Skip navigation links

Oracle® Coherence Java API Reference
Release 3.7.0.0

E18683-01


com.tangosol.net.security
Class PeerX509TrustManager

java.lang.Object
  extended by com.tangosol.net.security.PeerX509TrustManager

All Implemented Interfaces:
javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

public class PeerX509TrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

X509TrustManager implementation that requires the peer's certificate to be present in a configured key store.

Author:
jh 2010.05.11

Field Summary
static java.lang.String ALGORITHM
          The alogorithm used by this TrustManager.
protected  java.security.KeyStore m_keyStore
          The key store used by this TrustManager.

 

Constructor Summary
PeerX509TrustManager(java.security.KeyStore keyStore)
          Create a new PeerTrustManager that requires the peer's certificate to be present in the given key store.

 

Method Summary
 void checkClientTrusted(java.security.cert.X509Certificate[] aCert, java.lang.String sAuthType)
          Determine if the leaf certificate in the given certificate chain is contained in the trusted peer key store.
 void checkPeerTrusted(java.security.cert.X509Certificate[] aCert, java.lang.String sAuthType)
          Determine if the leaf certificate in the given certificate chain is contained in the trusted peer key store.
 void checkServerTrusted(java.security.cert.X509Certificate[] aCert, java.lang.String sAuthType)
          Determine if the leaf certificate in the given certificate chain is contained in the trusted peer key store.
 java.security.cert.X509Certificate[] getAcceptedIssuers()
          Return an array of certificate authority certificates which are trusted for authenticating peers.
protected  java.lang.String getCommonName(java.security.Principal principal)
          Return the common name of the given principal

 

Field Detail

m_keyStore

protected final java.security.KeyStore m_keyStore
The key store used by this TrustManager.

ALGORITHM

public static final java.lang.String ALGORITHM
The alogorithm used by this TrustManager.
See Also:
Constant Field Values

Constructor Detail

PeerX509TrustManager

public PeerX509TrustManager(java.security.KeyStore keyStore)
Create a new PeerTrustManager that requires the peer's certificate to be present in the given key store.
Parameters:
keyStore - the key store that contains the certificates of trusted peers

Method Detail

checkPeerTrusted

public void checkPeerTrusted(java.security.cert.X509Certificate[] aCert,
                             java.lang.String sAuthType)
                      throws java.security.cert.CertificateException
Determine if the leaf certificate in the given certificate chain is contained in the trusted peer key store.
Parameters:
aCert - the certificate chain
sAuthType - the authentication type
Throws:
java.security.cert.CertificateException - if the certificate chain is not trusted

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] aCert,
                               java.lang.String sAuthType)
                        throws java.security.cert.CertificateException
Determine if the leaf certificate in the given certificate chain is contained in the trusted peer key store.
Specified by:
checkClientTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
aCert - the certificate chain
sAuthType - the authentication type
Throws:
java.security.cert.CertificateException - if the certificate chain is not trusted

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] aCert,
                               java.lang.String sAuthType)
                        throws java.security.cert.CertificateException
Determine if the leaf certificate in the given certificate chain is contained in the trusted peer key store.
Specified by:
checkServerTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
aCert - the certificate chain
sAuthType - the authentication type
Throws:
java.security.cert.CertificateException - if the certificate chain is not trusted

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()
Return an array of certificate authority certificates which are trusted for authenticating peers. Since this trust manager only checks the leaf certificate of supplied certification chains, this method always returns an empty array.
Specified by:
getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
Returns:
the array of certificate authority certificates; always an empty array

getCommonName

protected java.lang.String getCommonName(java.security.Principal principal)
Return the common name of the given principal
Parameters:
principal - the principal
Returns:
the common name of the given principal or null if the principal doesn't have a common name

Skip navigation links

Oracle® Coherence Java API Reference
Release 3.7.0.0

E18683-01


Copyright © 2000, 2011, Oracle and/or its affiliates. All rights reserved.