File Doc Category Size Date Package
InMemoryX509TrustManager.java API Doc Glassfish v2 API 7779 Fri May 04 22:33:46 BST 2007 com.sun.enterprise.admin.server.core

InMemoryX509TrustManager

java.lang.Object

public class InMemoryX509TrustManager extends Object implements X509TrustManager

An implementation of {@link X509TrustManager} that provides support for managing certificates from an in memory trustore (javax.net.trustStore system property controls the trustore specification) It checks if the server is trusted and displays the certificate chain that was received from the server. If the certificate fails the existing trust chain, communication stops

Fields Summary
private static com.sun.enterprise.admin.jmx.remote.IStringManager
_strMgr
private KeyStore
mTrustStore
Constructors Summary
public InMemoryX509TrustManager(String certNickname)
try { // certificate alias name if (mTrustStore == null) mTrustStore = getCertTrustore(certNickname); } catch (Exception ex) { ex.printStackTrace(); // ignore, trustStore will be null } if (_strMgr == null) _strMgr = StringManagerFactory.getClientStringManager( InMemoryX509TrustManager.class, null);
Methods Summary
private boolean certificateExists(java.security.cert.X509Certificate x509Certificate)
if (mTrustStore == null) return false; return (mTrustStore.getCertificateAlias(x509Certificate) == null ? false : true);
protected void checkCertificate(java.security.cert.X509Certificate[] chain)
This function validates the cert and ensures that it is trusted.
param
chain
throws
RuntimeException
throws
CertificateException
if (chain == null || chain.length == 0) { throw new IllegalArgumentException (_strMgr.getString( "emptyServerCertificate")); } //First ensure that the certificate is valid. for (int i = 0 ; i < chain.length ; i ++) chain[i].checkValidity(); try { // if the certificate does not exist then we have an issue. If // the cert was not changed on the DAS post a DAS/NA sync then // some DAS with which this NA did not sync up earlier has been // conencted to from NA. Throw an exception and abort NA startup if (!certificateExists(chain[0])) throw new CertificateException( _strMgr.getString("serverCertificateNotTrusted")); } catch (Exception ex) { // mask all exceptions as CertificateException // but with correct diagnostic message // the exception could be a KeyStoreException or ConfigException // while trying to fetch correct trust store throw new CertificateException(ex.getMessage()); }
public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificate, java.lang.String authType)
Checks if client is trusted given the certificate chain and authorization type string, e.g. "RSA".
throws
{@link CertificateException}
throws
{@link UnsupportedOperationException}
throw new UnsupportedOperationException( "Not Implemented for Client Trust Management");
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Checs if the server is trusted.
param
chain The server certificate to be validated.
param
authType
throws
CertificateException
try { checkCertificate(chain); } catch (CertificateException ex) { throw ex; }
public java.security.cert.X509Certificate[] getAcceptedIssuers()
return ( new X509Certificate[0] );
private java.security.KeyStore getCertTrustore(java.lang.String certNickname)
Returns certificate used by jmx connector.
param
certNickname certificate nick name used to find the correct trust store
return
KeyStore key store containing the cert with the input cert nick name
throws
KeyStoreException if keystore has not been initialized
// available trust stores SecuritySupport secSupp = SecurityUtil.getSecuritySupport(); KeyStore[] trustStore = secSupp.getTrustStores(); int i = 0; boolean found = false; Certificate cert = null; for (; i<trustStore.length; i++) { cert = trustStore[i].getCertificate(certNickname); if (cert != null) { // found target found = true; break; } } if (found) if (trustStore != null) return trustStore[i]; return null;