Package org.apache.solr.security.cert

Class CertUtil

  • public class CertUtil
extends Object
    Utility class for certificate-related operations, including extracting fields from the subject or issuer DN and SAN fields from X509 certificates.

    • Constructor Detail

      • CertUtil

        public CertUtil()

    • Method Detail

      • extractFieldFromX500Principal

        public static Optional<String> extractFieldFromX500Principal​(X500Principal principal,
                                                             String path)
        Extracts a specified field or the entire DN from an X500Principal, such as a certificate's subject or issuer. If the entire DN is returned the format would be RFC2253
        Parameters:
        principal - The X500Principal from which to extract information.
        path - The DN field to extract, or a prefix indicating the entire DN.
        Returns:
        The value of the specified field, or the entire DN if just a prefix is provided.

      • extractFromSubjectDN

        public static Optional<String> extractFromSubjectDN​(X509Certificate certificate,
                                                    String path)
        Extracts a specified field or the entire subject DN from an X509 certificate.
        Parameters:
        certificate - The certificate from which to extract the subject DN information.
        path - The path specifying the subject DN field to extract or a prefix for the entire DN.
        Returns:
        An Optional containing the value of the specified subject DN field or the entire DN; empty if not found.

      • extractFromIssuerDN

        public static Optional<String> extractFromIssuerDN​(X509Certificate certificate,
                                                   String path)
        Extracts a specified field or the entire issuer DN from an X509 certificate.
        Parameters:
        certificate - The certificate from which to extract the issuer DN information.
        path - The path specifying the issuer DN field to extract or a prefix for the entire DN.
        Returns:
        An Optional containing the value of the specified issuer DN field or the entire DN; empty if not found.

      • extractFromSAN

        public static Optional<List<String>> extractFromSAN​(X509Certificate certificate,
                                                    String path,
                                                    Predicate<String> valueMatcher)
                                             throws CertificateParsingException
        Extracts SAN (Subject Alternative Name) fields from an X509 certificate that match a specified path and predicate.
        Parameters:
        certificate - The certificate from which to extract SAN information.
        path - The path specifying the SAN field to extract.
        valueMatcher - A predicate to apply to each SAN value for filtering.
        Returns:
        An Optional containing a list of SAN values that match the specified path and predicate; empty if none found.
        Throws:
        CertificateParsingException - If an error occurs while parsing the certificate for SAN fields.