org.apache.commons.ssl

Class X509CertificateChainBuilder

java.lang.Object

org.apache.commons.ssl.X509CertificateChainBuilder

public class X509CertificateChainBuilder
extends java.lang.Object

Utility for building X509 certificate chains.

Since:

16-Nov-2005

Author:

Credit Union Central of British Columbia, www.cucbc.com, juliusdavies@cucbc.com

Constructor Summary

Constructors

Constructor and Description
X509CertificateChainBuilder()

Method Summary

Methods

Modifier and Type	Method and Description
static java.security.cert.X509Certificate[]	buildPath(java.security.cert.X509Certificate startingPoint, java.security.cert.Certificate[] certificates) Builds the ordered certificate chain upwards from the startingPoint.
static java.security.cert.X509Certificate[]	buildPath(java.security.cert.X509Certificate startingPoint, java.util.Collection certificates) Builds the ordered certificate chain upwards from the startingPoint.
static boolean	isSelfSigned(java.security.cert.X509Certificate cert)
static void	main(java.lang.String[] args)
static boolean	verify(java.security.cert.X509Certificate cert, java.security.PublicKey key)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509CertificateChainBuilder

public X509CertificateChainBuilder()

Method Detail

buildPath

public static java.security.cert.X509Certificate[] buildPath(java.security.cert.X509Certificate startingPoint,
                                             java.security.cert.Certificate[] certificates)
                                                      throws java.security.NoSuchAlgorithmException,
                                                             java.security.InvalidKeyException,
                                                             java.security.NoSuchProviderException,
                                                             java.security.cert.CertificateException

Builds the ordered certificate chain upwards from the startingPoint. Uses the supplied X509Certificate[] array to search for the parent, grandparent, and higher ancestor certificates. Stops at self-signed certificates, or when no ancestor can be found.

Thanks to Joe Whitney for helping me put together a Big-O( m * n ) implementation where m = the length of the final certificate chain. For a while I was using a Big-O( n ^ 2 ) implementation!

Parameters:

startingPoint - the X509Certificate for which we want to find ancestors

certificates - A pool of certificates in which we expect to find the startingPoint's ancestors.

Returns:

Array of X509Certificates, starting with the "startingPoint" and ending with highest level ancestor we could find in the supplied collection.

Throws:

java.security.NoSuchAlgorithmException - on unsupported signature algorithms.

java.security.InvalidKeyException - on incorrect key.

java.security.NoSuchProviderException - if there's no default provider.

java.security.cert.CertificateException - on encoding errors.

buildPath

public static java.security.cert.X509Certificate[] buildPath(java.security.cert.X509Certificate startingPoint,
                                             java.util.Collection certificates)
                                                      throws java.security.NoSuchAlgorithmException,
                                                             java.security.InvalidKeyException,
                                                             java.security.NoSuchProviderException,
                                                             java.security.cert.CertificateException

Builds the ordered certificate chain upwards from the startingPoint. Uses the supplied collection to search for the parent, grandparent, and higher ancestor certificates. Stops at self-signed certificates, or when no ancestor can be found.

Thanks to Joe Whitney for helping me put together a Big-O( m * n ) implementation where m = the length of the final certificate chain. For a while I was using a Big-O( n ^ 2 ) implementation!

Parameters:

startingPoint - the X509Certificate for which we want to find ancestors

certificates - A pool of certificates in which we expect to find the startingPoint's ancestors.

Returns:

Array of X509Certificates, starting with the "startingPoint" and ending with highest level ancestor we could find in the supplied collection.

Throws:

java.security.NoSuchAlgorithmException - on unsupported signature algorithms.

java.security.InvalidKeyException - on incorrect key.

java.security.NoSuchProviderException - if there's no default provider.

java.security.cert.CertificateException - on encoding errors.

isSelfSigned

public static boolean isSelfSigned(java.security.cert.X509Certificate cert)
                            throws java.security.cert.CertificateException,
                                   java.security.InvalidKeyException,
                                   java.security.NoSuchAlgorithmException,
                                   java.security.NoSuchProviderException

Throws:

java.security.cert.CertificateException

java.security.InvalidKeyException

java.security.NoSuchAlgorithmException

java.security.NoSuchProviderException

verify

public static boolean verify(java.security.cert.X509Certificate cert,
             java.security.PublicKey key)
                      throws java.security.cert.CertificateException,
                             java.security.InvalidKeyException,
                             java.security.NoSuchAlgorithmException,
                             java.security.NoSuchProviderException

Throws:

java.security.cert.CertificateException

java.security.InvalidKeyException

java.security.NoSuchAlgorithmException

java.security.NoSuchProviderException

main

public static void main(java.lang.String[] args)
                 throws java.lang.Exception

Throws:

java.lang.Exception