Class X509Bundle

java.lang.Object
io.netty.pkitesting.X509Bundle
public final class X509Bundle extends Object
A certificate bundle is a private key and a full certificate path, all the way to the root certificate. The bundle offers ways of accessing these, and converting them into various representations.

  • Method Details

    • fromRootCertificateAuthority

      public static X509Bundle fromRootCertificateAuthority(X509Certificate root, KeyPair keyPair)
      Construct a bundle for a certificate authority.
      Parameters:
      root - The self-signed root certificate.
      keyPair - The key pair.
      Returns:
      The new bundle.

    • fromCertificatePath

      public static X509Bundle fromCertificatePath(X509Certificate[] certPath, X509Certificate root, KeyPair keyPair)
      Construct a bundle from a given certificate path, root certificate, and KeyPair.
      Parameters:
      certPath - The certificate path, starting with the leaf certificate.The path can end either with the root certificate, or the intermediate certificate signed by the root certificate.
      root - The self-signed root certificate.
      keyPair - The key pair.

    • getCertificate

      public X509Certificate getCertificate()
      Get the leaf certificate of the bundle. If this bundle is for a certificate authority, then this return the same as getRootCertificate().
      Returns:
      The leaf certificate.

    • getCertificatePEM

      public String getCertificatePEM()
      Get the PEM encoded string of the leaf certificate.
      Returns:
      The certificate PEM string.

    • getCertificatePath

      public X509Certificate[] getCertificatePath()
      Get the certificate path, starting with the leaf certificate up to but excluding the root certificate.
      Returns:
      The certificate path.

    • getCertificatePathWithRoot

      public X509Certificate[] getCertificatePathWithRoot()
      Get the certificate path, starting with the leaf certificate up to and including the root certificate.
      Returns:
      The certificate path, including the root certificate.

    • getCertificatePathList

      public List<X509Certificate> getCertificatePathList()
      Get the certificate path as a list, starting with the leaf certificate up to but excluding the root certificate.
      Returns:
      The certificate path list.

    • getCertificatePathPEM

      public String getCertificatePathPEM()
      Get the certificate path as a PEM encoded string.
      Returns:
      The PEM encoded certificate path.

    • getKeyPair

      public KeyPair getKeyPair()
      Get the key pair.
      Returns:
      The key pair.

    • getRootCertificate

      public X509Certificate getRootCertificate()
      Get the root certificate that anchors the certificate path.
      Returns:
      The root certificate.

    • getRootCertificatePEM

      public String getRootCertificatePEM()
      Get the root certificate as a PEM encoded string.
      Returns:
      The PEM encoded root certificate.

    • getPrivateKeyPEM

      public String getPrivateKeyPEM()
      Get the private key as a PEM encoded PKCS#8 string.
      Returns:
      The private key in PKCS#8 and PEM encoded string.

    • getTrustAnchor

      public TrustAnchor getTrustAnchor()
      Get the root certificate as a new TrustAnchor object. Note that TrustAnchor instance have object identity, so if this method is called twice, the two trust anchors will not be equal to each other.
      Returns:
      A new TrustAnchor instance containing the root certificate.

    • isCertificateAuthority

      public boolean isCertificateAuthority()
      Query if this bundle is for a certificate authority root certificate.
      Returns:
      true if the leaf certificate is a certificate authority, otherwise false.

    • isSelfSigned

      public boolean isSelfSigned()
      Query if this bundle is for a self-signed certificate.
      Returns:
      true if the leaf certificate is self-signed.

    • toTrustManager

      public TrustManager toTrustManager()
      Create a TrustManager instance that trusts the root certificate in this bundle.
      Returns:
      The new TrustManager.

    • toTrustManagerFactory

      public TrustManagerFactory toTrustManagerFactory()
      Create TrustManagerFactory instance that trusts the root certificate in this bundle.

      The trust manager factory will use the default algorithm.

      Returns:
      The new TrustManagerFactory.

    • toTrustManagerFactory

      public TrustManagerFactory toTrustManagerFactory(String algorithm)
      Create TrustManagerFactory instance that trusts the root certificate in this bundle, with the given algorithm.
      Returns:
      The new TrustManagerFactory.

    • toKeyStore

      public KeyStore toKeyStore(char[] keyEntryPassword) throws KeyStoreException
      Create a KeyStore with the contents of this bundle. The root certificate will be a trusted root in the key store. If this bundle has a private key, then the private key and certificate path will also be added to the key store.

