SSLUtil (Starlink-UK API)

java.lang.Object
- uk.ac.starlink.auth.ssl.SSLUtil

```
public class SSLUtil
extends Object
```

Constructor Summary

Constructors
Constructor and Description

SSLUtil()

Constructors
Constructor and Description
`SSLUtil()`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static byte[]`	`getCertificates(byte[] certBuf)` Extracts all the certificates from the argument, decodes them from base64 to byte[] and concatenates all the certificates preserving the order.
`static SSLSocketFactory`	`getSocketFactory(File pemFile)` Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requires client authentication).
`static SSLSocketFactory`	`getSocketFactory(File certFile, File keyFile)` Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requies client authentication).
`static SSLSocketFactory`	`getSocketFactory(Subject s)` Create an SSLSocketfactory from the credentials in the specified Subject.
`static SSLSocketFactory`	`getSocketFactory(X509CertificateChain chain)`
`static void`	`initSSL(File pemFile)`
`static void`	`initSSL(File certFile, File keyFile)` Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requires client authentication).
`static RSAPrivateCrtKeySpec`	`parseKeySpec(byte[] code)` Parses a byte array and constructs the corresponding RSAPrivateCrtKeySpec.
`static X509Certificate[]`	`readCertificateChain(byte[] certBuf)`
`static X509Certificate[]`	`readCertificateChain(File certFile)`
`static byte[]`	`readFile(File f)` Read a (small) file into a byte array.
`static X509CertificateChain`	`readPemCertificateAndKey(byte[] data)` Parses PEM encoded data that contains certificates and a key and returns the corresponding X509CertificateChain that can be used to create an SSL socket.
`static X509CertificateChain`	`readPemCertificateAndKey(File pemFile)` Convenience method to parse a PEM encoded file and return the corresponding X509 Certificate chain.
`static PrivateKey`	`readPrivateKey(byte[] bytesPrivateKey)`
`static PrivateKey`	`readPrivateKey(File keyFile)`
`static void`	`validateSubject(Subject subject, Date date)` Checks whether the subject's certificate credentials are valid at a given date.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- SSLUtil
```
public SSLUtil()
```

Method Detail

initSSL
```
public static void initSSL(File certFile,
                           File keyFile)
```
Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requires client authentication).

Parameters:

certFile - proxy certificate

keyFile - private key file in DER format

See Also:

HttpsURLConnection.setDefaultSSLSocketFactory(javax.net.ssl.SSLSocketFactory)

initSSL

public static void initSSL(File pemFile)

getSocketFactory
```
public static SSLSocketFactory getSocketFactory(File certFile,
                                                File keyFile)
```
Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requies client authentication).

Parameters:

certFile - proxy certificate

keyFile - private key file in DER format

Returns:

configured SSL socket factory

getSocketFactory
```
public static SSLSocketFactory getSocketFactory(File pemFile)
```
Initialise the default SSL socket factory so that all HTTPS connections use the provided key store to authenticate (when the server requires client authentication).

Parameters:

pemFile - proxy certificate

Returns:

configured SSL socket factory

getSocketFactory
```
public static SSLSocketFactory getSocketFactory(Subject s)
```
Create an SSLSocketfactory from the credentials in the specified Subject. This method extracts a X509CertificateChain from the public credentials and uses the certificate chain and private key found there to set up a KeyStore for the SSLSocketFactory.

Parameters:

s - subject

Returns:

an SSLSocketFactory, or null if no X509CertificateChain can be found

getSocketFactory

public static SSLSocketFactory getSocketFactory(X509CertificateChain chain)

getCertificates
```
public static byte[] getCertificates(byte[] certBuf)
                              throws IOException
```
Extracts all the certificates from the argument, decodes them from base64 to byte[] and concatenates all the certificates preserving the order.

Parameters:

certBuf - buffer containing certificates

Returns:

decoded certificate chain

Throws:

IOException

readCertificateChain

public static X509Certificate[] readCertificateChain(File certFile)
                                              throws CertificateException,
                                                     IOException

Throws:: CertificateException; IOException

readCertificateChain

public static X509Certificate[] readCertificateChain(byte[] certBuf)
                                              throws CertificateException,
                                                     IOException

Returns:: certificate chain
Throws:: CertificateException; IOException

readPrivateKey

public static PrivateKey readPrivateKey(File keyFile)
                                 throws InvalidKeySpecException,
                                        NoSuchAlgorithmException,
                                        IOException

Throws:: InvalidKeySpecException; NoSuchAlgorithmException; IOException

readPrivateKey

public static PrivateKey readPrivateKey(byte[] bytesPrivateKey)
                                 throws InvalidKeySpecException,
                                        NoSuchAlgorithmException,
                                        IOException

Throws:: InvalidKeySpecException; NoSuchAlgorithmException; IOException

readPemCertificateAndKey

public static X509CertificateChain readPemCertificateAndKey(File pemFile)
                                                     throws InvalidKeySpecException,
                                                            NoSuchAlgorithmException,
                                                            IOException,
                                                            CertificateException

Convenience method to parse a PEM encoded file and return the corresponding X509 Certificate chain.

Parameters:: pemFile - file containing PEM data
Returns:: certificate chain
Throws:: InvalidKeySpecException; NoSuchAlgorithmException; IOException; CertificateException

readPemCertificateAndKey

public static X509CertificateChain readPemCertificateAndKey(byte[] data)
                                                     throws InvalidKeySpecException,
                                                            NoSuchAlgorithmException,
                                                            IOException,
                                                            CertificateException

Parses PEM encoded data that contains certificates and a key and returns the corresponding X509CertificateChain that can be used to create an SSL socket. RSA is the only supporting encoding for the key.

Parameters:: data - content encoded as PEM.
Returns:: X509 Certificate chain.
Throws:: InvalidKeySpecException; NoSuchAlgorithmException; IOException; CertificateException

parseKeySpec
```
public static RSAPrivateCrtKeySpec parseKeySpec(byte[] code)
                                         throws IOException
```
Parses a byte array and constructs the corresponding RSAPrivateCrtKeySpec.

Parameters:

code - byte array containing the key

Returns:

RSAPrivateCrtKeySpec

Throws:

IOException

validateSubject
```
public static void validateSubject(Subject subject,
                                   Date date)
                            throws CertificateException,
                                   CertificateExpiredException,
                                   CertificateNotYetValidException
```
Checks whether the subject's certificate credentials are valid at a given date. If date is missing, current time is used as reference.

Parameters:

subject - Subject to check

date - Date the certificate is verified against. If null, the credentials are verified against current time.

Throws:

CertificateException - Subject has no associated certificate credentials or there is a problem with the existing certificate.

CertificateExpiredException - Certificate is expired.

CertificateNotYetValidException - Certificate not valid yet.

readFile
```
public static byte[] readFile(File f)
                       throws IOException
```
Read a (small) file into a byte array.

Parameters:

f - file

Returns:

byte array containing the content of the file

Throws:

IOException

Class SSLUtil

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SSLUtil

Method Detail

initSSL

initSSL

getSocketFactory

getSocketFactory

getSocketFactory

getSocketFactory

getCertificates

readCertificateChain

readCertificateChain

readPrivateKey

readPrivateKey

readPemCertificateAndKey

readPemCertificateAndKey

parseKeySpec

validateSubject

readFile