public class CertificateServiceImpl extends java.lang.Object implements CertificateService, java.beans.PropertyChangeListener
Modifier and Type | Class and Description |
---|---|
protected class |
CertificateServiceImpl.BrowserLikeHostnameMatcher |
protected class |
CertificateServiceImpl.EMailAddressMatcher |
DO_NOT_TRUST, PNAME_ALWAYS_TRUST, PNAME_CLIENTAUTH_CERTCONFIG_BASE, PNAME_NO_USER_INTERACTION, PNAME_OCSP_ENABLED, PNAME_REVOCATION_CHECK_ENABLED, PNAME_TRUSTSTORE_FILE, PNAME_TRUSTSTORE_PASSWORD, PNAME_TRUSTSTORE_TYPE, TRUST_ALWAYS, TRUST_THIS_SESSION_ONLY
Constructor and Description |
---|
CertificateServiceImpl()
Initializes a new CertificateServiceImpl instance.
|
Modifier and Type | Method and Description |
---|---|
void |
addCertificateToTrust(java.security.cert.Certificate cert,
java.lang.String trustFor,
int trustMode)
Adds a certificate to the local trust store.
|
java.util.List<CertificateConfigEntry> |
getClientAuthCertificateConfigs()
Returns all saved
CertificateConfigEntry s. |
javax.net.ssl.SSLContext |
getSSLContext()
Get an SSL Context that validates certificates based on the JRE default
check and asks the user when the JRE check fails.
|
javax.net.ssl.SSLContext |
getSSLContext(javax.net.ssl.KeyManager[] keyManagers,
javax.net.ssl.X509ExtendedTrustManager trustManager)
Get an SSL Context with the specified trustmanager.
|
javax.net.ssl.SSLContext |
getSSLContext(java.lang.String clientCertConfig,
javax.net.ssl.X509ExtendedTrustManager trustManager)
Get an SSL Context with the specified trustmanager.
|
javax.net.ssl.SSLContext |
getSSLContext(javax.net.ssl.X509ExtendedTrustManager trustManager)
Get an SSL Context with the specified trustmanager.
|
java.util.List<KeyStoreType> |
getSupportedKeyStoreTypes()
Gets a list of all supported KeyStore types.
|
javax.net.ssl.X509ExtendedTrustManager |
getTrustManager(java.lang.Iterable<java.lang.String> identitiesToTest)
Creates a trustmanager that validates the certificate based on the JRE
default check and asks the user when the JRE check fails.
|
javax.net.ssl.X509ExtendedTrustManager |
getTrustManager(java.lang.Iterable<java.lang.String> identitiesToTest,
CertificateMatcher clientVerifier,
CertificateMatcher serverVerifier)
Creates a trustmanager that validates the certificate based on the JRE
default check and asks the user when the JRE check fails.
|
javax.net.ssl.X509ExtendedTrustManager |
getTrustManager(java.lang.String identityToTest) |
javax.net.ssl.X509ExtendedTrustManager |
getTrustManager(java.lang.String identityToTest,
CertificateMatcher clientVerifier,
CertificateMatcher serverVerifier) |
void |
propertyChange(java.beans.PropertyChangeEvent evt) |
void |
removeClientAuthCertificateConfig(java.lang.String id)
Deletes a saved
CertificateConfigEntry . |
void |
setClientAuthCertificateConfig(CertificateConfigEntry e)
Saves or updates the passed
CertificateConfigEntry to the config. |
protected int |
verify(java.security.cert.X509Certificate[] chain,
java.lang.String message)
Asks the user whether he trusts the supplied chain of certificates.
|
public CertificateServiceImpl()
public void propertyChange(java.beans.PropertyChangeEvent evt)
propertyChange
in interface java.beans.PropertyChangeListener
public java.util.List<KeyStoreType> getSupportedKeyStoreTypes()
CertificateService
getSupportedKeyStoreTypes
in interface CertificateService
public java.util.List<CertificateConfigEntry> getClientAuthCertificateConfigs()
CertificateService
CertificateConfigEntry
s.getClientAuthCertificateConfigs
in interface CertificateService
public void setClientAuthCertificateConfig(CertificateConfigEntry e)
CertificateService
CertificateConfigEntry
to the config.
