java.lang.Object
org.snmp4j.transport.tls.TLSTMUtil
- Since:
- 3.0
- Version:
- 3.6.0
- Author:
- Frank Fock
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected static void
addCRLCertStore
(String crlFilePath, PKIXBuilderParameters pkixBuilderParameters) Return the initialization parameters for a TrustManager for doing cert path validation with CRL revocation based on a CRL file.static PKIXRevocationChecker
Creates a default revocation checker with CRL check only (no OCSP) and check is limited to end entity only.static SSLContext
createSSLContext
(String protocol, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword, TransportStateReference transportStateReference, TLSTMTrustManagerFactory trustManagerFactory, boolean useClientMode, TlsTmSecurityCallback<X509Certificate> securityCallback, String localCertificateAlias, PKIXRevocationChecker pkixRevocationChecker, String crlURI) static OctetString
static OctetString
getIpAddressFromSubjAltName
(Collection<List<?>> altNames) static Object
getSubjAltName
(Collection<List<?>> subjAltNames, int type) static boolean
isMatchingFingerprint
(X509Certificate[] x509Certificates, OctetString fingerprint, boolean useClientMode, CounterSupport tlstmCounters, LogAdapter logger, Object eventSource) Checks if any of the certificates in the provided array matches the given fingerprint.
-
Constructor Details
-
TLSTMUtil
public TLSTMUtil()
-
-
Method Details
-
getFingerprint
-
isMatchingFingerprint
public static boolean isMatchingFingerprint(X509Certificate[] x509Certificates, OctetString fingerprint, boolean useClientMode, CounterSupport tlstmCounters, LogAdapter logger, Object eventSource) throws CertificateException Checks if any of the certificates in the provided array matches the given fingerprint. If the fingerprint to match isnull
or zero length,false
will be returned, because a matching cannot be performed.- Parameters:
x509Certificates
- the certificates to match.fingerprint
- the searched fingerprintuseClientMode
- defines if server or client mode is active to emit the right counter events.tlstmCounters
- the counters to increase on matchinglogger
- where to logeventSource
- the source object for events emitted by the matching.- Returns:
true
if there is a match,false
if matching could not be performed due tonull
or zero length fingerprint- Throws:
CertificateException
- if there is no matching, but fingerprint is non-null and has a length greater than zero.
-
getSubjAltName
-
getIpAddressFromSubjAltName
-
createSSLContext
public static SSLContext createSSLContext(String protocol, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword, TransportStateReference transportStateReference, TLSTMTrustManagerFactory trustManagerFactory, boolean useClientMode, TlsTmSecurityCallback<X509Certificate> securityCallback, String localCertificateAlias, PKIXRevocationChecker pkixRevocationChecker, String crlURI) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
createDefaultPKIXRevocationChecker
Creates a default revocation checker with CRL check only (no OCSP) and check is limited to end entity only.- Returns:
- a simple revocation checker to be used with
TLSTM.setPKIXRevocationChecker(PKIXRevocationChecker)
. - Since:
- 3.6.0
-
addCRLCertStore
protected static void addCRLCertStore(String crlFilePath, PKIXBuilderParameters pkixBuilderParameters) Return the initialization parameters for a TrustManager for doing cert path validation with CRL revocation based on a CRL file. Currently, only the defaultPKIX
is supported.- Parameters:
crlFilePath
- the path to the CRL file that provides the CRL collection for checking revocation.pkixBuilderParameters
- thePKIXBuilderParameters
to modify.- Since:
- 3.6.0
-