001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose.util; 019 020 021import java.security.cert.X509Certificate; 022import java.text.ParseException; 023import java.util.LinkedList; 024import java.util.List; 025 026import net.minidev.json.JSONArray; 027 028 029/** 030 * X.509 certificate chain utilities. 031 * 032 * @author Vladimir Dzhuvinov 033 * @version 2018-02-27 034 */ 035public class X509CertChainUtils { 036 037 038 /** 039 * Converts the specified JSON array of strings to a list of Base64 040 * encoded objects. 041 * 042 * @param jsonArray The JSON array of string, {@code null} if not 043 * specified. 044 * 045 * @return The Base64 list, {@code null} if not specified. 046 * 047 * @throws ParseException If parsing failed. 048 */ 049 public static List<Base64> toBase64List(final JSONArray jsonArray) 050 throws ParseException { 051 052 if (jsonArray == null) 053 return null; 054 055 List<Base64> chain = new LinkedList<>(); 056 057 for (int i=0; i < jsonArray.size(); i++) { 058 059 Object item = jsonArray.get(i); 060 061 if (item == null) { 062 throw new ParseException("The X.509 certificate at position " + i + " must not be null", 0); 063 } 064 065 if (! (item instanceof String)) { 066 throw new ParseException("The X.509 certificate at position " + i + " must be encoded as a Base64 string", 0); 067 } 068 069 chain.add(new Base64((String)item)); 070 } 071 072 return chain; 073 } 074 075 076 /** 077 * Parses a X.509 certificate chain from the specified Base64-encoded 078 * DER-encoded representation. 079 * 080 * @param b64List The Base64-encoded DER-encoded X.509 certificate 081 * chain, {@code null} if not specified. 082 * 083 * @return The X.509 certificate chain, {@code null} if not specified. 084 * 085 * @throws ParseException If parsing failed. 086 */ 087 public static List<X509Certificate> parse(final List<Base64> b64List) 088 throws ParseException { 089 090 if (b64List == null) 091 return null; 092 093 List<X509Certificate> out = new LinkedList<>(); 094 095 for (int i=0; i < b64List.size(); i++) { 096 097 if (b64List.get(i)== null) continue; // skip 098 099 X509Certificate cert = X509CertUtils.parse(b64List.get(i).decode()); 100 101 if (cert == null) { 102 throw new ParseException("Invalid X.509 certificate at position " + i, 0); 103 } 104 105 out.add(cert); 106 } 107 108 return out; 109 } 110 111 112 /** 113 * Prevents public instantiation. 114 */ 115 private X509CertChainUtils() {} 116}