Module org.snmp4j
Package org.snmp4j.transport.tls

Class TLSTMUtil

java.lang.Object
org.snmp4j.transport.tls.TLSTMUtil
public class TLSTMUtil extends Object
The TLSTMUtil class implements common functions for TLSTM and DTLSTM.
Since:
3.0
Version:
3.6.0

  • Field Details

    • logger

      private static final LogAdapter logger

    • MD_SHA_PREFIX_LENGTH

      private static final int MD_SHA_PREFIX_LENGTH

  • Constructor Details

    • TLSTMUtil

      public TLSTMUtil()

  • Method Details

    • getFingerprint

      public static OctetString getFingerprint(X509Certificate cert)

    • isMatchingFingerprint

      public static boolean isMatchingFingerprint(X509Certificate[] x509Certificates, OctetString fingerprint, boolean useClientMode, CounterSupport tlstmCounters, LogAdapter logger, Object eventSource) throws CertificateException
      Checks if any of the certificates in the provided array matches the given fingerprint. If the fingerprint to match is null or zero length, false will be returned, because a matching cannot be performed.
      Parameters:
      x509Certificates - the certificates to match.
      fingerprint - the searched fingerprint
      useClientMode - defines if server or client mode is active to emit the right counter events.
      tlstmCounters - the counters to increase on matching
      logger - where to log
      eventSource - the source object for events emitted by the matching.
      Returns:
      true if there is a match, false if matching could not be performed due to null or zero length fingerprint
      Throws:
      CertificateException - if there is no matching, but fingerprint is non-null and has a length greater than zero.

    • getSubjAltName

      public static Object getSubjAltName(Collection<List<?>> subjAltNames, int type)

    • getIpAddressFromSubjAltName

      public static OctetString getIpAddressFromSubjAltName(Collection<List<?>> altNames)

    • createSSLContext

      public static SSLContext createSSLContext(String protocol, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword, TransportStateReference transportStateReference, TLSTMTrustManagerFactory trustManagerFactory, boolean useClientMode, TlsTmSecurityCallback<X509Certificate> securityCallback, String localCertificateAlias, PKIXRevocationChecker pkixRevocationChecker, String crlURI) throws GeneralSecurityException
      Throws:
      GeneralSecurityException

    • createDefaultPKIXRevocationChecker

      public static PKIXRevocationChecker createDefaultPKIXRevocationChecker()
      Creates a default revocation checker with CRL check only (no OCSP) and check is limited to end entity only.
      Returns:
      a simple revocation checker to be used with
      invalid reference 
      #setPKIXRevocationChecker(PKIXRevocationChecker)
      .
      Since:
      3.6.0

    • addCRLCertStore

      protected static void addCRLCertStore(String crlFilePath, PKIXBuilderParameters pkixBuilderParameters)
      Return the initialization parameters for a TrustManager for doing cert path validation with CRL revocation based on a CRL file. Currently, only the default PKIX is supported.
      Parameters:
      crlFilePath - the path to the CRL file that provides the CRL collection for checking revocation.
      pkixBuilderParameters - the PKIXBuilderParameters to modify.
      Since:
      3.6.0

    • getX509CRLs

      private static Collection<? extends CRL> getX509CRLs(String crlUrl)

    • filterCertificates

      private static void filterCertificates(KeyStore ks, TransportStateReference transportStateReference, TlsTmSecurityCallback<X509Certificate> securityCallback, String localCertificateAlias)