public final class X509CRLExtendedTrustManager extends X509ExtendedTrustManager
X509TrustManager
interface to support CRL verification.Constructor and Description |
---|
X509CRLExtendedTrustManager(KeyStore trustStore)
Creates a new instance using with a default trust manager factory.
|
X509CRLExtendedTrustManager(KeyStore trustStore,
InputStream crlStream)
Creates a new instance using with a default trust manager factory.
|
X509CRLExtendedTrustManager(KeyStore trustStore,
TrustManagerFactory trustManagerFactory,
InputStream crlStream,
int maxCertPath,
X509Certificate[] acceptedIssuers)
Creates a new instance.
|
Modifier and Type | Method and Description |
---|---|
void |
checkClientTrusted(X509Certificate[] chain,
String authType) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
SSLEngine sslEngine) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
SSLEngine sslEngine) |
X509Certificate[] |
getAcceptedIssuers() |
public X509CRLExtendedTrustManager(KeyStore trustStore, TrustManagerFactory trustManagerFactory, InputStream crlStream, int maxCertPath, X509Certificate[] acceptedIssuers)
trustStore
- a KeyStore
with the trusted certificates (must not be null
)trustManagerFactory
- the trust manager factorycrlStream
- the input stream pointing to a certificate revocation list (may be null
). The stream will be automatically closed after the invocationmaxCertPath
- the maximum number of non-self-issued intermediate certificates that may exist in a certification path. The value must be equal or greater than 1.acceptedIssuers
- an array of certificate authority certificates which are trusted for authenticating peers (may be null
).public X509CRLExtendedTrustManager(KeyStore trustStore, InputStream crlStream) throws NoSuchAlgorithmException
TrustManagerFactory.getDefaultAlgorithm()
.trustStore
- a KeyStore
with the trusted certificates (must not be null
)crlStream
- the input stream pointing to a certificate revocation list (may be null
). The stream will be automatically closed after the invocationNoSuchAlgorithmException
- in case the default trust manager factory can not be obtainedpublic X509CRLExtendedTrustManager(KeyStore trustStore) throws NoSuchAlgorithmException
Creates a new instance using with a default trust manager factory. The factory's algorithm is TrustManagerFactory.getDefaultAlgorithm()
.
When using this constructor, the instance is going to obtain CRLs from the distribution points
within the certificates being validated. Make sure you have system property com.sun.security.enableCRLDP
set.
trustStore
- a KeyStore
with the trusted certificates (must not be null
)NoSuchAlgorithmException
- in case the default trust manager factory can not be obtainedpublic void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateException
public X509Certificate[] getAcceptedIssuers()
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkClientTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkServerTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException
checkClientTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException
checkServerTrusted
in class X509ExtendedTrustManager
CertificateException
Copyright © 2018 JBoss by Red Hat. All rights reserved.