org.pfsw.security
Class SecurityUtil

java.lang.Object
  extended by org.pfsw.security.SecurityUtil

public class SecurityUtil
extends java.lang.Object

This singleton supports utility methods around various security aspects. It has a protected default constructor, so it can be extended!


Field Summary
static java.lang.String AUTHENTICATION_SCHEME_BASIC
           
static java.lang.String AUTHENTICATION_SCHEME_BEARER
           
static java.lang.String AUTHENTICATION_SCHEME_DIGEST
           
static java.lang.String BASIC_CREDENTIALS_SEPARATOR
           
static SecurityUtil SECU
           
 
Constructor Summary
protected SecurityUtil()
           
 
Method Summary
 java.lang.String createBASICAuthorization(java.lang.String username, java.lang.String password)
          Creates the full authorization header value for the HTTP BASIC authentication scheme as defined in RFC-2617.
 java.lang.String createBEARERAuthorization(byte[] token)
          Creates the full authorization header value for the BEARER authentication scheme as defined in RFC-6750.
 java.lang.String createBEARERAuthorization(java.lang.String token, java.nio.charset.Charset charset)
          Creates the full authorization header value for the BEARER authentication scheme as defined in RFC-6750.
static SecurityUtil current()
          Returns the only instance this class supports (design pattern "Singleton")
 org.pfsw.bif.text.IStringPair decodeBASICCredentials(java.lang.String basicCredentials)
          Decodes and splits up the value presented by a BASIC authentication header as to RFC-2617.
 org.pfsw.bif.text.IStringPair decodeBASICCredentials(java.lang.String basicCredentials, java.nio.charset.Charset charset)
          Decodes and splits up the value presented by a BASIC authentication header as to RFC-2617.
 java.lang.String encodeBASICCredentials(java.lang.String username, java.lang.String password)
          Encodes the given username and password according to the BASIC authentication scheme specification (RFC-2617).
 java.lang.String encodeBASICCredentials(java.lang.String username, java.lang.String password, java.nio.charset.Charset charset)
          Encodes the given username and password according to the BASIC authentication scheme specification (RFC-2617).
 java.util.List<GeneralName> getSubjectAlternativeNamesFrom(java.security.cert.X509Certificate serverCertificate)
           
 java.security.cert.X509Certificate[] readX509CertificateChainFromPEM(java.io.File pemFile)
          Reads a certificate chain from the given PEM file.
 java.security.cert.X509Certificate readX509CertificateFromPKCS7(java.io.File file)
          Reads a certificate from the given PKCS#7 file.
 java.security.cert.X509Certificate readX509CertificateFromPKCS7(java.io.InputStream inStream)
          Reads a certificate from the given PKCS#7 stream.
 java.util.Collection<java.security.cert.X509Certificate> readX509CertificatesFromPKCS7(java.io.InputStream inStream)
          Read all certificates from the given PKCS#7 stream.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SECU

public static final SecurityUtil SECU

BASIC_CREDENTIALS_SEPARATOR

public static final java.lang.String BASIC_CREDENTIALS_SEPARATOR
See Also:
Constant Field Values

AUTHENTICATION_SCHEME_BASIC

public static final java.lang.String AUTHENTICATION_SCHEME_BASIC
See Also:
Constant Field Values

AUTHENTICATION_SCHEME_DIGEST

public static final java.lang.String AUTHENTICATION_SCHEME_DIGEST
See Also:
Constant Field Values

AUTHENTICATION_SCHEME_BEARER

public static final java.lang.String AUTHENTICATION_SCHEME_BEARER
See Also:
Constant Field Values
Constructor Detail

SecurityUtil

protected SecurityUtil()
Method Detail

current

public static SecurityUtil current()
Returns the only instance this class supports (design pattern "Singleton")


encodeBASICCredentials

public java.lang.String encodeBASICCredentials(java.lang.String username,
                                               java.lang.String password)
Encodes the given username and password according to the BASIC authentication scheme specification (RFC-2617).
That is base64(username:password).

Parameters:
username - The username (must not be null).
password - The password (must not be null)
Returns:
The base64 encoded concatenated username password.

encodeBASICCredentials

public java.lang.String encodeBASICCredentials(java.lang.String username,
                                               java.lang.String password,
                                               java.nio.charset.Charset charset)
Encodes the given username and password according to the BASIC authentication scheme specification (RFC-2617).
That is base64(username:password).

Parameters:
username - The username (must not be null).
password - The password (must not be null)
charset - The charset to be used for the string encoding (must not be null).
Returns:
The base64 encoded concatenated username and password.

decodeBASICCredentials

public org.pfsw.bif.text.IStringPair decodeBASICCredentials(java.lang.String basicCredentials,
                                                            java.nio.charset.Charset charset)
Decodes and splits up the value presented by a BASIC authentication header as to RFC-2617.

Parameters:
basicCredentials - The base64 encoded concatenated username password string (must not be null).
charset - The charset to be used for the string encoding (must not be null).
Returns:
A string pair where the first string contains the username and the second the password.
Throws:
java.lang.IllegalArgumentException - If the given string cannot be decoded or cannot be split into two sub-values.

decodeBASICCredentials

public org.pfsw.bif.text.IStringPair decodeBASICCredentials(java.lang.String basicCredentials)
Decodes and splits up the value presented by a BASIC authentication header as to RFC-2617.

Parameters:
basicCredentials - The base64 encoded concatenated username password string (must not be null).
Returns:
A string pair where the first string contains the username and the second the password.
Throws:
java.lang.IllegalArgumentException - If the given string cannot be decoded or cannot be split into two sub-values.

createBASICAuthorization

public java.lang.String createBASICAuthorization(java.lang.String username,
                                                 java.lang.String password)
Creates the full authorization header value for the HTTP BASIC authentication scheme as defined in RFC-2617. Username and password will be concatenated and base64 encoded.

Parameters:
username - The username (must not be null).
password - The password (must not be null)
Returns:
The complete header value (e.g. "Basic Q29yb2xpbmE6N1J1YmJlcmJvYXQyNQ==")

createBEARERAuthorization

public java.lang.String createBEARERAuthorization(byte[] token)
Creates the full authorization header value for the BEARER authentication scheme as defined in RFC-6750.

Parameters:
token - The token that will be base64 encoded by this method (must not be null).
Returns:
The complete header value (e.g. "Bearer cy9aJsKnPX1+SDIjJz9ERlYoLyY9U0HDvFNEQEo34oKsesOfZGpkag==")

createBEARERAuthorization

public java.lang.String createBEARERAuthorization(java.lang.String token,
                                                  java.nio.charset.Charset charset)
Creates the full authorization header value for the BEARER authentication scheme as defined in RFC-6750.

Parameters:
token - The token that will be base64 encoded by this method (must not be null).
charset - The charset to be used for the string encoding (must not be null).
Returns:
The complete header value (e.g. "Bearer cy9aJsKnPX1+SDIjJz9ERlYoLyY9U0HDvFNEQEo34oKsesOfZGpkag==")

getSubjectAlternativeNamesFrom

public java.util.List<GeneralName> getSubjectAlternativeNamesFrom(java.security.cert.X509Certificate serverCertificate)

readX509CertificatesFromPKCS7

public java.util.Collection<java.security.cert.X509Certificate> readX509CertificatesFromPKCS7(java.io.InputStream inStream)
                                                                                       throws java.security.cert.CertificateException
Read all certificates from the given PKCS#7 stream. The given stream will be closed in any case after this call.

Parameters:
inStream - A stream that is expected to contain X.509 certificates in PKCS#7 format.
Returns:
The certificates read from the given PKCS#7 stream.
Throws:
java.security.cert.CertificateException - For any case of format or IO errors.

readX509CertificateFromPKCS7

public java.security.cert.X509Certificate readX509CertificateFromPKCS7(java.io.InputStream inStream)
                                                                throws java.security.cert.CertificateException
Reads a certificate from the given PKCS#7 stream.

Parameters:
inStream - A stream that is expected to contain X.509 certificates in PKCS#7 format.
Returns:
The (first) X.509 certificate read from the given PKCS#7 stream.
Throws:
java.security.cert.CertificateException - For any case of format or IO errors.

readX509CertificateFromPKCS7

public java.security.cert.X509Certificate readX509CertificateFromPKCS7(java.io.File file)
                                                                throws java.security.cert.CertificateException
Reads a certificate from the given PKCS#7 file.

Parameters:
file - A file that is expected to contain X.509 certificates in PKCS#7 format.
Returns:
The (first) X.509 certificate read from the given PKCS#7 file.
Throws:
java.security.cert.CertificateException - For any case of format or IO errors.

readX509CertificateChainFromPEM

public java.security.cert.X509Certificate[] readX509CertificateChainFromPEM(java.io.File pemFile)
Reads a certificate chain from the given PEM file.

Parameters:
pemFile - The file to read from (must not be null).
Returns:
The full certificate chain found in the file.