Add method to write full certificate

2018-07-07 17:42:34 +02:00 · 2018-07-07 17:42:34 +02:00 · d6b4a43847
parent 69fbe81e2d
commit d6b4a43847
4 changed files with 44 additions and 13 deletions
--- a/acme4j-example/src/main/java/org/shredzone/acme4j/ClientTest.java
+++ b/acme4j-example/src/main/java/org/shredzone/acme4j/ClientTest.java
@ -113,12 +113,11 @@ public class ClientTest {
        LOG.info("Certificate URL: " + certificate.getLocation());
        // Download the leaf certificate and certificate chain.
-        X509Certificate cert = certificate.download();
+        X509Certificate[] fullChain = certificate.downloadFullChain();
        X509Certificate[] chain = certificate.downloadChain();
        // Write a combined file containing the certificate and chain.
        try (FileWriter fw = new FileWriter(DOMAIN_CHAIN_FILE)) {
-            CertificateUtils.writeX509CertificateChain(fw, cert, chain);
+            CertificateUtils.writeX509Certificates(fw, fullChain);
        }
        // That's all! Configure your web server to use the DOMAIN_KEY_FILE and
--- a/acme4j-utils/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java
+++ b/acme4j-utils/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java
@ -39,6 +39,7 @@ import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
 import org.shredzone.acme4j.Certificate;
 /**
 * Utility class offering convenience methods for certificates.
@ -107,7 +108,10 @@ public final class CertificateUtils {
     * @param chain
     *            {@link X509Certificate} chain to add to the certificate. {@code null}
     *            values are ignored, array may be empty.
     * @deprecated use {@link Certificate#downloadFullChain()} and
     *             {@link #writeX509Certificates(Writer, X509Certificate[])} instead
     */
    @Deprecated
    public static void writeX509CertificateChain(Writer w, X509Certificate cert, X509Certificate... chain)
                throws IOException {
        try (JcaPEMWriter jw = new JcaPEMWriter(w)) {
@ -118,6 +122,22 @@ public final class CertificateUtils {
        }
    }
    /**
     * Writes multiple X.509 certificates to a PEM file.
     *
     * @param w
     *            {@link Writer} to write the certificate chain to. The {@link Writer} is
     *            closed after use.
     * @param certs
     *            {@link X509Certificate} certificates to add to the certificate.
     *            {@code null} values are ignored, array may be empty.
     * @since 1.1
     */
    public static void writeX509Certificates(Writer w, X509Certificate... certs)
                throws IOException {
        writeX509CertificateChain(w, null, certs);
    }
    /**
     * Writes an {@link X509Certificate} unless it is {@code null}.
     *
--- a/acme4j-utils/src/test/java/org/shredzone/acme4j/util/CertificateUtilsTest.java
+++ b/acme4j-utils/src/test/java/org/shredzone/acme4j/util/CertificateUtilsTest.java
@ -87,6 +87,7 @@ public class CertificateUtilsTest {
     * writes a correct chain.
     */
    @Test
    @SuppressWarnings("deprecation")
    public void testWriteX509CertificateChain() throws IOException, CertificateException {
        X509Certificate leaf = createCertificate();
        X509Certificate chain1 = createCertificate();
@ -116,6 +117,25 @@ public class CertificateUtilsTest {
            out = w.toString();
        }
        assertThat(countCertificates(out), is(3));
        try (StringWriter w = new StringWriter()) {
            CertificateUtils.writeX509Certificates(w, leaf);
            out = w.toString();
        }
        assertThat(countCertificates(out), is(1));
        try (StringWriter w = new StringWriter()) {
            CertificateUtils.writeX509Certificates(w, leaf, chain1);
            out = w.toString();
        }
        assertThat(countCertificates(out), is(2));
        try (StringWriter w = new StringWriter()) {
            CertificateUtils.writeX509Certificates(w,
                    new X509Certificate[] { leaf, chain1 });
            out = w.toString();
        }
        assertThat(countCertificates(out), is(2));
    }
    /**
--- a/src/site/markdown/usage/certificate.md
+++ b/src/site/markdown/usage/certificate.md
@ -65,15 +65,7 @@ Most web servers, like _Apache_, _nginx_, but also other servers like _postfix_
 ```java
 try (FileWriter fw = new FileWriter("cert-chain.crt")) {
-    CertificateUtils.writeX509CertificateChain(fw, cert, chain);
+    CertificateUtils.writeX509Certificates(fw, fullChain);
 }
 ```
 Alternatively:
 ```java
 try (FileWriter fw = new FileWriter("cert-chain.crt")) {
    CertificateUtils.writeX509CertificateChain(fw, null, fullChain);
 }
 ```
@ -84,7 +76,7 @@ try (FileWriter fw = new FileWriter("cert.pem")) {
    CertificateUtils.writeX509Certificate(cert, fw);
 }
 try (FileWriter fw = new FileWriter("chain.pem")) {
-    CertificateUtils.writeX509CertificateChain(fw, null, chain);
+    CertificateUtils.writeX509Certificates(fw, chain);
 }
 ```