io.netty.pkitesting

Class X509Bundle

java.lang.Object

io.netty.pkitesting.X509Bundle

public final class X509Bundle
extends Object

A certificate bundle is a private key and a full certificate path, all the way to the root certificate. The bundle offers ways of accessing these, and converting them into various representations.

Method Summary

Modifier and Type	Method and Description
static X509Bundle	fromCertificatePath(X509Certificate[] certPath, X509Certificate root, KeyPair keyPair) Construct a bundle from a given certificate path, root certificate, and KeyPair.
static X509Bundle	fromRootCertificateAuthority(X509Certificate root, KeyPair keyPair) Construct a bundle for a certificate authority.
X509Certificate	getCertificate() Get the leaf certificate of the bundle.
X509Certificate[]	getCertificatePath() Get the certificate path, starting with the leaf certificate up to but excluding the root certificate.
List<X509Certificate>	getCertificatePathList() Get the certificate path as a list, starting with the leaf certificate up to but excluding the root certificate.
String	getCertificatePathPEM() Get the certificate path as a PEM encoded string.
X509Certificate[]	getCertificatePathWithRoot() Get the certificate path, starting with the leaf certificate up to and including the root certificate.
String	getCertificatePEM() Get the PEM encoded string of the leaf certificate.
KeyPair	getKeyPair() Get the key pair.
String	getPrivateKeyPEM() Get the private key as a PEM encoded PKCS#8 string.
X509Certificate	getRootCertificate() Get the root certificate that anchors the certificate path.
String	getRootCertificatePEM() Get the root certificate as a PEM encoded string.
TrustAnchor	getTrustAnchor() Get the root certificate as a new TrustAnchor object.
boolean	isCertificateAuthority() Query if this bundle is for a certificate authority root certificate.
boolean	isSelfSigned() Query if this bundle is for a self-signed certificate.
KeyManagerFactory	toKeyManagerFactory() Create a KeyManagerFactory from this bundle.
KeyManagerFactory	toKeyManagerFactory(String algorithm) Create a KeyManagerFactory from this bundle, using the given algorithm.
KeyStore	toKeyStore(char[] keyEntryPassword) Create a KeyStore with the contents of this bundle.
KeyStore	toKeyStore(String algorithm, char[] keyEntryPassword) Create a KeyStore with the contents of this bundle.
File	toTempCertChainPem() Create a temporary PEM file with the certificate chain of this bundle.
File	toTempKeyStoreFile(char[] password) Create a temporary PKCS#12 file with the key store of this bundle.
File	toTempKeyStoreFile(char[] pkcs12Password, char[] keyEntryPassword) Create a temporary PKCS#12 file with the key store of this bundle.
File	toTempPrivateKeyPem() Create a temporary PEM file with the private key of this bundle.
File	toTempRootCertPem() Create a temporary PEM file with the root certificate of this bundle.
TrustManager	toTrustManager() Create a TrustManager instance that trusts the root certificate in this bundle.
TrustManagerFactory	toTrustManagerFactory() Create TrustManagerFactory instance that trusts the root certificate in this bundle.
TrustManagerFactory	toTrustManagerFactory(String algorithm) Create TrustManagerFactory instance that trusts the root certificate in this bundle, with the given algorithm.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

fromRootCertificateAuthority

public static X509Bundle fromRootCertificateAuthority(X509Certificate root,
                                                      KeyPair keyPair)

Construct a bundle for a certificate authority.

Parameters:

root - The self-signed root certificate.

keyPair - The key pair.

Returns:

The new bundle.

fromCertificatePath

public static X509Bundle fromCertificatePath(X509Certificate[] certPath,
                                             X509Certificate root,
                                             KeyPair keyPair)

Construct a bundle from a given certificate path, root certificate, and KeyPair.

Parameters:

certPath - The certificate path, starting with the leaf certificate.The path can end either with the root certificate, or the intermediate certificate signed by the root certificate.

root - The self-signed root certificate.

keyPair - The key pair.

getCertificate

public X509Certificate getCertificate()

Get the leaf certificate of the bundle. If this bundle is for a certificate authority, then this return the same as getRootCertificate().

Returns:

The leaf certificate.

getCertificatePEM

public String getCertificatePEM()

Get the PEM encoded string of the leaf certificate.

Returns:

The certificate PEM string.

getCertificatePath

public X509Certificate[] getCertificatePath()

Get the certificate path, starting with the leaf certificate up to but excluding the root certificate.

Returns:

The certificate path.

getCertificatePathWithRoot

public X509Certificate[] getCertificatePathWithRoot()

Get the certificate path, starting with the leaf certificate up to and including the root certificate.

Returns:

The certificate path, including the root certificate.

getCertificatePathList

public List<X509Certificate> getCertificatePathList()

Get the certificate path as a list, starting with the leaf certificate up to but excluding the root certificate.

Returns:

The certificate path list.

getCertificatePathPEM

public String getCertificatePathPEM()

Get the certificate path as a PEM encoded string.

Returns:

The PEM encoded certificate path.

getKeyPair

public KeyPair getKeyPair()

Get the key pair.

Returns:

The key pair.

getRootCertificate

public X509Certificate getRootCertificate()

Get the root certificate that anchors the certificate path.

Returns:

The root certificate.

getRootCertificatePEM

public String getRootCertificatePEM()

Get the root certificate as a PEM encoded string.

Returns:

The PEM encoded root certificate.

getPrivateKeyPEM

public String getPrivateKeyPEM()

Get the private key as a PEM encoded PKCS#8 string.

