net.jini.jeri.ssl
Class FilterX509TrustManager

java.lang.Object
  extended by net.jini.jeri.ssl.Utilities
      extended by net.jini.jeri.ssl.FilterX509TrustManager
All Implemented Interfaces:
TrustManager, X509TrustManager
Direct Known Subclasses:
AuthManager

 class FilterX509TrustManager
extends Utilities
implements X509TrustManager

Implements an X509TrustManager that only trusts certificate chains whose first certificate identifies one of a set of principals.

Author:
Sun Microsystems, Inc.

Nested Class Summary
 
Nested classes/interfaces inherited from class net.jini.jeri.ssl.Utilities
Utilities.SSLContextInfo
 
Field Summary
private static Object lock
          Use for synchronizing initialization of the trustManager field.
private  Set principals
          The set of permitted remote principals, or null if no restriction.
private static X509TrustManager trustManager
          The trust manager to delegate to.
private static String trustManagerFactoryAlgorithm
          The trust manager factory algorithm.
 
Fields inherited from class net.jini.jeri.ssl.Utilities
ANY_KEY_ALGORITHM, clientLogger, DSA_KEY_ALGORITHM, getSubjectPermission, initLogger, INTEGRITY_PREFERRED, INTEGRITY_REQUIRED, RSA_KEY_ALGORITHM, serverLogger, UNKNOWN_PRINCIPAL
 
Constructor Summary
FilterX509TrustManager(Set principals)
          Creates an X509TrustManager that only trusts certificate chains whose first certificate identifies one of a set of principals.
 
Method Summary
private  void check(X509Certificate[] chain)
          Make sure the subject of the leaf certificate is one of the permitted principals.
 void checkClientTrusted(X509Certificate[] chain, String authType)
           
 void checkServerTrusted(X509Certificate[] chain, String authType)
           
 X509Certificate[] getAcceptedIssuers()
           
private static X509TrustManager getTrustManager()
          Returns the X509TrustManager to delegate to.
(package private)  void setPermittedRemotePrincipals(Set principals)
          Specifies the set of permitted remote principals.
 
Methods inherited from class net.jini.jeri.ssl.Utilities
checkValidity, contains, doesEncryption, doesServerAuthentication, equals, firstX509Cert, getCertFactory, getCipherAlgorithm, getClassName, getClientPrincipals, getClientPrincipals, getClientSSLContextInfo, getKeyAlgorithm, getKeyExchangeAlgorithm, getPermittedKeyAlgorithms, getServerPrincipals, getServerSSLContextInfo, getSupportedCipherSuites, hasStrongCipherAlgorithm, logThrow, maintainsIntegrity, permittedKeyAlgorithm, position, releaseClientSSLContextInfo, safeEquals, subjectString, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

trustManager

private static X509TrustManager trustManager
The trust manager to delegate to.


lock

private static final Object lock
Use for synchronizing initialization of the trustManager field.


trustManagerFactoryAlgorithm

private static final String trustManagerFactoryAlgorithm
The trust manager factory algorithm.


principals

private Set principals
The set of permitted remote principals, or null if no restriction.

Constructor Detail

FilterX509TrustManager

FilterX509TrustManager(Set principals)
                 throws NoSuchAlgorithmException
Creates an X509TrustManager that only trusts certificate chains whose first certificate identifies one of a set of principals.

Parameters:
principals - the set of permitted remote principals, or null if no restriction
Throws:
NoSuchAlgorithmException - if the trust manager factory algorithm is not found
Method Detail

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException
Specified by:
checkClientTrusted in interface X509TrustManager
Throws:
CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException
Specified by:
checkServerTrusted in interface X509TrustManager
Throws:
CertificateException

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()
Specified by:
getAcceptedIssuers in interface X509TrustManager

setPermittedRemotePrincipals

void setPermittedRemotePrincipals(Set principals)
Specifies the set of permitted remote principals.

Parameters:
principals - the set of permitted remote principals, or null if no restriction

check

private void check(X509Certificate[] chain)
            throws CertificateException
Make sure the subject of the leaf certificate is one of the permitted principals.

Throws:
CertificateException

getTrustManager

private static X509TrustManager getTrustManager()
                                         throws NoSuchAlgorithmException
Returns the X509TrustManager to delegate to.

Throws:
NoSuchAlgorithmException


Copyright 2007-2010, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.