. This method can be used to find out whether a location string holds an inlined PEM-encoded certificate.
      Parameters:
      location - location configuration setting
      Returns:
      true if the given string holds a PEM-encoding and false otherwise
    • decodeCertificate

      @Nonnull public static X509Certificate decodeCertificate(@Nonnull byte[] encoding) throws CertificateException
      Decodes a X509Certificate from its encoding.
      Parameters:
      encoding - the certificate encoding (PEM or DER encoded)
      Returns:
      a X509Certificate object
      Throws:
      CertificateException - for decoding errors
    • decodeCertificate

      @Nonnull public static X509Certificate decodeCertificate(@Nonnull InputStream stream) throws CertificateException
      Decodes a X509Certificate from an input stream.

      The method does not close the input stream.

      Parameters:
      stream - the stream to read (holding a PEM or DER encoded certificate)
      Returns:
      a X509Certificate object
      Throws:
      CertificateException - for decoding errors
    • decodeCertificateChain

      @Nonnull public static List<X509Certificate> decodeCertificateChain(@Nonnull byte[] encoding) throws CertificateException
      Given a sequence of PEM or DER encododed certificates or a PKCS#7 certificate chain, the method will return a list of X509Certificate objects.
      Parameters:
      encoding - the sequence of PEM or DER encoded certificates or a PKCS#7 certificate chain
      Returns:
      a list of X509Certificate objects
      Throws:
      CertificateException - for decoding errors
    • decodeCertificateChain

      @Nonnull public static List<X509Certificate> decodeCertificateChain(@Nonnull InputStream stream) throws CertificateException
      Given a stream holding a sequence of PEM or DER encododed certificates or a PKCS#7 certificate chain, the method will return a list of X509Certificate objects.

      The method does not close the input stream.

      Parameters:
      stream - the stream
      Returns:
      a list of X509Certificate objects
      Throws:
      CertificateException - for decoding errors
    • toLogString

      @Nonnull public static String toLogString(@Nullable X509Certificate certificate)
      The Certificate.toString() prints way too much for a normal log entry. This method displays the subject, issuer and serial number.
      Parameters:
      certificate - the certificate to log
      Returns:
      a log string