Package com.unboundid.ldap.sdk.unboundidds.extensions

Class CertificateDataReplaceCertificateKeyStoreContent

java.lang.Object
com.unboundid.ldap.sdk.unboundidds.extensions.ReplaceCertificateKeyStoreContent
com.unboundid.ldap.sdk.unboundidds.extensions.CertificateDataReplaceCertificateKeyStoreContent
All Implemented Interfaces:
Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class CertificateDataReplaceCertificateKeyStoreContent extends ReplaceCertificateKeyStoreContent
This class provides a ReplaceCertificateKeyStoreContent implementation to indicate that the certificate chain and private key (in either PEM or DER format) are provided directly in the extended request.
NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.
See Also:

  • Constructor Details

    • CertificateDataReplaceCertificateKeyStoreContent

      public CertificateDataReplaceCertificateKeyStoreContent(@NotNull List<byte[]> certificateChainData, @Nullable byte[] privateKeyData)
      Creates a new instance of this key store content object with the provided information.
      Parameters:
      certificateChainData - A list containing the encoded representations of the X.509 certificates in the new certificate chain. Each byte array must contain the PEM or DER representation of a single certificate in the chain, with the first certificate being the end-entity certificate, and each subsequent certificate being the issuer for the previous certificate. This must not be null or empty.
      privateKeyData - An array containing the encoded representation of the PKCS #8 private key for the end-entity certificate in the chain. It may be encoded in either PEM or DER format. This may be null if the new end-entity certificate uses the same private key as the certificate currently in use in the server.

    • CertificateDataReplaceCertificateKeyStoreContent

      public CertificateDataReplaceCertificateKeyStoreContent(@NotNull List<File> certificateChainFiles, @Nullable File privateKeyFile) throws LDAPException
      Creates a new instance of this key store content object with the provided information.
      Parameters:
      certificateChainFiles - A list containing one or more files from which to read the PEM or DER representations of the X.509 certificates to include in the new certificate chain. The order of the files, and the order of the certificates in each file, should be arranged such that the first certificate read is the end-entity certificate and each subsequent certificate is the issuer for the previous. This must not be null or empty.
      privateKeyFile - A file from which to read the PEM or DER representation of the PKCS #8 private key for the end-entity certificate in the chain. This may be null if the new end-entity certificate uses the same private key as the certificate currently in use in the server. The private key must not be encrypted.
      Throws:
      LDAPException - If a problem occurs while trying to read or parse data contained in any of the provided files.

    • CertificateDataReplaceCertificateKeyStoreContent

      public CertificateDataReplaceCertificateKeyStoreContent(@NotNull List<File> certificateChainFiles, @Nullable File privateKeyFile, @Nullable File privateKeyEncryptionPasswordFile) throws LDAPException
      Creates a new instance of this key store content object with the provided information.
      Parameters:
      certificateChainFiles - A list containing one or more files from which to read the PEM or DER representations of the X.509 certificates to include in the new certificate chain. The order of the files, and the order of the certificates in each file, should be arranged such that the first certificate read is the end-entity certificate and each subsequent certificate is the issuer for the previous. This must not be null or empty.
      privateKeyFile - A file from which to read the PEM or DER representation of the PKCS #8 private key for the end-entity certificate in the chain. This may be null if the new end-entity certificate uses the same private key as the certificate currently in use in the server.
      privateKeyEncryptionPasswordFile - A file that contains the password needed to decrypt the private key if it is encrypted. This may be null if the private key is not encrypted.
      Throws:
      LDAPException - If a problem occurs while trying to read or parse data contained in any of the provided files.

  • Method Details

    • readCertificateChain

      @NotNull public static List<byte[]> readCertificateChain(@NotNull File... files) throws LDAPException
      Reads a certificate chain from the given file or set of files. Each file must contain the PEM or DER representations of one or more X.509 certificates. If a file contains multiple certificates, all certificates in that file must be either all PEM-formatted or all DER-formatted.
      Parameters:
      files - The set of files from which the certificate chain should be read. It must not be null or empty.
      Returns:
      A list containing the encoded representation of the X.509 certificates read from the file, with each byte array containing the encoded representation for one certificate.
      Throws:
      LDAPException - If a problem was encountered while attempting to read from or parse the content of any of the files.

    • readCertificateChain

      @NotNull public static List<byte[]> readCertificateChain(@NotNull List<File> files) throws LDAPException
      Reads a certificate chain from the given file or set of files. Each file must contain the PEM or DER representations of one or more X.509 certificates. If a file contains multiple certificates, all certificates in that file must be either all PEM-formatted or all DER-formatted.
      Parameters:
      files - The set of files from which the certificate chain should be read. It must not be null or empty.
      Returns:
      A list containing the encoded representation of the X.509 certificates read from the file, with each byte array containing the encoded representation for one certificate.
      Throws:
      LDAPException - If a problem was encountered while attempting to read from or parse the content of any of the files.

    • readPrivateKey

      @NotNull public static byte[] readPrivateKey(@NotNull File file) throws LDAPException
      Reads a PKCS #8 private key from the given file. The file must contain the PEM or DER representation of a single private key.
      Parameters:
      file - The file from which the private key should be read. It must not be null.
      Returns:
      The encoded representation of the PKCS #8 private key that was read.
      Throws:
      LDAPException - If a problem occurs while trying to read from or parse the content of the specified file.

    • readPrivateKey

      @NotNull public static byte[] readPrivateKey(@NotNull File file, @Nullable File encryptionPasswordFile) throws LDAPException
      Reads a PKCS #8 private key from the given file. The file must contain the PEM or DER representation of a single private key.
      Parameters:
      file - The file from which the private key should be read. It must not be null.
      encryptionPasswordFile - The file containing the password needed to decrypt the private key if it is encrypted. It may be null if the private key is not encrypted.
      Returns:
      The encoded representation of the PKCS #8 private key that was read.
      Throws:
      LDAPException - If a problem occurs while trying to read from or parse the content of the specified file.

    • getCertificateChainData

      @NotNull public List<byte[]> getCertificateChainData()
      Retrieves a list of the DER-formatted or PEM-formatted representations of the X.509 certificates in the new certificate chain.
      Returns:
      A list of the encoded representations of the X.509 certificates in the new certificate chain.

    • getPrivateKeyData

      @Nullable public byte[] getPrivateKeyData()
      Retrieves the DER-formatted or PEM-formatted PKCS #8 private key for the new certificate, if available.
      Returns:
      The encoded representation of the PKCS #8 private key for the new certificate, or null if the new certificate should use the same private key as the current certificate.

    • encode

      @NotNull public ASN1Element encode()
      Encodes this key store content object to an ASN.1 element suitable for inclusion in either a replace listener certificate or replace inter-server certificate request.
      Specified by:
      encode in class ReplaceCertificateKeyStoreContent
      Returns:
      The ASN.1 element containing an encoded representation of this key store content object.

    • toString

      public void toString(@NotNull StringBuilder buffer)
      Appends a string representation of this key store content object to the provided buffer.
      Specified by:
      toString in class ReplaceCertificateKeyStoreContent
      Parameters:
      buffer - The buffer to which the encoded representation should be appended. It must not be null.