Convert Strings to X509 Certificates before validating (#948)

* Convert certificate strings to certificates

* Format fixes

* Revert "Format fixes"

This reverts commit 26f88bd313.

* Revert "Convert certificate strings to certificates"

This reverts commit 6d47ed2861.

* Convert strings to certs for validation

* Add clarification comments

* Add test to verify endoded cert from proxy

* Add some helper methods

* add tests for PEM with metadata

* small changes

* replace .com with .test

util/src/main/java/google/registry/util/X509Utils.java

@@ -32,6 +32,7 @@ import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CRLException;
 import java.security.cert.CRLReason;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.CertificateParsingException;
@@ -39,6 +40,7 @@ import java.security.cert.CertificateRevokedException;
 import java.security.cert.X509CRL;
 import java.security.cert.X509CRLEntry;
 import java.security.cert.X509Certificate;
+import java.util.Base64;
 import java.util.Date;
 import java.util.NoSuchElementException;
 import java.util.Optional;
@@ -177,5 +179,20 @@ public final class X509Utils {
     newCrl.verify(rootCert.getPublicKey());
   }
 
+  /** Constructs an X.509 certificate from a PEM string and encodes it. */
+  public static String encodeX509CertificateFromPemString(String certificateString)
+      throws CertificateException {
+    return encodeX509Certificate(loadCertificate(certificateString));
+  }
+
+  /**
+   * Encodes an X.509 certificate in the same form that the proxy encodes a certificate before
+   * passing it via an HTTP header.
+   */
+  public static String encodeX509Certificate(X509Certificate certificate)
+      throws CertificateEncodingException {
+    return Base64.getEncoder().encodeToString(certificate.getEncoded());
+  }
+
   private X509Utils() {}
 }