Package org.omnifaces.utils.security

Class Certificates

  • public final class Certificates
extends Object
    Collection of utility methods for working with Certificates and SSL.
    Author:
    Arjan Tijms

    • Method Detail

      • getCertificateChainFromServer

        public static X509Certificate[] getCertificateChainFromServer​(String host,
                                                              int port)
        Attempts to query a server for the X509 certificate chain it will use in the SSL handshake.

        This method uses a default timeout of 15 seconds.

        Parameters:
        host - the server's host
        port - the server's port
        Returns:
        The certificate chain, or null if it could not be obtained.

      • getCertificateChainFromServer

        public static X509Certificate[] getCertificateChainFromServer​(String host,
                                                              int port,
                                                              int timeout)
        Attempts to query a server for the X509 certificate chain it will use in the SSL handshake.
        Parameters:
        host - the server's host
        port - the server's port
        timeout - the socket timeout, in milliseconds.
        Returns:
        The certificate chain, or null if it could not be obtained.

      • getHostFromCertificate

        public static String getHostFromCertificate​(X509Certificate[] serverCertificateChain)
        Extracts the host name from the first X509 certificate in a chain.

        This method assumes RFC 2253 format of the distinguished named, and will take the CN name to be representative of the host name.

        Parameters:
        serverCertificateChain - the chain from which to extract the host name
        Returns:
        the CN from the first certificate corresponding to the host name

      • generateRandomRSAKeys

        public static KeyPair generateRandomRSAKeys()
        Generates a random RSA keypair with a keysize of 2048 bits.
        Returns:
        a random RSA keypair

      • createTempJKSKeyStore

        public static String createTempJKSKeyStore​(PrivateKey privateKey,
                                           X509Certificate certificate)
        Creates a temporary JKS key store on disk initialized with the given private key and certificate and the well known default password "changeit" (without quotes).
        Parameters:
        privateKey - the key used to initialize the key store
        certificate - the certificate used to initialize the key store
        Returns:
        the path on disk to the temporary key store

      • createJKSKeyStore

        public static void createJKSKeyStore​(Path path,
                                     char[] password,
                                     PrivateKey privateKey,
                                     X509Certificate certificate)
        Creates a JKS key store on disk initialized with the given private key and certificate, at the given location and with the given password.
        Parameters:
        path - the full path (directory and file name) where the key store is created
        password - the password used to protect the key store
        privateKey - the key used to initialize the key store
        certificate - the certificate used to initialize the key store

      • createTempJKSTrustStore

        public static String createTempJKSTrustStore​(X509Certificate[] certificates)
        Creates a temporary JKS trust store on disk initialized with the given certificates and the well known default password "changeit" (without quotes).
        Parameters:
        certificates - the certificates used to initialize the trust store
        Returns:
        the path on disk to the temporary trust store

      • createJKSTrustStore

        public static void createJKSTrustStore​(Path path,
                                       char[] password,
                                       X509Certificate[] certificates)
        Creates a JKS key trust on disk initialized with the given certificates, at the given location and with the given password.
        Parameters:
        path - the full path (directory and file name) where the trust store is created
        password - the password used to protect the trust store
        certificates - the certificates used to initialize the trust store

      • setSystemTrustStore

        public static void setSystemTrustStore​(String path)
        Sets the system-wide (JVM) trust store to the one referenced by the given path.

        The default password "changeit" is used.

        Parameters:
        path - the path on disk where the trust store is located

      • setSystemTrustStore

        public static void setSystemTrustStore​(String path,
                                       String password)
        Sets the system-wide (JVM) trust store to the one referenced by the given path.

        The default password "changeit" is used.

        Parameters:
        path - the path on disk where the trust store is located
        password - the password to access the trust store