Returns:

The private key in PKCS#8 and PEM encoded string.

getTrustAnchor

public TrustAnchor getTrustAnchor()

Get the root certificate as a new TrustAnchor object. Note that TrustAnchor instance have object identity, so if this method is called twice, the two trust anchors will not be equal to each other.

Returns:

A new TrustAnchor instance containing the root certificate.

isCertificateAuthority

public boolean isCertificateAuthority()

Query if this bundle is for a certificate authority root certificate.

Returns:

true if the leaf certificate is a certificate authority, otherwise false.

isSelfSigned

public boolean isSelfSigned()

Query if this bundle is for a self-signed certificate.

Returns:

true if the leaf certificate is self-signed.

toTrustManager

public TrustManager toTrustManager()

Create a TrustManager instance that trusts the root certificate in this bundle.

Returns:

The new TrustManager.

toTrustManagerFactory

public TrustManagerFactory toTrustManagerFactory()

Create TrustManagerFactory instance that trusts the root certificate in this bundle.

The trust manager factory will use the default algorithm.

Returns:

The new TrustManagerFactory.

toTrustManagerFactory

public TrustManagerFactory toTrustManagerFactory(String algorithm)

Create TrustManagerFactory instance that trusts the root certificate in this bundle, with the given algorithm.

Returns:

The new TrustManagerFactory.

toKeyStore

public KeyStore toKeyStore(char[] keyEntryPassword)
                    throws KeyStoreException

Create a KeyStore with the contents of this bundle. The root certificate will be a trusted root in the key store. If this bundle has a private key, then the private key and certificate path will also be added to the key store.

The key store will use the PKCS#12 format.

Parameters:

keyEntryPassword - The password used to encrypt the private key entry in the key store.

Returns:

The key store.

Throws:

KeyStoreException - If an error occurred when adding entries to the key store.

toKeyStore

public KeyStore toKeyStore(String algorithm,
                           char[] keyEntryPassword)
                    throws KeyStoreException

Create a KeyStore with the contents of this bundle. The root certificate will be a trusted root in the key store. If this bundle has a private key, then the private key and certificate path will also be added to the key store.

The key store will use the format defined by the given algorithm.

Parameters:

keyEntryPassword - The password used to encrypt the private key entry in the key store.

Returns:

The key store.

Throws:

KeyStoreException - If an error occurred when adding entries to the key store.

toTempKeyStoreFile

public File toTempKeyStoreFile(char[] password)
                        throws Exception

Create a temporary PKCS#12 file with the key store of this bundle. The temporary file is automatically deleted when the JVM terminates normally.

Parameters:

password - The password used both to encrypt the private key in the key store, and to protect the key store itself.

Returns:

The File object with the path to the PKCS#12 key store.

Throws:

Exception - If something went wrong with creating the key store file.

toTempKeyStoreFile

public File toTempKeyStoreFile(char[] pkcs12Password,
                               char[] keyEntryPassword)
                        throws Exception

Create a temporary PKCS#12 file with the key store of this bundle. The temporary file is automatically deleted when the JVM terminates normally.

Parameters:

pkcs12Password - The password used to encrypt the PKCS#12 file.

keyEntryPassword - The password used to encrypt the private key entry in the PKCS#12 file.

Returns:

The File object with the path to the PKCS#12 key store.

Throws:

Exception - If something went wrong with creating the key store file.

toTempRootCertPem

public File toTempRootCertPem()
                       throws IOException

Create a temporary PEM file with the root certificate of this bundle. The temporary file is automatically deleted when the JVM terminates normally.

Returns:

The File object with the path to the trust root PEM file.

Throws:

IOException - If an IO error occurred when creating the trust root file.

toTempCertChainPem

public File toTempCertChainPem()
                        throws IOException

Create a temporary PEM file with the certificate chain of this bundle. The temporary file is automatically deleted when the JVM terminates normally.

Returns:

The File object with the path to the certificate chain PEM file.

Throws:

IOException - If an IO error occurred when creating the certificate chain file.

toTempPrivateKeyPem

public File toTempPrivateKeyPem()
                         throws IOException

Create a temporary PEM file with the private key of this bundle. The temporary file is automatically deleted when the JVM terminates normally.

Returns:

The File object with the path to the private key PEM file.

Throws:

IOException - If an IO error occurred when creating the private key file.

toKeyManagerFactory

public KeyManagerFactory toKeyManagerFactory()
                                      throws KeyStoreException,
                                             UnrecoverableKeyException,
                                             NoSuchAlgorithmException

Create a KeyManagerFactory from this bundle.

The KeyManagerFactory will use the default algorithm.

Returns:

The new KeyManagerFactory.

Throws:

KeyStoreException - If there was a problem creating or initializing the key store.

UnrecoverableKeyException - If the private key could not be recovered, for instance if this bundle is a certificate authority.

NoSuchAlgorithmException - If the key manager factory algorithm is not supported by the current security provider.

toKeyManagerFactory

public KeyManagerFactory toKeyManagerFactory(String algorithm)
                                      throws KeyStoreException,
                                             UnrecoverableKeyException,
                                             NoSuchAlgorithmException

Create a KeyManagerFactory from this bundle, using the given algorithm.

Returns:

The new KeyManagerFactory.

Throws:

KeyStoreException - If there was a problem creating or initializing the key store.

UnrecoverableKeyException - If the private key could not be recovered, for instance if this bundle is a certificate authority.

NoSuchAlgorithmException - If the key manager factory algorithm is not supported by the current security provider.