Class OpensslTruststoreHelper


  • public class OpensslTruststoreHelper
    extends java.lang.Object
    Several static methods helping to mangle truststore file paths in openssl style.
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String CERT_REGEXP  
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      private static byte[] encodeWithoutSeqHeader​(org.bouncycastle.asn1.x500.RDN[] rdns)  
      static java.lang.String getFileHash​(java.lang.String path, java.lang.String regexp)  
      static java.util.Collection<java.io.File> getFilesWithRegexp​(java.lang.String regexp, java.io.File directory)  
      static org.bouncycastle.asn1.x500.RDN[] getNormalizedRDNs​(javax.security.auth.x500.X500Principal name)  
      static java.lang.String getNsFile​(java.lang.String certLocation, java.lang.String suffix)  
      static java.lang.String getOpenSSLCAHash​(javax.security.auth.x500.X500Principal name, boolean openssl1Mode)  
      private static java.lang.String getOpenSSLCAHashNew​(javax.security.auth.x500.X500Principal name)
      Generates the hex hash of the DN used by openssl 1.0.0 and above to name the CA certificate files.
      private static java.lang.String getOpenSSLCAHashOld​(javax.security.auth.x500.X500Principal name)
      Generates the hex hash of the DN used by openssl to name the CA certificate files.
      private static int memcmp​(byte[] a, byte[] b)  
      private static org.bouncycastle.asn1.x500.AttributeTypeAndValue normalizeStringAVA​(org.bouncycastle.asn1.x500.AttributeTypeAndValue src)  
      private static void sortAVAs​(org.bouncycastle.asn1.x500.AttributeTypeAndValue[] atvs)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • OpensslTruststoreHelper

        public OpensslTruststoreHelper()
    • Method Detail

      • getNsFile

        public static java.lang.String getNsFile​(java.lang.String certLocation,
                                                 java.lang.String suffix)
        Parameters:
        certLocation - certificate location
        suffix - either '.namespaces' or '.signing_policy' (other will work but rather doesn't make sense)
        Returns:
        A proper name of a namespaces or signing policy file for the given base path of CA certificate.
      • getFileHash

        public static java.lang.String getFileHash​(java.lang.String path,
                                                   java.lang.String regexp)
      • getFilesWithRegexp

        public static java.util.Collection<java.io.File> getFilesWithRegexp​(java.lang.String regexp,
                                                                            java.io.File directory)
      • getOpenSSLCAHash

        public static java.lang.String getOpenSSLCAHash​(javax.security.auth.x500.X500Principal name,
                                                        boolean openssl1Mode)
      • getOpenSSLCAHashOld

        private static java.lang.String getOpenSSLCAHashOld​(javax.security.auth.x500.X500Principal name)
        Generates the hex hash of the DN used by openssl to name the CA certificate files. The hash is actually the hex of 8 least significant bytes of a MD5 digest of the the ASN.1 encoded DN.
        Parameters:
        name - the DN to hash.
        Returns:
        the 8 character string of the hexadecimal MD5 hash.
      • getOpenSSLCAHashNew

        private static java.lang.String getOpenSSLCAHashNew​(javax.security.auth.x500.X500Principal name)
        Generates the hex hash of the DN used by openssl 1.0.0 and above to name the CA certificate files. The hash is actually the hex of 8 least significant bytes of a SHA1 digest of the the ASN.1 encoded DN after normalization.

        The normalization is performed as follows: all strings are converted to UTF8, leading, trailing and multiple spaces collapsed, converted to lower case and the leading SEQUENCE header is removed.

        Parameters:
        name - the DN to hash.
        Returns:
        the 8 character string of the hexadecimal MD5 hash.
      • getNormalizedRDNs

        public static org.bouncycastle.asn1.x500.RDN[] getNormalizedRDNs​(javax.security.auth.x500.X500Principal name)
                                                                  throws java.io.IOException
        Throws:
        java.io.IOException
      • sortAVAs

        private static void sortAVAs​(org.bouncycastle.asn1.x500.AttributeTypeAndValue[] atvs)
                              throws java.io.IOException
        Throws:
        java.io.IOException
      • memcmp

        private static int memcmp​(byte[] a,
                                  byte[] b)
      • normalizeStringAVA

        private static org.bouncycastle.asn1.x500.AttributeTypeAndValue normalizeStringAVA​(org.bouncycastle.asn1.x500.AttributeTypeAndValue src)
      • encodeWithoutSeqHeader

        private static byte[] encodeWithoutSeqHeader​(org.bouncycastle.asn1.x500.RDN[] rdns)
                                              throws java.io.IOException
        Throws:
        java.io.IOException