java.lang.Object
org.elasticsearch.xpack.core.ssl.CertParsingUtils
Miscellaneous utulity methods for reading certificates and keystores.
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionstatic SslKeyConfigcreateKeyConfig(Settings settings, String prefix, Environment environment, boolean acceptNonSecurePasswords) static X509ExtendedKeyManagergetKeyManagerFromPEM(Path certificatePath, Path keyPath, char[] keyPassword) Creates aX509ExtendedKeyManagerfrom a PEM encoded certificate and key filestatic KeyStoregetKeyStoreFromPEM(Path certificatePath, Path keyPath, char[] keyPassword) Creates aKeyStorefrom a PEM encoded certificate and key filestatic X509ExtendedTrustManagergetTrustManagerFromPEM(List<Path> caPaths) Creates aX509ExtendedTrustManagerbased on the provided PEM certificate authoritiesstatic booleanChecks that theX509Certificatearray is ordered, such that the end-entity certificate is first and it is followed by any certificate authorities'.static List<Certificate> readCertificates(InputStream input) static Map<Certificate, Key> readKeyPairsFromKeystore(Path path, String storeType, char[] password, Function<String, char[]> keyPassword) static Map<Certificate, Key> readPkcs12KeyPairs(Path path, char[] password, Function<String, char[]> keyPassword) Read all certificate-key pairs from a PKCS#12 container.static X509CertificatereadX509Certificate(Path path) static X509Certificate[]readX509Certificates(List<Path> certPaths)
-
Method Details
-
readX509Certificate
public static X509Certificate readX509Certificate(Path path) throws CertificateException, IOException - Throws:
CertificateExceptionIOException
-
readX509Certificates
public static X509Certificate[] readX509Certificates(List<Path> certPaths) throws CertificateException, IOException - Throws:
CertificateExceptionIOException
-
readCertificates
public static List<Certificate> readCertificates(InputStream input) throws CertificateException, IOException - Throws:
CertificateExceptionIOException
-
readPkcs12KeyPairs
public static Map<Certificate,Key> readPkcs12KeyPairs(Path path, char[] password, Function<String, char[]> keyPassword) throws GeneralSecurityException, IOExceptionRead all certificate-key pairs from a PKCS#12 container.- Parameters:
path- The path to the PKCS#12 container file.password- The password for the container filekeyPassword- A supplier for the password for each key. The key alias is supplied as an argument to the function, and it should return the password for that key. If it returnsnull, then the key-pair for that alias is not read.- Throws:
GeneralSecurityExceptionIOException
-
readKeyPairsFromKeystore
public static Map<Certificate,Key> readKeyPairsFromKeystore(Path path, String storeType, char[] password, Function<String, char[]> keyPassword) throws IOException, GeneralSecurityException- Throws:
IOExceptionGeneralSecurityException
-
getKeyStoreFromPEM
public static KeyStore getKeyStoreFromPEM(Path certificatePath, Path keyPath, char[] keyPassword) throws IOException, GeneralSecurityException Creates aKeyStorefrom a PEM encoded certificate and key file- Throws:
IOExceptionGeneralSecurityException
-
getKeyManagerFromPEM
public static X509ExtendedKeyManager getKeyManagerFromPEM(Path certificatePath, Path keyPath, char[] keyPassword) throws IOException, GeneralSecurityException Creates aX509ExtendedKeyManagerfrom a PEM encoded certificate and key file- Throws:
IOExceptionGeneralSecurityException
-
createKeyConfig
public static SslKeyConfig createKeyConfig(Settings settings, String prefix, Environment environment, boolean acceptNonSecurePasswords) -
getTrustManagerFromPEM
public static X509ExtendedTrustManager getTrustManagerFromPEM(List<Path> caPaths) throws GeneralSecurityException, IOException Creates aX509ExtendedTrustManagerbased on the provided PEM certificate authorities- Throws:
GeneralSecurityExceptionIOException
-
isOrderedCertificateChain
Checks that theX509Certificatearray is ordered, such that the end-entity certificate is first and it is followed by any certificate authorities'. The check validates that theissuerof every certificate is thesubjectof the certificate in the next array position. No other certificate attributes are checked.
-