public interface CertificateService
Modifier and Type | Field and Description |
---|---|
static int |
DO_NOT_TRUST
Result of user interaction.
|
static java.lang.String |
PNAME_ALWAYS_TRUST
Property for always trust mode.
|
static java.lang.String |
PNAME_CLIENTAUTH_CERTCONFIG_BASE
The property name prefix of all client authentication configurations.
|
static java.lang.String |
PNAME_NO_USER_INTERACTION
When set to true, the certificate check is performed.
|
static java.lang.String |
PNAME_OCSP_ENABLED
Property that is being applied to the Security property
ocsp.enable
|
static java.lang.String |
PNAME_REVOCATION_CHECK_ENABLED
Property that is being applied to the system properties
com.sun.net.ssl.checkRevocation and
com.sun.security.enableCRLDP
|
static java.lang.String |
PNAME_TRUSTSTORE_FILE
Property that is being applied to the system property
javax.net.ssl.trustStore
|
static java.lang.String |
PNAME_TRUSTSTORE_PASSWORD
Property that is being applied to the system property
javax.net.ssl.trustStorePassword
|
static java.lang.String |
PNAME_TRUSTSTORE_TYPE
Property that is being applied to the system property
javax.net.ssl.trustStoreType
|
static int |
TRUST_ALWAYS
Result of user interaction.
|
static int |
TRUST_THIS_SESSION_ONLY
Result of user interaction.
|
Modifier and Type | Method and Description |
---|---|
void |
addCertificateToTrust(java.security.cert.Certificate cert,
java.lang.String trustFor,
int trustMode)
Adds a certificate to the local trust store.
|
java.util.List<CertificateConfigEntry> |
getClientAuthCertificateConfigs()
Returns all saved
CertificateConfigEntry s. |
javax.net.ssl.SSLContext |
getSSLContext()
Get an SSL Context that validates certificates based on the JRE default
check and asks the user when the JRE check fails.
|
javax.net.ssl.SSLContext |
getSSLContext(javax.net.ssl.KeyManager[] keyManagers,
javax.net.ssl.X509ExtendedTrustManager trustManager)
Get an SSL Context with the specified trustmanager.
|
javax.net.ssl.SSLContext |
getSSLContext(java.lang.String clientCertConfig,
javax.net.ssl.X509ExtendedTrustManager trustManager)
Get an SSL Context with the specified trustmanager.
|
javax.net.ssl.SSLContext |
getSSLContext(javax.net.ssl.X509ExtendedTrustManager trustManager)
Get an SSL Context with the specified trustmanager.
|
java.util.List<KeyStoreType> |
getSupportedKeyStoreTypes()
Gets a list of all supported KeyStore types.
|
javax.net.ssl.X509ExtendedTrustManager |
getTrustManager(java.lang.Iterable<java.lang.String> identitiesToTest)
Creates a trustmanager that validates the certificate based on the JRE
default check and asks the user when the JRE check fails.
|
javax.net.ssl.X509ExtendedTrustManager |
getTrustManager(java.lang.Iterable<java.lang.String> identitiesToTest,
CertificateMatcher clientVerifier,
CertificateMatcher serverVerifier)
Creates a trustmanager that validates the certificate based on the JRE
default check and asks the user when the JRE check fails.
|
javax.net.ssl.X509ExtendedTrustManager |
getTrustManager(java.lang.String identityToTest) |
javax.net.ssl.X509ExtendedTrustManager |
getTrustManager(java.lang.String identityToTest,
CertificateMatcher clientVerifier,
CertificateMatcher serverVerifier) |
void |
removeClientAuthCertificateConfig(java.lang.String id)
Deletes a saved
CertificateConfigEntry . |
void |
setClientAuthCertificateConfig(CertificateConfigEntry entry)
Saves or updates the passed
CertificateConfigEntry to the config. |
static final java.lang.String PNAME_ALWAYS_TRUST
static final java.lang.String PNAME_NO_USER_INTERACTION
static final java.lang.String PNAME_CLIENTAUTH_CERTCONFIG_BASE
static final java.lang.String PNAME_TRUSTSTORE_TYPE
static final java.lang.String PNAME_TRUSTSTORE_FILE
static final java.lang.String PNAME_TRUSTSTORE_PASSWORD
static final java.lang.String PNAME_REVOCATION_CHECK_ENABLED
static final java.lang.String PNAME_OCSP_ENABLED
static final int DO_NOT_TRUST
static final int TRUST_ALWAYS
static final int TRUST_THIS_SESSION_ONLY
java.util.List<CertificateConfigEntry> getClientAuthCertificateConfigs()
CertificateConfigEntry
s.void removeClientAuthCertificateConfig(java.lang.String id)
CertificateConfigEntry
.id
- The ID (CertificateConfigEntry.getId()
) of the entry to
delete.void setClientAuthCertificateConfig(CertificateConfigEntry entry)
CertificateConfigEntry
to the config.
