Source code

001package com.nimbusds.jose.util;
002
003
004import java.io.ByteArrayInputStream;
005import java.security.cert.Certificate;
006import java.security.cert.CertificateException;
007import java.security.cert.CertificateFactory;
008import java.security.cert.X509Certificate;
009
010import com.nimbusds.jose.util.Base64;
011
012
013/**
014 *  X.509 certificate utilities.
015 *
016 *  @author Vladimir Dzhuvinov
017 *  @version 2015-11-16
018 */
019public class X509CertUtils {
020
021
022        /**
023         * The PEM start marker.
024         */
025        private static final String PEM_BEGIN_MARKER = "-----BEGIN CERTIFICATE-----";
026
027
028        /**
029         * The PEM end marker.
030         */
031        private static final String PEM_END_MARKER = "-----END CERTIFICATE-----";
032
033
034        /**
035         * Parses a DER-encoded X.509 certificate.
036         *
037         * @param derEncodedCert The DER-encoded X.509 certificate, as a byte
038         *                       array. May be {@code null}.
039         *
040         * @return The X.509 certificate, {@code null} if parsing failed.
041         */
042        public static X509Certificate parse(final byte[] derEncodedCert) {
043
044                if (derEncodedCert == null || derEncodedCert.length == 0) {
045                        return null;
046                }
047
048                final Certificate cert;
049                try {
050                        CertificateFactory cf = CertificateFactory.getInstance("X.509");
051                        cert = cf.generateCertificate(new ByteArrayInputStream(derEncodedCert));
052                } catch (CertificateException e) {
053                        return null;
054                }
055
056                if (! (cert instanceof X509Certificate)) {
057                        return null;
058                }
059
060                return (X509Certificate)cert;
061        }
062
063
064        /**
065         * Parses a PEM-encoded X.509 certificate.
066         *
067         * @param pemEncodedCert The PEM-encoded X.509 certificate, as a
068         *                       string. May be {@code null}.
069         *
070         * @return The X.509 certificate, {@code null} if parsing failed.
071         */
072        public static X509Certificate parse(final String pemEncodedCert) {
073
074                if (pemEncodedCert == null || pemEncodedCert.isEmpty()) {
075                        return null;
076                }
077
078                final int markerStart = pemEncodedCert.indexOf(PEM_BEGIN_MARKER);
079
080                if (markerStart < 0) {
081                        return null;
082                }
083
084                String buf = pemEncodedCert.substring(markerStart + PEM_BEGIN_MARKER.length());
085
086                final int markerEnd = buf.indexOf(PEM_END_MARKER);
087
088                if (markerEnd < 0) {
089                        return null;
090                }
091
092                buf = buf.substring(0, markerEnd);
093
094                buf = buf.replaceAll("\\s", "");
095
096                return parse(new Base64(buf).decode());
097        }
098}