org.gluu.oxtrust.ldap.service.SSLService の継承関係図

org.gluu.oxtrust.ldap.service.SSLService 連携図

公開メンバ関数
X509Certificate	getPEMCertificate (String fileName)

X509Certificate	getPEMCertificate (byte[] cert)

X509Certificate	getPEMCertificate (InputStream certStream)

静的公開メンバ関数
static X509Certificate	getPEMCertificateStatic (InputStream certStream) throws Exception

static X509Certificate []	loadCertificates (InputStream is) throws Exception

static X509Certificate []	loadCertificates (byte[] certsBytes) throws Exception

static X509CRL	loadCRL (InputStream is) throws Exception

static X509Certificate []	convertCertificates (Certificate[] certsIn) throws Exception

static X509Certificate	convertCertificate (Certificate cert) throws Exception

static CertificateFactory	getCertificateFactoryInstance () throws CertificateException, NoSuchProviderException

静的非公開メンバ関数
static X509Certificate []	loadCertificatesAsPkiPathEncoded (InputStream is) throws Exception

static byte []	fixCommonInputCertProblems (byte[] certs) throws IOException

static byte []	attemptBase64Decode (String toTest)

非公開変数類
Logger	log

静的非公開変数類
static final long	serialVersionUID = -874807269234589084L

static final String	SECURITY_PROVIDER_BOUNCY_CASTLE = "BC"

static final String	X509_CERT_TYPE = "X.509"

static final String	PKI_PATH_ENCODING = "PkiPath"

static final String	BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----"

static final String	END_CERTIFICATE = "-----END CERTIFICATE-----"

static final String	BASE64_TESTER = "^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{4}\|[A-Za-z0-9+/]{3}=\|[A-Za-z0-9+/]{2}==)$"

詳解

Provides common ssl certificates management

著者: �Oleksiy Tataryn�

関数詳解

◆ attemptBase64Decode()

static byte [] org.gluu.oxtrust.ldap.service.SSLService.attemptBase64Decode ( String toTest )

inlinestaticprivate

                                                              {
         // Attempt to decode the supplied byte array as a base 64 encoded SPC.
         // Character set may be UTF-16 big endian or ASCII.
 
         char[] base64 = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R',
                         'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l',
                         'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5',
                         '6', '7', '8', '9', '+', '/', '=' };
 
         // remove all non visible characters (like newlines) and whitespace
         toTest = toTest.replaceAll("\\s", "");
 
         /*
          * Check all characters are base 64. Discard any zero bytes that be
          * present if UTF-16 encoding is used but will mess up a base 64 decode
          */
         StringBuffer sb = new StringBuffer();
 
         nextChar: for (int i = 0; i < toTest.length(); i++) {
             char c = toTest.charAt(i);
 
             for (int j = 0; j < base64.length; j++) {
                 if (c == base64[j]) // Append base 64 byte
                 {
                     sb.append(c);
                     continue nextChar;
                 } else if (c == 0) // Discard zero byte
                 {
                     continue nextChar;
                 }
             }
 
             return null; // Not base 64
         }
 
         return Base64.decode(sb.toString());
     }

◆ convertCertificate()

static X509Certificate org.gluu.oxtrust.ldap.service.SSLService.convertCertificate ( Certificate cert ) throws Exception

inlinestatic

Convert the supplied certificate object into an X509Certificate object.

引数

cert	The Certificate object

戻り値: The converted X509Certificate object

例外

Exception A problem occurred during the conversion

                                                                                         {
         CertificateFactory cf = getCertificateFactoryInstance();
         ByteArrayInputStream bais = new ByteArrayInputStream(cert.getEncoded());
         return (X509Certificate) cf.generateCertificate(bais);
     }

◆ convertCertificates()

static X509Certificate [] org.gluu.oxtrust.ldap.service.SSLService.convertCertificates ( Certificate [] certsIn ) throws Exception

inlinestatic

Convert the supplied array of certificate objects into X509Certificate objects.

引数

certsIn The Certificate objects

戻り値: The converted X509Certificate objects

例外

Exception A problem occurred during the conversion

                                                                                                 {
         if (certsIn == null) {
             return new X509Certificate[0];
         }
 
         X509Certificate[] certsOut = new X509Certificate[certsIn.length];
 
         for (int i = 0; i < certsIn.length; i++) {
             certsOut[i] = convertCertificate(certsIn[i]);
         }
 
         return certsOut;
     }

◆ fixCommonInputCertProblems()

static byte [] org.gluu.oxtrust.ldap.service.SSLService.fixCommonInputCertProblems ( byte [] certs ) throws IOException

inlinestaticprivate

                                                                                       {
 
         // clear PEM header/footer
         String certsStr = new String(certs);
         if (certsStr.startsWith(BEGIN_CERTIFICATE)) {
             certsStr = certsStr.replaceAll(BEGIN_CERTIFICATE, "");
             certsStr = certsStr.replaceAll(END_CERTIFICATE, "");
         }
 
         // check for base 64 encoded and decode if necessary
         byte[] decoded = attemptBase64Decode(certsStr);
         if (decoded != null) {
             return decoded;
         }
 
         return certs;
     }

◆ getCertificateFactoryInstance()

static CertificateFactory org.gluu.oxtrust.ldap.service.SSLService.getCertificateFactoryInstance ( ) throws CertificateException, NoSuchProviderException

inlinestatic

Get BOUNCY CASTLE CertificateFactory instance.

