Module org.snmp4j

Package org.snmp4j.transport.tls

Class TLSTMExtendedTrustManager

java.lang.Object

javax.net.ssl.X509ExtendedTrustManager

org.snmp4j.transport.tls.TLSTMExtendedTrustManager

All Implemented Interfaces:

TrustManager, X509TrustManager

public class TLSTMExtendedTrustManager
extends X509ExtendedTrustManager

TLSTM trust manager that implements the X509ExtendedTrustManager interface.

Since:

2.5.7

Field Summary

Fields

Modifier and Type	Field	Description
private static final LogAdapter	logger
private final TlsTmSecurityCallback<X509Certificate>	securityCallback
private final CounterSupport	tlstmCounters
private final TransportStateReference	tmStateReference
(package private) X509TrustManager	trustManager
private final boolean	useClientMode

Constructor Summary

Constructors

Constructor	Description
TLSTMExtendedTrustManager(CounterSupport tlstmCounters, TlsTmSecurityCallback<X509Certificate> securityCallback, X509TrustManager trustManager, boolean useClientMode, TransportStateReference tmStateReference)

Method Summary

Modifier and Type	Method	Description
void	checkClientTrusted(X509Certificate[] x509Certificates, String s)
void	checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket)
void	checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine)
private boolean	checkClientTrustedIntern(X509Certificate[] x509Certificates)
void	checkServerTrusted(X509Certificate[] x509Certificates, String s)
void	checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket)
void	checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine)
private boolean	checkServerTrustedByFingerprint(X509Certificate[] x509Certificates)
private boolean	checkServerTrustedBySubjectDN(X509Certificate[] x509Certificates)	RFC 6353 page 47, snmpTlstmAddrServerIdentity
X509Certificate[]	getAcceptedIssuers()
static X509Certificate[]	getAcceptedIssuers(X509TrustManager trustManager, TlsTmSecurityCallback<X509Certificate> securityCallback)	Gets the accepted X509Certificates from the given X509TrustManager and security callback.
private boolean	isMatchingFingerprint(X509Certificate[] x509Certificates, OctetString fingerprint, boolean useClientMode)
private void	postCheckServerTrusted(X509Certificate[] x509Certificates)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

private static final LogAdapter logger

trustManager

X509TrustManager trustManager

useClientMode

private final boolean useClientMode

tmStateReference

private final TransportStateReference tmStateReference

tlstmCounters

private final CounterSupport tlstmCounters

securityCallback

private final TlsTmSecurityCallback<X509Certificate> securityCallback

Constructor Details

TLSTMExtendedTrustManager

public TLSTMExtendedTrustManager(CounterSupport tlstmCounters,
 TlsTmSecurityCallback<X509Certificate> securityCallback,
 X509TrustManager trustManager,
 boolean useClientMode,
 TransportStateReference tmStateReference)

Method Details

checkClientTrusted

public void checkClientTrusted(X509Certificate[] x509Certificates,
 String s)
                        throws CertificateException

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] x509Certificates,
 String s)
                        throws CertificateException

Throws:

CertificateException

isMatchingFingerprint

private boolean isMatchingFingerprint(X509Certificate[] x509Certificates,
 OctetString fingerprint,
 boolean useClientMode)
                               throws CertificateException

Throws:

CertificateException

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()

getAcceptedIssuers

public static X509Certificate[] getAcceptedIssuers(X509TrustManager trustManager,
 TlsTmSecurityCallback<X509Certificate> securityCallback)

Gets the accepted X509Certificates from the given X509TrustManager and security callback.

Parameters:

trustManager - a X509TrustManager providing the accepted issuers.

securityCallback - a security callback that is ask to accept any returned issuer.

Returns:

a probably empty or null array of accepted issuers.

Since:

3.6.0

checkClientTrusted

public void checkClientTrusted(X509Certificate[] x509Certificates,
 String s,
 Socket socket)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] x509Certificates,
 String s,
 Socket socket)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrustedBySubjectDN

private boolean checkServerTrustedBySubjectDN(X509Certificate[] x509Certificates)
                                       throws CertificateException

RFC 6353 page 47, snmpTlstmAddrServerIdentity

Throws:

CertificateException

postCheckServerTrusted

private void postCheckServerTrusted(X509Certificate[] x509Certificates)
                             throws CertificateException

Throws:

CertificateException

checkServerTrustedByFingerprint

private boolean checkServerTrustedByFingerprint(X509Certificate[] x509Certificates)
                                         throws CertificateException

Throws:

CertificateException

checkClientTrusted

public void checkClientTrusted(X509Certificate[] x509Certificates,
 String s,
 SSLEngine sslEngine)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkClientTrustedIntern

private boolean checkClientTrustedIntern(X509Certificate[] x509Certificates)
                                  throws CertificateException

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] x509Certificates,
 String s,
 SSLEngine sslEngine)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException