Package uk.ac.starlink.auth.ssl
Class SSLUtil
java.lang.Object
uk.ac.starlink.auth.ssl.SSLUtil
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic byte[]
getCertificates
(byte[] certBuf) Extracts all the certificates from the argument, decodes them from base64 to byte[] and concatenates all the certificates preserving the order.static SSLSocketFactory
getSocketFactory
(File pemFile) Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requires client authentication).static SSLSocketFactory
getSocketFactory
(File certFile, File keyFile) Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requies client authentication).static SSLSocketFactory
Create an SSLSocketfactory from the credentials in the specified Subject.static SSLSocketFactory
static void
static void
Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requires client authentication).static RSAPrivateCrtKeySpec
parseKeySpec
(byte[] code) Parses a byte array and constructs the corresponding RSAPrivateCrtKeySpec.static X509Certificate[]
readCertificateChain
(byte[] certBuf) static X509Certificate[]
readCertificateChain
(File certFile) static byte[]
Read a (small) file into a byte array.static X509CertificateChain
readPemCertificateAndKey
(byte[] data) Parses PEM encoded data that contains certificates and a key and returns the corresponding X509CertificateChain that can be used to create an SSL socket.static X509CertificateChain
readPemCertificateAndKey
(File pemFile) Convenience method to parse a PEM encoded file and return the corresponding X509 Certificate chain.static PrivateKey
readPrivateKey
(byte[] bytesPrivateKey) static PrivateKey
readPrivateKey
(File keyFile) static void
validateSubject
(Subject subject, Date date) Checks whether the subject's certificate credentials are valid at a given date.
-
Constructor Details
-
SSLUtil
public SSLUtil()
-
-
Method Details
-
initSSL
Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requires client authentication).- Parameters:
certFile
- proxy certificatekeyFile
- private key file in DER format- See Also:
-
initSSL
-
getSocketFactory
Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requies client authentication).- Parameters:
certFile
- proxy certificatekeyFile
- private key file in DER format- Returns:
- configured SSL socket factory
-
getSocketFactory
Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requires client authentication).- Parameters:
pemFile
- proxy certificate- Returns:
- configured SSL socket factory
-
getSocketFactory
Create an SSLSocketfactory from the credentials in the specified Subject. This method extracts a X509CertificateChain from the public credentials and uses the certificate chain and private key found there to set up a KeyStore for the SSLSocketFactory.- Parameters:
s
- subject- Returns:
- an SSLSocketFactory, or null if no X509CertificateChain can be found
-
getSocketFactory
-
getCertificates
Extracts all the certificates from the argument, decodes them from base64 to byte[] and concatenates all the certificates preserving the order.- Parameters:
certBuf
- buffer containing certificates- Returns:
- decoded certificate chain
- Throws:
IOException
-
readCertificateChain
public static X509Certificate[] readCertificateChain(File certFile) throws CertificateException, IOException - Throws:
CertificateException
IOException
-
readCertificateChain
public static X509Certificate[] readCertificateChain(byte[] certBuf) throws CertificateException, IOException - Returns:
- certificate chain
- Throws:
CertificateException
IOException
-
readPrivateKey
public static PrivateKey readPrivateKey(File keyFile) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException -
readPrivateKey
public static PrivateKey readPrivateKey(byte[] bytesPrivateKey) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException -
readPemCertificateAndKey
public static X509CertificateChain readPemCertificateAndKey(File pemFile) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException, CertificateException Convenience method to parse a PEM encoded file and return the corresponding X509 Certificate chain.- Parameters:
pemFile
- file containing PEM data- Returns:
- certificate chain
- Throws:
InvalidKeySpecException
NoSuchAlgorithmException
IOException
CertificateException
-
readPemCertificateAndKey
public static X509CertificateChain readPemCertificateAndKey(byte[] data) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException, CertificateException Parses PEM encoded data that contains certificates and a key and returns the corresponding X509CertificateChain that can be used to create an SSL socket. RSA is the only supporting encoding for the key.- Parameters:
data
- content encoded as PEM.- Returns:
- X509 Certificate chain.
- Throws:
InvalidKeySpecException
NoSuchAlgorithmException
IOException
CertificateException
-
parseKeySpec
Parses a byte array and constructs the corresponding RSAPrivateCrtKeySpec.- Parameters:
code
- byte array containing the key- Returns:
- RSAPrivateCrtKeySpec
- Throws:
IOException
-
validateSubject
public static void validateSubject(Subject subject, Date date) throws CertificateException, CertificateExpiredException, CertificateNotYetValidException Checks whether the subject's certificate credentials are valid at a given date. If date is missing, current time is used as reference.- Parameters:
subject
- Subject to checkdate
- Date the certificate is verified against. If null, the credentials are verified against current time.- Throws:
CertificateException
- Subject has no associated certificate credentials or there is a problem with the existing certificate.CertificateExpiredException
- Certificate is expired.CertificateNotYetValidException
- Certificate not valid yet.
-
readFile
Read a (small) file into a byte array.- Parameters:
f
- file- Returns:
- byte array containing the content of the file
- Throws:
IOException
-