Class OpensslTruststoreHelper
java.lang.Object
eu.emi.security.authn.x509.helpers.trust.OpensslTruststoreHelper
Several static methods helping to mangle truststore file paths in openssl style.
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static byte[]
encodeWithoutSeqHeader
(org.bouncycastle.asn1.x500.RDN[] rdns) static String
getFileHash
(String path, String regexp) static Collection
<File> getFilesWithRegexp
(String regexp, File directory) static org.bouncycastle.asn1.x500.RDN[]
static String
static String
getOpenSSLCAHash
(X500Principal name, boolean openssl1Mode) private static String
Generates the hex hash of the DN used by openssl 1.0.0 and above to name the CA certificate files.private static String
Generates the hex hash of the DN used by openssl to name the CA certificate files.private static int
memcmp
(byte[] a, byte[] b) private static org.bouncycastle.asn1.x500.AttributeTypeAndValue
normalizeStringAVA
(org.bouncycastle.asn1.x500.AttributeTypeAndValue src) private static void
sortAVAs
(org.bouncycastle.asn1.x500.AttributeTypeAndValue[] atvs)
-
Field Details
-
CERT_REGEXP
- See Also:
-
-
Constructor Details
-
OpensslTruststoreHelper
public OpensslTruststoreHelper()
-
-
Method Details
-
getNsFile
- Parameters:
certLocation
- certificate locationsuffix
- either '.namespaces' or '.signing_policy' (other will work but rather doesn't make sense)- Returns:
- A proper name of a namespaces or signing policy file for the given base path of CA certificate.
-
getFileHash
-
getFilesWithRegexp
-
getOpenSSLCAHash
-
getOpenSSLCAHashOld
Generates the hex hash of the DN used by openssl to name the CA certificate files. The hash is actually the hex of 8 least significant bytes of a MD5 digest of the the ASN.1 encoded DN.- Parameters:
name
- the DN to hash.- Returns:
- the 8 character string of the hexadecimal MD5 hash.
-
getOpenSSLCAHashNew
Generates the hex hash of the DN used by openssl 1.0.0 and above to name the CA certificate files. The hash is actually the hex of 8 least significant bytes of a SHA1 digest of the the ASN.1 encoded DN after normalization.The normalization is performed as follows: all strings are converted to UTF8, leading, trailing and multiple spaces collapsed, converted to lower case and the leading SEQUENCE header is removed.
- Parameters:
name
- the DN to hash.- Returns:
- the 8 character string of the hexadecimal MD5 hash.
-
getNormalizedRDNs
public static org.bouncycastle.asn1.x500.RDN[] getNormalizedRDNs(X500Principal name) throws IOException - Throws:
IOException
-
sortAVAs
private static void sortAVAs(org.bouncycastle.asn1.x500.AttributeTypeAndValue[] atvs) throws IOException - Throws:
IOException
-
memcmp
private static int memcmp(byte[] a, byte[] b) -
normalizeStringAVA
private static org.bouncycastle.asn1.x500.AttributeTypeAndValue normalizeStringAVA(org.bouncycastle.asn1.x500.AttributeTypeAndValue src) -
encodeWithoutSeqHeader
private static byte[] encodeWithoutSeqHeader(org.bouncycastle.asn1.x500.RDN[] rdns) throws IOException - Throws:
IOException
-