KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > ca > commons > security > util > CertUtil


1 package com.ca.commons.security.util;
2
3 import com.ca.commons.security.cert.extensions.*;
4 import com.ca.commons.security.asn1.*;
5
6 import java.io.*;
7 import java.util.*;
8 import java.security.cert.*;
9 import java.security.*;
10
11 import java.math.BigInteger JavaDoc;
12
13 public class CertUtil
14 {
15
16     /**
17      * Load an X509Certificate object from a specified file. If this
18      * function is able to load the certificate from the file, return
19      * the object, otherwise, return <code>null</code>.
20      *
21      * - <i>Warning: may not correctly handle pem files - CB</i>
22      *
23      * @param fileName The name of the file containing the X.509 Certificate.
24      * @return An <code>X509Certificate</code> object containing the
25      * certificate, or <code>null</code>.
26      */
27
28 // TODO: logging, and bubble exception properly to a level that can display them.
29
30
31     public static X509Certificate loadX509Certificate (String JavaDoc fileName)
32     {
33         return loadX509Certificate(new File(fileName));
34
35     }
36     public static X509Certificate loadX509Certificate (File file)
37     {
38         try
39         {
40             FileInputStream inputStream = new FileInputStream (file);
41
42             CertificateFactory cf = CertificateFactory.getInstance("X.509");
43             X509Certificate cert = (X509Certificate)cf.generateCertificate(inputStream);
44             inputStream.close();
45
46             return cert;
47         }
48         catch (Exception JavaDoc anyException)
49         {
50             anyException.printStackTrace ();
51             return null;
52         }
53     }
54
55
56     /**
57      * Load certificate from byte array (DER)
58      */
59     public static X509Certificate loadX509Certificate (byte[] certdata)
60     {
61         try
62         {
63             ByteArrayInputStream inputStream = new ByteArrayInputStream (certdata);
64
65             CertificateFactory cf = CertificateFactory.getInstance("X.509");
66             X509Certificate cert = (X509Certificate)cf.generateCertificate(inputStream);
67             inputStream.close();
68
69             return cert;
70         }
71         catch (Exception JavaDoc e)
72         {
73             e.printStackTrace ();
74             return null;
75         }
76     }
77
78
79     /**
80      * Saving a DER encoded certificate to a directory.
81      * Precondition: directory must be created before hand.
82      */
83     public static void saveCertToDisk(byte[] certBytes, String JavaDoc outputDir) throws Exception JavaDoc
84     {
85         X509Certificate cert = loadX509Certificate(certBytes);
86         FileOutputStream fos = null;
87         String JavaDoc fileName = outputDir + "/" + cert.getSubjectDN().getName() + "_" + new Date().getTime() + ".der";
88         try
89         {
90             fos = new FileOutputStream(fileName);
91         }
92         catch (Exception JavaDoc ex)
93         {
94             System.out.println("Could not open " + fileName + " for saving cert, now use " +
95                     (fileName = new Date().getTime() + ".der"));
96             fos = new FileOutputStream(fileName);
97         }
98
99         fos.write(certBytes);
100         fos.close();
101     }
102
103
104     public static AuthorityKeyIdentifier getAuthorityKeyIdentifier(X509Certificate theCert) {
105         AuthorityKeyIdentifier v3e = null;
106         byte [] aki = theCert.getExtensionValue(ASN1OID.authorityKeyIdentifier);
107         ASN1Object rext = decodeExtension(aki);
108         if ( rext != null ) {
109             v3e = new AuthorityKeyIdentifier();
110             try {
111                 v3e.init(rext);
112             } catch (Exception JavaDoc ex) {
113                 ex.printStackTrace();
114             }
115         }
116         return v3e;
117     }
118
119
120     public static byte [] getIssuerKeyId(X509Certificate theCert) {
121         AuthorityKeyIdentifier v3e = getAuthorityKeyIdentifier(theCert);
122         if ( v3e == null ) return null;
123         byte [] keyId = v3e.getKeyId();
124         return keyId;
125     }
126
127
128     public static BigInteger JavaDoc getIssuerSerialNumber(X509Certificate theCert) {
129         AuthorityKeyIdentifier v3e = getAuthorityKeyIdentifier(theCert);
130         if ( v3e == null ) return null;
131         BigInteger JavaDoc issuerSerialNumber = v3e.getSerialNumber();
132         return issuerSerialNumber;
133     }
134
135
136     public static ASN1Object decodeExtension(byte[] extvalue) {
137         ASN1Object rext = null;
138         if ( extvalue != null ) {
139             try {
140                 DERCoder derCoder = new DERCoder();
141                 ASN1Object ext = derCoder.decode(extvalue);
142
143                 if (ext.isASN1Type(ASN1Type.OCTET_STRING))
144                     rext = derCoder.decode((byte[])ext.getValue());
145             } catch (Exception JavaDoc ex) {
146                 ex.printStackTrace();
147             }
148         }
149         return rext;
150     }
151
152
153     public static SubjectKeyIdentifier getSubjectKeyIdentifier(X509Certificate theCert) {
154         SubjectKeyIdentifier v3e = null;
155         byte [] ski = theCert.getExtensionValue(ASN1OID.subjectKeyIdentifier);
156         ASN1Object rext = decodeExtension(ski);
157         if ( rext != null ) {
158             v3e = new SubjectKeyIdentifier();
159             try {
160                 v3e.init(rext);
161             } catch (Exception JavaDoc ex) {
162                 ex.printStackTrace();
163             }
164         }
165         return v3e;
166     }
167
168
169     public static byte [] getSubjectKeyId(X509Certificate theCert) {
170         SubjectKeyIdentifier v3e = getSubjectKeyIdentifier(theCert);
171         if ( v3e == null ) return null;
172         byte [] keyId = v3e.getKeyId();
173         return keyId;
174     }
175
176
177     /**
178      * Returns the path length constraint of a (root ca) certificate.
179      * For profile validation, if this is a (subordinate) CA certificate then:
180      * subordinate ca path-length constraint must be less than that of root ca
181      * return -1 if the certificate does not include the BasicConstraints field
182      * or if it has a NONE-path-length constraint.
183      */
184     public static int getPathLenConstraint(X509Certificate cert)
185     {
186         // use constant instead String bsOID = "2.5.29.19"; // Basic Constraints;
187 byte[] bs = cert.getExtensionValue(ASN1OID.basicConstraints);
188         if (bs != null)
189         {
190             try
191             {
192                 DERCoder derCoder = new DERCoder();
193                 ASN1Object ext = derCoder.decode(bs);
194                 ext = derCoder.decode((byte[])ext.getValue());
195
196                 BasicConstraints bsASN = new BasicConstraints();
197                 bsASN.init(ext);
198
199                 return bsASN.pathLenConstraint;
200             }
201             catch (Exception JavaDoc ex)
202             {
203                 ex.printStackTrace();
204                 // ignore
205 }
206         }
207
208         return -1;
209     }
210
211 }
Popular Tags