|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.dstc.security.ssl.TrustEngine | +--com.dstc.security.ssl.BasicTrustEngine
A simple TrustEngine
that does basic cert-path processing. It has
an optional certificate-checking callback that can be used, for instance,
to implement X.509 CRLs or (potentially) OCSP.
OptimisticCRLChecker
Constructor Summary | |
BasicTrustEngine(Collection trustedCerts)
Create a BasicTrustEngine with a collection of trusted certificates. |
|
BasicTrustEngine(Collection trustedCerts,
CertChecker checker)
Create a BasicTrustEngine with a collection of trusted certificates and a certificate-checking callback. |
|
BasicTrustEngine(X509Certificate[] trustedCerts)
Create a BasicTrustEngine with an array of trusted certificates. |
|
BasicTrustEngine(X509Certificate[] trustedCerts,
CertChecker checker)
Create a BasicTrustEngine with an array of trusted certificates and a certificate-checking callback. |
Method Summary | |
static Collection |
getCertificates(InputStream in)
Convenience method to get all X.509 certificates from an InputStream. |
static Collection |
getCertificates(KeyStore certStore)
Convenience method to get all the X.509 certificates from a KeyStore, using KeyStore.getCertificate(String) . |
static BasicTrustEngine |
getDefault()
Attempts to create a default TrustEngine. |
Iterator |
getTrustedCerts()
Get the list of trusted certificates used by this TrustEngine. |
void |
validateCertPath(X509Certificate[] path)
Validate a candidate certificate path against this TrustEngine. |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Constructor Detail |
public BasicTrustEngine(Collection trustedCerts)
trustedCerts
- a collection of trusted certificates.public BasicTrustEngine(Collection trustedCerts, CertChecker checker)
trustedCerts
- a collection of trusted certificates.checker
- a certificate-checking callback, or null.public BasicTrustEngine(X509Certificate[] trustedCerts)
trustedCerts
- an array of trusted certificates.public BasicTrustEngine(X509Certificate[] trustedCerts, CertChecker checker)
trustedCerts
- an array of trusted certificates.checker
- a certificate-checking callback, or null.Method Detail |
public static BasicTrustEngine getDefault() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
getCertificates(KeyStore)
to read the
X.509 certificates from the store, and constructs a BasicTrustEngine
using the resulting certificates.
KeyStore
public static Collection getCertificates(KeyStore certStore) throws KeyStoreException
KeyStore.getCertificate(String)
.
certStore
- the KeyStore from which to extract certificatespublic static Collection getCertificates(InputStream in) throws CertificateException, IOException
CertificateFactory.generateCertificate(InputStream)
.
This method reads the input stream up to end-of-file.
in
- the InputStream from which the certificate or certificates will
be readCertificateFactory.generateCertificate(InputStream)
public Iterator getTrustedCerts()
public void validateCertPath(X509Certificate[] path) throws CertificateException, CertPathValidationException
This method may be invoked concurrently from multiple threads, so its implementation should be multithread-safe; this is straightforward if it maintains no state, i.e. has no mutable instance variables (or mutable objects reached from those instance variables).
path
- the candidate certificate path to check. path[0] should
contain the subject's certificate; any subsequent entries should
be CA certificates in the normal order.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |