Class X509Bundle


  • public final class X509Bundle
    extends java.lang.Object
    A certificate bundle is a private key and a full certificate path, all the way to the root certificate. The bundle offers ways of accessing these, and converting them into various representations.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static X509Bundle fromCertificatePath​(java.security.cert.X509Certificate[] certPath, java.security.cert.X509Certificate root, java.security.KeyPair keyPair)
      Construct a bundle from a given certificate path, root certificate, and KeyPair.
      static X509Bundle fromRootCertificateAuthority​(java.security.cert.X509Certificate root, java.security.KeyPair keyPair)
      Construct a bundle for a certificate authority.
      java.security.cert.X509Certificate getCertificate()
      Get the leaf certificate of the bundle.
      java.security.cert.X509Certificate[] getCertificatePath()
      Get the certificate path, starting with the leaf certificate up to but excluding the root certificate.
      java.util.List<java.security.cert.X509Certificate> getCertificatePathList()
      Get the certificate path as a list, starting with the leaf certificate up to but excluding the root certificate.
      java.lang.String getCertificatePathPEM()
      Get the certificate path as a PEM encoded string.
      java.security.cert.X509Certificate[] getCertificatePathWithRoot()
      Get the certificate path, starting with the leaf certificate up to and including the root certificate.
      java.lang.String getCertificatePEM()
      Get the PEM encoded string of the leaf certificate.
      java.security.KeyPair getKeyPair()
      Get the key pair.
      java.lang.String getPrivateKeyPEM()
      Get the private key as a PEM encoded PKCS#8 string.
      java.security.cert.X509Certificate getRootCertificate()
      Get the root certificate that anchors the certificate path.
      java.lang.String getRootCertificatePEM()
      Get the root certificate as a PEM encoded string.
      java.security.cert.TrustAnchor getTrustAnchor()
      Get the root certificate as a new TrustAnchor object.
      boolean isCertificateAuthority()
      Query if this bundle is for a certificate authority root certificate.
      boolean isSelfSigned()
      Query if this bundle is for a self-signed certificate.
      javax.net.ssl.KeyManagerFactory toKeyManagerFactory()
      Create a KeyManagerFactory from this bundle.
      javax.net.ssl.KeyManagerFactory toKeyManagerFactory​(java.lang.String algorithm)
      Create a KeyManagerFactory from this bundle, using the given algorithm.
      java.security.KeyStore toKeyStore​(char[] keyEntryPassword)
      Create a KeyStore with the contents of this bundle.
      java.security.KeyStore toKeyStore​(java.lang.String algorithm, char[] keyEntryPassword)
      Create a KeyStore with the contents of this bundle.
      java.io.File toTempCertChainPem()
      Create a temporary PEM file with the certificate chain of this bundle.
      java.io.File toTempKeyStoreFile​(char[] password)
      Create a temporary PKCS#12 file with the key store of this bundle.
      java.io.File toTempKeyStoreFile​(char[] pkcs12Password, char[] keyEntryPassword)
      Create a temporary PKCS#12 file with the key store of this bundle.
      java.io.File toTempPrivateKeyPem()
      Create a temporary PEM file with the private key of this bundle.
      java.io.File toTempRootCertPem()
      Create a temporary PEM file with the root certificate of this bundle.
      javax.net.ssl.TrustManager toTrustManager()
      Create a TrustManager instance that trusts the root certificate in this bundle.
      javax.net.ssl.TrustManagerFactory toTrustManagerFactory()
      Create TrustManagerFactory instance that trusts the root certificate in this bundle.
      javax.net.ssl.TrustManagerFactory toTrustManagerFactory​(java.lang.String algorithm)
      Create TrustManagerFactory instance that trusts the root certificate in this bundle, with the given algorithm.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • fromRootCertificateAuthority

        public static X509Bundle fromRootCertificateAuthority​(java.security.cert.X509Certificate root,
                                                              java.security.KeyPair keyPair)
        Construct a bundle for a certificate authority.
        Parameters:
        root - The self-signed root certificate.
        keyPair - The key pair.
        Returns:
        The new bundle.
      • fromCertificatePath

        public static X509Bundle fromCertificatePath​(java.security.cert.X509Certificate[] certPath,
                                                     java.security.cert.X509Certificate root,
                                                     java.security.KeyPair keyPair)
        Construct a bundle from a given certificate path, root certificate, and KeyPair.
        Parameters:
        certPath - The certificate path, starting with the leaf certificate.The path can end either with the root certificate, or the intermediate certificate signed by the root certificate.
        root - The self-signed root certificate.
        keyPair - The key pair.
      • getCertificate

        public java.security.cert.X509Certificate getCertificate()
        Get the leaf certificate of the bundle. If this bundle is for a certificate authority, then this return the same as getRootCertificate().
        Returns:
        The leaf certificate.
      • getCertificatePEM

        public java.lang.String getCertificatePEM()
        Get the PEM encoded string of the leaf certificate.
        Returns:
        The certificate PEM string.
      • getCertificatePath

        public java.security.cert.X509Certificate[] getCertificatePath()
        Get the certificate path, starting with the leaf certificate up to but excluding the root certificate.
        Returns:
        The certificate path.
      • getCertificatePathWithRoot

        public java.security.cert.X509Certificate[] getCertificatePathWithRoot()
        Get the certificate path, starting with the leaf certificate up to and including the root certificate.
        Returns:
        The certificate path, including the root certificate.
      • getCertificatePathList

        public java.util.List<java.security.cert.X509Certificate> getCertificatePathList()
        Get the certificate path as a list, starting with the leaf certificate up to but excluding the root certificate.
        Returns:
        The certificate path list.
      • getCertificatePathPEM

        public java.lang.String getCertificatePathPEM()
        Get the certificate path as a PEM encoded string.
        Returns:
        The PEM encoded certificate path.
      • getKeyPair

        public java.security.KeyPair getKeyPair()
        Get the key pair.
        Returns:
        The key pair.
      • getRootCertificate

        public java.security.cert.X509Certificate getRootCertificate()
        Get the root certificate that anchors the certificate path.
        Returns:
        The root certificate.
      • getRootCertificatePEM

        public java.lang.String getRootCertificatePEM()
        Get the root certificate as a PEM encoded string.
        Returns:
        The PEM encoded root certificate.
      • getPrivateKeyPEM

        public java.lang.String getPrivateKeyPEM()
        Get the private key as a PEM encoded PKCS#8 string.
        Returns:
        The private key in PKCS#8 and PEM encoded string.
      • getTrustAnchor

        public java.security.cert.TrustAnchor getTrustAnchor()
        Get the root certificate as a new TrustAnchor object. Note that TrustAnchor instance have object identity, so if this method is called twice, the two trust anchors will not be equal to each other.
        Returns:
        A new TrustAnchor instance containing the root certificate.
      • isCertificateAuthority

        public boolean isCertificateAuthority()
        Query if this bundle is for a certificate authority root certificate.
        Returns:
        true if the leaf certificate is a certificate authority, otherwise false.
      • isSelfSigned

        public boolean isSelfSigned()
        Query if this bundle is for a self-signed certificate.
        Returns:
        true if the leaf certificate is self-signed.
      • toTrustManager

        public javax.net.ssl.TrustManager toTrustManager()
        Create a TrustManager instance that trusts the root certificate in this bundle.
        Returns:
        The new TrustManager.
      • toTrustManagerFactory

        public javax.net.ssl.TrustManagerFactory toTrustManagerFactory()
        Create TrustManagerFactory instance that trusts the root certificate in this bundle.

        The trust manager factory will use the default algorithm.

        Returns:
        The new TrustManagerFactory.
      • toTrustManagerFactory

        public javax.net.ssl.TrustManagerFactory toTrustManagerFactory​(java.lang.String algorithm)
        Create TrustManagerFactory instance that trusts the root certificate in this bundle, with the given algorithm.
        Returns:
        The new TrustManagerFactory.
      • toKeyStore

        public java.security.KeyStore toKeyStore​(char[] keyEntryPassword)
                                          throws java.security.KeyStoreException
        Create a KeyStore with the contents of this bundle. The root certificate will be a trusted root in the key store. If this bundle has a private key, then the private key and certificate path will also be added to the key store.

        The key store will use the PKCS#12 format.

        Parameters:
        keyEntryPassword - The password used to encrypt the private key entry in the key store.
        Returns:
        The key store.
        Throws:
        java.security.KeyStoreException - If an error occurred when adding entries to the key store.
      • toKeyStore

        public java.security.KeyStore toKeyStore​(java.lang.String algorithm,
                                                 char[] keyEntryPassword)
                                          throws java.security.KeyStoreException
        Create a KeyStore with the contents of this bundle. The root certificate will be a trusted root in the key store. If this bundle has a private key, then the private key and certificate path will also be added to the key store.

        The key store will use the format defined by the given algorithm.

        Parameters:
        keyEntryPassword - The password used to encrypt the private key entry in the key store.
        Returns:
        The key store.
        Throws:
        java.security.KeyStoreException - If an error occurred when adding entries to the key store.
      • toTempKeyStoreFile

        public java.io.File toTempKeyStoreFile​(char[] password)
                                        throws java.lang.Exception
        Create a temporary PKCS#12 file with the key store of this bundle. The temporary file is automatically deleted when the JVM terminates normally.
        Parameters:
        password - The password used both to encrypt the private key in the key store, and to protect the key store itself.
        Returns:
        The File object with the path to the PKCS#12 key store.
        Throws:
        java.lang.Exception - If something went wrong with creating the key store file.
      • toTempKeyStoreFile

        public java.io.File toTempKeyStoreFile​(char[] pkcs12Password,
                                               char[] keyEntryPassword)
                                        throws java.lang.Exception
        Create a temporary PKCS#12 file with the key store of this bundle. The temporary file is automatically deleted when the JVM terminates normally.
        Parameters:
        pkcs12Password - The password used to encrypt the PKCS#12 file.
        keyEntryPassword - The password used to encrypt the private key entry in the PKCS#12 file.
        Returns:
        The File object with the path to the PKCS#12 key store.
        Throws:
        java.lang.Exception - If something went wrong with creating the key store file.
      • toTempRootCertPem

        public java.io.File toTempRootCertPem()
                                       throws java.io.IOException
        Create a temporary PEM file with the root certificate of this bundle. The temporary file is automatically deleted when the JVM terminates normally.
        Returns:
        The File object with the path to the trust root PEM file.
        Throws:
        java.io.IOException - If an IO error occurred when creating the trust root file.
      • toTempCertChainPem

        public java.io.File toTempCertChainPem()
                                        throws java.io.IOException
        Create a temporary PEM file with the certificate chain of this bundle. The temporary file is automatically deleted when the JVM terminates normally.
        Returns:
        The File object with the path to the certificate chain PEM file.
        Throws:
        java.io.IOException - If an IO error occurred when creating the certificate chain file.
      • toTempPrivateKeyPem

        public java.io.File toTempPrivateKeyPem()
                                         throws java.io.IOException
        Create a temporary PEM file with the private key of this bundle. The temporary file is automatically deleted when the JVM terminates normally.
        Returns:
        The File object with the path to the private key PEM file.
        Throws:
        java.io.IOException - If an IO error occurred when creating the private key file.
      • toKeyManagerFactory

        public javax.net.ssl.KeyManagerFactory toKeyManagerFactory()
                                                            throws java.security.KeyStoreException,
                                                                   java.security.UnrecoverableKeyException,
                                                                   java.security.NoSuchAlgorithmException
        Create a KeyManagerFactory from this bundle.

        The KeyManagerFactory will use the default algorithm.

        Returns:
        The new KeyManagerFactory.
        Throws:
        java.security.KeyStoreException - If there was a problem creating or initializing the key store.
        java.security.UnrecoverableKeyException - If the private key could not be recovered, for instance if this bundle is a certificate authority.
        java.security.NoSuchAlgorithmException - If the key manager factory algorithm is not supported by the current security provider.
      • toKeyManagerFactory

        public javax.net.ssl.KeyManagerFactory toKeyManagerFactory​(java.lang.String algorithm)
                                                            throws java.security.KeyStoreException,
                                                                   java.security.UnrecoverableKeyException,
                                                                   java.security.NoSuchAlgorithmException
        Create a KeyManagerFactory from this bundle, using the given algorithm.
        Returns:
        The new KeyManagerFactory.
        Throws:
        java.security.KeyStoreException - If there was a problem creating or initializing the key store.
        java.security.UnrecoverableKeyException - If the private key could not be recovered, for instance if this bundle is a certificate authority.
        java.security.NoSuchAlgorithmException - If the key manager factory algorithm is not supported by the current security provider.