Package io.netty.pkitesting
Class X509Bundle
- java.lang.Object
-
- io.netty.pkitesting.X509Bundle
-
public final class X509Bundle extends java.lang.Object
A certificate bundle is a private key and a full certificate path, all the way to the root certificate. The bundle offers ways of accessing these, and converting them into various representations.
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static X509Bundle
fromCertificatePath(java.security.cert.X509Certificate[] certPath, java.security.cert.X509Certificate root, java.security.KeyPair keyPair)
Construct a bundle from a given certificate path, root certificate, andKeyPair
.static X509Bundle
fromRootCertificateAuthority(java.security.cert.X509Certificate root, java.security.KeyPair keyPair)
Construct a bundle for a certificate authority.java.security.cert.X509Certificate
getCertificate()
Get the leaf certificate of the bundle.java.security.cert.X509Certificate[]
getCertificatePath()
Get the certificate path, starting with the leaf certificate up to but excluding the root certificate.java.util.List<java.security.cert.X509Certificate>
getCertificatePathList()
Get the certificate path as a list, starting with the leaf certificate up to but excluding the root certificate.java.lang.String
getCertificatePathPEM()
Get the certificate path as a PEM encoded string.java.security.cert.X509Certificate[]
getCertificatePathWithRoot()
Get the certificate path, starting with the leaf certificate up to and including the root certificate.java.lang.String
getCertificatePEM()
Get the PEM encoded string of the leaf certificate.java.security.KeyPair
getKeyPair()
Get the key pair.java.lang.String
getPrivateKeyPEM()
Get the private key as a PEM encoded PKCS#8 string.java.security.cert.X509Certificate
getRootCertificate()
Get the root certificate that anchors the certificate path.java.lang.String
getRootCertificatePEM()
Get the root certificate as a PEM encoded string.java.security.cert.TrustAnchor
getTrustAnchor()
Get the root certificate as a newTrustAnchor
object.boolean
isCertificateAuthority()
Query if this bundle is for a certificate authority root certificate.boolean
isSelfSigned()
Query if this bundle is for a self-signed certificate.javax.net.ssl.KeyManagerFactory
toKeyManagerFactory()
Create aKeyManagerFactory
from this bundle.javax.net.ssl.KeyManagerFactory
toKeyManagerFactory(java.lang.String algorithm)
Create aKeyManagerFactory
from this bundle, using the given algorithm.java.security.KeyStore
toKeyStore(char[] keyEntryPassword)
Create aKeyStore
with the contents of this bundle.java.security.KeyStore
toKeyStore(java.lang.String algorithm, char[] keyEntryPassword)
Create aKeyStore
with the contents of this bundle.java.io.File
toTempCertChainPem()
Create a temporary PEM file with the certificate chain of this bundle.java.io.File
toTempKeyStoreFile(char[] password)
Create a temporary PKCS#12 file with the key store of this bundle.java.io.File
toTempKeyStoreFile(char[] pkcs12Password, char[] keyEntryPassword)
Create a temporary PKCS#12 file with the key store of this bundle.java.io.File
toTempPrivateKeyPem()
Create a temporary PEM file with the private key of this bundle.java.io.File
toTempRootCertPem()
Create a temporary PEM file with the root certificate of this bundle.javax.net.ssl.TrustManager
toTrustManager()
Create aTrustManager
instance that trusts the root certificate in this bundle.javax.net.ssl.TrustManagerFactory
toTrustManagerFactory()
CreateTrustManagerFactory
instance that trusts the root certificate in this bundle.javax.net.ssl.TrustManagerFactory
toTrustManagerFactory(java.lang.String algorithm)
CreateTrustManagerFactory
instance that trusts the root certificate in this bundle, with the given algorithm.
-
-
-
Method Detail
-
fromRootCertificateAuthority
public static X509Bundle fromRootCertificateAuthority(java.security.cert.X509Certificate root, java.security.KeyPair keyPair)
Construct a bundle for a certificate authority.- Parameters:
root
- The self-signed root certificate.keyPair
- The key pair.- Returns:
- The new bundle.
-
fromCertificatePath
public static X509Bundle fromCertificatePath(java.security.cert.X509Certificate[] certPath, java.security.cert.X509Certificate root, java.security.KeyPair keyPair)
Construct a bundle from a given certificate path, root certificate, andKeyPair
.- Parameters:
certPath
- The certificate path, starting with the leaf certificate.The path can end either with the root certificate, or the intermediate certificate signed by the root certificate.root
- The self-signed root certificate.keyPair
- The key pair.
-
getCertificate
public java.security.cert.X509Certificate getCertificate()
Get the leaf certificate of the bundle. If this bundle is for a certificate authority, then this return the same asgetRootCertificate()
.- Returns:
- The leaf certificate.
-
getCertificatePEM
public java.lang.String getCertificatePEM()
Get the PEM encoded string of the leaf certificate.- Returns:
- The certificate PEM string.
-
getCertificatePath
public java.security.cert.X509Certificate[] getCertificatePath()
Get the certificate path, starting with the leaf certificate up to but excluding the root certificate.- Returns:
- The certificate path.
-
getCertificatePathWithRoot
public java.security.cert.X509Certificate[] getCertificatePathWithRoot()
Get the certificate path, starting with the leaf certificate up to and including the root certificate.- Returns:
- The certificate path, including the root certificate.
-
getCertificatePathList
public java.util.List<java.security.cert.X509Certificate> getCertificatePathList()
Get the certificate path as a list, starting with the leaf certificate up to but excluding the root certificate.- Returns:
- The certificate path list.
-
getCertificatePathPEM
public java.lang.String getCertificatePathPEM()
Get the certificate path as a PEM encoded string.- Returns:
- The PEM encoded certificate path.
-
getKeyPair
public java.security.KeyPair getKeyPair()
Get the key pair.- Returns:
- The key pair.
-
getRootCertificate
public java.security.cert.X509Certificate getRootCertificate()
Get the root certificate that anchors the certificate path.- Returns:
- The root certificate.
-
getRootCertificatePEM
public java.lang.String getRootCertificatePEM()
Get the root certificate as a PEM encoded string.- Returns:
- The PEM encoded root certificate.
-
getPrivateKeyPEM
public java.lang.String getPrivateKeyPEM()
Get the private key as a PEM encoded PKCS#8 string.- Returns:
- The private key in PKCS#8 and PEM encoded string.
-
getTrustAnchor
public java.security.cert.TrustAnchor getTrustAnchor()
Get the root certificate as a newTrustAnchor
object. Note thatTrustAnchor
instance have object identity, so if this method is called twice, the two trust anchors will not be equal to each other.- Returns:
- A new
TrustAnchor
instance containing the root certificate.
-
isCertificateAuthority
public boolean isCertificateAuthority()
Query if this bundle is for a certificate authority root certificate.- Returns:
true
if the leaf certificate is a certificate authority, otherwisefalse
.
-
isSelfSigned
public boolean isSelfSigned()
Query if this bundle is for a self-signed certificate.- Returns:
true
if the leaf certificate is self-signed.
-
toTrustManager
public javax.net.ssl.TrustManager toTrustManager()
Create aTrustManager
instance that trusts the root certificate in this bundle.- Returns:
- The new
TrustManager
.
-
toTrustManagerFactory
public javax.net.ssl.TrustManagerFactory toTrustManagerFactory()
CreateTrustManagerFactory
instance that trusts the root certificate in this bundle.The trust manager factory will use the default algorithm.
- Returns:
- The new
TrustManagerFactory
.
-
toTrustManagerFactory
public javax.net.ssl.TrustManagerFactory toTrustManagerFactory(java.lang.String algorithm)
CreateTrustManagerFactory
instance that trusts the root certificate in this bundle, with the given algorithm.- Returns:
- The new
TrustManagerFactory
.
-
toKeyStore
public java.security.KeyStore toKeyStore(char[] keyEntryPassword) throws java.security.KeyStoreException
Create aKeyStore
with the contents of this bundle. The root certificate will be a trusted root in the key store. If this bundle has a private key, then the private key and certificate path will also be added to the key store.The key store will use the PKCS#12 format.
- Parameters:
keyEntryPassword
- The password used to encrypt the private key entry in the key store.- Returns:
- The key store.
- Throws:
java.security.KeyStoreException
- If an error occurred when adding entries to the key store.
-
toKeyStore
public java.security.KeyStore toKeyStore(java.lang.String algorithm, char[] keyEntryPassword) throws java.security.KeyStoreException
Create aKeyStore
with the contents of this bundle. The root certificate will be a trusted root in the key store. If this bundle has a private key, then the private key and certificate path will also be added to the key store.The key store will use the format defined by the given algorithm.
- Parameters:
keyEntryPassword
- The password used to encrypt the private key entry in the key store.- Returns:
- The key store.
- Throws:
java.security.KeyStoreException
- If an error occurred when adding entries to the key store.
-
toTempKeyStoreFile
public java.io.File toTempKeyStoreFile(char[] password) throws java.lang.Exception
Create a temporary PKCS#12 file with the key store of this bundle. The temporary file is automatically deleted when the JVM terminates normally.- Parameters:
password
- The password used both to encrypt the private key in the key store, and to protect the key store itself.- Returns:
- The
File
object with the path to the PKCS#12 key store. - Throws:
java.lang.Exception
- If something went wrong with creating the key store file.
-
toTempKeyStoreFile
public java.io.File toTempKeyStoreFile(char[] pkcs12Password, char[] keyEntryPassword) throws java.lang.Exception
Create a temporary PKCS#12 file with the key store of this bundle. The temporary file is automatically deleted when the JVM terminates normally.- Parameters:
pkcs12Password
- The password used to encrypt the PKCS#12 file.keyEntryPassword
- The password used to encrypt the private key entry in the PKCS#12 file.- Returns:
- The
File
object with the path to the PKCS#12 key store. - Throws:
java.lang.Exception
- If something went wrong with creating the key store file.
-
toTempRootCertPem
public java.io.File toTempRootCertPem() throws java.io.IOException
Create a temporary PEM file with the root certificate of this bundle. The temporary file is automatically deleted when the JVM terminates normally.- Returns:
- The
File
object with the path to the trust root PEM file. - Throws:
java.io.IOException
- If an IO error occurred when creating the trust root file.
-
toTempCertChainPem
public java.io.File toTempCertChainPem() throws java.io.IOException
Create a temporary PEM file with the certificate chain of this bundle. The temporary file is automatically deleted when the JVM terminates normally.- Returns:
- The
File
object with the path to the certificate chain PEM file. - Throws:
java.io.IOException
- If an IO error occurred when creating the certificate chain file.
-
toTempPrivateKeyPem
public java.io.File toTempPrivateKeyPem() throws java.io.IOException
Create a temporary PEM file with the private key of this bundle. The temporary file is automatically deleted when the JVM terminates normally.- Returns:
- The
File
object with the path to the private key PEM file. - Throws:
java.io.IOException
- If an IO error occurred when creating the private key file.
-
toKeyManagerFactory
public javax.net.ssl.KeyManagerFactory toKeyManagerFactory() throws java.security.KeyStoreException, java.security.UnrecoverableKeyException, java.security.NoSuchAlgorithmException
Create aKeyManagerFactory
from this bundle.The
KeyManagerFactory
will use the default algorithm.- Returns:
- The new
KeyManagerFactory
. - Throws:
java.security.KeyStoreException
- If there was a problem creating or initializing the key store.java.security.UnrecoverableKeyException
- If the private key could not be recovered, for instance if this bundle is a certificate authority.java.security.NoSuchAlgorithmException
- If the key manager factory algorithm is not supported by the current security provider.
-
toKeyManagerFactory
public javax.net.ssl.KeyManagerFactory toKeyManagerFactory(java.lang.String algorithm) throws java.security.KeyStoreException, java.security.UnrecoverableKeyException, java.security.NoSuchAlgorithmException
Create aKeyManagerFactory
from this bundle, using the given algorithm.- Returns:
- The new
KeyManagerFactory
. - Throws:
java.security.KeyStoreException
- If there was a problem creating or initializing the key store.java.security.UnrecoverableKeyException
- If the private key could not be recovered, for instance if this bundle is a certificate authority.java.security.NoSuchAlgorithmException
- If the key manager factory algorithm is not supported by the current security provider.
-
-