Class OpenfireX509TrustManager
- java.lang.Object
-
- org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
-
- All Implemented Interfaces:
TrustManager,X509TrustManager
public class OpenfireX509TrustManager extends Object implements X509TrustManager
A Trust Manager implementation that adds Openfire-proprietary functionality.- Author:
- Guus der Kinderen, guus.der.kinderen@gmail.com
-
-
Field Summary
Fields Modifier and Type Field Description protected booleanacceptSelfSignedA boolean that indicates if this trust manager will allow self-signed certificates to be trusted.protected Set<X509Certificate>trustedIssuersThe set of trusted issuers from the trust store.
-
Constructor Summary
Constructors Constructor Description OpenfireX509TrustManager(KeyStore trustStore, boolean acceptSelfSigned, boolean checkValidity)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected CertPathcheckChainTrusted(CertSelector selector, X509Certificate... chain)Determine if the given partial or complete certificate chain can be trusted to represent the entity that is defined by the criteria specified by the 'selector' argument.voidcheckClientTrusted(X509Certificate[] chain, String authType)voidcheckServerTrusted(X509Certificate[] chain, String authType)X509Certificate[]getAcceptedIssuers()
-
-
-
Field Detail
-
acceptSelfSigned
protected final boolean acceptSelfSigned
A boolean that indicates if this trust manager will allow self-signed certificates to be trusted.
-
trustedIssuers
protected final Set<X509Certificate> trustedIssuers
The set of trusted issuers from the trust store. Note that these certificates are not validated. It is assumed that this set can be long-lived. Time-based validation should occur close to the actual usage / invocation.
-
-
Constructor Detail
-
OpenfireX509TrustManager
public OpenfireX509TrustManager(KeyStore trustStore, boolean acceptSelfSigned, boolean checkValidity) throws NoSuchAlgorithmException, KeyStoreException
-
-
Method Detail
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Specified by:
checkClientTrustedin interfaceX509TrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Specified by:
checkServerTrustedin interfaceX509TrustManager- Throws:
CertificateException
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
- Specified by:
getAcceptedIssuersin interfaceX509TrustManager
-
checkChainTrusted
protected CertPath checkChainTrusted(CertSelector selector, X509Certificate... chain) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertPathBuilderException
Determine if the given partial or complete certificate chain can be trusted to represent the entity that is defined by the criteria specified by the 'selector' argument. A (valid) partial chain is a chain that, combined with certificates from the trust store in this manager, can be completed to a full chain. Chains provided to this method do not need to be in any particular order. This implementation uses the trust anchors as represented bygetAcceptedIssuers()to verify that the chain that is provided either includes a certificate from an accepted issuer, or is directly issued by one. Depending on the configuration of this class, other verification is done:acceptSelfSigned: whentrue, any chain that has a length of one and is self-signed is considered as a 'trust anchor' (but is still subject to other checks, such as expiration checks).
- Parameters:
selector- Characteristics of the entity to be represented by the chain (cannot be null).chain- The certificate chain that is to be verified (cannot be null or empty).- Returns:
- A trusted certificate path (never null).
- Throws:
InvalidAlgorithmParameterException- if the algorithm is invalidNoSuchAlgorithmException- if the algorithm could not be foundCertPathBuilderException- if there was a problem with the certificate path
-
-