A collection of crypto-related utility methods largely related to BouncyCastle. More...
Static Public Member Functions | |
static byte[] | encode (DEREncodable encodable) throws CertificateEncodingException |
Helper function to DER encode content. | |
static DERObject | decode (byte[] decodable) throws CertificateEncodingException |
Helper function to decode DER content. | |
static PublicKey | getPublicKey (SubjectPublicKeyInfo spki) throws CertificateEncodingException, NoSuchAlgorithmException, InvalidKeySpecException |
Helper function to unpack public keys from DER encoding into Java PublicKey format. | |
static PublicKey | getPublicKey (byte[] derEncodedPublicKey) throws CertificateEncodingException, InvalidKeySpecException |
Helper function to decode and unpack a public key from DER encoding to a Java PublicKey. | |
static X509Certificate | getCertificate (byte[] encodedCert) throws CertificateException |
Helper method to decode a certificate. | |
static byte[] | generateCertID (String digestAlg, Certificate cert) throws CertificateEncodingException |
Generates a CertID -- the digest of the DER encoding of a java.security.cert.Certificate. | |
static byte[] | generateCertID (Certificate cert) throws CertificateEncodingException |
Generates a CertID -- the digest of the DER encoding of a java.security.cert.Certificate. | |
static byte[] | generateKeyID (String digestAlg, Key key) |
Generates a KeyID -- the digest of the DER encoding of a SubjectPublicKeyInfo, or of a raw encoding of a symmetric key. | |
static byte[] | generateKeyID (Key key) |
Generates a KeyID -- the digest of the DER encoding of a SubjectPublicKeyInfo, or of a raw encoding of a symmetric key. | |
static byte[] | getKeyIDFromCertificate (X509Certificate issuerCert) throws IOException, CertificateEncodingException |
Get the keyID from a CA certificate to use as the key ID in an AuthorityKeyIdentifier extension for certificates issued by that CA. | |
static ArrayList< Tuple < Integer, String > > | getSubjectAlternativeNames (X509Certificate certificate) throws IOException, CertificateEncodingException |
Helper method to pull SubjectAlternativeNames from a certificate. | |
static String | getSubjectAlternativeNameDNSName (X509Certificate certificate) throws IOException, CertificateEncodingException |
Get the first DNS name in the subject alternative names. | |
static String | getSubjectAlternativeNameEmailAddress (X509Certificate certificate) throws IOException, CertificateEncodingException |
Get the first email address in the subject alternative names. | |
static URI | getSubjectAlternativeNameURI (X509Certificate certificate) throws IOException, URISyntaxException, CertificateEncodingException |
Get the first DNS name in the subject alternative names. | |
static String | findSubjectAlternativeName (int tag, X509Certificate certificate) throws IOException, CertificateEncodingException |
A collection of crypto-related utility methods largely related to BouncyCastle.
static DERObject org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.decode | ( | byte[] | decodable | ) | throws CertificateEncodingException [static] |
Helper function to decode DER content.
decodable | content to decode |
CertificateEncodingException | if there is a problem decoding the content |
static byte [] org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.encode | ( | DEREncodable | encodable | ) | throws CertificateEncodingException [static] |
Helper function to DER encode content.
encodable | content to encode |
CertificateEncodingException | if there is a problem encoding the content |
static byte [] org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.generateCertID | ( | Certificate | cert | ) | throws CertificateEncodingException [static] |
Generates a CertID -- the digest of the DER encoding of a java.security.cert.Certificate.
cert | the certificate |
static byte [] org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.generateCertID | ( | String | digestAlg, | |
Certificate | cert | |||
) | throws CertificateEncodingException [static] |
Generates a CertID -- the digest of the DER encoding of a java.security.cert.Certificate.
digestAlg | the digest algorithm to use | |
cert | the certificate to digest |
CertificateEncodingException | if there is an error in the certificate encoding |
static byte [] org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.generateKeyID | ( | Key | key | ) | [static] |
Generates a KeyID -- the digest of the DER encoding of a SubjectPublicKeyInfo, or of a raw encoding of a symmetric key.
Note that the former is slightly uncommon; but it is more general and complete than digesting the BIT STRING component of the SubjectPublicKeyInfo itself (and no standard dictates how you must generate a key ID).
key | the key to digest |
static byte [] org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.generateKeyID | ( | String | digestAlg, | |
Key | key | |||
) | [static] |
Generates a KeyID -- the digest of the DER encoding of a SubjectPublicKeyInfo, or of a raw encoding of a symmetric key.
Note that the former is slightly uncommon; but it is more general and complete than digesting the BIT STRING component of the SubjectPublicKeyInfo itself (and no standard dictates how you must generate a key ID).
digestAlg | the digest algorithm to use | |
key | the key to digest |
static X509Certificate org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.getCertificate | ( | byte[] | encodedCert | ) | throws CertificateException [static] |
Helper method to decode a certificate.
encodedCert | DER encoded X.509 certificate |
CertificateException | if there is an error in decoding |
static byte [] org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.getKeyIDFromCertificate | ( | X509Certificate | issuerCert | ) | throws IOException, CertificateEncodingException [static] |
Get the keyID from a CA certificate to use as the key ID in an AuthorityKeyIdentifier extension for certificates issued by that CA.
This should come out of the SubjectKeyIdentifier extension of the certificate if present. If that extension is missing, this function will return null, and generateKeyID can be used to generate a new key ID.
issuerCert | the issuer certificate to extract the key ID from |
IOException | ||
CertificateEncodingException |
static PublicKey org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.getPublicKey | ( | byte[] | derEncodedPublicKey | ) | throws CertificateEncodingException, InvalidKeySpecException [static] |
Helper function to decode and unpack a public key from DER encoding to a Java PublicKey.
derEncodedPublicKey | DER encoding of public key in standard format (SubjectPublicKeyInfo) |
CertificateEncodingException | if there is a problem decoding the content | |
NoSuchAlgorithmException | if the key algorithm is unknown | |
InvalidKeySpecException | if the data in the SubjectPublicKeyInfo doesn't correctly represent a key |
static PublicKey org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.getPublicKey | ( | SubjectPublicKeyInfo | spki | ) | throws CertificateEncodingException, NoSuchAlgorithmException, InvalidKeySpecException [static] |
Helper function to unpack public keys from DER encoding into Java PublicKey format.
spki | a decoded SubjectPublicKeyInfo containing the desired public key |
CertificateEncodingException | if there is a problem decoding the content | |
NoSuchAlgorithmException | if the key algorithm is unknown | |
InvalidKeySpecException | if the data in the SubjectPublicKeyInfo doesn't correctly represent a key |
static String org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.getSubjectAlternativeNameDNSName | ( | X509Certificate | certificate | ) | throws IOException, CertificateEncodingException [static] |
Get the first DNS name in the subject alternative names.
IOException | ||
CertificateEncodingException |
static String org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.getSubjectAlternativeNameEmailAddress | ( | X509Certificate | certificate | ) | throws IOException, CertificateEncodingException [static] |
Get the first email address in the subject alternative names.
IOException | ||
CertificateEncodingException |
static ArrayList<Tuple<Integer, String> > org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.getSubjectAlternativeNames | ( | X509Certificate | certificate | ) | throws IOException, CertificateEncodingException [static] |
Helper method to pull SubjectAlternativeNames from a certificate.
BouncyCastle has one of these, but it isn't included on all platforms. We get one by default from X509Certificate but it returns us a collection of ? and we can't ever know what the ? is because we might get a different impl class on different platforms. So we have to roll our own.
We filter the general names down to ones we can handle.
certificate |
IOException | ||
CertificateEncodingException |
static URI org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.getSubjectAlternativeNameURI | ( | X509Certificate | certificate | ) | throws IOException, URISyntaxException, CertificateEncodingException [static] |
Get the first DNS name in the subject alternative names.
IOException | ||
URISyntaxException | ||
CertificateEncodingException |