public class CertificateManager extends Object
Constructor and Description |
---|
CertificateManager()
CertificateManager is normally a singleton, but custom instances can be created if needed.
|
Modifier and Type | Method and Description |
---|---|
void |
displayCertificate(X509Certificate cert)
Show details of an X509 certificate, printing the information to STDOUT.
|
boolean |
equalsDN(String dn1,
String dn2)
Compare Subject DNs for equality
|
X509Certificate |
getCACert(String caAlias)
Find the supplemental CA certificate to be used to validate user (peer) <
|
X509Certificate |
getCertificate(javax.servlet.http.HttpServletRequest request)
Get the client certificate from the request object
|
String |
getCertificateLocation() |
protected String |
getExtensionValue(X509Certificate X509Certificate,
String oid)
Retrieves the extension value given by the OID
|
static CertificateManager |
getInstance()
Return the singleton instance of this CertificateManager, creating it if needed.
|
Session |
getSession(javax.servlet.http.HttpServletRequest request)
extracts the principal from the certificate passed in with the request
and creates the dataone Session object.
|
Session |
getSession(javax.servlet.http.HttpServletRequest request,
boolean lookupSubject)
extracts the principal from the certificate passed in with the request
and creates the dataone Session object.
|
org.apache.http.conn.ssl.SSLSocketFactory |
getSSLSocketFactory(String subjectString)
For use by clients making requests via SSL connection.
|
String |
getSubjectDN(X509Certificate certificate)
Returns the RFC2253 string representation for the certificate's subject
This is the standard format used in DataONE.
|
SubjectInfo |
getSubjectInfo(X509Certificate certificate)
Retrieve the SubjectInfo contained in the given certificate
|
X509Certificate |
loadCertificate()
Load the configured certificate into the keystore singleton
Follows the logic of first searching the certificate at the setCertificateLocation()
location, then using the default location.
|
X509Certificate |
loadCertificateFromFile(String fileName)
Load X509Certificate object from given file
|
PrivateKey |
loadKey()
Load configured private key from the keystore
|
PrivateKey |
loadPrivateKeyFromFile(String fileName,
String password)
Load PrivateKey object from given file
|
File |
locateDefaultCertificate()
Locate the default certificate.
|
void |
registerCertificate(String subject,
X509Certificate certificate,
PrivateKey key)
Register certificates to be used by getSSLSocjetFactory(subject) for setting
up connections, using the subject as the lookup key
|
void |
setCertificateLocation(String certificate)
Use this method to set the certificate to point CertificateManager to
a certificate at the designated file-path.
|
String |
standardizeDN(String name)
Returns D1-wide consistent Subject DN string representations
|
static boolean |
verify(X509Certificate cert,
X509Certificate caCert) |
static boolean |
verify(X509Certificate cert,
X509Certificate caCert,
boolean logExceptions)
Check the validity of a certificate, and be sure that it is verifiable using the given CA certificate.
|
public CertificateManager()
public static CertificateManager getInstance()
public String getCertificateLocation()
public void setCertificateLocation(String certificate)
certificate
- public void registerCertificate(String subject, X509Certificate certificate, PrivateKey key)
subject
- certificate
- key
- public X509Certificate getCACert(String caAlias)
public X509Certificate loadCertificate()
public PrivateKey loadKey()
protected String getExtensionValue(X509Certificate X509Certificate, String oid) throws IOException
X509Certificate
- oid
- IOException
http://stackoverflow.com/questions/2409618/how-do-i-decode-a-der-encoded-string-in-java
public SubjectInfo getSubjectInfo(X509Certificate certificate) throws IOException, InstantiationException, IllegalAccessException, org.jibx.runtime.JiBXException
certificate
- IOException
InstantiationException
IllegalAccessException
org.jibx.runtime.JiBXException
public String getSubjectDN(X509Certificate certificate)
certificate
- public String standardizeDN(String name)
name
- - the [reasonable] DN representationhttp://www.ietf.org/rfc/rfc2253.txt
public boolean equalsDN(String dn1, String dn2)
dn1
- the DN representationdn2
- the other DN representationpublic static boolean verify(X509Certificate cert, X509Certificate caCert)
public static boolean verify(X509Certificate cert, X509Certificate caCert, boolean logExceptions)
cert
- the X509Certificate to be verifiedcaCert
- the X509Certificate of the trusted CertificateAuthority (CA)public Session getSession(javax.servlet.http.HttpServletRequest request) throws InvalidToken
request
- InvalidToken
public Session getSession(javax.servlet.http.HttpServletRequest request, boolean lookupSubject) throws InvalidToken
request
- lookupSubject
- - set to true to fill out the subject list from the
CNIdentity serviceInvalidToken
public X509Certificate getCertificate(javax.servlet.http.HttpServletRequest request)
request
- public org.apache.http.conn.ssl.SSLSocketFactory getSSLSocketFactory(String subjectString) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, CertificateException, IOException
subjectString
- - used to determine which certificate to use for the connection.
If null, it auto-discovers the certificate, using the setCertificate()
location, (if not set, uses the default location)
Otherwise, looks up the certificate from among those registered
with registerCertificate().NoSuchAlgorithmException
UnrecoverableKeyException
KeyStoreException
- - thrown if an unknown subject value providedKeyManagementException
CertificateException
IOException
public PrivateKey loadPrivateKeyFromFile(String fileName, String password) throws IOException
fileName
- IOException
public X509Certificate loadCertificateFromFile(String fileName) throws IOException
fileName
- IOException
public File locateDefaultCertificate() throws FileNotFoundException
http://www.cilogon.org/cert-howto#TOC-Finding-CILogon-Certificates
FileNotFoundException
- if no default certificate can be locatedpublic void displayCertificate(X509Certificate cert)
cert
- the certificate to be displayedCopyright © 2014. All Rights Reserved.