Package org.wildfly.security.ssl
Class X509CRLExtendedTrustManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedTrustManager
-
- org.wildfly.security.ssl.X509CRLExtendedTrustManager
-
- All Implemented Interfaces:
TrustManager,X509TrustManager
@Deprecated public final class X509CRLExtendedTrustManager extends X509ExtendedTrustManager
Deprecated.useX509RevocationTrustManagerinsteadExtension to theX509TrustManagerinterface to support CRL verification.- Author:
- Pedro Igor
-
-
Field Summary
Fields Modifier and Type Field Description private X509Certificate[]acceptedIssuersDeprecated.private static intDEFAULT_MAX_CERT_PATH_LENGTHDeprecated.private X509TrustManagertrustManagerDeprecated.
-
Constructor Summary
Constructors Constructor Description X509CRLExtendedTrustManager(KeyStore trustStore)Deprecated.Creates a new instance using with a default trust manager factory.X509CRLExtendedTrustManager(KeyStore trustStore, InputStream crlStream)Deprecated.Creates a new instance using with a default trust manager factory.X509CRLExtendedTrustManager(KeyStore trustStore, TrustManagerFactory trustManagerFactory, InputStream crlStream, int maxCertPath, X509Certificate[] acceptedIssuers)Deprecated.Creates a new instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description voidcheckClientTrusted(X509Certificate[] chain, String authType)Deprecated.voidcheckClientTrusted(X509Certificate[] chain, String authType, Socket socket)Deprecated.voidcheckClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)Deprecated.voidcheckServerTrusted(X509Certificate[] chain, String authType)Deprecated.voidcheckServerTrusted(X509Certificate[] chain, String authType, Socket socket)Deprecated.voidcheckServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)Deprecated.X509Certificate[]getAcceptedIssuers()Deprecated.private Collection<? extends CRL>getCRLs(InputStream crlStream)Deprecated.
-
-
-
Field Detail
-
DEFAULT_MAX_CERT_PATH_LENGTH
private static final int DEFAULT_MAX_CERT_PATH_LENGTH
Deprecated.- See Also:
- Constant Field Values
-
trustManager
private final X509TrustManager trustManager
Deprecated.
-
acceptedIssuers
private final X509Certificate[] acceptedIssuers
Deprecated.
-
-
Constructor Detail
-
X509CRLExtendedTrustManager
public X509CRLExtendedTrustManager(KeyStore trustStore, TrustManagerFactory trustManagerFactory, InputStream crlStream, int maxCertPath, X509Certificate[] acceptedIssuers)
Deprecated.Creates a new instance.- Parameters:
trustStore- aKeyStorewith the trusted certificates (must not benull)trustManagerFactory- the trust manager factorycrlStream- the input stream pointing to a certificate revocation list (may benull). The stream will be automatically closed after the invocationmaxCertPath- the maximum number of non-self-issued intermediate certificates that may exist in a certification path. The value must be equal or greater than 1.acceptedIssuers- an array of certificate authority certificates which are trusted for authenticating peers (may benull).
-
X509CRLExtendedTrustManager
public X509CRLExtendedTrustManager(KeyStore trustStore, InputStream crlStream) throws NoSuchAlgorithmException
Deprecated.Creates a new instance using with a default trust manager factory. The factory's algorithm isTrustManagerFactory.getDefaultAlgorithm().- Parameters:
trustStore- aKeyStorewith the trusted certificates (must not benull)crlStream- the input stream pointing to a certificate revocation list (may benull). The stream will be automatically closed after the invocation- Throws:
NoSuchAlgorithmException- in case the default trust manager factory can not be obtained
-
X509CRLExtendedTrustManager
public X509CRLExtendedTrustManager(KeyStore trustStore) throws NoSuchAlgorithmException
Deprecated.Creates a new instance using with a default trust manager factory. The factory's algorithm is
TrustManagerFactory.getDefaultAlgorithm().When using this constructor, the instance is going to obtain CRLs from the distribution points within the certificates being validated. Make sure you have system property
com.sun.security.enableCRLDPset.- Parameters:
trustStore- aKeyStorewith the trusted certificates (must not benull)- Throws:
NoSuchAlgorithmException- in case the default trust manager factory can not be obtained
-
-
Method Detail
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
Deprecated.- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
Deprecated.- Throws:
CertificateException
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
Deprecated.
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
Deprecated.- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
Deprecated.- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException
Deprecated.- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException
Deprecated.- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
getCRLs
private Collection<? extends CRL> getCRLs(InputStream crlStream) throws GeneralSecurityException
Deprecated.- Throws:
GeneralSecurityException
-
-