Package org.apache.solr.security.cert
Class CertUtil
java.lang.Object
org.apache.solr.security.cert.CertUtil
Utility class for certificate-related operations, including extracting fields from the subject or
issuer DN and SAN fields from X509 certificates.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enumSupported SAN (Subject Alternative Name) types as defined in RFC 5280 -
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionextractFieldFromX500Principal(X500Principal principal, String path) Extracts a specified field or the entire DN from an X500Principal, such as a certificate's subject or issuer.extractFromIssuerDN(X509Certificate certificate, String path) Extracts a specified field or the entire issuer DN from an X509 certificate.extractFromSAN(X509Certificate certificate, String path, Predicate<String> valueMatcher) Extracts SAN (Subject Alternative Name) fields from an X509 certificate that match a specified path and predicate.extractFromSubjectDN(X509Certificate certificate, String path) Extracts a specified field or the entire subject DN from an X509 certificate.
-
Field Details
-
SUBJECT_DN_PREFIX
- See Also:
-
ISSUER_DN_PREFIX
- See Also:
-
SAN_PREFIX
- See Also:
-
-
Constructor Details
-
CertUtil
public CertUtil()
-
-
Method Details
-
extractFieldFromX500Principal
Extracts a specified field or the entire DN from an X500Principal, such as a certificate's subject or issuer. If the entire DN is returned the format would be RFC2253- Parameters:
principal- The X500Principal from which to extract information.path- The DN field to extract, or a prefix indicating the entire DN.- Returns:
- The value of the specified field, or the entire DN if just a prefix is provided.
-
extractFromSubjectDN
Extracts a specified field or the entire subject DN from an X509 certificate.- Parameters:
certificate- The certificate from which to extract the subject DN information.path- The path specifying the subject DN field to extract or a prefix for the entire DN.- Returns:
- An Optional containing the value of the specified subject DN field or the entire DN; empty if not found.
-
extractFromIssuerDN
Extracts a specified field or the entire issuer DN from an X509 certificate.- Parameters:
certificate- The certificate from which to extract the issuer DN information.path- The path specifying the issuer DN field to extract or a prefix for the entire DN.- Returns:
- An Optional containing the value of the specified issuer DN field or the entire DN; empty if not found.
-
extractFromSAN
public static Optional<List<String>> extractFromSAN(X509Certificate certificate, String path, Predicate<String> valueMatcher) throws CertificateParsingException Extracts SAN (Subject Alternative Name) fields from an X509 certificate that match a specified path and predicate.- Parameters:
certificate- The certificate from which to extract SAN information.path- The path specifying the SAN field to extract.valueMatcher- A predicate to apply to each SAN value for filtering.- Returns:
- An Optional containing a list of SAN values that match the specified path and predicate; empty if none found.
- Throws:
CertificateParsingException- If an error occurs while parsing the certificate for SAN fields.
-