Package io.github.stevenjdh.simple.security.cert

Class CertUtil

java.lang.Object

io.github.stevenjdh.simple.security.cert.CertUtil

public final class CertUtil
extends Object

A Certificate Utility.

A collection of helper methods to perform common tasks when working with certificates and private keys.

Since:

1.0

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	CertUtil.HashType	The supported hashing algorithms for generating a certificate thumbprint.

Method Summary

Modifier and Type	Method	Description
static String	getThumbprint(X509Certificate cert, String separator, CertUtil.HashType type)	Gets the thumbprint of a certificate using either MD5, SHA-1, or SHA-256.
static String	resetEOL(String data)	Resets the different types of line endings used by the different operating systems to match the host system for consistency.
static byte[]	toDERPrivateKey(String key)	Converts a supported private key to DER format to make it easier to use.
static String	toPEMCertificate(byte[] derCert)	Converts a DER encoded certificate to its Base64 encoded representation using X.509 format.
static String	toPEMPrivateKey(byte[] derKey)	Converts a DER encoded private key to its Base64 encoded representation using unencrypted PKCS#8 format.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

toPEMCertificate

public static String toPEMCertificate(byte[] derCert)

Converts a DER encoded certificate to its Base64 encoded representation using X.509 format.

Command:
openssl x509 -inform DER -outform PEM -in certificate.der -out certificate.pem

Parameters:

derCert - Certificate in DER encoded form.

Returns:

Base64 encoded certificate with X.509 tags.

toPEMPrivateKey

public static String toPEMPrivateKey(byte[] derKey)

Converts a DER encoded private key to its Base64 encoded representation using unencrypted PKCS#8 format.

Command:
openssl pkcs8 -topk8 -inform DER -outform PEM -in private.der -out private.pem -nocrypt

Parameters:

derKey - Private key in DER encoded form.

Returns:

Base64 encoded private key with PKCS#8 tags.

toDERPrivateKey

public static byte[] toDERPrivateKey(String key)

Converts a supported private key to DER format to make it easier to use.

Note: PKCS#8 and PKCS#1 private keys use different tags, but both use the PKCS#8 format for their bodies. SSLeay formatted private keys use the same PKCS#1 tag containing 'RSA' in them, but this format is not supported.

Command:
openssl pkcs8 -topk8 -inform PEM -outform DER -in private.pem -out private.der -nocrypt

Parameters:

key - Base64 encoded private key in either PKCS#8 or PKCS#1 format.

Returns:

Private key in DER format.

getThumbprint

public static String getThumbprint(X509Certificate cert,
 String separator,
 CertUtil.HashType type)
                            throws NoSuchAlgorithmException,
CertificateEncodingException

Gets the thumbprint of a certificate using either MD5, SHA-1, or SHA-256.

Command:
openssl x509 -noout -fingerprint -sha256 -inform PEM -in certificate.pem

Parameters:

cert - The certificate to use for generating the thumbprint.

separator - A character or empty string to use for the thumbprint separator.

type - Hashing algorithm to to use for thumbprint.

Returns:

Thumbprint of certificate using the specified hashing algorithm.

Throws:

NoSuchAlgorithmException - If no Provider supports a MessageDigestSpi implementation for the specified algorithm.

CertificateEncodingException - If an encoding error occurs.

resetEOL

public static String resetEOL(String data)

Resets the different types of line endings used by the different operating systems to match the host system for consistency.

Remarks: This is particularly useful when testing generated data that must match the source content.

Parameters:

data - The data that will have its line endings replaced by the default one of the host system.

Returns:

The original data using the system's default line endings.