Package org.jivesoftware.openfire.keystore

Class TrustStore

java.lang.Object

org.jivesoftware.openfire.keystore.CertificateStore

org.jivesoftware.openfire.keystore.TrustStore

public class TrustStore
extends CertificateStore

A wrapper class for a store of certificates, its metadata (password, location) and related functionality that is used to verify credentials, a trust store The trust store should only contain certificates for the "most-trusted" Certificate Authorities (the store should not contain Intermediates"). These certificates are referred to as "Trust Anchors".

Author:

Guus der Kinderen, guus.der.kinderen@gmail.com

Field Summary

Fields inherited from class org.jivesoftware.openfire.keystore.CertificateStore

configuration, PROVIDER, store

Constructor Summary

Constructors

Constructor	Description
TrustStore(CertificateStoreConfiguration configuration, boolean createIfAbsent)

Method Summary

Modifier and Type	Method	Description
X509Certificate	getEndEntityCertificate(Certificate[] chain)	Decide whether or not to trust the given supplied certificate chain, returning the End Entity Certificate in this case where it can, and null otherwise.
void	installCertificate(String alias, String pemRepresentation)	Imports one certificate as a trust anchor into this store.
boolean	isTrusted(Certificate[] chain)	Decide whether or not to trust the given supplied certificate chain.

Methods inherited from class org.jivesoftware.openfire.keystore.CertificateStore

backup, delete, getAllCertificates, getConfiguration, getStore, persist, reload

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

TrustStore

public TrustStore(CertificateStoreConfiguration configuration,
 boolean createIfAbsent)
           throws CertificateStoreConfigException

Throws:

CertificateStoreConfigException

Method Details

installCertificate

public void installCertificate(String alias,
 String pemRepresentation)
                        throws CertificateStoreConfigException

Imports one certificate as a trust anchor into this store. Note that this method explicitly allows one to add invalid certificates. As this store is intended to contain certificates for "most-trusted" / root Certificate Authorities, this method will fail when the PEM representation contains more than one certificate.

Parameters:

alias - the name (key) under which the certificate is to be stored in the store (cannot be null or empty).

pemRepresentation - The PEM representation of the certificate to add (cannot be null or empty).

Throws:

CertificateStoreConfigException - if a single certificate could not be found

isTrusted

public boolean isTrusted(Certificate[] chain)

Decide whether or not to trust the given supplied certificate chain. For certain failures, we SHOULD generate an exception - revocations and the like, but we currently do not.

Parameters:

chain - an array of X509Certificate where the first one is the endEntityCertificate.

Returns:

true if the content of this trust store allows the chain to be trusted, otherwise false.

getEndEntityCertificate

public X509Certificate getEndEntityCertificate(Certificate[] chain)

Decide whether or not to trust the given supplied certificate chain, returning the End Entity Certificate in this case where it can, and null otherwise. A self-signed certificate will, for example, return null. For certain failures, we SHOULD generate an exception - revocations and the like, but we currently do not.

Parameters:

chain - an array of X509Certificate where the first one is the endEntityCertificate.

Returns:

trusted end-entity certificate, or null.