| Methods Summary |
|---|
| protected void | addCertificateToTrustStore(java.lang.String alias, java.security.cert.Certificate c)Add the Certificate with the specified alias to the trust-store.
mTrustStore.setCertificateEntry( alias, c );
writeStore();
|
| protected void | addCertificateToTrustStore(java.security.cert.Certificate c)Add the Certificate to the trust-store, using the alias returned by
getCertificateAlias( c ).
final String aliasName = getCertificateAlias( c );
addCertificateToTrustStore( aliasName, c );
|
| protected boolean | askShouldAddToTrustStore(java.security.cert.Certificate c)Prompts via System.in to ask whether the Certificate should be added.
final LineReaderImpl reader = new LineReaderImpl( System.in );
final String prompt = c.toString() +
"\n\nAdd the above certificate to the truststore [y/n]?";
final String result = reader.readLine( prompt );
return( result.equalsIgnoreCase( "y" ) || result.equalsIgnoreCase( "yes" ) );
|
| protected void | certificateNotInTrustStore(java.security.cert.Certificate c)The Certificate is not found in the trust-store.
If shouldAddToTrustStore( c ) returns false, then a CertificateException
is thrown. Otherwise, addCertificateToTrustStore( c ) is called.
if ( shouldAddToTrustStore( c ) )
{
addCertificateToTrustStore( c );
}
else
{
throw new CertificateException( "Certificate not trusted:\n" + c );
}
|
| protected void | checkCertificate(java.security.cert.X509Certificate[] chain)
try
{
//First ensure that the certificate is valid.
for (int i = 0 ; i < chain.length ; i ++)
{
chain[i].checkValidity();
}
mTrustStore = getTrustStore();
final Certificate cert = chain[ 0 ];
//if the certificate already exists in the truststore, it is implicitly trusted
if ( mTrustStore.getCertificateAlias( cert ) == null )
{
certificateNotInTrustStore( cert );
}
}
catch (CertificateException e)
{
throw e;
}
catch (Exception e)
{
throw new RuntimeException( e );
}
|
| public void | checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
throw new UnsupportedOperationException( "checkClientTrusted() not supported" );
|
| public void | checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
if (chain == null || chain.length == 0)
{
throw new IllegalArgumentException();
}
checkCertificate(chain);
|
| private void | createTrustStoreFile(java.security.KeyStore keyStore, char[] pw, java.io.File f)
f.createNewFile();
writeStore( keyStore, pw, f );
|
| public java.security.cert.X509Certificate[] | getAcceptedIssuers()By default, no issuers are trusted. It is better to trust specific
Certificates explicitly.
// none, by default
return( new X509Certificate[ 0 ] );
|
| protected java.lang.String | getCertificateAlias(java.security.cert.Certificate c)Return an alias for a Certificate to be added to the TrustStore.
final DateFormat f = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG);
return( "cert" + f.format( new Date() ) );
|
| public static com.sun.appserv.management.client.TrustStoreTrustManager | getSystemInstance()Create an instance using the system trust-store as returned by
getSystemTrustStoreFile().
final File trustStore = getSystemTrustStoreFile();
final char[] trustStorePassword = getSystemTrustStorePassword();
TrustStoreTrustManager mgr = null;
if ( trustStore != null && trustStorePassword != null )
{
return( new TrustStoreTrustManager( trustStore, trustStorePassword ) );
}
return( mgr );
|
| public static java.io.File | getSystemTrustStoreFile()Use System.getProperty( "javax.net.ssl.trustStore" ) to find a trust-store.
final String prop = System.getProperty( TRUSTSTORE_FILE_SPROP );
final File trustStore = prop == null ? null : new File( prop );
return( trustStore );
|
| public static char[] | getSystemTrustStorePassword()Use System.getProperty( "javax.net.ssl.trustStorePassword" ) to find the
trust-store password.
return( toCharArray( System.getProperty( TRUSTSTORE_PASSWORD_SPROP ) ) );
|
| protected synchronized java.security.KeyStore | getTrustStore()Get the KeyStore containing the Certificates to be trusted. This should
be a KeyStore corresponding to the file that was specified. The same
KeyStore should be returned each time.
if ( mTrustStore == null )
{
mTrustStore = KeyStore.getInstance( mKeyStoreType );
final File f = getTrustStoreFile();
final char[] pw = getTrustStorePassword();
if ( (! f.exists()) || f.length() == 0 )
{
f.delete();
mTrustStore.load( null, pw );
createTrustStoreFile( mTrustStore, pw, f);
}
else
{
final FileInputStream is = new FileInputStream( f );
try
{
mTrustStore.load( is, pw );
}
finally
{
is.close();
}
}
}
return( mTrustStore );
|
| public final java.io.File | getTrustStoreFile()Return the trust-store that was initially passed in.
return( mTrustStoreFile );
|
| protected char[] | getTrustStorePassword()Subclass may choose to override this method to get the password from any
desired source. Otherwise, the password used to create this instance is
returned.
return( mTrustStorePassword );
|
| public void | setPrompt(boolean prompt)If set to true, then when a new Certificate is encountered, the user
will be prompted via System.in as to whether it should be trusted.
mPrompt = prompt;
|
| protected boolean | shouldAddToTrustStore(java.security.cert.Certificate c)Subclass may wish to override this routine and call defaultShouldAddToTrustStore( c );
return( mPrompt ? askShouldAddToTrustStore( c ) : false );
|
| private static char[] | toCharArray(java.lang.String s)
return( s == null ? null : s.toCharArray() );
|
| public java.lang.String | toString()
return( "TrustStoreTrustManager--trusts certificates found in truststore: " + mTrustStore );
|
| private void | writeStore(java.security.KeyStore trustStore, char[] trustStorePassword, java.io.File f)
FileOutputStream out = new FileOutputStream( f );
try
{
trustStore.store( out, trustStorePassword );
}
catch( Throwable t )
{
t.printStackTrace();
}
finally
{
out.close();
}
|
| protected void | writeStore()Write the store to disk. Results are undefined if an error occurs while
writing the file.
writeStore( getTrustStore(), getTrustStorePassword(), getTrustStoreFile() );
// NOTE: any exception thrown from here is squelched by calling JDK code
// if in the middle of a SSL negotiation
|
