Package org.wildfly.security.ssl
Class X509RevocationTrustManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedTrustManager
-
- org.wildfly.security.ssl.X509RevocationTrustManager
-
- All Implemented Interfaces:
TrustManager,X509TrustManager
public class X509RevocationTrustManager extends X509ExtendedTrustManager
Extension to theX509TrustManagerinterface to support OCSP and CRL verification.- Author:
- Martin Mazanek
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classX509RevocationTrustManager.Builderprivate classX509RevocationTrustManager.MaxPathLengthCheckerPKIXCertPathChecker to check if a cert path being validated is longer than maxPathLength specified
-
Field Summary
Fields Modifier and Type Field Description private X509Certificate[]acceptedIssuersprivate static intDEFAULT_MAX_CERT_PATH_LENGTHprivate X509TrustManagertrustManager
-
Constructor Summary
Constructors Modifier Constructor Description privateX509RevocationTrustManager(X509RevocationTrustManager.Builder builder)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static X509RevocationTrustManager.Builderbuilder()Create new X509RevocationTtustManager.Builder instancevoidcheckClientTrusted(X509Certificate[] chain, String authType)voidcheckClientTrusted(X509Certificate[] chain, String authType, Socket socket)voidcheckClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)voidcheckServerTrusted(X509Certificate[] chain, String authType)voidcheckServerTrusted(X509Certificate[] chain, String authType, Socket socket)voidcheckServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)X509Certificate[]getAcceptedIssuers()private Collection<? extends CRL>getCRLs(List<InputStream> crlStreams)
-
-
-
Field Detail
-
DEFAULT_MAX_CERT_PATH_LENGTH
private static final int DEFAULT_MAX_CERT_PATH_LENGTH
- See Also:
- Constant Field Values
-
acceptedIssuers
private X509Certificate[] acceptedIssuers
-
trustManager
private final X509TrustManager trustManager
-
-
Constructor Detail
-
X509RevocationTrustManager
private X509RevocationTrustManager(X509RevocationTrustManager.Builder builder)
-
-
Method Detail
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
-
getCRLs
private Collection<? extends CRL> getCRLs(List<InputStream> crlStreams) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
builder
public static X509RevocationTrustManager.Builder builder()
Create new X509RevocationTtustManager.Builder instance- Returns:
- new Builder instance
-
-