org.apache.commons.ssl
Class X509CertificateChainBuilder

java.lang.Object
  extended by org.apache.commons.ssl.X509CertificateChainBuilder

public class X509CertificateChainBuilder
extends java.lang.Object

Utility for building X509 certificate chains.

Since:
16-Nov-2005
Author:
Credit Union Central of British Columbia, www.cucbc.com, juliusdavies@cucbc.com

Constructor Summary
X509CertificateChainBuilder()
           
 
Method Summary
static java.security.cert.X509Certificate[] buildPath(java.security.cert.X509Certificate startingPoint, java.security.cert.Certificate[] certificates)
          Builds the ordered certificate chain upwards from the startingPoint.
static java.security.cert.X509Certificate[] buildPath(java.security.cert.X509Certificate startingPoint, java.util.Collection certificates)
          Builds the ordered certificate chain upwards from the startingPoint.
static boolean isSelfSigned(java.security.cert.X509Certificate cert)
           
static void main(java.lang.String[] args)
           
static boolean verify(java.security.cert.X509Certificate cert, java.security.PublicKey key)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

X509CertificateChainBuilder

public X509CertificateChainBuilder()
Method Detail

buildPath

public static java.security.cert.X509Certificate[] buildPath(java.security.cert.X509Certificate startingPoint,
                                                             java.security.cert.Certificate[] certificates)
                                                      throws java.security.NoSuchAlgorithmException,
                                                             java.security.InvalidKeyException,
                                                             java.security.NoSuchProviderException,
                                                             java.security.cert.CertificateException
Builds the ordered certificate chain upwards from the startingPoint. Uses the supplied X509Certificate[] array to search for the parent, grandparent, and higher ancestor certificates. Stops at self-signed certificates, or when no ancestor can be found.

Thanks to Joe Whitney for helping me put together a Big-O( m * n ) implementation where m = the length of the final certificate chain. For a while I was using a Big-O( n ^ 2 ) implementation!

Parameters:
startingPoint - the X509Certificate for which we want to find ancestors
certificates - A pool of certificates in which we expect to find the startingPoint's ancestors.
Returns:
Array of X509Certificates, starting with the "startingPoint" and ending with highest level ancestor we could find in the supplied collection.
Throws:
java.security.NoSuchAlgorithmException - on unsupported signature algorithms.
java.security.InvalidKeyException - on incorrect key.
java.security.NoSuchProviderException - if there's no default provider.
java.security.cert.CertificateException - on encoding errors.

buildPath

public static java.security.cert.X509Certificate[] buildPath(java.security.cert.X509Certificate startingPoint,
                                                             java.util.Collection certificates)
                                                      throws java.security.NoSuchAlgorithmException,
                                                             java.security.InvalidKeyException,
                                                             java.security.NoSuchProviderException,
                                                             java.security.cert.CertificateException
Builds the ordered certificate chain upwards from the startingPoint. Uses the supplied collection to search for the parent, grandparent, and higher ancestor certificates. Stops at self-signed certificates, or when no ancestor can be found.

Thanks to Joe Whitney for helping me put together a Big-O( m * n ) implementation where m = the length of the final certificate chain. For a while I was using a Big-O( n ^ 2 ) implementation!

Parameters:
startingPoint - the X509Certificate for which we want to find ancestors
certificates - A pool of certificates in which we expect to find the startingPoint's ancestors.
Returns:
Array of X509Certificates, starting with the "startingPoint" and ending with highest level ancestor we could find in the supplied collection.
Throws:
java.security.NoSuchAlgorithmException - on unsupported signature algorithms.
java.security.InvalidKeyException - on incorrect key.
java.security.NoSuchProviderException - if there's no default provider.
java.security.cert.CertificateException - on encoding errors.

isSelfSigned

public static boolean isSelfSigned(java.security.cert.X509Certificate cert)
                            throws java.security.cert.CertificateException,
                                   java.security.InvalidKeyException,
                                   java.security.NoSuchAlgorithmException,
                                   java.security.NoSuchProviderException
Throws:
java.security.cert.CertificateException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
java.security.NoSuchProviderException

verify

public static boolean verify(java.security.cert.X509Certificate cert,
                             java.security.PublicKey key)
                      throws java.security.cert.CertificateException,
                             java.security.InvalidKeyException,
                             java.security.NoSuchAlgorithmException,
                             java.security.NoSuchProviderException
Throws:
java.security.cert.CertificateException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
java.security.NoSuchProviderException

main

public static void main(java.lang.String[] args)
                 throws java.lang.Exception
Throws:
java.lang.Exception