public final class X509CRLExtendedTrustManager extends X509ExtendedTrustManager
X509TrustManager interface to support CRL verification.| Constructor and Description |
|---|
X509CRLExtendedTrustManager(KeyStore trustStore)
Creates a new instance using with a default trust manager factory.
|
X509CRLExtendedTrustManager(KeyStore trustStore,
InputStream crlStream)
Creates a new instance using with a default trust manager factory.
|
X509CRLExtendedTrustManager(KeyStore trustStore,
TrustManagerFactory trustManagerFactory,
InputStream crlStream,
int maxCertPath,
X509Certificate[] acceptedIssuers)
Creates a new instance.
|
| Modifier and Type | Method and Description |
|---|---|
void |
checkClientTrusted(X509Certificate[] chain,
String authType) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
SSLEngine sslEngine) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
SSLEngine sslEngine) |
X509Certificate[] |
getAcceptedIssuers() |
public X509CRLExtendedTrustManager(KeyStore trustStore, TrustManagerFactory trustManagerFactory, InputStream crlStream, int maxCertPath, X509Certificate[] acceptedIssuers)
trustStore - a KeyStore with the trusted certificates (must not be null)trustManagerFactory - the trust manager factorycrlStream - the input stream pointing to a certificate revocation list (may be null). The stream will be automatically closed after the invocationmaxCertPath - the maximum number of non-self-issued intermediate certificates that may exist in a certification path. The value must be equal or greater than 1.acceptedIssuers - an array of certificate authority certificates which are trusted for authenticating peers (may be null).public X509CRLExtendedTrustManager(KeyStore trustStore, InputStream crlStream) throws NoSuchAlgorithmException
TrustManagerFactory.getDefaultAlgorithm().trustStore - a KeyStore with the trusted certificates (must not be null)crlStream - the input stream pointing to a certificate revocation list (may be null). The stream will be automatically closed after the invocationNoSuchAlgorithmException - in case the default trust manager factory can not be obtainedpublic X509CRLExtendedTrustManager(KeyStore trustStore) throws NoSuchAlgorithmException
Creates a new instance using with a default trust manager factory. The factory's algorithm is TrustManagerFactory.getDefaultAlgorithm().
When using this constructor, the instance is going to obtain CRLs from the distribution points
within the certificates being validated. Make sure you have system property com.sun.security.enableCRLDP set.
trustStore - a KeyStore with the trusted certificates (must not be null)NoSuchAlgorithmException - in case the default trust manager factory can not be obtainedpublic void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateExceptionpublic void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateExceptionpublic X509Certificate[] getAcceptedIssuers()
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkClientTrusted in class X509ExtendedTrustManagerCertificateExceptionpublic void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkServerTrusted in class X509ExtendedTrustManagerCertificateExceptionpublic void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException
checkClientTrusted in class X509ExtendedTrustManagerCertificateExceptionpublic void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException
checkServerTrusted in class X509ExtendedTrustManagerCertificateExceptionCopyright © 2017 JBoss by Red Hat. All rights reserved.