      The key store will use the PKCS#12 format.

      Parameters:
      keyEntryPassword - The password used to encrypt the private key entry in the key store.
      Returns:
      The key store.
      Throws:
      KeyStoreException - If an error occurred when adding entries to the key store.

    • toKeyStore

      public KeyStore toKeyStore(String algorithm, char[] keyEntryPassword) throws KeyStoreException
      Create a KeyStore with the contents of this bundle. The root certificate will be a trusted root in the key store. If this bundle has a private key, then the private key and certificate path will also be added to the key store.

      The key store will use the format defined by the given algorithm.

      Parameters:
      keyEntryPassword - The password used to encrypt the private key entry in the key store.
      Returns:
      The key store.
      Throws:
      KeyStoreException - If an error occurred when adding entries to the key store.

    • toTempKeyStoreFile

      public File toTempKeyStoreFile(char[] password) throws Exception
      Create a temporary PKCS#12 file with the key store of this bundle. The temporary file is automatically deleted when the JVM terminates normally.
      Parameters:
      password - The password used both to encrypt the private key in the key store, and to protect the key store itself.
      Returns:
      The File object with the path to the PKCS#12 key store.
      Throws:
      Exception - If something went wrong with creating the key store file.

    • toTempKeyStoreFile

      public File toTempKeyStoreFile(char[] pkcs12Password, char[] keyEntryPassword) throws Exception
      Create a temporary PKCS#12 file with the key store of this bundle. The temporary file is automatically deleted when the JVM terminates normally.
      Parameters:
      pkcs12Password - The password used to encrypt the PKCS#12 file.
      keyEntryPassword - The password used to encrypt the private key entry in the PKCS#12 file.
      Returns:
      The File object with the path to the PKCS#12 key store.
      Throws:
      Exception - If something went wrong with creating the key store file.

    • toTempRootCertPem

      public File toTempRootCertPem() throws IOException
      Create a temporary PEM file with the root certificate of this bundle. The temporary file is automatically deleted when the JVM terminates normally.
      Returns:
      The File object with the path to the trust root PEM file.
      Throws:
      IOException - If an IO error occurred when creating the trust root file.

    • toTempCertChainPem

      public File toTempCertChainPem() throws IOException
      Create a temporary PEM file with the certificate chain of this bundle. The temporary file is automatically deleted when the JVM terminates normally.
      Returns:
      The File object with the path to the certificate chain PEM file.
      Throws:
      IOException - If an IO error occurred when creating the certificate chain file.

    • toTempPrivateKeyPem

      public File toTempPrivateKeyPem() throws IOException
      Create a temporary PEM file with the private key of this bundle. The temporary file is automatically deleted when the JVM terminates normally.
      Returns:
      The File object with the path to the private key PEM file.
      Throws:
      IOException - If an IO error occurred when creating the private key file.

    • toKeyManagerFactory

      public KeyManagerFactory toKeyManagerFactory() throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException
      Create a KeyManagerFactory from this bundle.

      The KeyManagerFactory will use the default algorithm.

      Returns:
      The new KeyManagerFactory.
      Throws:
      KeyStoreException - If there was a problem creating or initializing the key store.
      UnrecoverableKeyException - If the private key could not be recovered, for instance if this bundle is a certificate authority.
      NoSuchAlgorithmException - If the key manager factory algorithm is not supported by the current security provider.

    • toKeyManagerFactory

      public KeyManagerFactory toKeyManagerFactory(String algorithm) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException
      Create a KeyManagerFactory from this bundle, using the given algorithm.
      Returns:
      The new KeyManagerFactory.
      Throws:
      KeyStoreException - If there was a problem creating or initializing the key store.
      UnrecoverableKeyException - If the private key could not be recovered, for instance if this bundle is a certificate authority.
      NoSuchAlgorithmException - If the key manager factory algorithm is not supported by the current security provider.

    • mergeIntermediates

      public X509Bundle mergeIntermediates(X509Bundle other)
      Create a new X509Bundle that has the leaf and root certificates of this bundle, but a certificate path that is the combination all the intermediate certificates of both this and the given bundle.

      This is useful when building a bundle with a cross-signed certificate, or when you just want to have additional unrelated intermediate certificates in the path.

      Parameters:
      other - The other bundle.
      Returns:
      A new X509Bundle that has the leaf and root of this bundle, but the combined intermediates of both bundles.