Java tutorial
/* * Licensed to Jasig under one or more contributor license * agreements. See the NOTICE file distributed with this work * for additional information regarding copyright ownership. * Jasig licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a * copy of the License at the following location: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.jasig.cas.adaptors.x509.util; import java.io.IOException; import java.io.InputStream; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509CRL; import java.security.cert.X509Certificate; import java.util.Date; import org.apache.commons.io.IOUtils; import org.springframework.core.io.Resource; /** * Utility class with methods to support various operations on X.509 certs. * * @author Marvin S. Addison * @since 3.4.6 * */ public final class CertUtils { /** X509 certificate type. */ public static final String X509_CERTIFICATE_TYPE = "X509"; /** Suppressed constructor of utility class. */ private CertUtils() { /*No initialization required*/ } /** * Determines whether the given CRL is expired by examining the nextUpdate field. * * @param crl CRL to examine. * * @return True if current system time is after CRL next update, false otherwise. */ public static boolean isExpired(final X509CRL crl) { return isExpired(crl, new Date(System.currentTimeMillis())); } /** * Determines whether the given CRL is expired by comparing the nextUpdate field * with a given date. * * @param crl CRL to examine. * @param reference Reference date for comparison. * * @return True if reference date is after CRL next update, false otherwise. */ public static boolean isExpired(final X509CRL crl, final Date reference) { return reference.after(crl.getNextUpdate()); } /** * Fetches an X.509 CRL from a resource such as a file or URL. * * @param resource Resource descriptor. * * @return X.509 CRL * * @throws IOException On IOErrors. * @throws CRLException On CRL parse errors. */ public static X509CRL fetchCRL(final Resource resource) throws CRLException, IOException { // Always attempt to open a new stream on the URL underlying the resource final InputStream in = resource.getURL().openStream(); try { return (X509CRL) CertUtils.getCertificateFactory().generateCRL(in); } finally { IOUtils.closeQuietly(in); } } /** * Creates a unique and human-readable representation of the given certificate. * * @param cert Certificate. * * @return String representation of a certificate that includes the subject and serial number. */ public static String toString(final X509Certificate cert) { return String.format("%s, SerialNumber=%s", cert.getSubjectDN(), cert.getSerialNumber()); } /** * Gets a certificate factory for creating X.509 artifacts. * * @return X509 certificate factory. */ public static CertificateFactory getCertificateFactory() { try { return CertificateFactory.getInstance(X509_CERTIFICATE_TYPE); } catch (final CertificateException e) { throw new IllegalStateException("X509 certificate type not supported by default provider."); } } }