Add method to write full certificate

2018-07-07 17:42:34 +02:00 · 2018-07-07 17:42:34 +02:00 · d6b4a43847
parent 69fbe81e2d
commit d6b4a43847
4 changed files with 44 additions and 13 deletions
--- a/acme4j-example/src/main/java/org/shredzone/acme4j/ClientTest.java
+++ b/acme4j-example/src/main/java/org/shredzone/acme4j/ClientTest.java
@ -113,12 +113,11 @@ public class ClientTest {
        LOG.info("Certificate URL: " + certificate.getLocation());

        // Download the leaf certificate and certificate chain.
-        X509Certificate cert = certificate.download();
-        X509Certificate[] chain = certificate.downloadChain();
+        X509Certificate[] fullChain = certificate.downloadFullChain();

        // Write a combined file containing the certificate and chain.
        try (FileWriter fw = new FileWriter(DOMAIN_CHAIN_FILE)) {
-            CertificateUtils.writeX509CertificateChain(fw, cert, chain);
+            CertificateUtils.writeX509Certificates(fw, fullChain);
        }

        // That's all! Configure your web server to use the DOMAIN_KEY_FILE and
--- a/acme4j-utils/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java
+++ b/acme4j-utils/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java
@ -39,6 +39,7 @@ import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.shredzone.acme4j.Certificate;

 /**
 * Utility class offering convenience methods for certificates.
@ -107,7 +108,10 @@ public final class CertificateUtils {
     * @param chain
     *            {@link X509Certificate} chain to add to the certificate. {@code null}
     *            values are ignored, array may be empty.
+     * @deprecated use {@link Certificate#downloadFullChain()} and
+     *             {@link #writeX509Certificates(Writer, X509Certificate[])} instead
     */
+    @Deprecated
    public static void writeX509CertificateChain(Writer w, X509Certificate cert, X509Certificate... chain)
                throws IOException {
        try (JcaPEMWriter jw = new JcaPEMWriter(w)) {
@ -118,6 +122,22 @@ public final class CertificateUtils {
        }
    }

+    /**
+     * Writes multiple X.509 certificates to a PEM file.
+     *
+     * @param w
+     *            {@link Writer} to write the certificate chain to. The {@link Writer} is
+     *            closed after use.
+     * @param certs
+     *            {@link X509Certificate} certificates to add to the certificate.
+     *            {@code null} values are ignored, array may be empty.
+     * @since 1.1
+     */
+    public static void writeX509Certificates(Writer w, X509Certificate... certs)
+                throws IOException {
+        writeX509CertificateChain(w, null, certs);
+    }
+
    /**
     * Writes an {@link X509Certificate} unless it is {@code null}.
     *
--- a/acme4j-utils/src/test/java/org/shredzone/acme4j/util/CertificateUtilsTest.java
+++ b/acme4j-utils/src/test/java/org/shredzone/acme4j/util/CertificateUtilsTest.java
@ -87,6 +87,7 @@ public class CertificateUtilsTest {
     * writes a correct chain.
     */
    @Test
+    @SuppressWarnings("deprecation")
    public void testWriteX509CertificateChain() throws IOException, CertificateException {
        X509Certificate leaf = createCertificate();
        X509Certificate chain1 = createCertificate();
@ -116,6 +117,25 @@ public class CertificateUtilsTest {
            out = w.toString();
        }
        assertThat(countCertificates(out), is(3));
+
+        try (StringWriter w = new StringWriter()) {
+            CertificateUtils.writeX509Certificates(w, leaf);
+            out = w.toString();
+        }
+        assertThat(countCertificates(out), is(1));
+
+        try (StringWriter w = new StringWriter()) {
+            CertificateUtils.writeX509Certificates(w, leaf, chain1);
+            out = w.toString();
+        }
+        assertThat(countCertificates(out), is(2));
+
+        try (StringWriter w = new StringWriter()) {
+            CertificateUtils.writeX509Certificates(w,
+                    new X509Certificate[] { leaf, chain1 });
+            out = w.toString();
+        }
+        assertThat(countCertificates(out), is(2));
    }

    /**
--- a/src/site/markdown/usage/certificate.md
+++ b/src/site/markdown/usage/certificate.md
@ -65,15 +65,7 @@ Most web servers, like _Apache_, _nginx_, but also other servers like _postfix_

 ```java
 try (FileWriter fw = new FileWriter("cert-chain.crt")) {
-    CertificateUtils.writeX509CertificateChain(fw, cert, chain);
-}
-```
-
-Alternatively:
-
-```java
-try (FileWriter fw = new FileWriter("cert-chain.crt")) {
-    CertificateUtils.writeX509CertificateChain(fw, null, fullChain);
+    CertificateUtils.writeX509Certificates(fw, fullChain);
 }
 ```

@ -84,7 +76,7 @@ try (FileWriter fw = new FileWriter("cert.pem")) {
    CertificateUtils.writeX509Certificate(cert, fw);
 }
 try (FileWriter fw = new FileWriter("chain.pem")) {
-    CertificateUtils.writeX509CertificateChain(fw, null, chain);
+    CertificateUtils.writeX509Certificates(fw, chain);
 }
 ```