Module org.omnifaces.utils
Package org.omnifaces.utils.security

Class Certificates

java.lang.Object
org.omnifaces.utils.security.Certificates
public final class Certificates extends Object
Collection of utility methods for working with Certificates and SSL.
Author:
Arjan Tijms

  • Method Details

    • getCertificateChainFromServer

      public static X509Certificate[] getCertificateChainFromServer(String host, int port)
      Attempts to query a server for the X509 certificate chain it will use in the SSL handshake.

      This method uses a default timeout of 15 seconds.

      Parameters:
      host - the server's host
      port - the server's port
      Returns:
      The certificate chain, or null if it could not be obtained.

    • getCertificateChainFromServer

      public static X509Certificate[] getCertificateChainFromServer(String host, int port, int timeout)
      Attempts to query a server for the X509 certificate chain it will use in the SSL handshake.
      Parameters:
      host - the server's host
      port - the server's port
      timeout - the socket timeout, in milliseconds.
      Returns:
      The certificate chain, or null if it could not be obtained.

    • getHostFromCertificate

      public static String getHostFromCertificate(X509Certificate[] serverCertificateChain)
      Extracts the host name from the first X509 certificate in a chain.

      This method assumes RFC 2253 format of the distinguished named, and will take the CN name to be representative of the host name.

      Parameters:
      serverCertificateChain - the chain from which to extract the host name
      Returns:
      the CN from the first certificate corresponding to the host name

    • generateRandomRSAKeys

      public static KeyPair generateRandomRSAKeys()
      Generates a random RSA keypair with a keysize of 2048 bits.
      Returns:
      a random RSA keypair

    • createTempJKSKeyStore

      public static String createTempJKSKeyStore(PrivateKey privateKey, X509Certificate certificate)
      Creates a temporary JKS key store on disk initialized with the given private key and certificate and the well known default password "changeit" (without quotes).
      Parameters:
      privateKey - the key used to initialize the key store
      certificate - the certificate used to initialize the key store
      Returns:
      the path on disk to the temporary key store

    • createJKSKeyStore

      public static void createJKSKeyStore(Path path, char[] password, PrivateKey privateKey, X509Certificate certificate)
      Creates a JKS key store on disk initialized with the given private key and certificate, at the given location and with the given password.
      Parameters:
      path - the full path (directory and file name) where the key store is created
      password - the password used to protect the key store
      privateKey - the key used to initialize the key store
      certificate - the certificate used to initialize the key store

    • createTempJKSTrustStore

      public static String createTempJKSTrustStore(X509Certificate[] certificates)
      Creates a temporary JKS trust store on disk initialized with the given certificates and the well known default password "changeit" (without quotes).
      Parameters:
      certificates - the certificates used to initialize the trust store
      Returns:
      the path on disk to the temporary trust store

    • createJKSTrustStore

      public static void createJKSTrustStore(Path path, char[] password, X509Certificate[] certificates)
      Creates a JKS key trust on disk initialized with the given certificates, at the given location and with the given password.
      Parameters:
      path - the full path (directory and file name) where the trust store is created
      password - the password used to protect the trust store
      certificates - the certificates used to initialize the trust store

    • setSystemTrustStore

      public static void setSystemTrustStore(String path)
      Sets the system-wide (JVM) trust store to the one referenced by the given path.

      The default password "changeit" is used.

      Parameters:
      path - the path on disk where the trust store is located

    • setSystemTrustStore

      public static void setSystemTrustStore(String path, String password)
      Sets the system-wide (JVM) trust store to the one referenced by the given path.

      The default password "changeit" is used.

      Parameters:
      path - the path on disk where the trust store is located
      password - the password to access the trust store