org.apache.commons.ssl
Class X509CertificateChainBuilder
java.lang.Object
org.apache.commons.ssl.X509CertificateChainBuilder
public class X509CertificateChainBuilder
- extends java.lang.Object
Utility for building X509 certificate chains.
- Since:
- 16-Nov-2005
- Author:
- Credit Union Central of British Columbia, www.cucbc.com, juliusdavies@cucbc.com
Method Summary |
static java.security.cert.X509Certificate[] |
buildPath(java.security.cert.X509Certificate startingPoint,
java.security.cert.Certificate[] certificates)
Builds the ordered certificate chain upwards from the startingPoint. |
static java.security.cert.X509Certificate[] |
buildPath(java.security.cert.X509Certificate startingPoint,
java.util.Collection certificates)
Builds the ordered certificate chain upwards from the startingPoint. |
static boolean |
isSelfSigned(java.security.cert.X509Certificate cert)
|
static void |
main(java.lang.String[] args)
|
static boolean |
verify(java.security.cert.X509Certificate cert,
java.security.PublicKey key)
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
X509CertificateChainBuilder
public X509CertificateChainBuilder()
buildPath
public static java.security.cert.X509Certificate[] buildPath(java.security.cert.X509Certificate startingPoint,
java.security.cert.Certificate[] certificates)
throws java.security.NoSuchAlgorithmException,
java.security.InvalidKeyException,
java.security.NoSuchProviderException,
java.security.cert.CertificateException
- Builds the ordered certificate chain upwards from the startingPoint.
Uses the supplied X509Certificate[] array to search for the parent,
grandparent, and higher ancestor certificates. Stops at self-signed
certificates, or when no ancestor can be found.
Thanks to Joe Whitney for helping me put together a Big-O( m * n )
implementation where m = the length of the final certificate chain.
For a while I was using a Big-O( n ^ 2 ) implementation!
- Parameters:
startingPoint
- the X509Certificate for which we want to find
ancestorscertificates
- A pool of certificates in which we expect to find
the startingPoint's ancestors.
- Returns:
- Array of X509Certificates, starting with the "startingPoint" and
ending with highest level ancestor we could find in the supplied
collection.
- Throws:
java.security.NoSuchAlgorithmException
- on unsupported signature
algorithms.
java.security.InvalidKeyException
- on incorrect key.
java.security.NoSuchProviderException
- if there's no default provider.
java.security.cert.CertificateException
- on encoding errors.
buildPath
public static java.security.cert.X509Certificate[] buildPath(java.security.cert.X509Certificate startingPoint,
java.util.Collection certificates)
throws java.security.NoSuchAlgorithmException,
java.security.InvalidKeyException,
java.security.NoSuchProviderException,
java.security.cert.CertificateException
- Builds the ordered certificate chain upwards from the startingPoint.
Uses the supplied collection to search for the parent, grandparent,
and higher ancestor certificates. Stops at self-signed certificates,
or when no ancestor can be found.
Thanks to Joe Whitney for helping me put together a Big-O( m * n )
implementation where m = the length of the final certificate chain.
For a while I was using a Big-O( n ^ 2 ) implementation!
- Parameters:
startingPoint
- the X509Certificate for which we want to find
ancestorscertificates
- A pool of certificates in which we expect to find
the startingPoint's ancestors.
- Returns:
- Array of X509Certificates, starting with the "startingPoint" and
ending with highest level ancestor we could find in the supplied
collection.
- Throws:
java.security.NoSuchAlgorithmException
- on unsupported signature
algorithms.
java.security.InvalidKeyException
- on incorrect key.
java.security.NoSuchProviderException
- if there's no default provider.
java.security.cert.CertificateException
- on encoding errors.
isSelfSigned
public static boolean isSelfSigned(java.security.cert.X509Certificate cert)
throws java.security.cert.CertificateException,
java.security.InvalidKeyException,
java.security.NoSuchAlgorithmException,
java.security.NoSuchProviderException
- Throws:
java.security.cert.CertificateException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
java.security.NoSuchProviderException
verify
public static boolean verify(java.security.cert.X509Certificate cert,
java.security.PublicKey key)
throws java.security.cert.CertificateException,
java.security.InvalidKeyException,
java.security.NoSuchAlgorithmException,
java.security.NoSuchProviderException
- Throws:
java.security.cert.CertificateException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
java.security.NoSuchProviderException
main
public static void main(java.lang.String[] args)
throws java.lang.Exception
- Throws:
java.lang.Exception