Class CertUtil

Method Details

• saveCert

  public static boolean saveCert​(Certificate cert, File file)

  Write a certificate to a file in base64 format.

  Returns:

  success

  Since:

  0.8.2, moved from SSLEepGet in 0.9.9

• exportPrivateKey

  public static void exportPrivateKey​(PrivateKey pk, Certificate[] certs, OutputStream out) throws IOException, GeneralSecurityException

  Writes the private key and all certs in base64 format. Does NOT close the stream. Throws on all errors.

  Parameters:

  pk - non-null

  certs - certificate chain, null or empty to export pk only

  Throws:

  InvalidKeyException - if the key does not support encoding

  CertificateEncodingException - if a cert does not support encoding

  IOException

  GeneralSecurityException

  Since:

  0.9.24

• exportCert

  public static void exportCert​(Certificate cert, OutputStream out) throws IOException, CertificateEncodingException

  Modified from: http://www.exampledepot.com/egs/java.security.cert/ExportCert.html Writes a certificate in base64 format. Does NOT close the stream. Throws on all errors.

  Throws:

  IOException

  CertificateEncodingException

  Since:

  0.9.24, pulled out of saveCert(), public since 0.9.25

• getSubjectAlternativeNames

  public static Set<String> getSubjectAlternativeNames​(X509Certificate cert)

  Get the set of Subject Alternative Names, including DNSNames, RFC822Names, IPv4 and v6 addresses as strings. see X509Certificate.getSubjectAlternativeNames()

  Returns:

  non-null, empty on error or none found

  Since:

  0.9.34

• getSubjectValue

  public static String getSubjectValue​(X509Certificate cert, String type)

  Get a value out of the subject distinguished name. Warning - unsupported in Android (no javax.naming), returns null.

  Parameters:

  type - e.g. "CN"

  Returns:

  value or null if not found

• getIssuerValue

  public static String getIssuerValue​(X509Certificate cert, String type)

  Get a value out of the issuer distinguished name. Warning - unsupported in Android (no javax.naming), returns null.

  Parameters:

  type - e.g. "CN"

  Returns:

  value or null if not found

  Since:

  0.9.24

• loadKey

  public static PublicKey loadKey​(File kd) throws IOException, GeneralSecurityException

  Get the Java public key from a X.509 certificate file. Throws if the certificate is invalid (e.g. expired). This DOES check for revocation.

  Returns:

  non-null, throws on all errors including certificate invalid

  Throws:

  IOException

  GeneralSecurityException

  Since:

  0.9.24 moved from SU3File private method

• loadCert

  public static X509Certificate loadCert​(File kd) throws IOException, GeneralSecurityException

  Get the certificate from a X.509 certificate file. Throws if the certificate is invalid (e.g. expired). This does NOT check for revocation.

  Returns:

  non-null, throws on all errors including certificate invalid

  Throws:

  IOException

  GeneralSecurityException

  Since:

  0.9.24 adapted from SU3File private method

• loadPrivateKey

  public static PrivateKey loadPrivateKey​(InputStream in) throws IOException, GeneralSecurityException

  Get a single Private Key from an input stream. Does NOT close the stream.

  Returns:

  non-null, non-empty, throws on all errors including certificate invalid

  Throws:

  IOException

  GeneralSecurityException

  Since:

  0.9.25

• loadCerts

  public static List<X509Certificate> loadCerts​(InputStream in) throws IOException, GeneralSecurityException

  Get one or more certificates from an input stream. Throws if any certificate is invalid (e.g. expired). Does NOT close the stream. This does NOT check for revocation.

  Returns:

  non-null, non-empty, throws on all errors including certificate invalid

  Throws:

  IOException

  GeneralSecurityException

  Since:

  0.9.25

• saveCRL

  public static boolean saveCRL​(X509CRL crl, File file)

  Write a CRL to a file in base64 format.

  Returns:

  success

  Since:

  0.9.25

• exportCRL

  public static void exportCRL​(X509CRL crl, OutputStream out) throws IOException, CRLException

  Writes a CRL in base64 format. Does NOT close the stream. Throws on all errors.

  Throws:

  CRLException - if the crl does not support encoding

  IOException

  Since:

  0.9.25

• isRevoked

  public static boolean isRevoked​(Certificate cert)

  Is the certificate revoked? This loads the CRLs from disk. For efficiency, call loadCRLs() and then pass to isRevoked().

  Since:

  0.9.25

• isRevoked

  public static boolean isRevoked​(I2PAppContext ctx, Certificate cert)

  Is the certificate revoked? This loads the CRLs from disk. For efficiency, call loadCRLs() and then pass to isRevoked().

  Since:

  0.9.25

• isRevoked

  public static boolean isRevoked​(CertStore store, Certificate cert)

  Is the certificate revoked?

  Since:

  0.9.25

• loadCRLs

  public static CertStore loadCRLs()

  Load CRLs from standard locations.

  Returns:

  non-null, possibly empty

  Since:

  0.9.25

• loadCRLs

  public static CertStore loadCRLs​(I2PAppContext ctx)

  Load CRLs from standard locations.

  Returns:

  non-null, possibly empty

  Since:

  0.9.25

• loadCRL

  public static X509CRL loadCRL​(InputStream in) throws GeneralSecurityException

  Load a CRL. Does NOT Close the stream.

  Returns:

  non-null

  Throws:

  GeneralSecurityException

  Since:

  0.9.25 public since 0.9.26

• main

  public static final void main​(String[] args)