戻り値

例外

CertificateException
NoSuchProviderException

                                                                                                                           {
         return CertificateFactory.getInstance(X509_CERT_TYPE, SECURITY_PROVIDER_BOUNCY_CASTLE);
     }

◆ getPEMCertificate() [1/3]

X509Certificate org.gluu.oxtrust.ldap.service.SSLService.getPEMCertificate ( String fileName )

inline

Extracts X509 certificate from pem-encoded file.

引数

fileName

戻り値

                                                               {
         X509Certificate cert = null;
 
         try {
             cert = getPEMCertificate(new FileInputStream(fileName));
         } catch (FileNotFoundException e) {
             log.error("Certificate file does not exist : " + fileName);
         }
 
         return cert;
     }

◆ getPEMCertificate() [2/3]

X509Certificate org.gluu.oxtrust.ldap.service.SSLService.getPEMCertificate ( byte [] cert )

inline

Extracts X509 certificate from pem-encoded stream.

引数

certStream

戻り値

                                                           {
         ByteArrayInputStream bis = new ByteArrayInputStream(cert);
         try {
                 return getPEMCertificate(bis);
         } finally {
                         IOUtils.closeQuietly(bis);
                 }
     }

◆ getPEMCertificate() [3/3]

X509Certificate org.gluu.oxtrust.ldap.service.SSLService.getPEMCertificate ( InputStream certStream )

inline

Extracts X509 certificate from pem-encoded stream.

引数

certStream

戻り値

                                                                      {
         try {
             return getPEMCertificateStatic(certStream);
         } catch (Exception e) {
             log.error(e.getMessage(), e);
             return null;
         }
     }

◆ getPEMCertificateStatic()

static X509Certificate org.gluu.oxtrust.ldap.service.SSLService.getPEMCertificateStatic ( InputStream certStream ) throws Exception

inlinestatic

Extracts X509 certificate from pem-encoded stream.

引数

certStream

戻り値

                                                                                                    {
         Reader reader = null;
         PEMParser r = null;
 
         try {
             reader = new InputStreamReader(certStream);
             r = new PEMParser(reader /*, new PasswordFinder() {
                     public char[] getPassword() {
                             return null;
                     }
             }*/);
             
             Object certObject = r.readObject();
 
             if (certObject instanceof X509Certificate) {
                 return (X509Certificate) certObject;
             } else if (certObject instanceof X509CertificateHolder) {
                 X509CertificateHolder certificateHolder = (X509CertificateHolder) certObject;
                 return new JcaX509CertificateConverter().setProvider( SECURITY_PROVIDER_BOUNCY_CASTLE ).getCertificate( certificateHolder );
             }
             else {
                 // unknown certificate type
                 throw new IOException("unknown certificate type");
             }
         }  finally {
             IOUtils.closeQuietly(r);
             IOUtils.closeQuietly(reader);
         }
     }

◆ loadCertificates() [1/2]

static X509Certificate [] org.gluu.oxtrust.ldap.service.SSLService.loadCertificates ( InputStream is ) throws Exception

inlinestatic

Load one or more certificates from the specified stream.

引数

is	Stream to load certificates from

戻り値: The array of certificates

                                                                                       {
         byte[] certsBytes =  ServiceUtil.readFully(is);
 
         return loadCertificates(certsBytes);
     }

◆ loadCertificates() [2/2]

static X509Certificate [] org.gluu.oxtrust.ldap.service.SSLService.loadCertificates ( byte [] certsBytes ) throws Exception

inlinestatic

Load one or more certificates from the specified byte array.

