- java.lang.Object
-
- org.snmp4j.transport.tls.TLSTMUtil
-
public class TLSTMUtil extends java.lang.Object
- Since:
- 3.0
- Version:
- 3.6.0
- Author:
- Frank Fock
-
-
Constructor Summary
Constructors Constructor Description TLSTMUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description protected static void
addCRLCertStore(java.lang.String crlFilePath, java.security.cert.PKIXBuilderParameters pkixBuilderParameters)
Return the initialization parameters for a TrustManager for doing cert path validation with CRL revocation based on a CRL file.static java.security.cert.PKIXRevocationChecker
createDefaultPKIXRevocationChecker()
Creates a default revocation checker with CRL check only (no OCSP) and check is limited to end entity only.static javax.net.ssl.SSLContext
createSSLContext(java.lang.String protocol, java.lang.String keyStore, java.lang.String keyStorePassword, java.lang.String trustStore, java.lang.String trustStorePassword, TransportStateReference transportStateReference, TLSTMTrustManagerFactory trustManagerFactory, boolean useClientMode, TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, java.lang.String localCertificateAlias, java.security.cert.PKIXRevocationChecker pkixRevocationChecker, java.lang.String crlURI)
static OctetString
getFingerprint(java.security.cert.X509Certificate cert)
static OctetString
getIpAddressFromSubjAltName(java.util.Collection<java.util.List<?>> altNames)
static java.lang.Object
getSubjAltName(java.util.Collection<java.util.List<?>> subjAltNames, int type)
static boolean
isMatchingFingerprint(java.security.cert.X509Certificate[] x509Certificates, OctetString fingerprint, boolean useClientMode, CounterSupport tlstmCounters, LogAdapter logger, java.lang.Object eventSource)
Checks if any of the certificates in the provided array matches the given fingerprint.
-
-
-
Method Detail
-
getFingerprint
public static OctetString getFingerprint(java.security.cert.X509Certificate cert)
-
isMatchingFingerprint
public static boolean isMatchingFingerprint(java.security.cert.X509Certificate[] x509Certificates, OctetString fingerprint, boolean useClientMode, CounterSupport tlstmCounters, LogAdapter logger, java.lang.Object eventSource) throws java.security.cert.CertificateException
Checks if any of the certificates in the provided array matches the given fingerprint. If the fingerprint to match isnull
or zero length,false
will be returned, because a matching cannot be performed.- Parameters:
x509Certificates
- the certificates to match.fingerprint
- the searched fingerprintuseClientMode
- defines if server or client mode is active to emit the right counter events.tlstmCounters
- the counters to increase on matchinglogger
- where to logeventSource
- the source object for events emitted by the matching.- Returns:
true
if there is a match,false
if matching could not be performed due tonull
or zero length fingerprint- Throws:
java.security.cert.CertificateException
- if there is no matching, but fingerprint is non-null and has a length greater than zero.
-
getSubjAltName
public static java.lang.Object getSubjAltName(java.util.Collection<java.util.List<?>> subjAltNames, int type)
-
getIpAddressFromSubjAltName
public static OctetString getIpAddressFromSubjAltName(java.util.Collection<java.util.List<?>> altNames)
-
createSSLContext
public static javax.net.ssl.SSLContext createSSLContext(java.lang.String protocol, java.lang.String keyStore, java.lang.String keyStorePassword, java.lang.String trustStore, java.lang.String trustStorePassword, TransportStateReference transportStateReference, TLSTMTrustManagerFactory trustManagerFactory, boolean useClientMode, TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, java.lang.String localCertificateAlias, java.security.cert.PKIXRevocationChecker pkixRevocationChecker, java.lang.String crlURI) throws java.security.GeneralSecurityException
- Throws:
java.security.GeneralSecurityException
-
createDefaultPKIXRevocationChecker
public static java.security.cert.PKIXRevocationChecker createDefaultPKIXRevocationChecker()
Creates a default revocation checker with CRL check only (no OCSP) and check is limited to end entity only.- Returns:
- a simple revocation checker to be used with
#setPKIXRevocationChecker(PKIXRevocationChecker)
. - Since:
- 3.6.0
-
addCRLCertStore
protected static void addCRLCertStore(java.lang.String crlFilePath, java.security.cert.PKIXBuilderParameters pkixBuilderParameters)
Return the initialization parameters for a TrustManager for doing cert path validation with CRL revocation based on a CRL file. Currently, only the defaultPKIX
is supported.- Parameters:
crlFilePath
- the path to the CRL file that provides the CRL collection for checking revocation.pkixBuilderParameters
- thePKIXBuilderParameters
to modify.- Since:
- 3.6.0
-
-