If CertificateConfigEntry.getId()
returns null, a new entry is
created.entry
- The @see CertificateConfigEntry to save or update.java.util.List<KeyStoreType> getSupportedKeyStoreTypes()
javax.net.ssl.SSLContext getSSLContext() throws java.security.GeneralSecurityException
java.security.GeneralSecurityException
javax.net.ssl.SSLContext getSSLContext(javax.net.ssl.X509ExtendedTrustManager trustManager) throws java.security.GeneralSecurityException
trustManager
- The trustmanager that will be used by the created
SSLContextjava.security.GeneralSecurityException
javax.net.ssl.SSLContext getSSLContext(java.lang.String clientCertConfig, javax.net.ssl.X509ExtendedTrustManager trustManager) throws java.security.GeneralSecurityException
clientCertConfig
- The ID of a client certificate configuration
entry that is to be used when the server asks for a client TLS
certificatetrustManager
- The trustmanager that will be used by the created
SSLContextjava.security.GeneralSecurityException
javax.net.ssl.SSLContext getSSLContext(javax.net.ssl.KeyManager[] keyManagers, javax.net.ssl.X509ExtendedTrustManager trustManager) throws java.security.GeneralSecurityException
keyManagers
- The key manager(s) to be used for client
authenticationtrustManager
- The trustmanager that will be used by the created
SSLContextjava.security.GeneralSecurityException
javax.net.ssl.X509ExtendedTrustManager getTrustManager(java.lang.Iterable<java.lang.String> identitiesToTest) throws java.security.GeneralSecurityException
identitiesToTest
- when not null, the values are assumed
to be hostnames for invocations of checkServerTrusted and
e-mail addresses for invocations of checkClientTrustedjava.security.GeneralSecurityException
javax.net.ssl.X509ExtendedTrustManager getTrustManager(java.lang.String identityToTest) throws java.security.GeneralSecurityException
identityToTest
- when not null, the value is assumed to
be a hostname for invocations of checkServerTrusted and an
e-mail address for invocations of checkClientTrustedjava.security.GeneralSecurityException
getTrustManager(Iterable)
javax.net.ssl.X509ExtendedTrustManager getTrustManager(java.lang.String identityToTest, CertificateMatcher clientVerifier, CertificateMatcher serverVerifier) throws java.security.GeneralSecurityException
identityToTest
- The identity to match against the supplied
verifiers.clientVerifier
- The verifier to use in calls to checkClientTrustedserverVerifier
- The verifier to use in calls to checkServerTrustedjava.security.GeneralSecurityException
getTrustManager(Iterable, CertificateMatcher, CertificateMatcher)
javax.net.ssl.X509ExtendedTrustManager getTrustManager(java.lang.Iterable<java.lang.String> identitiesToTest, CertificateMatcher clientVerifier, CertificateMatcher serverVerifier) throws java.security.GeneralSecurityException
identitiesToTest
- The identities to match against the supplied
verifiers.clientVerifier
- The verifier to use in calls to checkClientTrustedserverVerifier
- The verifier to use in calls to checkServerTrustedjava.security.GeneralSecurityException
void addCertificateToTrust(java.security.cert.Certificate cert, java.lang.String trustFor, int trustMode) throws java.security.cert.CertificateException
cert
- The certificate to add to the trust store.trustFor
- trustMode
- Whether to trust the certificate permanently or only
for the current session.java.security.cert.CertificateException
- when the thumbprint could not be calculated
Jitsi, the OpenSource Java VoIP and Instant Messaging client.
Distributable under Apache license.