- java.lang.Object
-
- org.snmp4j.transport.tls.PropertiesTlsTmSecurityCallback
-
- All Implemented Interfaces:
TlsTmSecurityCallback<java.security.cert.X509Certificate>
public class PropertiesTlsTmSecurityCallback extends java.lang.Object implements TlsTmSecurityCallback<java.security.cert.X509Certificate>
ThePropertiesTlsTmSecurityCallback
resolves thetmSecurityName
for incoming requests by using the (system) propertiesorg.snmp4j.arg.securityName
org.snmp4j.arg.tlsLocalID
org.snmp4j.arg.tlsTrustCA
org.snmp4j.arg.tlsPeerID
- Since:
- 2.0
- Version:
- 3.3.0
- Author:
- Frank Fock
-
-
Constructor Summary
Constructors Constructor Description PropertiesTlsTmSecurityCallback(boolean serverMode)
PropertiesTlsTmSecurityCallback(java.util.Properties properties, boolean serverMode)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
getLocalCertificateAlias(Address targetAddress)
Gets the local certificate alias to be used for the supplied target address.OctetString
getSecurityName(java.security.cert.X509Certificate[] peerCertificateChain)
Gets the tmSecurityName (see RFC 5953) from the certificate chain of the communication peer that needs to be authenticated.boolean
isAcceptedIssuer(java.security.cert.X509Certificate issuerCertificate)
Check if the supplied issuer certificate is accepted as server.boolean
isClientCertificateAccepted(java.security.cert.X509Certificate peerEndCertificate)
Check if the supplied peer end certificate is accepted as client.boolean
isServerCertificateAccepted(java.security.cert.X509Certificate[] peerCertificateChain)
Check if the supplied peer certificate chain is accepted as server.
-
-
-
Method Detail
-
getSecurityName
public OctetString getSecurityName(java.security.cert.X509Certificate[] peerCertificateChain)
Description copied from interface:TlsTmSecurityCallback
Gets the tmSecurityName (see RFC 5953) from the certificate chain of the communication peer that needs to be authenticated.- Specified by:
getSecurityName
in interfaceTlsTmSecurityCallback<java.security.cert.X509Certificate>
- Parameters:
peerCertificateChain
- an array ofCertificate
s with the peer's own certificate first followed by any CA authorities.- Returns:
- the tmSecurityName as defined by RFC 5953.
-
isClientCertificateAccepted
public boolean isClientCertificateAccepted(java.security.cert.X509Certificate peerEndCertificate) throws java.security.cert.CertificateException
Description copied from interface:TlsTmSecurityCallback
Check if the supplied peer end certificate is accepted as client.- Specified by:
isClientCertificateAccepted
in interfaceTlsTmSecurityCallback<java.security.cert.X509Certificate>
- Parameters:
peerEndCertificate
- a client Certificate instance to check acceptance for.- Returns:
true
if the certificate is accepted,false
otherwise, i.e. if verification could not performed, i.e. because it was not configured sufficiently.- Throws:
java.security.cert.CertificateException
- if the certificate is rejected.
-
isServerCertificateAccepted
public boolean isServerCertificateAccepted(java.security.cert.X509Certificate[] peerCertificateChain) throws java.security.cert.CertificateException
Description copied from interface:TlsTmSecurityCallback
Check if the supplied peer certificate chain is accepted as server.- Specified by:
isServerCertificateAccepted
in interfaceTlsTmSecurityCallback<java.security.cert.X509Certificate>
- Parameters:
peerCertificateChain
- a server Certificate chain to check acceptance for.- Returns:
true
if the certificate is accepted,false
otherwise, i.e. if verification could not performed, i.e. because it was not configured sufficiently.- Throws:
java.security.cert.CertificateException
- if the certificate is rejected.
-
isAcceptedIssuer
public boolean isAcceptedIssuer(java.security.cert.X509Certificate issuerCertificate) throws java.security.cert.CertificateException
Description copied from interface:TlsTmSecurityCallback
Check if the supplied issuer certificate is accepted as server.- Specified by:
isAcceptedIssuer
in interfaceTlsTmSecurityCallback<java.security.cert.X509Certificate>
- Parameters:
issuerCertificate
- an issuer Certificate instance to check acceptance for.- Returns:
true
if the certificate is accepted,false
otherwise, i.e. if verification could not performed, i.e. because it was not configured sufficiently.- Throws:
java.security.cert.CertificateException
- if the certificate is rejected.
-
getLocalCertificateAlias
public java.lang.String getLocalCertificateAlias(Address targetAddress)
Description copied from interface:TlsTmSecurityCallback
Gets the local certificate alias to be used for the supplied target address.- Specified by:
getLocalCertificateAlias
in interfaceTlsTmSecurityCallback<java.security.cert.X509Certificate>
- Parameters:
targetAddress
- a target address ornull
if the default local certificate alias needs to be retrieved.- Returns:
- the requested local certificate alias, if known. Otherwise
null
is returned which could cause a protocol violation if the local key store contains more than one certificate.
-
-