Class OpensslTruststoreHelper

java.lang.Object
eu.emi.security.authn.x509.helpers.trust.OpensslTruststoreHelper

public class OpensslTruststoreHelper extends Object
Several static methods helping to mangle truststore file paths in openssl style.
  • Field Details

  • Constructor Details

    • OpensslTruststoreHelper

      public OpensslTruststoreHelper()
  • Method Details

    • getNsFile

      public static String getNsFile(String certLocation, String suffix)
      Parameters:
      certLocation - certificate location
      suffix - either '.namespaces' or '.signing_policy' (other will work but rather doesn't make sense)
      Returns:
      A proper name of a namespaces or signing policy file for the given base path of CA certificate.
    • getFileHash

      public static String getFileHash(String path, String regexp)
    • getFilesWithRegexp

      public static Collection<File> getFilesWithRegexp(String regexp, File directory)
    • getOpenSSLCAHash

      public static String getOpenSSLCAHash(X500Principal name, boolean openssl1Mode)
    • getOpenSSLCAHashOld

      private static String getOpenSSLCAHashOld(X500Principal name)
      Generates the hex hash of the DN used by openssl to name the CA certificate files. The hash is actually the hex of 8 least significant bytes of a MD5 digest of the the ASN.1 encoded DN.
      Parameters:
      name - the DN to hash.
      Returns:
      the 8 character string of the hexadecimal MD5 hash.
    • getOpenSSLCAHashNew

      private static String getOpenSSLCAHashNew(X500Principal name)
      Generates the hex hash of the DN used by openssl 1.0.0 and above to name the CA certificate files. The hash is actually the hex of 8 least significant bytes of a SHA1 digest of the the ASN.1 encoded DN after normalization.

      The normalization is performed as follows: all strings are converted to UTF8, leading, trailing and multiple spaces collapsed, converted to lower case and the leading SEQUENCE header is removed.

      Parameters:
      name - the DN to hash.
      Returns:
      the 8 character string of the hexadecimal MD5 hash.
    • getNormalizedRDNs

      public static org.bouncycastle.asn1.x500.RDN[] getNormalizedRDNs(X500Principal name) throws IOException
      Throws:
      IOException
    • sortAVAs

      private static void sortAVAs(org.bouncycastle.asn1.x500.AttributeTypeAndValue[] atvs) throws IOException
      Throws:
      IOException
    • memcmp

      private static int memcmp(byte[] a, byte[] b)
    • normalizeStringAVA

      private static org.bouncycastle.asn1.x500.AttributeTypeAndValue normalizeStringAVA(org.bouncycastle.asn1.x500.AttributeTypeAndValue src)
    • encodeWithoutSeqHeader

      private static byte[] encodeWithoutSeqHeader(org.bouncycastle.asn1.x500.RDN[] rdns) throws IOException
      Throws:
      IOException