引数

certsBytes Byte array to load certificates from

戻り値: The array of certificates

                                                                                          {
         try {
             // fix common input certificate problems by converting PEM/B64 to DER
             certsBytes = fixCommonInputCertProblems(certsBytes);
 
             CertificateFactory cf = getCertificateFactoryInstance();
 
             Collection<? extends Certificate> certs = cf.generateCertificates(new ByteArrayInputStream(certsBytes));
 
             ArrayList<X509Certificate> loadedCerts = new ArrayList<X509Certificate>();
 
             for (Iterator<? extends Certificate> itr = certs.iterator(); itr.hasNext();) {
                     X509Certificate cert = (X509Certificate) itr.next();
 
                     if (cert != null) {
                             loadedCerts.add(cert);
                     }
             }
 
             return loadedCerts.toArray(new X509Certificate[loadedCerts.size()]);
         } catch (CertificateException ex) {
             try {
                 // Failed to load certificates, may be pki path encoded - try loading as that
                 return loadCertificatesAsPkiPathEncoded(new ByteArrayInputStream(certsBytes));
             } catch (CertificateException e) {
                 // Failed to load certificates, may be PEM certificate
                 X509Certificate certs[] = new X509Certificate[1];
                 certs[0] = getPEMCertificateStatic(new ByteArrayInputStream(certsBytes));
                 return certs;
             }
         } 
     }

◆ loadCertificatesAsPkiPathEncoded()

static X509Certificate [] org.gluu.oxtrust.ldap.service.SSLService.loadCertificatesAsPkiPathEncoded ( InputStream is ) throws Exception

inlinestaticprivate

                                                                                                        {
         try {
             CertificateFactory cf = getCertificateFactoryInstance();
             CertPath certPath = cf.generateCertPath(is, PKI_PATH_ENCODING);
 
             List<? extends Certificate> certs = certPath.getCertificates();
 
             ArrayList<X509Certificate> loadedCerts = new ArrayList<X509Certificate>();
 
             for (Iterator<? extends Certificate> itr = certs.iterator(); itr.hasNext();) {
                 X509Certificate cert = (X509Certificate) itr.next();
 
                 if (cert != null) {
                     loadedCerts.add(cert);
                 }
             }
 
             return loadedCerts.toArray(new X509Certificate[loadedCerts.size()]);
         } finally {
             IOUtils.closeQuietly(is);
         }
     }

◆ loadCRL()

static X509CRL org.gluu.oxtrust.ldap.service.SSLService.loadCRL ( InputStream is ) throws Exception

inlinestatic

Load a CRL from the specified stream.

引数

is	Stream to load CRL from

戻り値: The CRL

例外

Exception Problem encountered while loading the CRL

                                                                    {
         try {
             CertificateFactory cf = getCertificateFactoryInstance();
             X509CRL crl = (X509CRL) cf.generateCRL(is);
             return crl;
         } finally {
             IOUtils.closeQuietly(is);
         }
     }

メンバ詳解

◆ BASE64_TESTER

final String org.gluu.oxtrust.ldap.service.SSLService.BASE64_TESTER = "^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)$"

staticprivate

◆ BEGIN_CERTIFICATE

final String org.gluu.oxtrust.ldap.service.SSLService.BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----"

staticprivate

◆ END_CERTIFICATE

final String org.gluu.oxtrust.ldap.service.SSLService.END_CERTIFICATE = "-----END CERTIFICATE-----"

staticprivate

◆ log

Logger org.gluu.oxtrust.ldap.service.SSLService.log

private

◆ PKI_PATH_ENCODING

final String org.gluu.oxtrust.ldap.service.SSLService.PKI_PATH_ENCODING = "PkiPath"

staticprivate

◆ SECURITY_PROVIDER_BOUNCY_CASTLE

final String org.gluu.oxtrust.ldap.service.SSLService.SECURITY_PROVIDER_BOUNCY_CASTLE = "BC"

staticprivate

Bouncy Castle SecurityProvider

◆ serialVersionUID

final long org.gluu.oxtrust.ldap.service.SSLService.serialVersionUID = -874807269234589084L

staticprivate

◆ X509_CERT_TYPE

final String org.gluu.oxtrust.ldap.service.SSLService.X509_CERT_TYPE = "X.509"

staticprivate

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/oxTrust/server/src/main/java/org/gluu/oxtrust/ldap/service/SSLService.java

公開メンバ関数

静的公開メンバ関数

静的非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

関数詳解

◆ attemptBase64Decode()

◆ convertCertificate()

◆ convertCertificates()

◆ fixCommonInputCertProblems()

◆ getCertificateFactoryInstance()

◆ getPEMCertificate() [1/3]

◆ getPEMCertificate() [2/3]

◆ getPEMCertificate() [3/3]

◆ getPEMCertificateStatic()

◆ loadCertificates() [1/2]

◆ loadCertificates() [2/2]

◆ loadCertificatesAsPkiPathEncoded()

◆ loadCRL()

メンバ詳解

◆ BASE64_TESTER

◆ BEGIN_CERTIFICATE

◆ END_CERTIFICATE

◆ log

◆ PKI_PATH_ENCODING

◆ SECURITY_PROVIDER_BOUNCY_CASTLE

◆ serialVersionUID

◆ X509_CERT_TYPE