org.wildfly.security.ssl

Class X509CRLExtendedTrustManager

java.lang.Object

javax.net.ssl.X509ExtendedTrustManager

org.wildfly.security.ssl.X509CRLExtendedTrustManager

All Implemented Interfaces:

TrustManager, X509TrustManager

public final class X509CRLExtendedTrustManager
extends X509ExtendedTrustManager

Extension to the X509TrustManager interface to support CRL verification.

Author:

Pedro Igor

Constructor Summary

Constructors

Constructor and Description
X509CRLExtendedTrustManager(KeyStore trustStore) Creates a new instance using with a default trust manager factory.
X509CRLExtendedTrustManager(KeyStore trustStore, InputStream crlStream) Creates a new instance using with a default trust manager factory.
X509CRLExtendedTrustManager(KeyStore trustStore, TrustManagerFactory trustManagerFactory, InputStream crlStream, int maxCertPath, X509Certificate[] acceptedIssuers) Creates a new instance.

Method Summary

Modifier and Type	Method and Description
void	checkClientTrusted(X509Certificate[] chain, String authType)
void	checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
void	checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
void	checkServerTrusted(X509Certificate[] chain, String authType)
void	checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
void	checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
X509Certificate[]	getAcceptedIssuers()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509CRLExtendedTrustManager

public X509CRLExtendedTrustManager(KeyStore trustStore,
                                   TrustManagerFactory trustManagerFactory,
                                   InputStream crlStream,
                                   int maxCertPath,
                                   X509Certificate[] acceptedIssuers)

Creates a new instance.

Parameters:

trustStore - a KeyStore with the trusted certificates (must not be null)

trustManagerFactory - the trust manager factory

crlStream - the input stream pointing to a certificate revocation list (may be null). The stream will be automatically closed after the invocation

maxCertPath - the maximum number of non-self-issued intermediate certificates that may exist in a certification path. The value must be equal or greater than 1.

acceptedIssuers - an array of certificate authority certificates which are trusted for authenticating peers (may be null).

X509CRLExtendedTrustManager

public X509CRLExtendedTrustManager(KeyStore trustStore,
                                   InputStream crlStream)
                            throws NoSuchAlgorithmException

Creates a new instance using with a default trust manager factory. The factory's algorithm is TrustManagerFactory.getDefaultAlgorithm().

Parameters:

trustStore - a KeyStore with the trusted certificates (must not be null)

crlStream - the input stream pointing to a certificate revocation list (may be null). The stream will be automatically closed after the invocation

Throws:

NoSuchAlgorithmException - in case the default trust manager factory can not be obtained

X509CRLExtendedTrustManager

public X509CRLExtendedTrustManager(KeyStore trustStore)
                            throws NoSuchAlgorithmException

Creates a new instance using with a default trust manager factory. The factory's algorithm is TrustManagerFactory.getDefaultAlgorithm().

When using this constructor, the instance is going to obtain CRLs from the distribution points within the certificates being validated. Make sure you have system property com.sun.security.enableCRLDP set.

Parameters:

trustStore - a KeyStore with the trusted certificates (must not be null)

Throws:

NoSuchAlgorithmException - in case the default trust manager factory can not be obtained

Method Detail

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException

Throws:

CertificateException

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType,
                               Socket socket)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType,
                               Socket socket)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType,
                               SSLEngine sslEngine)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType,
                               SSLEngine sslEngine)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException