<div dir="ltr"><div dir="ltr">Hi Bernd,<div><br></div><div>I'm not sure what you mean about exporting the package.  I only have it working on JDK 1.8 right now, and I'm not sure about configuring it for multiple JDK versions.  </div><div><br></div><div>All of the code in X509CertificateCreator <a href="https://github.com/tersesystems/securitybuilder/blob/master/src/main/java/com/tersesystems/securitybuilder/X509CertificateCreator.java#L20">depends heavily</a> on the x509 implementation</div><div><br></div><div><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-rgh-copy-file"><tbody><tr><td id="gmail-LC20" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line gmail-highlighted"><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.AlgorithmId</span>;</font></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-rgh-copy-file"><tbody><tr><td id="gmail-LC21" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.BasicConstraintsExtension</span>;</font></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-rgh-copy-file"><tbody><tr><td id="gmail-LC22" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.CertificateAlgorithmId</span>;</font></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-rgh-copy-file"><tbody><tr><td id="gmail-LC23" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.CertificateExtensions</span>;</font></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-rgh-copy-file"><tbody><tr><td id="gmail-LC24" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.CertificateSerialNumber</span>;</font></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-rgh-copy-file"><tbody><tr><td id="gmail-LC25" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.CertificateValidity</span>;</font></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-rgh-copy-file"><tbody><tr><td id="gmail-LC26" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.CertificateVersion</span>;</font></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-rgh-copy-file"><tbody><tr><td id="gmail-LC27" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.CertificateX509Key</span>;</font></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-rgh-copy-file"><tbody><tr><td id="gmail-LC28" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.KeyUsageExtension</span>;</font></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-rgh-copy-file"><tbody><tr><td id="gmail-LC29" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.X500Name</span>;</font></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container gmail-rgh-copy-file"><tbody><tr><td id="gmail-LC30" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.X509CertImpl</span>;</font></td>
      </tr>
      <tr>
        </tr></tbody></table><font face="monospace, monospace"><span class="gmail-pl-k">import</span> <span class="gmail-pl-smi">sun.security.x509.X509CertInfo</span>;  </font><br></div><div><font face="monospace, monospace"><br></font></div><div><font face="arial, helvetica, sans-serif">But I don't see a way to get around that, and this package seems to be required by OpenJDK.</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">Other than that, the only requirement on a "sun" package is a call out to JCAUtil:</font></div><div><font face="arial, helvetica, sans-serif"><a href="https://github.com/tersesystems/securitybuilder/blob/master/src/main/java/com/tersesystems/securitybuilder/EntropySource.java#L4">https://github.com/tersesystems/securitybuilder/blob/master/src/main/java/com/tersesystems/securitybuilder/EntropySource.java#L4</a><br></font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">which can be easily removed.</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Oct 15, 2018 at 1:27 PM Bernd Eckenfels <<a href="mailto:ecki@zusammenkunft.net">ecki@zusammenkunft.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="DE" link="blue" vlink="#954F72"><div class="m_-3702459183435967106WordSection1"><p class="MsoNormal">Thats very cool! </p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Maybe this is the right thread to discuss the future of the sun.security.x509 package.</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Currently your implementation will only work if that package is exported. The Depth of implementation of those classes however would be a nice Addition to an (optional?) API.</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Gruss</p><p class="MsoNormal">Bernd</p><p class="MsoNormal">-- <br><a href="http://bernd.eckenfels.net" target="_blank">http://bernd.eckenfels.net</a></p><p class="MsoNormal"><u></u> <u></u></p><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal" style="border:none;padding:0cm"><b>Von: </b><a href="mailto:will.sargent@gmail.com" target="_blank">Will Sargent</a><br><b>Gesendet: </b>Montag, 15. Oktober 2018 22:13<br><b>An: </b><a href="mailto:security-dev@openjdk.java.net" target="_blank">security-dev@openjdk.java.net</a><br><b>Betreff: </b>Fluent builder API for JCA/JSSE classes</p></div><p class="MsoNormal"><u></u> <u></u></p><div><div><div><p class="MsoNormal">Hi all,</p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">I've released a library that adds a fluent builder API library for JCA factory and generator classes. The primary use of this package is to set up test X.509 certificates, private keys and trust stores, but it's also helpful for picking out good defaults and working on a higher level than the raw JCA classes themselves.  It's available at <a href="https://github.com/tersesystems/securitybuilder" target="_blank">https://github.com/tersesystems/securitybuilder</a></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Example below of building up an SSLContext from scratch:</p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><pre style="background:#f6f8fa;box-sizing:border-box;border-radius:3px;overflow:auto"><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">public</span></span><span style="font-family:Consolas;color:#24292e"> </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">class</span></span><span style="font-family:Consolas;color:#24292e"> </span><span class="m_-3702459183435967106gmail-pl-en"><span style="font-family:Consolas;color:#6f42c1">X509CertificateCreatorTest</span></span><span style="font-family:Consolas;color:#24292e"> {<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">  </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">@Test</span></span><span style="font-family:Consolas;color:#24292e"><u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">  </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">public</span></span><span style="font-family:Consolas;color:#24292e"> </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">void</span></span><span style="font-family:Consolas;color:#24292e"> </span><span class="m_-3702459183435967106gmail-pl-en"><span style="font-family:Consolas;color:#6f42c1">testFunctionalStyle</span></span><span style="font-family:Consolas;color:#24292e">() </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">throws</span></span><span style="font-family:Consolas;color:#24292e"> <span class="m_-3702459183435967106gmail-pl-smi">Exception</span> {<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">FinalStage<</span></span><span class="m_-3702459183435967106gmail-pl-smi"><span style="font-family:Consolas;color:#24292e">RSAKeyPair</span></span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">></span></span><span style="font-family:Consolas;color:#24292e"> keyPairCreator </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"> <span class="m_-3702459183435967106gmail-pl-smi">KeyPairCreator</span></span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">creator()</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">withRSA()</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">withKeySize(</span><span class="m_-3702459183435967106gmail-pl-c1"><span style="font-family:Consolas;color:#005cc5">2048</span></span><span style="font-family:Consolas;color:#24292e">);<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    <span class="m_-3702459183435967106gmail-pl-smi">RSAKeyPair</span> rootKeyPair </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"> keyPairCreator</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">create();<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    <span class="m_-3702459183435967106gmail-pl-smi">RSAKeyPair</span> intermediateKeyPair </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"> keyPairCreator</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">create();<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    <span class="m_-3702459183435967106gmail-pl-smi">RSAKeyPair</span> eePair </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"> keyPairCreator</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">create();<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e"><u></u> <u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">IssuerStage<</span></span><span class="m_-3702459183435967106gmail-pl-smi"><span style="font-family:Consolas;color:#24292e">RSAPrivateKey</span></span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">></span></span><span style="font-family:Consolas;color:#24292e"> creator </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"><u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">        <span class="m_-3702459183435967106gmail-pl-smi">X509CertificateCreator</span></span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">creator()</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">withSHA256withRSA()</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">withDuration(<span class="m_-3702459183435967106gmail-pl-smi">Duration</span></span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">ofDays(</span><span class="m_-3702459183435967106gmail-pl-c1"><span style="font-family:Consolas;color:#005cc5">365</span></span><span style="font-family:Consolas;color:#24292e">));<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e"><u></u> <u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    <span class="m_-3702459183435967106gmail-pl-smi">String</span> issuer </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"> </span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span class="m_-3702459183435967106gmail-pl-s"><span style="font-family:Consolas;color:#032f62">CN=letsencrypt.derp,O=Root CA</span></span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span style="font-family:Consolas;color:#24292e">;<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">X509Certificate</span></span><span style="font-family:Consolas;color:#24292e">[] chain </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"><u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">        creator<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">            .withRootCA(issuer, rootKeyPair, </span><span class="m_-3702459183435967106gmail-pl-c1"><span style="font-family:Consolas;color:#005cc5">2</span></span><span style="font-family:Consolas;color:#24292e">)<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">            .chain(<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                rootKeyPair</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">getPrivate(),<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                rootCreator </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">-></span></span><span style="font-family:Consolas;color:#24292e"><u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                    rootCreator<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                        .withPublicKey(intermediateKeyPair</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">getPublic())<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                        .withSubject(</span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span class="m_-3702459183435967106gmail-pl-s"><span style="font-family:Consolas;color:#032f62">OU=intermediate CA</span></span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span style="font-family:Consolas;color:#24292e">)<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                        .withCertificateAuthorityExtensions(</span><span class="m_-3702459183435967106gmail-pl-c1"><span style="font-family:Consolas;color:#005cc5">0</span></span><span style="font-family:Consolas;color:#24292e">)<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                        .chain(<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                            intermediateKeyPair</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">getPrivate(),<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                            intCreator </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">-></span></span><span style="font-family:Consolas;color:#24292e"><u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                                intCreator<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                                    .withPublicKey(eePair</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">getPublic())<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                                    .withSubject(</span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span class="m_-3702459183435967106gmail-pl-s"><span style="font-family:Consolas;color:#032f62">CN=<a href="http://tersesystems.com" target="_blank">tersesystems.com</a></span></span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span style="font-family:Consolas;color:#24292e">)<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                                    .withEndEntityExtensions()<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                                    .chain()))<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">            .create();<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e"><u></u> <u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    <span class="m_-3702459183435967106gmail-pl-smi">PrivateKeyStore</span> privateKeyStore </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"><u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">        <span class="m_-3702459183435967106gmail-pl-smi">PrivateKeyStore</span></span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">create(</span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span class="m_-3702459183435967106gmail-pl-s"><span style="font-family:Consolas;color:#032f62"><a href="http://tersesystems.com" target="_blank">tersesystems.com</a></span></span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span style="font-family:Consolas;color:#24292e">, eePair</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">getPrivate(), chain);<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    <span class="m_-3702459183435967106gmail-pl-smi">TrustStore</span> trustStore </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"> <span class="m_-3702459183435967106gmail-pl-smi">TrustStore</span></span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">create(singletonList(chain[</span><span class="m_-3702459183435967106gmail-pl-c1"><span style="font-family:Consolas;color:#005cc5">2</span></span><span style="font-family:Consolas;color:#24292e">]), cert </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">-></span></span><span style="font-family:Consolas;color:#24292e"> </span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span class="m_-3702459183435967106gmail-pl-s"><span style="font-family:Consolas;color:#032f62">letsencrypt.derp</span></span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span style="font-family:Consolas;color:#24292e">);<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e"><u></u> <u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">try</span></span><span style="font-family:Consolas;color:#24292e"> {<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">      </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">final</span></span><span style="font-family:Consolas;color:#24292e"> <span class="m_-3702459183435967106gmail-pl-smi">PKIXCertPathValidatorResult</span> result </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"> <span class="m_-3702459183435967106gmail-pl-smi">CertificateChainValidator</span></span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">validator()<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">          .withAnchor(</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">new</span></span><span style="font-family:Consolas;color:#24292e"> <span class="m_-3702459183435967106gmail-pl-smi">TrustAnchor</span>(issuer, rootKeyPair</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">getPublic(), </span><span class="m_-3702459183435967106gmail-pl-c1"><span style="font-family:Consolas;color:#005cc5">null</span></span><span style="font-family:Consolas;color:#24292e">))<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">          .withCertificates(chain)<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">          .validate();<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">      </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">final</span></span><span style="font-family:Consolas;color:#24292e"> <span class="m_-3702459183435967106gmail-pl-smi">PublicKey</span> subjectPublicKey </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"> result</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">getPublicKey();<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">      assertThat(subjectPublicKey)</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">isEqualTo(eePair</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">getPublic());<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    } </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">catch</span></span><span style="font-family:Consolas;color:#24292e"> (</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">final</span></span><span style="font-family:Consolas;color:#24292e"> <span class="m_-3702459183435967106gmail-pl-smi">CertPathValidatorException</span> cpve) {<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">      fail(</span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span class="m_-3702459183435967106gmail-pl-s"><span style="font-family:Consolas;color:#032f62">Cannot test exception</span></span><span class="m_-3702459183435967106gmail-pl-pds"><span style="font-family:Consolas;color:#032f62">"</span></span><span style="font-family:Consolas;color:#24292e">, cpve);<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    }<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e"><u></u> <u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    <span class="m_-3702459183435967106gmail-pl-smi">SSLContext</span> sslContext </span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">=</span></span><span style="font-family:Consolas;color:#24292e"><u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">        <span class="m_-3702459183435967106gmail-pl-smi">SSLContextBuilder</span></span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">builder()<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">            .withTLS()<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">            .withKeyManager(<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                <span class="m_-3702459183435967106gmail-pl-smi">KeyManagerBuilder</span></span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">builder()<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                    .withSunX509()<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                    .withPrivateKeyStore(privateKeyStore)<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                    .build())<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">            .withTrustManager(<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                <span class="m_-3702459183435967106gmail-pl-smi">TrustManagerBuilder</span></span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">builder()<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                    .withDefaultAlgorithm()<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                    .withTrustStore(trustStore)<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">                    .build())<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">            .build();<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">    assertThat(sslContext)</span><span class="m_-3702459183435967106gmail-pl-k"><span style="font-family:Consolas;color:#d73a49">.</span></span><span style="font-family:Consolas;color:#24292e">isNotNull();<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">  }<u></u><u></u></span></pre><pre style="background:#f6f8fa"><span style="font-family:Consolas;color:#24292e">}<u></u><u></u></span></pre><div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div></div><p class="MsoNormal">Thanks,<br>Will.</p><p class="MsoNormal"><u></u> <u></u></p></div></div></blockquote></div>