If CertificateConfigEntry.getId()
returns null, a new entry is
created.setClientAuthCertificateConfig
in interface CertificateService
e
- The @see CertificateConfigEntry to save or update.public void removeClientAuthCertificateConfig(java.lang.String id)
CertificateService
CertificateConfigEntry
.removeClientAuthCertificateConfig
in interface CertificateService
id
- The ID (CertificateConfigEntry.getId()
) of the entry to
delete.public void addCertificateToTrust(java.security.cert.Certificate cert, java.lang.String trustFor, int trustMode) throws java.security.cert.CertificateException
CertificateService
addCertificateToTrust
in interface CertificateService
cert
- The certificate to add to the trust store.trustMode
- Whether to trust the certificate permanently or only
for the current session.java.security.cert.CertificateException
- when the thumbprint could not be calculatedpublic javax.net.ssl.SSLContext getSSLContext() throws java.security.GeneralSecurityException
CertificateService
getSSLContext
in interface CertificateService
java.security.GeneralSecurityException
public javax.net.ssl.SSLContext getSSLContext(javax.net.ssl.X509ExtendedTrustManager trustManager) throws java.security.GeneralSecurityException
CertificateService
getSSLContext
in interface CertificateService
trustManager
- The trustmanager that will be used by the created
SSLContextjava.security.GeneralSecurityException
public javax.net.ssl.SSLContext getSSLContext(java.lang.String clientCertConfig, javax.net.ssl.X509ExtendedTrustManager trustManager) throws java.security.GeneralSecurityException
CertificateService
getSSLContext
in interface CertificateService
clientCertConfig
- The ID of a client certificate configuration
entry that is to be used when the server asks for a client TLS
certificatetrustManager
- The trustmanager that will be used by the created
SSLContextjava.security.GeneralSecurityException
public javax.net.ssl.SSLContext getSSLContext(javax.net.ssl.KeyManager[] keyManagers, javax.net.ssl.X509ExtendedTrustManager trustManager) throws java.security.GeneralSecurityException
CertificateService
getSSLContext
in interface CertificateService
keyManagers
- The key manager(s) to be used for client
authenticationtrustManager
- The trustmanager that will be used by the created
SSLContextjava.security.GeneralSecurityException
public javax.net.ssl.X509ExtendedTrustManager getTrustManager(java.lang.Iterable<java.lang.String> identitiesToTest) throws java.security.GeneralSecurityException
CertificateService
getTrustManager
in interface CertificateService
identitiesToTest
- when not null, the values are assumed
to be hostnames for invocations of checkServerTrusted and
e-mail addresses for invocations of checkClientTrustedjava.security.GeneralSecurityException
public javax.net.ssl.X509ExtendedTrustManager getTrustManager(java.lang.String identityToTest) throws java.security.GeneralSecurityException
getTrustManager
in interface CertificateService
identityToTest
- when not null, the value is assumed to
be a hostname for invocations of checkServerTrusted and an
e-mail address for invocations of checkClientTrustedjava.security.GeneralSecurityException
CertificateService.getTrustManager(Iterable)
public javax.net.ssl.X509ExtendedTrustManager getTrustManager(java.lang.String identityToTest, CertificateMatcher clientVerifier, CertificateMatcher serverVerifier) throws java.security.GeneralSecurityException
getTrustManager
in interface CertificateService
identityToTest
- The identity to match against the supplied
verifiers.clientVerifier
- The verifier to use in calls to checkClientTrustedserverVerifier
- The verifier to use in calls to checkServerTrustedjava.security.GeneralSecurityException
CertificateService.getTrustManager(Iterable, CertificateMatcher, CertificateMatcher)
public javax.net.ssl.X509ExtendedTrustManager getTrustManager(java.lang.Iterable<java.lang.String> identitiesToTest, CertificateMatcher clientVerifier, CertificateMatcher serverVerifier) throws java.security.GeneralSecurityException
CertificateService
getTrustManager
in interface CertificateService
identitiesToTest
- The identities to match against the supplied
verifiers.clientVerifier
- The verifier to use in calls to checkClientTrustedserverVerifier
- The verifier to use in calls to checkServerTrustedjava.security.GeneralSecurityException
protected int verify(java.security.cert.X509Certificate[] chain, java.lang.String message)
chain
- The chain of the certificates to check with user.message
- A text that describes why the verification failed.CertificateService.DO_NOT_TRUST
,
CertificateService.TRUST_THIS_SESSION_ONLY
,
CertificateService.TRUST_ALWAYS
Jitsi, the OpenSource Java VoIP and Instant Messaging client.
Distributable under Apache license.