| Methods Summary |
|---|
| protected void | checkCertificate(java.security.cert.X509Certificate[] chain)This function validates the cert and ensures that it is trusted.
if (chain == null || chain.length == 0) {
throw new IllegalArgumentException (_strMgr.getString(
"emptyServerCertificate"));
}
//First ensure that the certificate is valid.
for (int i = 0 ; i < chain.length ; i ++) {
chain[i].checkValidity();
}
try {
AsadminTruststore truststore = null;
try {
truststore = new AsadminTruststore();
} catch (IOException ex) {
//An IOException is thrown when an invalid keystore password is entered.
//In this case, we prompt the user for the truststore password.
String password = promptForPassword();
if (password != null) {
truststore = new AsadminTruststore(password);
} else {
throw ex;
}
}
//if the certificate already exists in the truststore, it is implicitly trusted
if (!truststore.certificateExists(chain[0])) {
//if the certificate does not exist in the truststore, then we prompt the
//user. Upon confirmation from the user, the certificate is added to the
//truststore.
if (isItOKToAddCertToTrustStore(chain[0])) {
truststore.addCertificate(getAliasName(), chain[0]);
} else {
throw new CertificateException(_strMgr.getString(
"serverCertificateNotTrusted"));
}
}
} catch (CertificateException ex) {
throw ex;
} catch (Exception e) {
throw new RuntimeException(e);
}
|
| public void | checkClientTrusted(java.security.cert.X509Certificate[] x509Certificate, java.lang.String authType)Checks if client is trusted given the certificate chain and authorization type string,
e.g. "RSA".
throw new UnsupportedOperationException("Not Implemented for Client Trust Management");
|
| public void | checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)Checs if the server is trusted.
//The alreadyInvoked flag keeps track of whether we have already prompted the
//user. Unfortunately, checkServerTrusted is called 2x and we want to avoid
//prompting the user twice. I'm not sure of the root cause of this problem (i.e.
//why it is called twice. In addition, we keep track of any exception that occurred
//on the first invocation and propagate that back.
if (!_alreadyInvoked) {
_alreadyInvoked = true;
try {
checkCertificate(chain);
} catch (RuntimeException ex) {
_lastRuntimeException = ex;
throw ex;
} catch (CertificateException ex) {
_lastCertException = ex;
throw ex;
}
} else {
if (_lastRuntimeException != null) {
throw _lastRuntimeException;
} else if (_lastCertException != null) {
throw _lastCertException;
}
}
|
| public java.security.cert.X509Certificate[] | getAcceptedIssuers()
return ( new X509Certificate[0] );
|
| private java.lang.String | getAliasName()
String aliasName = _alias != null ? _alias.toString() : "";
//We append a timestamp to the alias to ensure that it is unqiue.
DateFormat f = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG);
aliasName += ":" + f.format(new Date());
return aliasName;
|
| protected boolean | isItOKToAddCertToTrustStore(java.security.cert.X509Certificate c)Displays the certificate and prompts the user whether or
not it is trusted.
if (promptForConfirmation()) {
System.out.println(c.toString());
System.out.print(_strMgr.getString("certificateTrustPrompt"));
BufferedReader r = new BufferedReader(new InputStreamReader(System.in));
String result = r.readLine();
if (result != null && result.equalsIgnoreCase("y")) {
return true;
} else {
return false;
}
} else {
return true;
}
|
| protected boolean | promptForConfirmation()
return true;
|
| protected java.lang.String | promptForPassword()If we fail to open the client database using the default password (changeit) or
the password found in "javax.net.ssl.trustStorePassword" system property,
then the fallback behavior is to prompt the user for the password by calling
this method.
if (promptForConfirmation()) {
System.out.print(_strMgr.getString("certificateDbPrompt"));
BufferedReader r = new BufferedReader(new InputStreamReader(System.in));
return r.readLine();
} else {
return null;
}
|
