Class CertUtil
A collection of helper methods to perform common tasks when working with certificates and private keys.
- Since:
- 1.0
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
The supported hashing algorithms for generating a certificate thumbprint. -
Method Summary
Modifier and TypeMethodDescriptionstatic String
getThumbprint
(X509Certificate cert, String separator, CertUtil.HashType type) Gets the thumbprint of a certificate using either MD5, SHA-1, or SHA-256.static String
Resets the different types of line endings used by the different operating systems to match the host system for consistency.static byte[]
toDERPrivateKey
(String key) Converts a supported private key to DER format to make it easier to use.static String
toPEMCertificate
(byte[] derCert) Converts a DER encoded certificate to its Base64 encoded representation using X.509 format.static String
toPEMPrivateKey
(byte[] derKey) Converts a DER encoded private key to its Base64 encoded representation using unencrypted PKCS#8 format.
-
Method Details
-
toPEMCertificate
Converts a DER encoded certificate to its Base64 encoded representation using X.509 format.Command:
openssl x509 -inform DER -outform PEM -in certificate.der -out certificate.pem
- Parameters:
derCert
- Certificate in DER encoded form.- Returns:
- Base64 encoded certificate with X.509 tags.
-
toPEMPrivateKey
Converts a DER encoded private key to its Base64 encoded representation using unencrypted PKCS#8 format.Command:
openssl pkcs8 -topk8 -inform DER -outform PEM -in private.der -out private.pem -nocrypt
- Parameters:
derKey
- Private key in DER encoded form.- Returns:
- Base64 encoded private key with PKCS#8 tags.
-
toDERPrivateKey
Converts a supported private key to DER format to make it easier to use.Note: PKCS#8 and PKCS#1 private keys use different tags, but both use the PKCS#8 format for their bodies. SSLeay formatted private keys use the same PKCS#1 tag containing 'RSA' in them, but this format is not supported.
Command:
openssl pkcs8 -topk8 -inform PEM -outform DER -in private.pem -out private.der -nocrypt
- Parameters:
key
- Base64 encoded private key in either PKCS#8 or PKCS#1 format.- Returns:
- Private key in DER format.
-
getThumbprint
public static String getThumbprint(X509Certificate cert, String separator, CertUtil.HashType type) throws NoSuchAlgorithmException, CertificateEncodingException Gets the thumbprint of a certificate using either MD5, SHA-1, or SHA-256.Command:
openssl x509 -noout -fingerprint -sha256 -inform PEM -in certificate.pem
- Parameters:
cert
- The certificate to use for generating the thumbprint.separator
- A character or empty string to use for the thumbprint separator.type
- Hashing algorithm to to use for thumbprint.- Returns:
- Thumbprint of certificate using the specified hashing algorithm.
- Throws:
NoSuchAlgorithmException
- If noProvider
supports aMessageDigestSpi
implementation for the specified algorithm.CertificateEncodingException
- If an encoding error occurs.
-
resetEOL
Resets the different types of line endings used by the different operating systems to match the host system for consistency.Remarks: This is particularly useful when testing generated data that must match the source content.
- Parameters:
data
- The data that will have its line endings replaced by the default one of the host system.- Returns:
- The original data using the system's default line endings.
-