CertificateChainUtil (stdlib 7.0.1 API)

java.lang.Object
- com.peterphi.std.crypto.CertificateChainUtil

public class CertificateChainUtil
extends java.lang.Object

Utility class which helps manage certificate chains

Field Summary

Fields
Modifier and Type Field and Description

static boolean ALLOW_LOG_SELF_SIGN_TESTS

Fields
Modifier and Type	Field and Description
`static boolean`	`ALLOW_LOG_SELF_SIGN_TESTS`

Method Summary

Methods
Modifier and Type	Method and Description
`static java.util.List<java.security.cert.X509Certificate>`	`buildChainFor(java.security.KeyPair keypair, java.util.Collection<java.security.cert.X509Certificate> certs)`
`static java.util.List<java.security.cert.X509Certificate>`	`buildChainFor(java.security.PublicKey key, java.util.Collection<java.security.cert.X509Certificate> certs)`
`static java.security.cert.X509Certificate`	`getCertificateFor(java.security.PublicKey publicKey, java.util.Collection<java.security.cert.X509Certificate> certs)`
`static java.security.cert.X509Certificate`	`getIssuer(java.security.cert.X509Certificate subject, java.util.Collection<java.security.cert.X509Certificate> certs)`
`static javax.security.auth.x500.X500Principal[]`	`getIssuerDNsFromChain(java.util.List<java.security.cert.X509Certificate> chain)` Extracts the DNs of the issuers from a certificate chain.
`static javax.security.auth.x500.X500Principal[]`	`getPrincipals(java.util.List<java.security.cert.X509Certificate> chain)`
`static javax.security.auth.x500.X500Principal`	`getSubjectDNFromChain(java.util.List<java.security.cert.X509Certificate> chain)` Extracts the Subject: the final certificate in a chain
`static boolean`	`isSelfSigned(java.security.cert.X509Certificate certificate)` Determines if a certificate is a self signed certificate
`static boolean`	`isSignedBy(java.security.cert.X509Certificate subject, java.security.PublicKey signer)`
`static java.util.List<java.security.cert.X509Certificate>`	`normaliseChain(java.util.List<java.security.cert.X509Certificate> chain)` Take a chain and return a (Read-only) chain with the root certificate as the first entry
`static java.util.List<java.security.cert.X509Certificate>`	`toRootFirst(java.util.List<java.security.cert.X509Certificate> chain)` Take a chain and return a (Read-only) chain with the root certificate as the first entry
`static java.util.List<java.security.cert.X509Certificate>`	`toRootLast(java.util.List<java.security.cert.X509Certificate> chain)` Take a chain and return a (Read-only) chain with the root certificate as the last entry
`static void`	`verifyChain(java.util.List<java.security.cert.X509Certificate> chain)` Verifies that a certificate chain is valid

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - ALLOW_LOG_SELF_SIGN_TESTS
```
public static final boolean ALLOW_LOG_SELF_SIGN_TESTS
```
    See Also:
    Constant Field Values
- Method Detail
  - getIssuerDNsFromChain
```
public static javax.security.auth.x500.X500Principal[] getIssuerDNsFromChain(java.util.List<java.security.cert.X509Certificate> chain)
```
    Extracts the DNs of the issuers from a certificate chain. The last certificate in the chain will be ignored (since it is the subject)
    
    Parameters:
    chain - a normalised chain
    
    Returns:
  - getSubjectDNFromChain
```
public static javax.security.auth.x500.X500Principal getSubjectDNFromChain(java.util.List<java.security.cert.X509Certificate> chain)
```
    Extracts the Subject: the final certificate in a chain
    
    Parameters:
    chain - a normalised chain
    
    Returns:
    the subject (the final certificate in the chain)
    
    Throws:
    
    java.lang.IllegalArgumentException - if the chain is null or empty
  - isSelfSigned
```
public static boolean isSelfSigned(java.security.cert.X509Certificate certificate)
```
    Determines if a certificate is a self signed certificate
    
    Parameters:
    certificate - the certificate to test
    
    Returns:
    true if the certificate is self-signed, otherwise false if the certificate was not self-signed or the certificate signature could not be verified
  - isSignedBy
```
public static boolean isSignedBy(java.security.cert.X509Certificate subject,
                 java.security.PublicKey signer)
```
  - buildChainFor
```
public static java.util.List<java.security.cert.X509Certificate> buildChainFor(java.security.PublicKey key,
                                                               java.util.Collection<java.security.cert.X509Certificate> certs)
```
  - buildChainFor
```
public static java.util.List<java.security.cert.X509Certificate> buildChainFor(java.security.KeyPair keypair,
                                                               java.util.Collection<java.security.cert.X509Certificate> certs)
```
  - getPrincipals
```
public static javax.security.auth.x500.X500Principal[] getPrincipals(java.util.List<java.security.cert.X509Certificate> chain)
```
  - getCertificateFor
```
public static java.security.cert.X509Certificate getCertificateFor(java.security.PublicKey publicKey,
                                                   java.util.Collection<java.security.cert.X509Certificate> certs)
```
  - getIssuer
```
public static java.security.cert.X509Certificate getIssuer(java.security.cert.X509Certificate subject,
                                           java.util.Collection<java.security.cert.X509Certificate> certs)
```
  - normaliseChain
```
public static java.util.List<java.security.cert.X509Certificate> normaliseChain(java.util.List<java.security.cert.X509Certificate> chain)
```
    Take a chain and return a (Read-only) chain with the root certificate as the first entry
    
    Parameters:
    chain - a chain with the certificates in order (either leading away from root or leading towards root)
    
    Returns:
    a read-only chain leading away from the root certificate
    
    Throws:
    
    java.lang.IllegalArgumentException - if the chain is null or empty
  - toRootFirst
```
public static java.util.List<java.security.cert.X509Certificate> toRootFirst(java.util.List<java.security.cert.X509Certificate> chain)
```
    Take a chain and return a (Read-only) chain with the root certificate as the first entry
    
    Parameters:
    chain - a chain with the certificates in order (either leading away from root or leading towards root)
    
    Returns:
    a read-only chain leading away from the root certificate
    
    Throws:
    
    java.lang.IllegalArgumentException - if the chain is null or empty
  - toRootLast
```
public static java.util.List<java.security.cert.X509Certificate> toRootLast(java.util.List<java.security.cert.X509Certificate> chain)
```
    Take a chain and return a (Read-only) chain with the root certificate as the last entry
    
    Parameters:
    chain - a chain with the certificates in order (either leading away from root or leading towards root)
    
    Returns:
    a read-only chain leading towards the root certificate (i.e. with the root certificate
    
    Throws:
    
    java.lang.IllegalArgumentException - if the chain is null or empty
  - verifyChain
```
public static void verifyChain(java.util.List<java.security.cert.X509Certificate> chain)
```
    Verifies that a certificate chain is valid
    
    Parameters:
    chain - a certificate chain with the root certificate first
    
    Throws:
    
    java.lang.IllegalArgumentException - if the chain is invalid, null or empty

Class CertificateChainUtil

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

ALLOW_LOG_SELF_SIGN_TESTS

Method Detail

getIssuerDNsFromChain

getSubjectDNFromChain

isSelfSigned

isSignedBy

buildChainFor

buildChainFor

getPrincipals

getCertificateFor

getIssuer

normaliseChain

toRootFirst

toRootLast

verifyChain